Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/TL9ZqPWTTTuSwQVc63fFFWUBLSI.roa
File:                     TL9ZqPWTTTuSwQVc63fFFWUBLSI.roa (raw, json)
Hash identifier:          Fc9YlAyqnzBovpiBxm+TI89JjASpNpVUA9t+X+TuMkI=
Subject key identifier:   4C:BF:59:A8:F5:93:4D:3B:92:C1:05:5C:EB:77:C5:15:65:01:2D:22
Certificate issuer:       /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial:       018CC56DDFA8D8222BC978BED584357AD7E7
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/TL9ZqPWTTTuSwQVc63fFFWUBLSI.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        209.35.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:df:a8:d8:22:2b:c9:78:be:d5:84:35:7a:d7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cbf59a8f5934d3b92c1055ceb77c51565012d22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dc:b5:d2:83:65:76:b0:08:2c:4b:7f:c7:49:
                    8a:e3:6f:ce:16:82:28:22:47:f3:c3:18:7a:60:91:
                    3e:4b:8f:e2:04:1c:21:f2:3f:b0:fa:33:f1:a2:98:
                    85:0d:4b:39:53:4c:ad:02:97:0f:e3:6b:49:45:dc:
                    9a:db:ac:cd:17:a3:34:48:f5:8d:da:fe:77:d6:b1:
                    a5:af:dd:4d:d5:9c:9b:99:bd:96:3b:a3:2d:f1:4c:
                    46:8e:2f:ac:e8:d0:6a:a8:1e:1e:1b:7e:5a:52:58:
                    d1:8a:49:95:bc:fe:0d:76:86:9e:71:1c:42:af:c0:
                    2e:95:98:af:5a:9c:ff:8a:16:1f:cf:d6:be:43:5f:
                    18:02:7c:21:fe:93:ba:54:d5:f9:70:ed:cb:fc:43:
                    c8:b3:49:5a:ab:d0:9b:3f:4d:91:e4:f4:ba:46:ba:
                    76:29:b9:ca:bd:88:15:d3:d4:49:48:43:84:d3:8c:
                    f4:95:f0:9d:fa:ca:c4:70:ee:11:3e:86:f2:c3:74:
                    40:b6:26:85:07:5c:5b:86:f8:47:87:df:90:8c:bc:
                    ff:e4:fe:f7:79:99:cd:25:8b:a6:21:df:c0:1d:5b:
                    d6:60:6e:cc:89:52:b6:7c:c9:f3:e4:79:1a:68:7e:
                    5f:cf:b2:ca:67:c3:24:74:e0:61:67:6b:f2:81:8b:
                    9b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:BF:59:A8:F5:93:4D:3B:92:C1:05:5C:EB:77:C5:15:65:01:2D:22
            X509v3 Authority Key Identifier:
                keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/TL9ZqPWTTTuSwQVc63fFFWUBLSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.35.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:11:5d:2f:78:cb:5b:72:38:16:c9:0d:33:46:e8:10:8e:52:
         04:9b:04:e8:2d:6c:75:ce:83:96:a7:3f:dc:2f:e0:98:cc:f7:
         ac:83:d3:d6:e5:43:f6:69:12:46:a5:0e:51:5d:1f:d8:22:3e:
         27:50:72:13:06:ce:28:e4:58:9a:70:59:c3:93:b6:8e:a6:e1:
         c8:fd:44:57:c8:50:4d:b8:bb:62:60:47:03:31:c1:48:27:2e:
         19:d4:9a:dc:d4:7e:47:26:a5:5a:85:c4:15:ba:56:4e:47:0f:
         f5:bd:b4:ef:80:30:6e:7c:d3:ac:31:39:2e:9c:d1:58:a4:f7:
         ed:d8:97:71:d4:26:17:f9:db:d8:5b:37:7a:b0:63:5f:e1:c0:
         cb:53:74:63:68:4e:a0:75:ed:75:b6:0b:fb:2f:22:4b:43:cf:
         20:63:24:fc:50:76:e9:06:ba:df:41:df:20:e4:ea:0e:32:d9:
         45:dd:dd:fa:78:3e:be:c5:5a:76:6c:aa:a1:5d:2b:00:c9:2f:
         26:25:02:ec:b7:9c:5e:de:43:7c:86:f6:9d:d9:e8:7d:75:ac:
         0d:13:02:7b:a4:31:ae:2e:86:37:ef:05:64:42:2b:79:a1:89:
         a2:64:c6:ad:b1:7a:7d:34:c0:dd:e9:1a:c4:ba:2f:93:42:db:
         1d:5d:04:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbd+o2CIryXi+1YQ1etfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2JmNTlhOGY1OTM0ZDNiOTJjMTA1NWNlYjc3YzUxNTY1MDEyZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ny10oNldrAILEt/x0mK42/OFoIo
Ikfzwxh6YJE+S4/iBBwh8j+w+jPxopiFDUs5U0ytApcP42tJRdya26zNF6M0SPWN
2v531rGlr91N1Zybmb2WO6Mt8UxGji+s6NBqqB4eG35aUljRikmVvP4NdoaecRxC
r8AulZivWpz/ihYfz9a+Q18YAnwh/pO6VNX5cO3L/EPIs0laq9CbP02R5PS6Rrp2
KbnKvYgV09RJSEOE04z0lfCd+srEcO4RPobyw3RAtiaFB1xbhvhHh9+QjLz/5P73
eZnNJYumId/AHVvWYG7MiVK2fMnz5HkaaH5fz7LKZ8MkdOBhZ2vygYub6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEy/Waj1k007ksEFXOt3xRVlAS0iMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvVEw5WnFQV1RUVHVTd1FWYzYzZkZGV1VCTFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0SPoMA0G
CSqGSIb3DQEBCwUAA4IBAQA7EV0veMtbcjgWyQ0zRugQjlIEmwToLWx1zoOWpz/c
L+CYzPesg9PW5UP2aRJGpQ5RXR/YIj4nUHITBs4o5FiacFnDk7aOpuHI/URXyFBN
uLtiYEcDMcFIJy4Z1Jrc1H5HJqVahcQVulZORw/1vbTvgDBufNOsMTkunNFYpPft
2Jdx1CYX+dvYWzd6sGNf4cDLU3RjaE6gde11tgv7LyJLQ88gYyT8UHbpBrrfQd8g
5OoOMtlF3d36eD6+xVp2bKqhXSsAyS8mJQLst5xe3kN8hvad2eh9dawNEwJ7pDGu
LoY37wVkQit5oYmiZMatsXp9NMDd6RrEui+TQtsdXQTa
-----END CERTIFICATE-----