Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/dTJTZK3RvulD5r7ehghl-VQVaKc.roa
File:                     dTJTZK3RvulD5r7ehghl-VQVaKc.roa (raw, json)
Hash identifier:          cnM0lLdmHPRiaAsLeKSkvSjUgGwGbC8y8moNZC+xal8=
Subject key identifier:   75:32:53:64:AD:D1:BE:E9:43:E6:BE:DE:86:08:65:F9:54:15:68:A7
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0192EF98CCC6A8EB97206CB64BFAA4ED3A10
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/dTJTZK3RvulD5r7ehghl-VQVaKc.roa
Signing time:             Sun 03 Nov 2024 01:17:01 +0000
ROA not before:           Sun 03 Nov 2024 01:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60790
IP address blocks:        194.110.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ef:98:cc:c6:a8:eb:97:20:6c:b6:4b:fa:a4:ed:3a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Nov  3 01:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75325364add1bee943e6bede860865f9541568a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ee:4a:da:c2:b4:11:35:2b:bc:d9:48:85:a3:
                    33:6e:fb:0a:5b:a3:c6:03:00:1e:40:ab:43:c0:36:
                    ac:51:62:7f:e6:b7:e2:54:01:ea:dc:98:f1:84:4b:
                    58:f8:d9:84:6d:45:9c:f0:6c:7e:6d:3c:f1:83:ee:
                    ae:41:98:9d:0c:f4:68:ab:27:1e:8d:b6:69:d9:36:
                    54:79:62:03:33:49:ad:45:95:69:4f:fe:7d:82:4e:
                    a8:aa:ee:5c:fb:1b:9f:df:78:98:da:8e:29:63:b8:
                    dc:30:18:c3:84:c3:59:6a:02:af:86:35:6f:f0:78:
                    6d:c7:a2:35:0b:12:99:38:1a:70:cf:9f:e2:5b:c9:
                    58:7f:6b:4b:8b:e6:17:4d:3a:a6:ae:9e:40:0d:f4:
                    ca:2f:12:ae:30:bc:bd:16:fc:7a:8d:67:35:47:1b:
                    07:ad:37:1a:ea:00:30:d7:74:93:c6:01:c5:b8:44:
                    d1:1c:f7:94:71:f8:a8:2d:ea:fd:93:5e:79:86:4c:
                    2e:70:45:f3:25:30:7c:06:df:db:f5:88:38:4e:05:
                    18:1f:7c:a9:04:79:e3:4a:fc:9e:01:59:6b:9a:a3:
                    a9:15:16:6d:b4:9c:ab:f4:2c:af:55:29:d7:5a:ca:
                    76:f2:db:eb:48:ce:eb:2a:9a:8e:b6:dc:6f:a6:0b:
                    0c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:32:53:64:AD:D1:BE:E9:43:E6:BE:DE:86:08:65:F9:54:15:68:A7
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/dTJTZK3RvulD5r7ehghl-VQVaKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:f5:41:d0:9d:be:16:32:d8:04:3a:fa:18:d6:2b:5b:f4:0a:
         c4:57:5e:bc:a1:91:12:e7:fd:16:f6:19:4a:f9:af:e2:03:cb:
         f3:73:59:8a:4f:ae:21:5d:98:d8:b6:2a:8a:34:47:bc:f4:f7:
         58:a6:56:3b:8a:5a:30:94:b6:f7:19:ed:ff:31:0a:5c:85:cb:
         06:75:f5:8f:ea:ab:79:06:03:98:b1:ea:73:77:a7:52:27:05:
         c9:12:c9:be:43:86:aa:ef:9c:5c:22:35:31:33:63:66:7a:9c:
         f3:cc:94:c3:c4:49:c9:67:c6:1f:87:23:30:63:e0:4c:33:c3:
         c3:22:58:03:af:df:e4:4c:54:56:a5:f5:7b:a5:3d:7e:8a:83:
         fa:08:64:28:c6:45:e5:d8:57:78:dd:19:fa:ea:fe:0c:c4:85:
         64:e5:89:0a:5b:f2:c9:4e:e3:58:a4:d7:23:37:4e:66:ac:8c:
         38:99:e2:36:a8:52:d9:7f:76:41:76:ab:61:b6:cd:6d:69:6e:
         3c:2e:72:13:53:29:38:a7:a0:23:c0:e6:2d:46:cd:21:77:89:
         fe:74:4e:89:ed:61:e8:69:ee:5f:b1:ea:8a:1d:b4:14:92:a3:
         e8:49:4e:32:e9:29:43:fc:36:36:c7:86:2c:0a:d1:3f:27:9b:
         be:10:b7:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLvmMzGqOuXIGy2S/qk7ToQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQxMTAzMDExNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTMyNTM2NGFkZDFiZWU5NDNlNmJlZGU4NjA4NjVmOTU0MTU2OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe5K2sK0ETUrvNlIhaMzbvsKW6PG
AwAeQKtDwDasUWJ/5rfiVAHq3JjxhEtY+NmEbUWc8Gx+bTzxg+6uQZidDPRoqyce
jbZp2TZUeWIDM0mtRZVpT/59gk6oqu5c+xuf33iY2o4pY7jcMBjDhMNZagKvhjVv
8Hhtx6I1CxKZOBpwz5/iW8lYf2tLi+YXTTqmrp5ADfTKLxKuMLy9Fvx6jWc1RxsH
rTca6gAw13STxgHFuETRHPeUcfioLer9k155hkwucEXzJTB8Bt/b9Yg4TgUYH3yp
BHnjSvyeAVlrmqOpFRZttJyr9CyvVSnXWsp28tvrSM7rKpqOttxvpgsMmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUyU2St0b7pQ+a+3oYIZflUFWinMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvZFRKVFpLM1J2dWxENXI3ZWhnaGwtVlFWYUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6sMA0G
CSqGSIb3DQEBCwUAA4IBAQCa9UHQnb4WMtgEOvoY1itb9ArEV168oZES5/0W9hlK
+a/iA8vzc1mKT64hXZjYtiqKNEe89PdYplY7ilowlLb3Ge3/MQpchcsGdfWP6qt5
BgOYsepzd6dSJwXJEsm+Q4aq75xcIjUxM2NmepzzzJTDxEnJZ8YfhyMwY+BMM8PD
IlgDr9/kTFRWpfV7pT1+ioP6CGQoxkXl2Fd43Rn66v4MxIVk5YkKW/LJTuNYpNcj
N05mrIw4meI2qFLZf3ZBdqthts1taW48LnITUyk4p6AjwOYtRs0hd4n+dE6J7WHo
ae5fseqKHbQUkqPoSU4y6SlD/DY2x4YsCtE/J5u+ELdM
-----END CERTIFICATE-----