Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/TtwfYZYt7LYrEn_dxZG2475WthU.roa
File:                     TtwfYZYt7LYrEn_dxZG2475WthU.roa (raw, json)
Hash identifier:          XPijg2BBH70WPMHdGyARpwoymri8xCEWa+sdXa+j+pI=
Subject key identifier:   4E:DC:1F:61:96:2D:EC:B6:2B:12:7F:DD:C5:91:B6:E3:BE:56:B6:15
Certificate issuer:       /CN=aae1356e6404c0b702d5b3813a934435aaec0c98
Certificate serial:       018CC8714A285A87750CB41164DB8BAA7C94
Authority key identifier: AA:E1:35:6E:64:04:C0:B7:02:D5:B3:81:3A:93:44:35:AA:EC:0C:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quE1bmQEwLcC1bOBOpNENarsDJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/TtwfYZYt7LYrEn_dxZG2475WthU.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43611
IP address blocks:        78.24.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/quE1bmQEwLcC1bOBOpNENarsDJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/quE1bmQEwLcC1bOBOpNENarsDJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quE1bmQEwLcC1bOBOpNENarsDJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4a:28:5a:87:75:0c:b4:11:64:db:8b:aa:7c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae1356e6404c0b702d5b3813a934435aaec0c98
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4edc1f61962decb62b127fddc591b6e3be56b615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1c:1a:9c:65:0e:30:14:17:37:1a:bd:b3:15:
                    78:5f:e1:86:ea:cf:21:cf:b4:f5:63:a9:4f:9c:50:
                    3d:dd:3f:a5:51:bf:f0:55:d5:5f:cb:33:de:35:2e:
                    66:f1:6d:78:bd:c0:52:10:8a:a7:4c:31:ed:45:cd:
                    4b:d3:a6:4c:df:70:cc:90:2c:12:fc:56:e6:6e:df:
                    e7:e7:38:10:a2:2f:1b:93:39:0e:7a:b9:e9:a8:8d:
                    4d:c9:2c:9b:d1:d8:f0:6e:3b:58:90:99:65:51:95:
                    70:b8:b6:74:3d:bc:cd:44:a7:d8:2a:6b:d7:0b:c9:
                    18:52:d7:5c:f6:81:2c:7c:d0:dd:30:f4:6f:c9:fe:
                    3f:e1:54:fa:62:7a:ed:67:78:fc:96:66:d2:31:6e:
                    2a:26:7b:06:01:5a:86:91:aa:c1:e2:1d:a9:02:0c:
                    a6:60:03:92:8c:49:e6:e7:e2:4c:1f:a7:80:d0:1f:
                    0e:82:02:ec:61:81:ca:46:1b:bc:02:03:79:1b:03:
                    ec:34:90:34:bd:09:0c:36:9f:5c:73:9a:95:68:c2:
                    21:d0:ee:78:0b:aa:03:54:6e:d6:3a:df:a3:ca:af:
                    a2:1d:9f:8d:3c:4a:c9:dc:12:26:d5:ef:21:87:f3:
                    d2:81:de:03:44:a8:d4:97:cc:48:6d:d0:56:cb:88:
                    ca:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:DC:1F:61:96:2D:EC:B6:2B:12:7F:DD:C5:91:B6:E3:BE:56:B6:15
            X509v3 Authority Key Identifier:
                keyid:AA:E1:35:6E:64:04:C0:B7:02:D5:B3:81:3A:93:44:35:AA:EC:0C:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quE1bmQEwLcC1bOBOpNENarsDJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/TtwfYZYt7LYrEn_dxZG2475WthU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/8111f4-18ec-4f39-8541-0775fbb8e81a/1/quE1bmQEwLcC1bOBOpNENarsDJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9a:34:8d:a9:6e:3a:5c:34:c6:1c:f3:e1:9d:57:bb:29:ad:12:
         33:80:89:f6:51:64:4b:70:f7:ce:bd:53:2d:27:0d:5d:85:99:
         65:13:09:4a:9a:bb:98:7d:18:41:44:6c:93:b5:fd:74:42:60:
         a0:c8:87:69:6b:3a:84:c6:61:2d:56:97:08:1f:be:bd:1b:4f:
         0f:59:7c:6a:29:81:52:bc:19:57:e4:a8:5b:97:1e:a6:2b:04:
         3e:d9:c8:c5:07:f8:db:ff:b2:c1:9e:a7:4a:01:ba:01:f3:35:
         41:9b:1e:04:65:f7:62:5c:06:84:94:a3:a8:d6:3b:ea:fe:2a:
         69:e3:22:40:c0:9a:a9:f3:1c:d4:3b:23:cc:2a:f9:38:df:01:
         45:6f:20:f6:17:15:43:5f:4e:bf:b6:8c:af:7a:ba:de:50:75:
         86:bc:5a:af:07:08:a9:a6:5a:80:fe:38:58:80:ca:1b:2c:5e:
         08:b4:ba:c9:38:81:0f:9c:f5:58:3c:1c:2e:11:8f:9d:27:39:
         cd:42:d7:35:63:df:a9:37:f4:ec:9d:1d:9c:37:09:38:50:d4:
         d0:fe:4a:f3:a1:a3:d0:42:33:00:45:9a:0c:01:be:b3:82:4d:
         59:2b:ff:19:a2:4b:0d:83:45:f5:43:13:2f:81:a2:fb:b9:f5:
         8f:72:51:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUooWod1DLQRZNuLqnyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZTEzNTZlNjQwNGMwYjcwMmQ1YjM4MTNhOTM0NDM1YWFl
YzBjOTgwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRjMWY2MTk2MmRlY2I2MmIxMjdmZGRjNTkxYjZlM2JlNTZiNjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixwanGUOMBQXNxq9sxV4X+GG6s8h
z7T1Y6lPnFA93T+lUb/wVdVfyzPeNS5m8W14vcBSEIqnTDHtRc1L06ZM33DMkCwS
/Fbmbt/n5zgQoi8bkzkOernpqI1NySyb0djwbjtYkJllUZVwuLZ0PbzNRKfYKmvX
C8kYUtdc9oEsfNDdMPRvyf4/4VT6YnrtZ3j8lmbSMW4qJnsGAVqGkarB4h2pAgym
YAOSjEnm5+JMH6eA0B8OggLsYYHKRhu8AgN5GwPsNJA0vQkMNp9cc5qVaMIh0O54
C6oDVG7WOt+jyq+iHZ+NPErJ3BIm1e8hh/PSgd4DRKjUl8xIbdBWy4jKzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7cH2GWLey2KxJ/3cWRtuO+VrYVMB8GA1UdIwQY
MBaAFKrhNW5kBMC3AtWzgTqTRDWq7AyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXVFMWJtUUV3TGNDMWJPQk9wTkVOYXJzREpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84MTExZjQtMThlYy00ZjM5LTg1NDEt
MDc3NWZiYjhlODFhLzEvVHR3ZllaWXQ3TFlyRW5fZHhaRzI0NzVXdGhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84MTExZjQtMThlYy00ZjM5LTg1NDEtMDc3NWZiYjhlODFh
LzEvcXVFMWJtUUV3TGNDMWJPQk9wTkVOYXJzREpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDThhQMA0G
CSqGSIb3DQEBCwUAA4IBAQCaNI2pbjpcNMYc8+GdV7sprRIzgIn2UWRLcPfOvVMt
Jw1dhZllEwlKmruYfRhBRGyTtf10QmCgyIdpazqExmEtVpcIH769G08PWXxqKYFS
vBlX5Khblx6mKwQ+2cjFB/jb/7LBnqdKAboB8zVBmx4EZfdiXAaElKOo1jvq/ipp
4yJAwJqp8xzUOyPMKvk43wFFbyD2FxVDX06/toyverreUHWGvFqvBwipplqA/jhY
gMobLF4ItLrJOIEPnPVYPBwuEY+dJznNQtc1Y9+pN/TsnR2cNwk4UNTQ/krzoaPQ
QjMARZoMAb6zgk1ZK/8ZoksNg0X1QxMvgaL7ufWPclFz
-----END CERTIFICATE-----