Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/TH0oE1oNXe1wilD_b9t4Ms6Xk2U.roa
File:                     TH0oE1oNXe1wilD_b9t4Ms6Xk2U.roa (raw, json)
Hash identifier:          oLQqz1I0tcwIYa5vAN7hd/fC01SoL5PWmImJO/ofdCw=
Subject key identifier:   4C:7D:28:13:5A:0D:5D:ED:70:8A:50:FF:6F:DB:78:32:CE:97:93:65
Certificate issuer:       /CN=991fac6855f2296bad159870f9cbed22356613ab
Certificate serial:       018CC5DC1B2EAD4AC6EBD81C76FD637E9EA1
Authority key identifier: 99:1F:AC:68:55:F2:29:6B:AD:15:98:70:F9:CB:ED:22:35:66:13:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mR-saFXyKWutFZhw-cvtIjVmE6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/TH0oE1oNXe1wilD_b9t4Ms6Xk2U.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50559
IP address blocks:        194.5.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/mR-saFXyKWutFZhw-cvtIjVmE6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/mR-saFXyKWutFZhw-cvtIjVmE6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mR-saFXyKWutFZhw-cvtIjVmE6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1b:2e:ad:4a:c6:eb:d8:1c:76:fd:63:7e:9e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991fac6855f2296bad159870f9cbed22356613ab
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c7d28135a0d5ded708a50ff6fdb7832ce979365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a2:41:ea:8b:fe:01:af:e0:ad:22:d9:95:d0:
                    80:f5:06:a8:be:c6:e7:72:30:f0:e2:a2:75:99:7d:
                    27:a3:b3:26:c1:07:46:da:3a:a7:31:f2:2b:4c:5e:
                    b8:20:15:b8:35:56:40:1c:c5:5b:ab:17:e8:ab:dd:
                    45:9c:a1:f7:c8:b1:43:ce:c9:5a:9e:81:77:d0:81:
                    7d:1b:fe:22:6b:03:ba:07:b9:a9:c5:65:4e:67:de:
                    e7:ad:e4:82:1f:00:ee:be:77:ca:a5:2d:b6:b4:3a:
                    a2:e3:37:3f:46:08:8f:18:f1:9f:63:b2:74:a0:0b:
                    67:48:12:3b:0b:cd:4a:55:31:2d:4f:b4:d2:65:3e:
                    eb:36:da:e0:06:6c:bc:13:ee:b3:d4:4b:18:24:e2:
                    0f:6b:bc:12:85:52:ac:c0:0f:d5:49:59:fa:73:b1:
                    6d:42:9e:12:77:0f:58:8b:4d:53:f0:04:95:43:5c:
                    b3:f8:05:a6:4d:e4:20:13:ed:94:a8:95:e0:8e:44:
                    29:ea:39:05:bc:50:ec:bd:b7:65:ff:9c:b4:62:3a:
                    5a:43:a2:1a:0c:d4:3e:d6:cb:55:8f:2e:9c:47:c2:
                    39:b8:2f:dc:34:55:64:6e:d3:29:9d:d7:d0:60:ce:
                    24:09:0f:11:97:3b:be:41:7e:fe:5b:26:16:9a:03:
                    c5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7D:28:13:5A:0D:5D:ED:70:8A:50:FF:6F:DB:78:32:CE:97:93:65
            X509v3 Authority Key Identifier:
                keyid:99:1F:AC:68:55:F2:29:6B:AD:15:98:70:F9:CB:ED:22:35:66:13:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mR-saFXyKWutFZhw-cvtIjVmE6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/TH0oE1oNXe1wilD_b9t4Ms6Xk2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f0b320-9991-4e71-b3ee-494d91aeb655/1/mR-saFXyKWutFZhw-cvtIjVmE6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:76:96:04:c7:1e:a5:d1:79:5e:4e:be:df:10:61:cf:dc:03:
         47:4a:89:cd:02:b0:1f:95:97:2b:fe:f9:91:f3:4a:e9:43:8a:
         63:1c:f4:31:06:e8:9e:f3:b8:aa:89:90:9e:d4:d0:3d:ca:88:
         5a:4d:a6:a5:8e:50:dd:c6:84:ed:8e:78:b8:de:5e:50:35:8a:
         01:b5:e4:eb:ec:0e:ff:21:70:48:e8:08:f8:3a:a0:10:73:3a:
         4b:e7:28:70:e9:bd:f8:7f:b1:08:30:0b:b6:8f:67:19:2e:66:
         98:70:c3:84:1a:f0:11:dd:21:2d:36:b6:cf:03:73:e0:bf:14:
         2f:de:e3:39:10:06:c1:35:a1:ec:54:3b:ff:14:57:38:24:f5:
         02:76:53:2c:e4:cb:96:5c:30:19:f2:09:28:54:d5:e8:46:f3:
         ee:1a:31:e0:8a:39:59:cf:48:0d:d1:60:b1:1e:db:f7:98:af:
         2f:7e:50:13:fe:1a:5a:49:a9:a7:77:57:ef:70:47:0c:47:e7:
         fd:47:6f:d1:a7:b9:90:b8:da:fe:05:77:70:fa:51:61:70:6f:
         7c:8f:bb:f4:cc:bc:0c:b4:50:71:31:95:1a:3b:a1:35:a3:70:
         8d:11:d5:0b:73:50:dc:bd:6f:0c:a7:34:67:51:7b:87:bc:62:
         12:01:86:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BsurUrG69gcdv1jfp6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWZhYzY4NTVmMjI5NmJhZDE1OTg3MGY5Y2JlZDIyMzU2
NjEzYWIwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdkMjgxMzVhMGQ1ZGVkNzA4YTUwZmY2ZmRiNzgzMmNlOTc5MzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqJB6ov+Aa/grSLZldCA9Qaovsbn
cjDw4qJ1mX0no7MmwQdG2jqnMfIrTF64IBW4NVZAHMVbqxfoq91FnKH3yLFDzsla
noF30IF9G/4iawO6B7mpxWVOZ97nreSCHwDuvnfKpS22tDqi4zc/RgiPGPGfY7J0
oAtnSBI7C81KVTEtT7TSZT7rNtrgBmy8E+6z1EsYJOIPa7wShVKswA/VSVn6c7Ft
Qp4Sdw9Yi01T8ASVQ1yz+AWmTeQgE+2UqJXgjkQp6jkFvFDsvbdl/5y0YjpaQ6Ia
DNQ+1stVjy6cR8I5uC/cNFVkbtMpndfQYM4kCQ8Rlzu+QX7+WyYWmgPFDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx9KBNaDV3tcIpQ/2/beDLOl5NlMB8GA1UdIwQY
MBaAFJkfrGhV8ilrrRWYcPnL7SI1ZhOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVItc2FGWHlLV3V0Rlpody1jdnRJalZtRTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mMGIzMjAtOTk5MS00ZTcxLWIzZWUt
NDk0ZDkxYWViNjU1LzEvVEgwb0Uxb05YZTF3aWxEX2I5dDRNczZYazJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mMGIzMjAtOTk5MS00ZTcxLWIzZWUtNDk0ZDkxYWViNjU1
LzEvbVItc2FGWHlLV3V0Rlpody1jdnRJalZtRTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVJMA0G
CSqGSIb3DQEBCwUAA4IBAQCwdpYExx6l0XleTr7fEGHP3ANHSonNArAflZcr/vmR
80rpQ4pjHPQxBuie87iqiZCe1NA9yohaTaaljlDdxoTtjni43l5QNYoBteTr7A7/
IXBI6Aj4OqAQczpL5yhw6b34f7EIMAu2j2cZLmaYcMOEGvAR3SEtNrbPA3PgvxQv
3uM5EAbBNaHsVDv/FFc4JPUCdlMs5MuWXDAZ8gkoVNXoRvPuGjHgijlZz0gN0WCx
Htv3mK8vflAT/hpaSamnd1fvcEcMR+f9R2/Rp7mQuNr+BXdw+lFhcG98j7v0zLwM
tFBxMZUaO6E1o3CNEdULc1DcvW8MpzRnUXuHvGISAYY+
-----END CERTIFICATE-----