Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/TcnRTnaOQN9f1WlTgeFgFE-8B78.roa
File:                     TcnRTnaOQN9f1WlTgeFgFE-8B78.roa (raw, json)
Hash identifier:          jXgi7yjr1i8CYJGSavoMXu7BST5JIz5GOuOZO6zvS3Q=
Subject key identifier:   4D:C9:D1:4E:76:8E:40:DF:5F:D5:69:53:81:E1:60:14:4F:BC:07:BF
Certificate issuer:       /CN=9b415a03059fb295a4b96c9ce5eadb58fe98fa86
Certificate serial:       018F7168349728F294030ACF9C5AD74DEBDB
Authority key identifier: 9B:41:5A:03:05:9F:B2:95:A4:B9:6C:9C:E5:EA:DB:58:FE:98:FA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m0FaAwWfspWkuWyc5erbWP6Y-oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/TcnRTnaOQN9f1WlTgeFgFE-8B78.roa
Signing time:             Mon 13 May 2024 10:03:25 +0000
ROA not before:           Mon 13 May 2024 10:03:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1267
IP address blocks:        185.54.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/m0FaAwWfspWkuWyc5erbWP6Y-oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/m0FaAwWfspWkuWyc5erbWP6Y-oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m0FaAwWfspWkuWyc5erbWP6Y-oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:68:34:97:28:f2:94:03:0a:cf:9c:5a:d7:4d:eb:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b415a03059fb295a4b96c9ce5eadb58fe98fa86
        Validity
            Not Before: May 13 10:03:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dc9d14e768e40df5fd5695381e160144fbc07bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d3:0e:f8:7d:d7:20:9e:9b:8d:5b:f4:dd:a6:
                    d2:d3:d9:a3:e1:92:fb:df:ec:02:42:95:fb:a7:41:
                    2e:89:8e:34:36:bf:46:f8:52:1c:63:d8:bd:37:82:
                    cf:c5:ea:1f:09:46:5d:6e:ce:bf:8a:38:65:59:f5:
                    5e:54:12:36:71:4d:5f:0d:00:30:54:10:c0:76:db:
                    12:8b:b9:88:a6:7d:ac:77:3f:21:66:7b:ab:a6:8c:
                    e7:92:bf:69:6a:22:3f:17:ea:1f:1a:9f:0b:01:6e:
                    8b:3b:13:6d:2b:5c:39:7b:a0:6e:04:99:3e:1d:f1:
                    80:57:b6:6f:71:ca:b2:1e:7f:41:fb:8d:1a:41:c4:
                    74:0a:35:93:b1:04:17:72:d0:5a:2c:02:15:9e:0a:
                    d2:29:e7:29:6d:11:41:ba:55:12:4b:23:3f:a1:f2:
                    78:e7:41:0a:4b:40:9d:0b:9c:75:46:ee:14:c4:05:
                    3a:95:f5:81:4c:94:2d:c8:6f:c5:b9:96:86:9e:f3:
                    f1:d8:37:57:33:94:7c:cd:6e:b0:b8:54:89:3c:1e:
                    ae:5f:4c:55:c9:3c:1d:a3:48:b0:46:7c:11:f1:9e:
                    a5:28:60:1e:4f:73:e9:21:df:bb:ef:94:6e:4d:c8:
                    63:6e:8e:e3:af:ae:be:48:11:21:d2:58:46:f7:62:
                    ff:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C9:D1:4E:76:8E:40:DF:5F:D5:69:53:81:E1:60:14:4F:BC:07:BF
            X509v3 Authority Key Identifier:
                keyid:9B:41:5A:03:05:9F:B2:95:A4:B9:6C:9C:E5:EA:DB:58:FE:98:FA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m0FaAwWfspWkuWyc5erbWP6Y-oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/TcnRTnaOQN9f1WlTgeFgFE-8B78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/85612a-de33-434b-8471-1801b544b9fe/1/m0FaAwWfspWkuWyc5erbWP6Y-oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:78:58:a4:1f:4c:e1:8d:d9:01:1b:45:a2:6c:cd:d5:ea:2d:
         d9:7b:92:57:64:56:19:6b:a3:dc:86:ed:76:2b:b7:83:d7:76:
         49:e6:06:9c:81:af:7c:a6:f7:15:30:10:f0:f7:96:f8:e7:3f:
         e2:97:b4:0a:86:2c:9e:3f:5f:3f:dc:10:0c:15:b7:fa:ce:ba:
         8e:79:b2:ef:8b:5e:a3:41:0f:9f:50:7c:9e:d4:2f:e2:91:91:
         f7:bc:30:51:a1:73:ce:fe:0c:dc:8c:0e:64:f5:19:08:f4:bf:
         ea:aa:22:e6:12:4e:0c:e1:37:d1:92:f4:93:e9:9e:35:2f:39:
         32:7f:fe:69:46:be:16:b8:8f:6e:d2:1c:76:f4:cf:eb:e8:32:
         59:f0:c8:46:c0:69:13:71:a7:67:58:9e:86:dd:16:35:d5:6a:
         c8:c0:69:16:ac:9d:f4:f8:7e:0d:4d:de:35:29:0c:23:b0:37:
         20:d7:5b:00:a3:41:9e:3c:9d:56:f7:26:d5:d8:d4:86:ad:0e:
         63:95:e6:2e:ea:3a:16:7b:c8:1d:d0:a9:b1:00:35:92:7e:77:
         30:8b:32:92:ab:30:6a:4b:51:ce:58:d1:c1:03:a9:f9:7b:b6:
         ed:8c:e3:c0:4c:97:45:e9:59:d7:20:7a:d0:6e:94:0e:75:09:
         e8:ce:44:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9xaDSXKPKUAwrPnFrXTevbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNDE1YTAzMDU5ZmIyOTVhNGI5NmM5Y2U1ZWFkYjU4ZmU5
OGZhODYwHhcNMjQwNTEzMTAwMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM5ZDE0ZTc2OGU0MGRmNWZkNTY5NTM4MWUxNjAxNDRmYmMwN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9MO+H3XIJ6bjVv03abS09mj4ZL7
3+wCQpX7p0EuiY40Nr9G+FIcY9i9N4LPxeofCUZdbs6/ijhlWfVeVBI2cU1fDQAw
VBDAdtsSi7mIpn2sdz8hZnurpoznkr9paiI/F+ofGp8LAW6LOxNtK1w5e6BuBJk+
HfGAV7ZvccqyHn9B+40aQcR0CjWTsQQXctBaLAIVngrSKecpbRFBulUSSyM/ofJ4
50EKS0CdC5x1Ru4UxAU6lfWBTJQtyG/FuZaGnvPx2DdXM5R8zW6wuFSJPB6uX0xV
yTwdo0iwRnwR8Z6lKGAeT3PpId+775RuTchjbo7jr66+SBEh0lhG92L/YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3J0U52jkDfX9VpU4HhYBRPvAe/MB8GA1UdIwQY
MBaAFJtBWgMFn7KVpLlsnOXq21j+mPqGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTBGYUF3V2ZzcFdrdVd5YzVlcmJXUDZZLW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84NTYxMmEtZGUzMy00MzRiLTg0NzEt
MTgwMWI1NDRiOWZlLzEvVGNuUlRuYU9RTjlmMVdsVGdlRmdGRS04Qjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84NTYxMmEtZGUzMy00MzRiLTg0NzEtMTgwMWI1NDRiOWZl
LzEvbTBGYUF3V2ZzcFdrdVd5YzVlcmJXUDZZLW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAOeFikH0zhjdkBG0WibM3V6i3Ze5JXZFYZa6Pchu12
K7eD13ZJ5gacga98pvcVMBDw95b45z/il7QKhiyeP18/3BAMFbf6zrqOebLvi16j
QQ+fUHye1C/ikZH3vDBRoXPO/gzcjA5k9RkI9L/qqiLmEk4M4TfRkvST6Z41Lzky
f/5pRr4WuI9u0hx29M/r6DJZ8MhGwGkTcadnWJ6G3RY11WrIwGkWrJ30+H4NTd41
KQwjsDcg11sAo0GePJ1W9ybV2NSGrQ5jleYu6joWe8gd0KmxADWSfncwizKSqzBq
S1HOWNHBA6n5e7btjOPATJdF6VnXIHrQbpQOdQnozkS6
-----END CERTIFICATE-----