Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/tnkdqfzvl9cIEK3LRFyQyZn83Z0.roa
File:                     tnkdqfzvl9cIEK3LRFyQyZn83Z0.roa (raw, json)
Hash identifier:          LxAAM0FivlGbdfmDD/Jv/CGMf/d6mOeXCB6StNV1L6E=
Subject key identifier:   B6:79:1D:A9:FC:EF:97:D7:08:10:AD:CB:44:5C:90:C9:99:FC:DD:9D
Certificate issuer:       /CN=29e52842a6e2c50c0e2c0f5db891dd2d9656fafd
Certificate serial:       018E83E76B4F0AF033923D074303C76B9499
Authority key identifier: 29:E5:28:42:A6:E2:C5:0C:0E:2C:0F:5D:B8:91:DD:2D:96:56:FA:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/tnkdqfzvl9cIEK3LRFyQyZn83Z0.roa
Signing time:             Thu 28 Mar 2024 07:12:45 +0000
ROA not before:           Thu 28 Mar 2024 07:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.104.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:83:e7:6b:4f:0a:f0:33:92:3d:07:43:03:c7:6b:94:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29e52842a6e2c50c0e2c0f5db891dd2d9656fafd
        Validity
            Not Before: Mar 28 07:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6791da9fcef97d70810adcb445c90c999fcdd9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:09:29:97:ca:3b:f8:4c:67:5c:6e:03:72:
                    a4:2b:26:13:3f:aa:f0:17:8e:d9:f5:da:ee:18:d5:
                    3f:5c:aa:2f:83:12:8c:b1:a4:de:77:6a:aa:fb:25:
                    9c:21:54:5f:9c:ee:59:84:2d:48:c2:c9:01:93:62:
                    20:ce:b5:35:b0:7f:22:2e:fb:2b:6b:cf:fe:5e:53:
                    32:b6:e1:6a:0b:f0:58:3d:00:8b:08:69:37:79:e7:
                    82:94:bb:7b:b6:6b:71:f2:53:cc:8c:4e:31:e3:dd:
                    ec:0c:6a:63:e5:f1:a2:f6:7d:4e:cc:59:9b:8c:51:
                    ea:d9:17:99:ac:e4:3d:81:90:ac:af:95:5b:2a:df:
                    87:7c:97:c4:fa:9b:b2:59:f7:2c:eb:21:0c:74:e2:
                    4d:55:3a:57:b2:74:35:2e:12:82:71:3b:e2:24:44:
                    f3:81:d5:37:d6:f8:3b:5c:8f:0d:15:98:23:40:59:
                    7d:8a:17:63:b3:6f:c1:e9:fe:74:fe:c0:d9:99:59:
                    18:2c:42:d3:a5:1e:ee:63:3b:48:d8:17:a6:07:7a:
                    f5:58:39:52:94:6d:e1:97:d0:8c:59:db:64:7a:27:
                    fc:38:47:ca:47:a5:16:f3:0f:62:6c:d9:dc:e5:75:
                    1b:3c:8f:aa:ef:3d:8a:55:aa:e5:61:cf:4b:b0:90:
                    78:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:79:1D:A9:FC:EF:97:D7:08:10:AD:CB:44:5C:90:C9:99:FC:DD:9D
            X509v3 Authority Key Identifier:
                keyid:29:E5:28:42:A6:E2:C5:0C:0E:2C:0F:5D:B8:91:DD:2D:96:56:FA:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KeUoQqbixQwOLA9duJHdLZZW-v0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/tnkdqfzvl9cIEK3LRFyQyZn83Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/258df2-b8ff-4bda-a200-fbb2e14cbb75/1/KeUoQqbixQwOLA9duJHdLZZW-v0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:9f:29:98:f8:f8:5b:08:24:6a:8c:4a:c5:16:dd:c1:1e:0f:
         8e:89:c3:55:15:35:a3:f1:71:64:cf:e8:c3:ff:90:d9:69:0d:
         73:d8:7e:bc:98:9e:56:f5:da:ed:5d:5d:e7:08:66:6f:0b:bd:
         89:e6:1a:e3:28:81:c0:a8:e4:98:c8:e1:a2:c7:4c:21:31:ac:
         e3:7a:0b:91:b1:f4:20:54:68:98:b3:8b:e5:b8:88:ff:76:3f:
         af:08:30:71:9b:95:68:bd:37:aa:64:bc:28:c5:59:ed:d8:10:
         7c:02:ca:38:f4:72:b0:30:05:bf:13:19:e2:d4:19:13:3e:b7:
         e5:ed:d3:47:d8:e4:2a:f6:7b:67:09:24:44:de:84:85:d9:f9:
         10:c0:d5:6e:b7:d5:c6:b4:5d:04:5e:41:50:f8:78:cd:b2:a7:
         25:dc:04:60:7c:89:5e:d2:21:86:4d:3f:f8:65:65:b3:4a:8f:
         6d:18:11:3b:a8:68:5a:4d:d6:ca:10:c1:49:25:92:59:43:47:
         2c:9e:87:28:68:f1:d6:56:2f:2e:85:bc:26:1b:a1:4f:f7:c9:
         6e:b9:54:4e:b9:2a:bb:65:46:1a:7a:46:4e:86:44:dd:e4:82:
         4d:06:54:d2:db:16:b0:b7:55:9b:f6:9f:ec:cc:17:92:bf:cc:
         ee:c6:e5:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6D52tPCvAzkj0HQwPHa5SZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZTUyODQyYTZlMmM1MGMwZTJjMGY1ZGI4OTFkZDJkOTY1
NmZhZmQwHhcNMjQwMzI4MDcxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc5MWRhOWZjZWY5N2Q3MDgxMGFkY2I0NDVjOTBjOTk5ZmNkZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli4JKZfKO/hMZ1xuA3KkKyYTP6rw
F47Z9druGNU/XKovgxKMsaTed2qq+yWcIVRfnO5ZhC1IwskBk2IgzrU1sH8iLvsr
a8/+XlMytuFqC/BYPQCLCGk3eeeClLt7tmtx8lPMjE4x493sDGpj5fGi9n1OzFmb
jFHq2ReZrOQ9gZCsr5VbKt+HfJfE+puyWfcs6yEMdOJNVTpXsnQ1LhKCcTviJETz
gdU31vg7XI8NFZgjQFl9ihdjs2/B6f50/sDZmVkYLELTpR7uYztI2BemB3r1WDlS
lG3hl9CMWdtkeif8OEfKR6UW8w9ibNnc5XUbPI+q7z2KVarlYc9LsJB4WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZ5Han875fXCBCty0RckMmZ/N2dMB8GA1UdIwQY
MBaAFCnlKEKm4sUMDiwPXbiR3S2WVvr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2VVb1FxYml4UXdPTEE5ZHVKSGRMWlpXLXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yNThkZjItYjhmZi00YmRhLWEyMDAt
ZmJiMmUxNGNiYjc1LzEvdG5rZHFmenZsOWNJRUszTFJGeVF5Wm44M1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yNThkZjItYjhmZi00YmRhLWEyMDAtZmJiMmUxNGNiYjc1
LzEvS2VVb1FxYml4UXdPTEE5ZHVKSGRMWlpXLXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWggMA0G
CSqGSIb3DQEBCwUAA4IBAQB8nymY+PhbCCRqjErFFt3BHg+OicNVFTWj8XFkz+jD
/5DZaQ1z2H68mJ5W9drtXV3nCGZvC72J5hrjKIHAqOSYyOGix0whMazjeguRsfQg
VGiYs4vluIj/dj+vCDBxm5VovTeqZLwoxVnt2BB8Aso49HKwMAW/Exni1BkTPrfl
7dNH2OQq9ntnCSRE3oSF2fkQwNVut9XGtF0EXkFQ+HjNsqcl3ARgfIle0iGGTT/4
ZWWzSo9tGBE7qGhaTdbKEMFJJZJZQ0csnocoaPHWVi8uhbwmG6FP98luuVROuSq7
ZUYaekZOhkTd5IJNBlTS2xawt1Wb9p/szBeSv8zuxuVz
-----END CERTIFICATE-----