Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/TPZfJtwOUWtdt9KH-QRxf81_IGU.roa
File:                     TPZfJtwOUWtdt9KH-QRxf81_IGU.roa (raw, json)
Hash identifier:          JKHenM/BB3kw5Z4XMXbr1rTem7Ji/hzCvLOclsUq2ls=
Subject key identifier:   4C:F6:5F:26:DC:0E:51:6B:5D:B7:D2:87:F9:04:71:7F:CD:7F:20:65
Certificate issuer:       /CN=58e0abb776daf25f720db6a26bb12fbd34deed90
Certificate serial:       018CCA2A85D6803E56A411ABCAE447DE9440
Authority key identifier: 58:E0:AB:B7:76:DA:F2:5F:72:0D:B6:A2:6B:B1:2F:BD:34:DE:ED:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WOCrt3ba8l9yDbaia7EvvTTe7ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/TPZfJtwOUWtdt9KH-QRxf81_IGU.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57464
IP address blocks:        194.93.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/WOCrt3ba8l9yDbaia7EvvTTe7ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/WOCrt3ba8l9yDbaia7EvvTTe7ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WOCrt3ba8l9yDbaia7EvvTTe7ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:85:d6:80:3e:56:a4:11:ab:ca:e4:47:de:94:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58e0abb776daf25f720db6a26bb12fbd34deed90
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cf65f26dc0e516b5db7d287f904717fcd7f2065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:61:fb:c9:1d:c3:8a:e0:e5:b3:9f:bf:d8:23:
                    43:15:d1:49:2b:23:12:44:43:1e:95:2f:01:f4:bc:
                    46:13:45:67:d9:35:a5:f7:3f:ee:f3:77:7e:1c:4b:
                    50:b9:11:59:00:e4:b6:be:c6:b7:e3:4a:e6:02:0e:
                    df:69:02:f4:0a:72:5c:0d:90:08:0f:b4:bb:f0:4c:
                    c2:f4:6c:69:77:65:a2:b4:cd:ae:7a:c3:03:b8:a1:
                    8e:07:7e:b7:a0:a5:da:05:64:15:e0:40:b4:a2:82:
                    a5:04:30:84:7a:e9:5b:c3:ab:e5:f9:6e:56:ca:1d:
                    46:a5:23:3f:a6:ed:37:53:44:70:7f:b1:12:30:40:
                    59:03:b2:8a:43:82:f4:a1:a0:fd:30:6d:8e:66:0b:
                    d1:b3:84:45:3a:66:81:6b:a9:a5:ea:19:fd:02:07:
                    d2:e8:01:0c:63:1a:88:99:4b:83:30:3b:53:02:c3:
                    8f:f2:54:b7:29:88:d5:8a:ad:bf:a1:fb:96:4c:a3:
                    e6:56:00:12:80:0d:9a:7e:06:51:06:fa:a2:de:e6:
                    21:46:fa:4c:19:a0:5e:54:fb:4e:b3:93:c7:33:b1:
                    fb:cc:3e:ed:1a:22:4c:4a:20:07:e3:86:a4:b8:34:
                    cb:18:fe:9d:d6:4e:55:9c:59:d5:94:21:32:78:cf:
                    69:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F6:5F:26:DC:0E:51:6B:5D:B7:D2:87:F9:04:71:7F:CD:7F:20:65
            X509v3 Authority Key Identifier:
                keyid:58:E0:AB:B7:76:DA:F2:5F:72:0D:B6:A2:6B:B1:2F:BD:34:DE:ED:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WOCrt3ba8l9yDbaia7EvvTTe7ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/TPZfJtwOUWtdt9KH-QRxf81_IGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/904341-4a73-426d-9bac-a339eecb8dc7/1/WOCrt3ba8l9yDbaia7EvvTTe7ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:fb:d1:f6:2b:96:d2:05:1a:25:c5:12:88:9d:bc:79:bc:73:
         ac:cd:e8:64:6d:d3:ef:d6:ac:d9:94:20:b0:70:3e:d8:bc:a3:
         6f:de:d5:34:61:d4:2e:05:b2:2c:bb:60:71:14:af:7e:eb:70:
         66:3b:5d:a1:7f:96:22:18:be:29:d3:76:c5:da:5d:2f:65:32:
         ed:7a:bd:97:29:04:af:ab:7f:61:e6:b6:49:bc:93:83:f1:36:
         1a:69:a2:61:4d:5c:31:98:1b:55:a4:8c:47:04:41:86:53:5e:
         c2:7f:fa:a2:e1:71:65:80:44:99:8c:62:c5:4b:11:81:2e:d6:
         87:d9:9e:41:b6:cd:55:3f:9d:8d:eb:3e:4f:e5:93:4e:03:4f:
         5f:a2:9e:a1:0b:be:2a:bc:71:f7:2b:60:90:97:2e:7f:20:42:
         67:3c:a1:10:eb:7f:b4:49:9b:a3:b3:85:89:ab:e3:84:84:ab:
         d5:4c:41:3b:b1:52:67:09:23:be:e8:51:81:a2:59:b5:bd:2d:
         2c:93:00:e6:aa:08:5c:32:f8:67:9b:b1:68:83:7d:f1:ee:e7:
         cf:d8:c0:8f:7b:76:a8:c9:8b:6c:52:f8:b2:01:01:07:7d:df:
         8d:40:30:20:57:30:ac:a4:01:d5:43:ff:0d:7f:49:b3:b7:74:
         1f:49:45:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoXWgD5WpBGryuRH3pRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZTBhYmI3NzZkYWYyNWY3MjBkYjZhMjZiYjEyZmJkMzRk
ZWVkOTAwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y2NWYyNmRjMGU1MTZiNWRiN2QyODdmOTA0NzE3ZmNkN2YyMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mH7yR3DiuDls5+/2CNDFdFJKyMS
REMelS8B9LxGE0Vn2TWl9z/u83d+HEtQuRFZAOS2vsa340rmAg7faQL0CnJcDZAI
D7S78EzC9Gxpd2WitM2uesMDuKGOB363oKXaBWQV4EC0ooKlBDCEeulbw6vl+W5W
yh1GpSM/pu03U0Rwf7ESMEBZA7KKQ4L0oaD9MG2OZgvRs4RFOmaBa6ml6hn9AgfS
6AEMYxqImUuDMDtTAsOP8lS3KYjViq2/ofuWTKPmVgASgA2afgZRBvqi3uYhRvpM
GaBeVPtOs5PHM7H7zD7tGiJMSiAH44akuDTLGP6d1k5VnFnVlCEyeM9pYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEz2XybcDlFrXbfSh/kEcX/NfyBlMB8GA1UdIwQY
MBaAFFjgq7d22vJfcg22omuxL7003u2QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV09DcnQzYmE4bDl5RGJhaWE3RXZ2VFRlN1pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi85MDQzNDEtNGE3My00MjZkLTliYWMt
YTMzOWVlY2I4ZGM3LzEvVFBaZkp0d09VV3RkdDlLSC1RUnhmODFfSUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi85MDQzNDEtNGE3My00MjZkLTliYWMtYTMzOWVlY2I4ZGM3
LzEvV09DcnQzYmE4bDl5RGJhaWE3RXZ2VFRlN1pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl1kMA0G
CSqGSIb3DQEBCwUAA4IBAQCj+9H2K5bSBRolxRKInbx5vHOszehkbdPv1qzZlCCw
cD7YvKNv3tU0YdQuBbIsu2BxFK9+63BmO12hf5YiGL4p03bF2l0vZTLter2XKQSv
q39h5rZJvJOD8TYaaaJhTVwxmBtVpIxHBEGGU17Cf/qi4XFlgESZjGLFSxGBLtaH
2Z5Bts1VP52N6z5P5ZNOA09fop6hC74qvHH3K2CQly5/IEJnPKEQ63+0SZujs4WJ
q+OEhKvVTEE7sVJnCSO+6FGBolm1vS0skwDmqghcMvhnm7Fog33x7ufP2MCPe3ao
yYtsUviyAQEHfd+NQDAgVzCspAHVQ/8Nf0mzt3QfSUW3
-----END CERTIFICATE-----