Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/tfrWfX8nW9hcERhoR7qA7pYjfNc.roa
File:                     tfrWfX8nW9hcERhoR7qA7pYjfNc.roa (raw, json)
Hash identifier:          28W4XhQEiaTovHaQc8GLXVll8SVUmMW2cieRNX6MU88=
Subject key identifier:   B5:FA:D6:7D:7F:27:5B:D8:5C:11:18:68:47:BA:80:EE:96:23:7C:D7
Certificate issuer:       /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial:       0191E58E86A7C338BC79C487DC3EB71980C3
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/tfrWfX8nW9hcERhoR7qA7pYjfNc.roa
Signing time:             Thu 12 Sep 2024 09:26:48 +0000
ROA not before:           Thu 12 Sep 2024 09:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199760
IP address blocks:        192.109.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:8e:86:a7:c3:38:bc:79:c4:87:dc:3e:b7:19:80:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
        Validity
            Not Before: Sep 12 09:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5fad67d7f275bd85c11186847ba80ee96237cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e4:8a:05:fd:a1:4c:7d:c4:d3:38:4d:d1:b0:
                    fe:99:bc:b2:89:54:84:73:86:95:4b:cf:7a:53:87:
                    a1:0b:45:b2:43:49:e2:bd:c4:b9:14:dc:4c:45:bb:
                    db:4f:8b:63:b8:8c:6f:ad:38:d0:8b:a3:89:5a:f9:
                    54:7f:3f:d1:cd:9e:c2:0c:b0:22:59:e3:1e:b8:7d:
                    8d:d2:c5:e1:b9:e3:7b:fd:cc:e4:80:60:b5:26:fd:
                    ff:db:3e:82:ac:d4:90:84:bf:ae:f4:1e:6b:73:4e:
                    ba:a5:f6:1e:4e:1d:5b:6a:2d:ca:05:84:c1:4d:d8:
                    c8:43:8a:e6:be:ac:15:80:92:fb:f5:93:29:f1:89:
                    dc:a0:11:1c:0a:94:3d:b1:f6:c2:17:f1:e5:e8:30:
                    83:8e:95:1d:b2:e9:a0:99:8b:73:8f:83:3d:73:60:
                    e9:c0:26:d9:77:a9:92:7b:2a:76:f3:36:32:7a:8c:
                    46:ad:99:a6:ec:f4:ca:01:3a:8d:8e:48:5e:ef:8b:
                    43:df:6a:42:8d:1a:94:4d:02:eb:e8:f6:09:06:44:
                    82:f9:ee:7f:4d:b5:78:91:c7:38:6d:f5:d2:a6:8d:
                    78:de:3d:b2:43:34:b1:95:ed:66:2a:64:c2:fd:eb:
                    74:5b:0f:73:2e:fe:68:8e:75:f3:b3:b3:3d:26:7e:
                    2c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FA:D6:7D:7F:27:5B:D8:5C:11:18:68:47:BA:80:EE:96:23:7C:D7
            X509v3 Authority Key Identifier:
                keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/tfrWfX8nW9hcERhoR7qA7pYjfNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:72:73:09:40:ce:5e:31:0b:56:99:d3:88:ae:e1:eb:47:e5:
         8d:b7:0a:45:44:c7:9e:7d:49:51:39:f2:d9:cf:e7:c7:2a:69:
         84:56:8c:f3:29:94:50:2c:48:bc:43:d5:46:0e:52:2e:35:bb:
         c4:e8:ae:58:5a:24:49:aa:77:5a:53:10:1a:77:aa:19:26:31:
         d1:9d:9d:49:4f:78:a4:58:61:69:10:b4:cd:b3:d2:45:09:21:
         6a:a8:55:93:42:ed:02:65:fb:01:dd:ce:01:07:e1:45:ab:8d:
         f2:aa:62:40:0e:75:e3:f2:8f:df:5e:36:fe:4b:fb:85:80:88:
         55:14:45:c6:ca:e2:74:ba:21:d0:a5:d2:59:c0:f2:62:ce:9a:
         47:bb:e4:92:8e:ed:24:4a:df:78:dc:14:7d:1a:11:95:e8:3c:
         cb:84:da:9a:f8:5e:6b:63:09:aa:2a:a2:eb:a3:1f:cb:62:0b:
         cb:27:a1:f2:a2:7b:f9:72:fe:97:21:e8:a7:ee:3e:3b:bd:ee:
         e2:b7:ce:a4:52:e0:8f:77:87:18:dc:77:af:ba:ca:32:bb:5e:
         fe:44:a5:d5:c5:1d:57:b9:9c:f4:15:e6:bb:0e:88:e9:eb:ea:
         95:c6:a8:21:b1:55:3b:b6:8f:a0:ec:35:87:86:a6:0d:77:a6:
         ec:a5:ff:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHljoanwzi8ecSH3D63GYDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjQwOTEyMDkyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZhZDY3ZDdmMjc1YmQ4NWMxMTE4Njg0N2JhODBlZTk2MjM3Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+SKBf2hTH3E0zhN0bD+mbyyiVSE
c4aVS896U4ehC0WyQ0nivcS5FNxMRbvbT4tjuIxvrTjQi6OJWvlUfz/RzZ7CDLAi
WeMeuH2N0sXhueN7/czkgGC1Jv3/2z6CrNSQhL+u9B5rc066pfYeTh1bai3KBYTB
TdjIQ4rmvqwVgJL79ZMp8YncoBEcCpQ9sfbCF/Hl6DCDjpUdsumgmYtzj4M9c2Dp
wCbZd6mSeyp28zYyeoxGrZmm7PTKATqNjkhe74tD32pCjRqUTQLr6PYJBkSC+e5/
TbV4kcc4bfXSpo143j2yQzSxle1mKmTC/et0Ww9zLv5ojnXzs7M9Jn4sawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX61n1/J1vYXBEYaEe6gO6WI3zXMB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvdGZyV2ZYOG5XOWhjRVJob1I3cUE3cFlqZk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3IMA0G
CSqGSIb3DQEBCwUAA4IBAQBYcnMJQM5eMQtWmdOIruHrR+WNtwpFRMeefUlROfLZ
z+fHKmmEVozzKZRQLEi8Q9VGDlIuNbvE6K5YWiRJqndaUxAad6oZJjHRnZ1JT3ik
WGFpELTNs9JFCSFqqFWTQu0CZfsB3c4BB+FFq43yqmJADnXj8o/fXjb+S/uFgIhV
FEXGyuJ0uiHQpdJZwPJizppHu+SSju0kSt943BR9GhGV6DzLhNqa+F5rYwmqKqLr
ox/LYgvLJ6Hyonv5cv6XIein7j47ve7it86kUuCPd4cY3Hevusoyu17+RKXVxR1X
uZz0Fea7Dojp6+qVxqghsVU7to+g7DWHhqYNd6bspf/u
-----END CERTIFICATE-----