Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/TZQtqhcLFQfhkXAvuP94qhwmtWU.roa
File:                     TZQtqhcLFQfhkXAvuP94qhwmtWU.roa (raw, json)
Hash identifier:          wNxyrCVAXAcqGaE7oT5T0m7BD+Mk4RIGeFRPEt5SL/U=
Subject key identifier:   4D:94:2D:AA:17:0B:15:07:E1:91:70:2F:B8:FF:78:AA:1C:26:B5:65
Certificate issuer:       /CN=7b4d31ab18e41f8d959a09d55660dd32aa9c45f7
Certificate serial:       01929B0879BA42425DC80AAA4E9032EA9FFA
Authority key identifier: 7B:4D:31:AB:18:E4:1F:8D:95:9A:09:D5:56:60:DD:32:AA:9C:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/TZQtqhcLFQfhkXAvuP94qhwmtWU.roa
Signing time:             Thu 17 Oct 2024 15:11:16 +0000
ROA not before:           Thu 17 Oct 2024 15:11:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        193.110.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9b:08:79:ba:42:42:5d:c8:0a:aa:4e:90:32:ea:9f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b4d31ab18e41f8d959a09d55660dd32aa9c45f7
        Validity
            Not Before: Oct 17 15:11:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d942daa170b1507e191702fb8ff78aa1c26b565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:08:1c:a5:87:5d:4d:c3:98:09:7c:6b:11:11:
                    c3:b4:fe:f8:66:88:5f:e3:d7:47:04:1a:25:88:11:
                    41:c9:02:07:f3:87:9c:d5:34:39:ba:94:b8:0f:7d:
                    3e:82:c1:74:4a:a5:04:97:ee:03:f8:ea:87:01:d5:
                    c2:23:aa:0f:9d:fa:91:c7:52:2b:7a:d5:8b:d4:56:
                    6e:e3:30:1e:57:f3:20:ef:7c:e9:92:28:e1:97:ee:
                    c1:17:8e:bf:8a:d0:d3:25:81:e5:bb:19:ed:bb:86:
                    99:09:e9:4b:1c:ab:6f:02:cf:0c:7b:c1:94:cb:b2:
                    53:78:51:6f:4c:3f:52:b1:84:9d:7b:4b:16:01:6b:
                    28:a4:92:cd:78:a4:43:91:1e:91:54:53:3e:8f:fa:
                    40:ed:e1:08:33:e3:d5:c5:91:2c:36:de:1e:e9:85:
                    89:b3:b8:6b:e5:bd:62:1e:fe:a1:26:c0:81:5e:a9:
                    f1:22:0c:d6:8f:77:bc:c4:b3:ca:9f:4d:f2:7e:cb:
                    09:f4:92:cc:8a:f3:19:24:70:82:ef:b3:75:d3:00:
                    38:b2:9d:e9:f6:f7:a7:d2:de:33:fd:37:62:ed:67:
                    23:af:4e:6a:69:ac:c5:e6:b8:1e:25:b8:00:24:77:
                    96:c5:36:6c:bc:35:7a:2e:c2:a0:cc:56:3d:c5:8d:
                    56:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:94:2D:AA:17:0B:15:07:E1:91:70:2F:B8:FF:78:AA:1C:26:B5:65
            X509v3 Authority Key Identifier:
                keyid:7B:4D:31:AB:18:E4:1F:8D:95:9A:09:D5:56:60:DD:32:AA:9C:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/TZQtqhcLFQfhkXAvuP94qhwmtWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         93:18:cd:5b:98:82:4b:e2:78:3f:91:78:ef:a0:73:d9:ad:8b:
         18:1e:96:5f:05:8c:f5:28:b8:84:9f:35:76:d2:c0:7e:6b:6e:
         a3:5d:7e:47:ec:b7:fe:6a:8c:53:d7:14:6f:fe:41:7f:1e:30:
         9b:45:45:1a:66:42:ce:b9:6a:13:8f:30:39:27:c9:ae:29:49:
         aa:dc:9a:b3:51:fb:e0:7c:0d:96:40:b7:77:61:1a:da:f0:74:
         dc:c2:af:fb:5e:f3:c3:93:6a:89:ab:d7:e3:91:de:0f:88:ef:
         ea:65:8c:9f:e4:bb:c7:ed:f0:18:bb:5d:85:7b:49:cc:f6:3c:
         e3:e7:5c:db:f9:1e:73:58:97:62:3f:95:05:19:38:f0:5d:4d:
         58:3f:32:a8:f2:9e:74:64:2d:bb:4e:9b:c2:a2:c9:19:a5:b3:
         84:76:92:0e:23:a3:cd:05:19:80:36:9a:9c:71:c3:4f:c5:12:
         ae:b6:a2:f1:96:9d:17:7f:49:89:c0:5b:e8:a7:37:64:f2:c0:
         5d:66:84:9b:f9:7f:0a:45:eb:22:f1:b2:41:20:c3:83:1c:45:
         90:ff:5a:cf:47:42:19:8f:6c:10:9b:e6:ac:86:db:6d:ed:c8:
         42:a8:ed:43:66:2f:57:c7:5e:93:12:57:7e:4f:47:24:d7:73:
         02:c3:43:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKbCHm6QkJdyAqqTpAy6p/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNGQzMWFiMThlNDFmOGQ5NTlhMDlkNTU2NjBkZDMyYWE5
YzQ1ZjcwHhcNMjQxMDE3MTUxMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk0MmRhYTE3MGIxNTA3ZTE5MTcwMmZiOGZmNzhhYTFjMjZiNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAgcpYddTcOYCXxrERHDtP74Zohf
49dHBBoliBFByQIH84ec1TQ5upS4D30+gsF0SqUEl+4D+OqHAdXCI6oPnfqRx1Ir
etWL1FZu4zAeV/Mg73zpkijhl+7BF46/itDTJYHluxntu4aZCelLHKtvAs8Me8GU
y7JTeFFvTD9SsYSde0sWAWsopJLNeKRDkR6RVFM+j/pA7eEIM+PVxZEsNt4e6YWJ
s7hr5b1iHv6hJsCBXqnxIgzWj3e8xLPKn03yfssJ9JLMivMZJHCC77N10wA4sp3p
9ven0t4z/Tdi7Wcjr05qaazF5rgeJbgAJHeWxTZsvDV6LsKgzFY9xY1WbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2ULaoXCxUH4ZFwL7j/eKocJrVlMB8GA1UdIwQY
MBaAFHtNMasY5B+NlZoJ1VZg3TKqnEX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTAweHF4amtINDJWbWduVlZtRGRNcXFjUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy85YzI1MDgtMTFmMS00YWU3LTg3MjAt
YmZmMDIzYjM0NGY3LzEvVFpRdHFoY0xGUWZoa1hBdnVQOTRxaHdtdFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy85YzI1MDgtMTFmMS00YWU3LTg3MjAtYmZmMDIzYjM0NGY3
LzEvZTAweHF4amtINDJWbWduVlZtRGRNcXFjUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwW7wMA0G
CSqGSIb3DQEBCwUAA4IBAQCTGM1bmIJL4ng/kXjvoHPZrYsYHpZfBYz1KLiEnzV2
0sB+a26jXX5H7Lf+aoxT1xRv/kF/HjCbRUUaZkLOuWoTjzA5J8muKUmq3JqzUfvg
fA2WQLd3YRra8HTcwq/7XvPDk2qJq9fjkd4PiO/qZYyf5LvH7fAYu12Fe0nM9jzj
51zb+R5zWJdiP5UFGTjwXU1YPzKo8p50ZC27TpvCoskZpbOEdpIOI6PNBRmANpqc
ccNPxRKutqLxlp0Xf0mJwFvopzdk8sBdZoSb+X8KResi8bJBIMODHEWQ/1rPR0IZ
j2wQm+ashttt7chCqO1DZi9Xx16TEld+T0ck13MCw0OG
-----END CERTIFICATE-----