Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/TKUx3ck-jbYSHkfPUbYBK3bIAdY.roa
File:                     TKUx3ck-jbYSHkfPUbYBK3bIAdY.roa (raw, json)
Hash identifier:          t8cP98W+6+ckvmM8oqXe1Ecihg2imP/NY9xFY6BguF8=
Subject key identifier:   4C:A5:31:DD:C9:3E:8D:B6:12:1E:47:CF:51:B6:01:2B:76:C8:01:D6
Certificate issuer:       /CN=c91820b50007e41c53dd6029b37954d3572f4c29
Certificate serial:       0190266817A900A0564A1C9C27FC16F37197
Authority key identifier: C9:18:20:B5:00:07:E4:1C:53:DD:60:29:B3:79:54:D3:57:2F:4C:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/TKUx3ck-jbYSHkfPUbYBK3bIAdY.roa
Signing time:             Mon 17 Jun 2024 13:34:34 +0000
ROA not before:           Mon 17 Jun 2024 13:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48642
IP address blocks:        91.193.148.0/22 maxlen: 22
                          91.223.170.0/24 maxlen: 24
                          195.206.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:68:17:a9:00:a0:56:4a:1c:9c:27:fc:16:f3:71:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c91820b50007e41c53dd6029b37954d3572f4c29
        Validity
            Not Before: Jun 17 13:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ca531ddc93e8db6121e47cf51b6012b76c801d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:63:64:2a:67:2e:0b:ec:15:06:3e:74:52:5a:
                    8a:3d:04:05:ba:2d:49:80:c9:5a:0a:a3:dc:28:49:
                    50:db:67:57:92:83:37:ff:48:27:63:bb:8b:9c:63:
                    98:da:27:ae:ca:9d:21:ef:b0:56:6c:e6:ca:4f:b1:
                    fa:97:0a:50:cd:bd:8f:8a:cd:7c:46:f5:17:48:3e:
                    bb:5e:0e:25:23:cf:da:b9:b5:11:b1:b0:d9:f8:06:
                    3a:12:1f:9d:b2:3f:b2:60:1d:b1:a6:b6:be:f9:cd:
                    2b:5e:a3:61:52:d1:9d:05:f4:0a:09:1c:10:b1:f6:
                    b6:00:1a:51:15:90:fb:23:a8:9b:20:a9:9b:5f:43:
                    bd:f1:24:ec:f9:a7:28:6a:bc:f8:48:7f:c0:d1:7f:
                    8d:66:42:3b:c6:19:5b:4f:95:6b:e7:54:87:fe:d9:
                    44:26:de:5c:03:cb:44:02:bb:08:cc:e4:b7:28:74:
                    95:99:88:4c:fd:54:7c:d6:b9:67:cd:14:ac:f9:4b:
                    30:e7:19:cf:59:43:a2:2b:30:76:61:11:90:b3:1d:
                    99:e3:e5:fb:08:45:07:fe:77:9b:f8:c7:a8:ce:fa:
                    5c:35:12:2d:37:b6:fa:8b:04:a5:27:31:fb:23:42:
                    04:38:80:ed:81:88:48:95:85:da:25:c0:98:f5:ae:
                    ac:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A5:31:DD:C9:3E:8D:B6:12:1E:47:CF:51:B6:01:2B:76:C8:01:D6
            X509v3 Authority Key Identifier:
                keyid:C9:18:20:B5:00:07:E4:1C:53:DD:60:29:B3:79:54:D3:57:2F:4C:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/TKUx3ck-jbYSHkfPUbYBK3bIAdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.148.0/22
                  91.223.170.0/24
                  195.206.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:c3:ca:59:d6:79:2e:da:ac:50:79:1b:b5:1b:02:e1:4e:e4:
         4c:75:e5:11:ab:28:49:bc:f0:bc:2c:0b:fc:46:69:6c:79:53:
         bf:88:19:f7:76:2c:4a:55:18:e3:94:f9:bc:e1:7a:8f:97:d6:
         d7:5f:ce:9d:74:6c:24:33:5b:18:4a:b5:34:52:2e:cd:2b:b8:
         d3:26:35:23:32:0c:98:30:a9:01:f6:f9:da:93:2e:2e:a6:5e:
         7c:68:b1:85:38:90:2f:c5:8f:91:99:2a:5c:58:24:5c:00:0e:
         d0:03:33:fb:89:62:20:b1:9b:a2:94:b8:6f:c4:fa:96:d8:d7:
         b2:a1:43:2f:67:3d:1e:62:11:4e:2c:c6:b1:1b:61:0f:4c:a7:
         63:2d:15:e3:58:74:b4:0a:ca:2e:86:57:73:67:ed:4b:79:1c:
         0d:18:d0:1a:93:d8:3e:59:dc:39:91:ae:c8:eb:7b:ef:f1:48:
         db:be:bd:f4:40:ce:62:31:9e:53:be:d9:b9:ef:0f:15:c5:46:
         b3:70:77:16:52:7d:fb:cc:19:27:77:a4:49:94:91:75:45:27:
         0c:da:ea:12:2a:ab:77:8b:fb:0d:04:95:17:6c:af:f2:84:b2:
         3a:f0:3e:a3:fb:06:26:51:92:54:93:e6:e5:6b:a0:a5:ac:1c:
         51:8a:c8:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAmaBepAKBWShycJ/wW83GXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MTgyMGI1MDAwN2U0MWM1M2RkNjAyOWIzNzk1NGQzNTcy
ZjRjMjkwHhcNMjQwNjE3MTMzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2E1MzFkZGM5M2U4ZGI2MTIxZTQ3Y2Y1MWI2MDEyYjc2YzgwMWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumNkKmcuC+wVBj50UlqKPQQFui1J
gMlaCqPcKElQ22dXkoM3/0gnY7uLnGOY2ieuyp0h77BWbObKT7H6lwpQzb2Pis18
RvUXSD67Xg4lI8/aubURsbDZ+AY6Eh+dsj+yYB2xpra++c0rXqNhUtGdBfQKCRwQ
sfa2ABpRFZD7I6ibIKmbX0O98STs+acoarz4SH/A0X+NZkI7xhlbT5Vr51SH/tlE
Jt5cA8tEArsIzOS3KHSVmYhM/VR81rlnzRSs+Usw5xnPWUOiKzB2YRGQsx2Z4+X7
CEUH/neb+MeozvpcNRItN7b6iwSlJzH7I0IEOIDtgYhIlYXaJcCY9a6s2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEylMd3JPo22Eh5Hz1G2ASt2yAHWMB8GA1UdIwQY
MBaAFMkYILUAB+QcU91gKbN5VNNXL0wpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVJnZ3RRQUg1QnhUM1dBcHMzbFUwMWN2VENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYTcxMjEtNTQxNC00NDg0LTkxODUt
ZWVjMTRjOTcxYzRkLzEvVEtVeDNjay1qYllTSGtmUFViWUJLM2JJQWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYTcxMjEtNTQxNC00NDg0LTkxODUtZWVjMTRjOTcxYzRk
LzEveVJnZ3RRQUg1QnhUM1dBcHMzbFUwMWN2VENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8GUAwQA
W9+qAwQBw87iMA0GCSqGSIb3DQEBCwUAA4IBAQAcw8pZ1nku2qxQeRu1GwLhTuRM
deURqyhJvPC8LAv8RmlseVO/iBn3dixKVRjjlPm84XqPl9bXX86ddGwkM1sYSrU0
Ui7NK7jTJjUjMgyYMKkB9vnaky4upl58aLGFOJAvxY+RmSpcWCRcAA7QAzP7iWIg
sZuilLhvxPqW2NeyoUMvZz0eYhFOLMaxG2EPTKdjLRXjWHS0CsouhldzZ+1LeRwN
GNAak9g+Wdw5ka7I63vv8Ujbvr30QM5iMZ5Tvtm57w8VxUazcHcWUn37zBknd6RJ
lJF1RScM2uoSKqt3i/sNBJUXbK/yhLI68D6j+wYmUZJUk+bla6ClrBxRishc
-----END CERTIFICATE-----