Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TnuGfKJT39q-VDDWTO4697U8X9o.roa
File:                     TnuGfKJT39q-VDDWTO4697U8X9o.roa (raw, json)
Hash identifier:          whjP7rpSO1SwxJLKXRl302i37UiSi+x7YA3FtF1HbqY=
Subject key identifier:   4E:7B:86:7C:A2:53:DF:DA:BE:54:30:D6:4C:EE:3A:F7:B5:3C:5F:DA
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01907814AC513F4D037584DB2EFA0CF54A9F
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TnuGfKJT39q-VDDWTO4697U8X9o.roa
Signing time:             Wed 03 Jul 2024 10:12:19 +0000
ROA not before:           Wed 03 Jul 2024 10:12:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204428
IP address blocks:        83.222.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:14:ac:51:3f:4d:03:75:84:db:2e:fa:0c:f5:4a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul  3 10:12:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e7b867ca253dfdabe5430d64cee3af7b53c5fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d8:f3:4c:e7:8b:a3:3c:f9:7f:5a:6c:4a:3d:
                    45:5a:59:be:05:75:7b:94:5a:21:b4:0a:f1:2d:3d:
                    64:16:2c:07:7a:f3:41:37:59:93:8c:5d:c5:8e:55:
                    ff:e9:09:50:98:a1:a4:5e:4f:8f:bd:c8:d7:df:31:
                    01:08:e7:c6:8d:4c:e6:82:14:b5:60:f3:c2:5d:72:
                    c2:9d:85:37:28:21:35:4f:fc:10:ce:de:71:ae:61:
                    6e:e2:90:c4:fc:12:7b:9e:d3:12:96:89:ed:cb:ca:
                    a1:de:3b:88:0e:d7:2f:e5:36:e2:92:e5:a7:8f:ca:
                    fc:a4:e4:4e:8c:a4:22:c7:74:e7:b6:e9:88:03:db:
                    41:89:af:1d:92:48:87:85:29:64:9f:f2:c7:92:70:
                    c0:6a:3c:25:b0:bf:04:30:90:00:2d:2c:ed:25:ab:
                    df:5d:9e:ba:e3:46:16:54:23:52:33:d8:40:4a:72:
                    f3:c3:1d:8e:ce:8c:06:f4:6b:5d:8e:51:4d:89:49:
                    2e:89:88:0e:0a:e1:e1:c9:c4:e3:df:e3:b5:74:a5:
                    15:01:f4:18:22:95:9f:d9:0a:8b:44:81:7a:b7:4e:
                    df:db:fc:c7:3c:08:18:b9:ef:43:75:fd:be:0d:c6:
                    58:fc:68:e8:6d:ed:3b:85:c3:53:3b:8e:13:dd:ec:
                    96:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7B:86:7C:A2:53:DF:DA:BE:54:30:D6:4C:EE:3A:F7:B5:3C:5F:DA
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/TnuGfKJT39q-VDDWTO4697U8X9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.222.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:7e:77:e0:92:95:74:20:99:83:91:35:0d:76:82:cb:9e:3b:
         b3:72:a9:05:2d:6a:d6:c5:34:c3:82:7a:85:18:42:c2:17:2e:
         97:0a:e9:25:90:1b:7c:81:e3:e0:61:57:ba:8e:3a:5b:c1:cb:
         92:d5:00:4e:5a:fc:65:e3:dd:bd:3c:43:67:7b:65:db:a2:95:
         e0:b5:42:2c:ed:0d:7b:09:cd:88:e2:57:09:bf:1a:32:aa:e4:
         2a:ac:4e:63:72:1a:d9:ed:0f:70:5a:4b:ff:5e:a8:37:8c:77:
         41:38:f6:3f:d8:67:3e:7f:62:0d:54:9b:19:97:60:ad:57:2a:
         1e:9b:52:50:a3:0a:c0:2b:dd:98:f5:4b:8d:96:59:dd:b0:2b:
         92:f3:ad:5d:9e:37:76:bd:34:6f:0c:4f:32:3e:b2:3d:b1:3c:
         15:49:91:69:3a:aa:42:2d:f1:0a:ad:f6:39:dd:ac:c7:9f:b9:
         02:14:8e:c8:aa:07:1a:91:33:06:6c:ef:a2:4b:8f:a5:53:2e:
         c6:5b:a9:d8:24:90:57:e8:15:6f:48:6c:f4:b9:5a:7e:f2:b6:
         1e:d4:68:60:c8:dd:fd:31:e7:17:81:98:dd:22:7a:a6:8a:03:
         31:9d:ac:bf:42:b5:ec:bb:84:e1:53:83:d2:c5:45:ce:e8:7e:
         65:1d:53:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB4FKxRP00DdYTbLvoM9UqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwNzAzMTAxMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdiODY3Y2EyNTNkZmRhYmU1NDMwZDY0Y2VlM2FmN2I1M2M1ZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNjzTOeLozz5f1psSj1FWlm+BXV7
lFohtArxLT1kFiwHevNBN1mTjF3FjlX/6QlQmKGkXk+PvcjX3zEBCOfGjUzmghS1
YPPCXXLCnYU3KCE1T/wQzt5xrmFu4pDE/BJ7ntMSlonty8qh3juIDtcv5TbikuWn
j8r8pOROjKQix3TntumIA9tBia8dkkiHhSlkn/LHknDAajwlsL8EMJAALSztJavf
XZ6640YWVCNSM9hASnLzwx2OzowG9GtdjlFNiUkuiYgOCuHhycTj3+O1dKUVAfQY
IpWf2QqLRIF6t07f2/zHPAgYue9Ddf2+DcZY/Gjobe07hcNTO44T3eyWawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE57hnyiU9/avlQw1kzuOve1PF/aMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvVG51R2ZLSlQzOXEtVkREV1RPNDY5N1U4WDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU96+MA0G
CSqGSIb3DQEBCwUAA4IBAQBlfnfgkpV0IJmDkTUNdoLLnjuzcqkFLWrWxTTDgnqF
GELCFy6XCuklkBt8gePgYVe6jjpbwcuS1QBOWvxl4929PENne2XbopXgtUIs7Q17
Cc2I4lcJvxoyquQqrE5jchrZ7Q9wWkv/Xqg3jHdBOPY/2Gc+f2INVJsZl2CtVyoe
m1JQowrAK92Y9UuNllndsCuS861dnjd2vTRvDE8yPrI9sTwVSZFpOqpCLfEKrfY5
3azHn7kCFI7IqgcakTMGbO+iS4+lUy7GW6nYJJBX6BVvSGz0uVp+8rYe1GhgyN39
MecXgZjdInqmigMxnay/QrXsu4ThU4PSxUXO6H5lHVMj
-----END CERTIFICATE-----