Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/TGCjsX6EUhP35Fo6ApM9Lp-hI-U.roa
File:                     TGCjsX6EUhP35Fo6ApM9Lp-hI-U.roa (raw, json)
Hash identifier:          3G/VLccyUf34pvLoaETRc2PcivrIA4ve1MywWwQkWi0=
Subject key identifier:   4C:60:A3:B1:7E:84:52:13:F7:E4:5A:3A:02:93:3D:2E:9F:A1:23:E5
Certificate issuer:       /CN=91189e6edf53e40672c9b5f1f3519728291ec2ee
Certificate serial:       018CC8DE114E9F64EC3BDE4528211E2206C7
Authority key identifier: 91:18:9E:6E:DF:53:E4:06:72:C9:B5:F1:F3:51:97:28:29:1E:C2:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kRiebt9T5AZyybXx81GXKCkewu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/TGCjsX6EUhP35Fo6ApM9Lp-hI-U.roa
Signing time:             Tue 02 Jan 2024 06:30:45 +0000
ROA not before:           Tue 02 Jan 2024 06:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.178.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/kRiebt9T5AZyybXx81GXKCkewu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/kRiebt9T5AZyybXx81GXKCkewu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kRiebt9T5AZyybXx81GXKCkewu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:11:4e:9f:64:ec:3b:de:45:28:21:1e:22:06:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91189e6edf53e40672c9b5f1f3519728291ec2ee
        Validity
            Not Before: Jan  2 06:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c60a3b17e845213f7e45a3a02933d2e9fa123e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:41:f7:1d:e7:5d:37:81:e9:f3:31:53:75:b0:
                    c6:62:b2:c0:44:ef:75:e2:1e:1e:77:7c:bf:3e:90:
                    fe:64:36:8e:3e:5b:06:24:a1:3d:95:87:7e:07:bf:
                    11:4d:be:92:46:83:6a:c3:9e:c1:df:71:c9:21:e0:
                    28:a8:bf:0c:f9:be:b2:ca:39:a6:2f:93:6d:4f:04:
                    52:54:3e:92:02:05:db:1c:2c:e2:71:d4:95:ca:ed:
                    2c:1a:8f:4c:47:8f:36:06:ec:df:d6:42:36:80:0d:
                    2f:07:f1:3a:d8:f9:46:17:57:12:c3:43:d9:b1:c9:
                    31:77:54:3f:86:f2:42:ee:87:23:7b:47:95:83:07:
                    d3:3e:7d:28:97:e5:10:ff:ca:aa:b8:a6:56:81:e3:
                    6a:98:63:ff:40:10:76:e0:31:9d:bb:90:05:2e:78:
                    6f:4c:8c:fd:7c:e6:06:18:dc:79:ff:7d:b8:94:15:
                    b1:b7:25:1b:dd:c9:67:29:48:c3:72:49:19:99:82:
                    a2:64:54:8b:85:06:24:0f:c7:6b:7d:58:ab:be:71:
                    ef:8b:3a:71:c8:f7:ca:1c:e3:df:f9:c9:ae:e5:b7:
                    73:17:74:0e:56:c0:55:d5:e8:9c:26:bf:27:99:97:
                    78:de:77:3a:a3:8f:c9:9a:15:01:10:59:9c:de:01:
                    f2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:60:A3:B1:7E:84:52:13:F7:E4:5A:3A:02:93:3D:2E:9F:A1:23:E5
            X509v3 Authority Key Identifier:
                keyid:91:18:9E:6E:DF:53:E4:06:72:C9:B5:F1:F3:51:97:28:29:1E:C2:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kRiebt9T5AZyybXx81GXKCkewu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/TGCjsX6EUhP35Fo6ApM9Lp-hI-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c1d4a2-7c4e-4adc-8f65-b148d4f066ce/1/kRiebt9T5AZyybXx81GXKCkewu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:63:e4:a1:ee:f0:46:39:40:08:4a:9f:86:a3:a2:8f:44:31:
         99:69:6c:c7:fa:33:9c:4c:04:cb:d1:65:78:0d:a5:67:6d:13:
         ac:e7:7d:48:d9:77:42:7e:3a:98:8a:d0:09:2a:32:74:55:b0:
         5a:67:49:05:7d:4b:4f:48:de:11:88:fa:18:19:58:e7:1e:d9:
         cc:b8:4c:6c:25:19:49:31:be:84:de:21:95:c1:53:63:86:ae:
         6b:49:73:b2:6e:39:9e:87:c9:cb:c4:61:b7:30:87:73:ae:f0:
         73:ca:15:0f:d1:2c:76:30:5a:12:3a:1f:65:de:7e:bd:f8:a5:
         62:0e:7e:e0:e0:90:ea:2b:a3:7f:97:76:0f:47:d9:88:ef:30:
         97:09:62:cd:9a:8c:73:37:16:c2:02:9f:c1:71:98:39:f2:1b:
         af:ab:45:30:eb:49:9c:8f:fb:e4:d2:03:3a:93:b0:4e:59:43:
         97:95:67:9e:11:c3:5a:f5:0b:84:3c:92:4a:fb:b9:ca:fc:e6:
         7f:cf:1f:98:58:8a:d1:35:8f:db:be:68:ee:f4:e9:5b:b8:d2:
         ca:50:7a:24:de:46:2c:8e:a9:19:b3:2f:7a:d3:4a:94:5a:55:
         91:6e:c6:c9:11:57:fd:de:32:89:88:b3:f2:93:8e:0f:da:c5:
         5d:c1:00:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hFOn2TsO95FKCEeIgbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMTg5ZTZlZGY1M2U0MDY3MmM5YjVmMWYzNTE5NzI4Mjkx
ZWMyZWUwHhcNMjQwMTAyMDYzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzYwYTNiMTdlODQ1MjEzZjdlNDVhM2EwMjkzM2QyZTlmYTEyM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEH3HeddN4Hp8zFTdbDGYrLARO91
4h4ed3y/PpD+ZDaOPlsGJKE9lYd+B78RTb6SRoNqw57B33HJIeAoqL8M+b6yyjmm
L5NtTwRSVD6SAgXbHCzicdSVyu0sGo9MR482Buzf1kI2gA0vB/E62PlGF1cSw0PZ
sckxd1Q/hvJC7ocje0eVgwfTPn0ol+UQ/8qquKZWgeNqmGP/QBB24DGdu5AFLnhv
TIz9fOYGGNx5/324lBWxtyUb3clnKUjDckkZmYKiZFSLhQYkD8drfVirvnHvizpx
yPfKHOPf+cmu5bdzF3QOVsBV1eicJr8nmZd43nc6o4/JmhUBEFmc3gHyBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExgo7F+hFIT9+RaOgKTPS6foSPlMB8GA1UdIwQY
MBaAFJEYnm7fU+QGcsm18fNRlygpHsLuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1JpZWJ0OVQ1QVp5eWJYeDgxR1hLQ2tld3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jMWQ0YTItN2M0ZS00YWRjLThmNjUt
YjE0OGQ0ZjA2NmNlLzEvVEdDanNYNkVVaFAzNUZvNkFwTTlMcC1oSS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jMWQ0YTItN2M0ZS00YWRjLThmNjUtYjE0OGQ0ZjA2NmNl
LzEva1JpZWJ0OVQ1QVp5eWJYeDgxR1hLQ2tld3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKGMA0G
CSqGSIb3DQEBCwUAA4IBAQBsY+Sh7vBGOUAISp+Go6KPRDGZaWzH+jOcTATL0WV4
DaVnbROs531I2XdCfjqYitAJKjJ0VbBaZ0kFfUtPSN4RiPoYGVjnHtnMuExsJRlJ
Mb6E3iGVwVNjhq5rSXOybjmeh8nLxGG3MIdzrvBzyhUP0Sx2MFoSOh9l3n69+KVi
Dn7g4JDqK6N/l3YPR9mI7zCXCWLNmoxzNxbCAp/BcZg58huvq0Uw60mcj/vk0gM6
k7BOWUOXlWeeEcNa9QuEPJJK+7nK/OZ/zx+YWIrRNY/bvmju9OlbuNLKUHok3kYs
jqkZsy9600qUWlWRbsbJEVf93jKJiLPyk44P2sVdwQCa
-----END CERTIFICATE-----