Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/TzxRbVHSg5o5feP5wnwWxKoKPa8.roa
File:                     TzxRbVHSg5o5feP5wnwWxKoKPa8.roa (raw, json)
Hash identifier:          uYozKFZmwXKX6kNsC3t62nQ4jBr0NoFQlDUAnKeefEc=
Subject key identifier:   4F:3C:51:6D:51:D2:83:9A:39:7D:E3:F9:C2:7C:16:C4:AA:0A:3D:AF
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       018EF036C90DFD9D1CF98867B7D4080103F2
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/TzxRbVHSg5o5feP5wnwWxKoKPa8.roa
Signing time:             Thu 18 Apr 2024 07:58:25 +0000
ROA not before:           Thu 18 Apr 2024 07:58:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30981
IP address blocks:        82.205.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:36:c9:0d:fd:9d:1c:f9:88:67:b7:d4:08:01:03:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Apr 18 07:58:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f3c516d51d2839a397de3f9c27c16c4aa0a3daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:82:e8:5f:26:3c:a5:d6:06:f6:7b:30:8f:a1:
                    0f:45:55:1b:f6:10:ee:d3:15:98:31:d7:16:50:76:
                    30:4a:d2:59:f9:ba:ef:85:d9:4c:19:4f:a5:ce:55:
                    bf:f5:5f:54:a2:06:71:0b:b4:0d:a0:e4:a1:59:be:
                    57:61:6d:31:02:e8:00:70:62:34:b7:7b:9a:a9:2e:
                    c2:cf:9f:78:a3:cf:d6:31:1b:25:fd:94:e8:93:9d:
                    d2:eb:97:41:10:40:5f:b2:29:a3:ba:02:41:4c:29:
                    02:c9:eb:df:6a:4d:01:f3:8e:46:75:5d:4c:e2:0a:
                    13:12:17:ae:6b:30:44:e0:48:73:31:75:42:73:7c:
                    94:fb:9a:5f:10:42:03:2d:ac:8e:ee:cb:8d:89:f0:
                    7c:6c:39:6b:09:ea:1f:a6:9f:81:73:7d:45:5a:86:
                    6d:a3:28:5a:50:86:a0:6d:ca:d2:4d:03:9e:30:3b:
                    3e:0b:4e:85:13:39:6c:53:4b:3b:53:7d:b7:75:22:
                    19:10:3d:ce:c9:84:6e:a4:d3:47:59:5a:64:5a:1d:
                    9e:d5:f7:75:fa:ea:66:86:05:e5:5d:40:f1:a4:94:
                    b9:a5:c5:aa:25:a9:a1:27:5d:15:55:5d:99:18:12:
                    97:a7:18:44:1d:c0:b6:a7:aa:45:63:3a:c9:f4:cf:
                    b2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3C:51:6D:51:D2:83:9A:39:7D:E3:F9:C2:7C:16:C4:AA:0A:3D:AF
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/TzxRbVHSg5o5feP5wnwWxKoKPa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.205.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c8:2c:04:e6:9e:1e:d3:32:1c:c8:cd:b7:9a:00:cf:ee:30:
         2f:e8:4b:f5:86:81:9a:8c:77:39:e4:99:f6:7d:45:0e:1c:f7:
         3c:29:76:b1:04:79:5f:6c:b3:63:ef:cb:8b:69:39:05:4d:02:
         7e:d7:d7:ef:0a:15:e9:1d:58:ef:ce:e5:e4:51:c1:78:4e:7a:
         b6:56:4b:ee:bd:17:6a:88:10:32:94:d6:4c:d5:6f:a4:79:35:
         8e:a8:6e:f0:89:87:11:92:28:5c:f6:84:f0:e1:1b:80:07:e6:
         e5:63:7f:29:2c:cc:b2:92:d9:59:98:ad:df:0f:d7:0a:d0:6d:
         fc:71:3a:b5:c8:41:7b:19:71:c1:cb:18:4d:aa:02:6e:c5:dd:
         5b:84:fa:20:7c:45:ee:9f:8a:36:07:14:fa:e7:68:87:f4:cb:
         de:a0:89:27:00:7c:2a:79:3d:ac:24:73:61:a7:36:bc:3f:b6:
         03:af:2f:59:67:f7:73:8f:c2:65:92:55:48:0e:70:ea:d4:b4:
         3f:eb:83:eb:76:96:13:49:9b:a1:eb:85:3a:ee:8d:2c:3f:2e:
         2c:b2:8d:ff:5f:d9:25:9a:fe:33:05:a8:30:d6:5e:97:7f:ee:
         5a:37:c5:65:b4:f1:44:a1:e0:c9:13:f2:ea:e2:55:51:88:00:
         db:42:8a:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7wNskN/Z0c+Yhnt9QIAQPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjQwNDE4MDc1ODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNjNTE2ZDUxZDI4MzlhMzk3ZGUzZjljMjdjMTZjNGFhMGEzZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYLoXyY8pdYG9nswj6EPRVUb9hDu
0xWYMdcWUHYwStJZ+brvhdlMGU+lzlW/9V9UogZxC7QNoOShWb5XYW0xAugAcGI0
t3uaqS7Cz594o8/WMRsl/ZTok53S65dBEEBfsimjugJBTCkCyevfak0B845GdV1M
4goTEheuazBE4EhzMXVCc3yU+5pfEEIDLayO7suNifB8bDlrCeofpp+Bc31FWoZt
oyhaUIagbcrSTQOeMDs+C06FEzlsU0s7U323dSIZED3OyYRupNNHWVpkWh2e1fd1
+upmhgXlXUDxpJS5pcWqJamhJ10VVV2ZGBKXpxhEHcC2p6pFYzrJ9M+yiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE88UW1R0oOaOX3j+cJ8FsSqCj2vMB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvVHp4UmJWSFNnNW81ZmVQNXdud1d4S29LUGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUs3JMA0G
CSqGSIb3DQEBCwUAA4IBAQCCyCwE5p4e0zIcyM23mgDP7jAv6Ev1hoGajHc55Jn2
fUUOHPc8KXaxBHlfbLNj78uLaTkFTQJ+19fvChXpHVjvzuXkUcF4Tnq2VkvuvRdq
iBAylNZM1W+keTWOqG7wiYcRkihc9oTw4RuAB+blY38pLMyyktlZmK3fD9cK0G38
cTq1yEF7GXHByxhNqgJuxd1bhPogfEXun4o2BxT652iH9MveoIknAHwqeT2sJHNh
pza8P7YDry9ZZ/dzj8JlklVIDnDq1LQ/64PrdpYTSZuh64U67o0sPy4sso3/X9kl
mv4zBagw1l6Xf+5aN8VltPFEoeDJE/Lq4lVRiADbQooi
-----END CERTIFICATE-----