Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/TuSl4HozoKDBnIz7Al3zhGYqfIo.roa
File:                     TuSl4HozoKDBnIz7Al3zhGYqfIo.roa (raw, json)
Hash identifier:          U3Pigz+OrK2DetZT46M8rTT7xbb6hAskm5Xf4y5bLh0=
Subject key identifier:   4E:E4:A5:E0:7A:33:A0:A0:C1:9C:8C:FB:02:5D:F3:84:66:2A:7C:8A
Certificate issuer:       /CN=43fad79548afc5c83e59bbfe388c64492cb55013
Certificate serial:       018D5EC18EA709A8614A06666E49631F3B00
Authority key identifier: 43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/TuSl4HozoKDBnIz7Al3zhGYqfIo.roa
Signing time:             Wed 31 Jan 2024 09:02:39 +0000
ROA not before:           Wed 31 Jan 2024 09:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        188.231.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c1:8e:a7:09:a8:61:4a:06:66:6e:49:63:1f:3b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43fad79548afc5c83e59bbfe388c64492cb55013
        Validity
            Not Before: Jan 31 09:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ee4a5e07a33a0a0c19c8cfb025df384662a7c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:32:6a:0d:40:12:30:e2:a9:9c:1e:4c:a9:ba:
                    9e:13:b2:dd:78:1e:7a:2f:00:4f:f0:30:47:ad:e0:
                    d0:91:ff:6f:0b:52:84:e6:46:24:fa:07:32:18:18:
                    20:e7:ca:8c:9f:b7:80:71:1a:ca:50:75:d3:6c:ed:
                    60:ac:d6:ec:08:d8:31:c7:7c:63:e9:c4:84:10:d0:
                    8d:64:2d:b2:25:e7:fc:8f:ae:e7:66:af:c1:f7:f1:
                    9d:12:f5:84:5e:68:34:dc:01:bc:97:54:f8:52:c6:
                    6f:2f:ca:59:c7:d3:dd:c1:7e:20:6d:94:2c:88:51:
                    b2:ae:f1:2f:ba:98:dd:7a:e5:5b:ce:da:7d:fa:2a:
                    2a:b3:bd:30:74:47:dc:3c:9e:50:ae:60:1f:08:f1:
                    e5:85:f8:2c:4a:c4:f8:e9:cd:b0:5c:d5:de:8a:4d:
                    82:ce:a5:92:8c:1d:bd:0f:c5:64:24:51:93:48:38:
                    d1:86:ae:13:2b:c2:e6:bc:01:e8:fc:c6:e8:d6:e3:
                    d3:d4:30:76:97:d9:1b:d6:8a:bb:1b:2e:f0:49:15:
                    3e:a8:ed:1a:9a:a2:11:e1:2e:51:3b:1d:e7:58:49:
                    fe:88:38:cd:85:55:54:b0:c7:a5:1b:e2:4f:db:60:
                    dd:18:5a:f2:a7:0f:26:35:af:61:fa:5b:56:3d:a7:
                    61:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E4:A5:E0:7A:33:A0:A0:C1:9C:8C:FB:02:5D:F3:84:66:2A:7C:8A
            X509v3 Authority Key Identifier:
                keyid:43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/TuSl4HozoKDBnIz7Al3zhGYqfIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.231.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         d1:f6:5b:12:67:59:5b:4e:64:1f:40:4d:93:2d:70:2c:29:d7:
         2b:31:36:6b:85:b8:cc:da:df:f9:c7:80:75:e6:11:6d:7f:c8:
         b8:70:5c:b2:8e:f4:a3:99:be:3a:3c:9a:8a:cb:cb:33:3b:58:
         40:43:7e:82:23:9d:c7:ab:94:fd:d5:82:e3:d5:3c:86:25:30:
         d2:27:f7:d9:e3:3e:67:0c:15:4e:d7:c7:9a:cc:fd:fb:62:d1:
         bb:5d:b4:9f:a4:26:19:5b:18:c8:19:e8:64:d2:49:26:19:62:
         8f:23:f8:98:1c:c8:52:12:a2:9e:c1:b2:40:4f:e2:0c:b0:af:
         4d:fc:c7:de:fe:32:60:cc:3d:66:50:d7:3e:0b:15:f1:9b:8a:
         06:45:02:1b:7a:c7:a6:2c:72:81:61:6a:f0:13:ef:0e:cb:69:
         14:c7:51:91:79:1e:e4:1d:15:2f:5d:6e:dd:4e:40:85:11:55:
         6f:78:2c:35:21:e6:4a:42:fc:18:24:f9:b2:af:81:1b:4d:5c:
         ce:d3:12:51:8b:6e:94:72:92:ce:b9:e7:76:77:a2:4c:c5:84:
         34:76:ab:0f:52:7b:53:b6:c5:99:f1:22:03:c2:92:0e:d9:83:
         c5:8d:54:86:5f:b3:d7:b6:e7:bc:6a:d9:f0:49:cd:c0:be:63:
         07:21:ec:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ewY6nCahhSgZmbkljHzsAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZmFkNzk1NDhhZmM1YzgzZTU5YmJmZTM4OGM2NDQ5MmNi
NTUwMTMwHhcNMjQwMTMxMDkwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWU0YTVlMDdhMzNhMGEwYzE5YzhjZmIwMjVkZjM4NDY2MmE3YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjJqDUASMOKpnB5MqbqeE7LdeB56
LwBP8DBHreDQkf9vC1KE5kYk+gcyGBgg58qMn7eAcRrKUHXTbO1grNbsCNgxx3xj
6cSEENCNZC2yJef8j67nZq/B9/GdEvWEXmg03AG8l1T4UsZvL8pZx9PdwX4gbZQs
iFGyrvEvupjdeuVbztp9+ioqs70wdEfcPJ5QrmAfCPHlhfgsSsT46c2wXNXeik2C
zqWSjB29D8VkJFGTSDjRhq4TK8LmvAHo/Mbo1uPT1DB2l9kb1oq7Gy7wSRU+qO0a
mqIR4S5ROx3nWEn+iDjNhVVUsMelG+JP22DdGFrypw8mNa9h+ltWPadhhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7kpeB6M6CgwZyM+wJd84RmKnyKMB8GA1UdIwQY
MBaAFEP615VIr8XIPlm7/jiMZEkstVATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWIt
ZmU4NTVkYWJiNzVlLzEvVHVTbDRIb3pvS0RCbkl6N0FsM3poR1lxZklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWItZmU4NTVkYWJiNzVl
LzEvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHvOcAMA0G
CSqGSIb3DQEBCwUAA4IBAQDR9lsSZ1lbTmQfQE2TLXAsKdcrMTZrhbjM2t/5x4B1
5hFtf8i4cFyyjvSjmb46PJqKy8szO1hAQ36CI53Hq5T91YLj1TyGJTDSJ/fZ4z5n
DBVO18eazP37YtG7XbSfpCYZWxjIGehk0kkmGWKPI/iYHMhSEqKewbJAT+IMsK9N
/Mfe/jJgzD1mUNc+CxXxm4oGRQIbesemLHKBYWrwE+8Oy2kUx1GReR7kHRUvXW7d
TkCFEVVveCw1IeZKQvwYJPmyr4EbTVzO0xJRi26UcpLOued2d6JMxYQ0dqsPUntT
tsWZ8SIDwpIO2YPFjVSGX7PXtue8atnwSc3AvmMHIezr
-----END CERTIFICATE-----