Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/TbMmjm2DS86I-rN8S_zKszoqXgg.roa
File:                     TbMmjm2DS86I-rN8S_zKszoqXgg.roa (raw, json)
Hash identifier:          ONEw7tpTz912FOCkY52gz2mER31TUF7h3BiNjiYllZs=
Subject key identifier:   4D:B3:26:8E:6D:83:4B:CE:88:FA:B3:7C:4B:FC:CA:B3:3A:2A:5E:08
Certificate issuer:       /CN=c2fd2c74ad6fae2ddd0f6e9c39fde831893ae6f9
Certificate serial:       018CC86F0430B2AA1DD8D9787C054D35B675
Authority key identifier: C2:FD:2C:74:AD:6F:AE:2D:DD:0F:6E:9C:39:FD:E8:31:89:3A:E6:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/TbMmjm2DS86I-rN8S_zKszoqXgg.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21409
IP address blocks:        185.110.64.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:04:30:b2:aa:1d:d8:d9:78:7c:05:4d:35:b6:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2fd2c74ad6fae2ddd0f6e9c39fde831893ae6f9
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4db3268e6d834bce88fab37c4bfccab33a2a5e08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:36:d2:5e:71:a2:b2:84:8a:64:4e:33:4c:23:
                    cc:13:4e:53:aa:26:fa:cb:41:ee:6a:fc:96:27:bb:
                    2f:a3:3c:cd:bc:00:f8:a6:d7:e0:bb:2f:56:f3:c8:
                    39:dc:31:a6:c7:0e:82:f2:20:4e:27:24:ef:0d:84:
                    19:df:3f:bb:db:3f:d3:09:29:69:81:31:25:16:18:
                    33:1b:37:d0:54:41:55:77:0c:49:aa:bc:cb:72:f6:
                    ea:48:d1:c7:e6:19:73:75:9c:f6:e1:69:d5:f9:19:
                    ce:66:33:f2:51:fa:15:25:2f:e9:bb:f9:26:6b:72:
                    96:67:2d:ba:1f:e8:12:86:2e:6d:99:70:5d:35:5e:
                    0f:ae:44:81:be:18:94:1f:a8:e0:4c:34:69:f5:a1:
                    b3:92:65:75:e5:a2:66:55:10:bc:60:0e:40:bf:95:
                    0e:bf:a5:25:73:50:79:64:99:3a:89:11:ef:b9:cd:
                    6b:ec:84:fd:c3:56:94:da:d4:91:f1:7c:84:80:51:
                    5c:a5:45:91:10:fe:df:3d:7d:8c:bb:37:6b:a8:c6:
                    a8:5b:01:97:7a:74:eb:b1:bb:d5:43:a1:be:20:a5:
                    38:46:05:b9:48:6c:a5:cf:ca:44:54:71:38:6d:25:
                    05:33:1e:4a:99:6c:cc:71:ce:e6:21:64:3a:ad:21:
                    37:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B3:26:8E:6D:83:4B:CE:88:FA:B3:7C:4B:FC:CA:B3:3A:2A:5E:08
            X509v3 Authority Key Identifier:
                keyid:C2:FD:2C:74:AD:6F:AE:2D:DD:0F:6E:9C:39:FD:E8:31:89:3A:E6:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/TbMmjm2DS86I-rN8S_zKszoqXgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:d3:5c:0a:a9:3f:46:f0:ee:3d:9f:94:90:f8:fa:72:07:b3:
         67:93:47:c3:e2:42:a0:4d:3e:84:17:95:3c:e4:2a:10:25:f1:
         c8:96:34:5e:a6:22:ce:89:f3:cb:8c:b5:f2:73:30:b4:18:6e:
         d1:68:84:d6:0f:dc:c9:96:99:fd:b8:f9:d5:c1:41:e2:70:57:
         d4:e9:75:de:7d:77:b5:eb:fe:d6:46:96:2f:38:65:19:dc:c1:
         cb:b8:c5:0b:fc:b5:4a:a1:65:66:e9:56:9a:8b:c4:f5:35:52:
         b0:b8:24:30:e2:ff:c3:69:ed:6a:6b:bf:c7:d5:a6:4c:1c:9e:
         cf:e6:03:02:90:73:ad:41:ba:0a:a1:7a:b1:da:7f:42:ab:f9:
         85:e4:64:ec:09:46:f7:45:9b:67:0d:58:2d:65:bb:af:8e:3b:
         33:17:35:a8:8b:3d:2d:48:dc:b6:09:4e:b6:36:aa:74:89:51:
         a8:26:f2:eb:ef:e5:fd:8c:f5:53:7e:ea:d1:a5:75:fd:18:5b:
         15:4c:6b:9d:84:ea:a9:08:d4:db:b8:d6:95:52:de:7f:ae:c6:
         be:56:31:25:c8:fc:9b:61:f9:ba:45:da:d1:9f:9c:4d:db:16:
         b9:d4:06:4f:3a:03:f3:e6:31:8a:ab:a4:85:f4:0d:62:d1:83:
         ea:88:a4:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwQwsqod2Nl4fAVNNbZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZmQyYzc0YWQ2ZmFlMmRkZDBmNmU5YzM5ZmRlODMxODkz
YWU2ZjkwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGIzMjY4ZTZkODM0YmNlODhmYWIzN2M0YmZjY2FiMzNhMmE1ZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijbSXnGisoSKZE4zTCPME05Tqib6
y0HuavyWJ7svozzNvAD4ptfguy9W88g53DGmxw6C8iBOJyTvDYQZ3z+72z/TCSlp
gTElFhgzGzfQVEFVdwxJqrzLcvbqSNHH5hlzdZz24WnV+RnOZjPyUfoVJS/pu/km
a3KWZy26H+gShi5tmXBdNV4PrkSBvhiUH6jgTDRp9aGzkmV15aJmVRC8YA5Av5UO
v6Ulc1B5ZJk6iRHvuc1r7IT9w1aU2tSR8XyEgFFcpUWREP7fPX2MuzdrqMaoWwGX
enTrsbvVQ6G+IKU4RgW5SGylz8pEVHE4bSUFMx5KmWzMcc7mIWQ6rSE3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2zJo5tg0vOiPqzfEv8yrM6Kl4IMB8GA1UdIwQY
MBaAFML9LHStb64t3Q9unDn96DGJOub5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Ywc2RLMXZyaTNkRDI2Y09mM29NWWs2NXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NDI2MDMtNTQ2Mi00YjhkLThiYzQt
NTM1Y2MwYzEwMmYwLzEvVGJNbWptMkRTODZJLXJOOFNfektzem9xWGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NDI2MDMtNTQ2Mi00YjhkLThiYzQtNTM1Y2MwYzEwMmYw
LzEvd3Ywc2RLMXZyaTNkRDI2Y09mM29NWWs2NXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW5AMA0G
CSqGSIb3DQEBCwUAA4IBAQDE01wKqT9G8O49n5SQ+PpyB7Nnk0fD4kKgTT6EF5U8
5CoQJfHIljRepiLOifPLjLXyczC0GG7RaITWD9zJlpn9uPnVwUHicFfU6XXefXe1
6/7WRpYvOGUZ3MHLuMUL/LVKoWVm6Vaai8T1NVKwuCQw4v/Dae1qa7/H1aZMHJ7P
5gMCkHOtQboKoXqx2n9Cq/mF5GTsCUb3RZtnDVgtZbuvjjszFzWoiz0tSNy2CU62
Nqp0iVGoJvLr7+X9jPVTfurRpXX9GFsVTGudhOqpCNTbuNaVUt5/rsa+VjElyPyb
Yfm6RdrRn5xN2xa51AZPOgPz5jGKq6SF9A1i0YPqiKTv
-----END CERTIFICATE-----