Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/TmYMHEp35_lvkFrqmdRxv_VpDPo.roa
File:                     TmYMHEp35_lvkFrqmdRxv_VpDPo.roa (raw, json)
Hash identifier:          zw30S+QzCumUMX6LuxmaH7eTDcWskcGNGWrgnhFb22A=
Subject key identifier:   4E:66:0C:1C:4A:77:E7:F9:6F:90:5A:EA:99:D4:71:BF:F5:69:0C:FA
Certificate issuer:       /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial:       019251480AC6B4AB983A306ABF9156523581
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/TmYMHEp35_lvkFrqmdRxv_VpDPo.roa
Signing time:             Thu 03 Oct 2024 07:28:48 +0000
ROA not before:           Thu 03 Oct 2024 07:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        192.109.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:48:0a:c6:b4:ab:98:3a:30:6a:bf:91:56:52:35:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
        Validity
            Not Before: Oct  3 07:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e660c1c4a77e7f96f905aea99d471bff5690cfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:09:cc:fd:79:6c:b1:8a:85:d9:31:a9:60:dd:
                    fa:23:38:c9:b3:91:8e:09:7f:4c:ff:c3:04:15:ae:
                    92:80:cf:5e:eb:51:39:87:11:74:af:e4:f4:66:32:
                    e9:bb:34:88:30:b4:65:71:22:f7:00:1b:84:d5:5d:
                    dd:21:e0:c8:ae:15:09:9c:e7:24:77:00:8e:5a:ee:
                    10:73:a4:89:87:11:40:fc:b2:d0:25:36:44:a5:71:
                    1b:95:4e:a7:6a:f8:3f:cc:93:31:e0:8c:3c:d4:68:
                    f9:f5:ac:6d:24:dd:b3:33:24:a3:dd:b3:b2:f4:03:
                    d7:b9:5e:7d:ac:3d:37:b3:00:b5:22:e5:6f:b6:6c:
                    8c:b0:85:66:72:d3:6a:83:ed:01:85:e8:bb:5f:32:
                    e7:b3:c4:5b:ca:b6:f7:eb:33:c1:a4:9c:18:d0:36:
                    1b:c2:8a:2a:96:c4:61:e0:2b:2b:6c:bd:bf:cc:a4:
                    37:d2:2b:8c:59:af:ef:0a:76:94:fc:0c:1d:18:34:
                    dc:ca:9c:0f:06:39:88:53:07:0b:5f:4d:f6:6b:ff:
                    f4:77:56:f0:bc:19:1f:82:d1:f0:f6:d6:a1:22:cc:
                    5f:9b:d0:33:c3:0f:02:ca:66:46:a3:a1:19:a1:a3:
                    95:10:26:9f:d1:67:0c:df:e3:06:68:12:a8:79:0c:
                    74:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:66:0C:1C:4A:77:E7:F9:6F:90:5A:EA:99:D4:71:BF:F5:69:0C:FA
            X509v3 Authority Key Identifier:
                keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/TmYMHEp35_lvkFrqmdRxv_VpDPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3c:de:02:d4:c0:78:d5:37:66:ba:2d:b1:e1:f4:a2:db:ea:
         63:74:1f:87:75:64:93:0e:a9:3a:1d:42:17:db:fb:24:8a:6a:
         92:53:3c:a7:38:5c:9c:e8:59:c5:ae:87:11:56:59:ed:09:2e:
         10:47:6f:df:ee:2b:5d:02:cc:55:c0:45:70:e3:74:b8:58:48:
         1a:78:62:07:16:82:85:80:a5:2d:81:d6:46:dc:a2:0a:fe:47:
         07:54:85:f9:dc:3e:97:a1:0d:fc:ce:a1:83:07:f8:63:70:52:
         36:8e:1d:5f:3e:69:0f:00:5f:be:1b:c1:ff:55:3d:18:8b:12:
         c1:35:f7:74:93:e1:d6:5d:2b:93:14:08:4f:ab:5c:6b:54:25:
         bc:27:7f:c5:40:16:c6:66:ef:f2:81:33:fc:b3:80:3c:17:68:
         29:e1:40:1a:53:3f:7e:06:a3:e4:f0:8f:ef:24:fc:2f:52:4b:
         e9:ab:11:3d:35:53:3e:a9:26:6d:ad:74:42:ad:23:30:2c:97:
         66:ef:18:4d:94:6c:54:a7:62:d6:8f:39:4c:b9:fc:62:09:db:
         e7:6a:1f:61:a7:2c:72:35:c3:11:dc:31:8a:b0:de:09:5a:46:
         9c:66:57:61:3f:ed:20:e6:51:10:c8:00:c4:99:a9:dc:c1:38:
         d2:d2:0d:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRSArGtKuYOjBqv5FWUjWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjQxMDAzMDcyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY2MGMxYzRhNzdlN2Y5NmY5MDVhZWE5OWQ0NzFiZmY1NjkwY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QnM/XlssYqF2TGpYN36IzjJs5GO
CX9M/8MEFa6SgM9e61E5hxF0r+T0ZjLpuzSIMLRlcSL3ABuE1V3dIeDIrhUJnOck
dwCOWu4Qc6SJhxFA/LLQJTZEpXEblU6navg/zJMx4Iw81Gj59axtJN2zMySj3bOy
9APXuV59rD03swC1IuVvtmyMsIVmctNqg+0Bhei7XzLns8Rbyrb36zPBpJwY0DYb
wooqlsRh4CsrbL2/zKQ30iuMWa/vCnaU/AwdGDTcypwPBjmIUwcLX032a//0d1bw
vBkfgtHw9tahIsxfm9Azww8CymZGo6EZoaOVECaf0WcM3+MGaBKoeQx0GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5mDBxKd+f5b5Ba6pnUcb/1aQz6MB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvVG1ZTUhFcDM1X2x2a0ZycW1kUnh2X1ZwRFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG2LMA0G
CSqGSIb3DQEBCwUAA4IBAQB0PN4C1MB41Tdmui2x4fSi2+pjdB+HdWSTDqk6HUIX
2/skimqSUzynOFyc6FnFrocRVlntCS4QR2/f7itdAsxVwEVw43S4WEgaeGIHFoKF
gKUtgdZG3KIK/kcHVIX53D6XoQ38zqGDB/hjcFI2jh1fPmkPAF++G8H/VT0YixLB
Nfd0k+HWXSuTFAhPq1xrVCW8J3/FQBbGZu/ygTP8s4A8F2gp4UAaUz9+BqPk8I/v
JPwvUkvpqxE9NVM+qSZtrXRCrSMwLJdm7xhNlGxUp2LWjzlMufxiCdvnah9hpyxy
NcMR3DGKsN4JWkacZldhP+0g5lEQyADEmancwTjS0g36
-----END CERTIFICATE-----