Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/T17mdNFfr5zW0R1tPdlf7GY9kzc.roa
File:                     T17mdNFfr5zW0R1tPdlf7GY9kzc.roa (raw, json)
Hash identifier:          DxwuRzHC1RWhA9DyONnDUpYxKudt9lAJyG+48FUnG6k=
Subject key identifier:   4F:5E:E6:74:D1:5F:AF:9C:D6:D1:1D:6D:3D:D9:5F:EC:66:3D:93:37
Certificate issuer:       /CN=7f9b4cfdc9b0d9e3c31e0ebb81e6f1b1cbbdc9e4
Certificate serial:       018CC86F44CF0292A8DED7431131B84D06D2
Authority key identifier: 7F:9B:4C:FD:C9:B0:D9:E3:C3:1E:0E:BB:81:E6:F1:B1:CB:BD:C9:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f5tM_cmw2ePDHg67gebxscu9yeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/T17mdNFfr5zW0R1tPdlf7GY9kzc.roa
Signing time:             Tue 02 Jan 2024 04:29:44 +0000
ROA not before:           Tue 02 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59874
IP address blocks:        185.175.192.0/24 maxlen: 24
                          185.175.195.0/24 maxlen: 24
                          185.175.193.0/24 maxlen: 24
                          185.175.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/f5tM_cmw2ePDHg67gebxscu9yeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/f5tM_cmw2ePDHg67gebxscu9yeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f5tM_cmw2ePDHg67gebxscu9yeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:44:cf:02:92:a8:de:d7:43:11:31:b8:4d:06:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f9b4cfdc9b0d9e3c31e0ebb81e6f1b1cbbdc9e4
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f5ee674d15faf9cd6d11d6d3dd95fec663d9337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:74:4e:4f:ab:44:57:42:cc:ba:a4:c2:44:e7:
                    aa:a3:34:1f:b3:f6:ee:a5:d1:87:49:1e:c8:f4:d3:
                    ea:92:41:1e:a5:32:9c:c1:47:94:f2:9a:f5:29:88:
                    44:b5:c6:04:7f:81:14:52:32:52:b1:97:5d:b6:eb:
                    08:ae:20:98:98:b8:a3:43:e9:73:3a:23:d9:06:97:
                    0e:1f:56:6e:06:d5:30:4f:fa:60:be:45:12:9d:36:
                    f3:29:51:4d:e6:0d:96:cc:e2:92:fd:73:0b:c7:68:
                    be:5d:3d:89:76:62:f3:b6:39:d8:de:bd:22:3a:15:
                    e2:5a:a4:5f:9a:3a:cb:58:8e:6e:81:70:61:a5:6e:
                    a6:dd:4b:96:f4:1b:6f:8b:b7:c0:90:11:2b:d4:fc:
                    88:4a:80:74:c7:7a:b9:cb:e8:7a:49:00:31:ee:02:
                    73:6e:7c:d0:ad:94:2a:fb:27:b5:ba:a1:9e:29:fe:
                    a0:75:11:5b:3e:be:51:91:61:10:89:9f:10:b7:86:
                    dd:62:e2:bf:05:84:61:92:a9:a7:fb:4e:03:8e:22:
                    b0:88:30:ca:b9:6b:1c:cd:8a:d0:50:c1:53:72:e2:
                    1f:28:1b:b3:69:6e:8f:69:00:1c:e3:7b:96:fe:eb:
                    fd:26:e3:06:61:f5:a6:88:09:96:dd:dc:a3:07:50:
                    73:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:5E:E6:74:D1:5F:AF:9C:D6:D1:1D:6D:3D:D9:5F:EC:66:3D:93:37
            X509v3 Authority Key Identifier:
                keyid:7F:9B:4C:FD:C9:B0:D9:E3:C3:1E:0E:BB:81:E6:F1:B1:CB:BD:C9:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5tM_cmw2ePDHg67gebxscu9yeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/T17mdNFfr5zW0R1tPdlf7GY9kzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8246eb-8469-42df-a08f-90c421f55adb/1/f5tM_cmw2ePDHg67gebxscu9yeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:44:f1:a0:aa:51:d7:dc:4e:6e:4c:e1:4c:af:83:5b:b3:ec:
         45:22:77:65:c2:39:e7:48:79:03:c8:d9:43:a3:e7:d5:d6:5b:
         a1:a4:16:1c:08:d8:e7:a8:c4:83:19:94:9b:ad:6e:8a:c1:9f:
         0a:f8:e5:3e:d5:6c:ed:ab:77:21:31:bf:2d:16:67:c3:e0:d9:
         e8:ce:55:04:97:55:61:55:d2:fa:fa:1e:13:fb:fe:f8:e3:04:
         8e:fa:77:75:6b:08:3e:d1:da:6a:99:32:7f:d8:81:30:18:10:
         b2:dd:8b:1b:fc:1f:73:2f:73:f3:a2:c7:33:b9:bf:f1:50:c4:
         46:c7:4b:31:1e:ed:a0:88:f5:c5:3a:67:b2:cd:4b:7a:4a:8a:
         48:82:9d:69:9c:1d:ae:ba:7b:19:76:6e:36:08:9f:c7:68:75:
         30:43:ef:99:ef:6d:81:5d:28:dd:38:ce:63:4b:90:ce:e9:5a:
         b0:86:69:82:bd:5a:28:58:a2:60:37:31:7e:a6:d0:72:6d:fc:
         90:1b:5d:e7:b3:9f:bb:ae:c0:72:69:71:02:22:04:17:e5:b4:
         2e:94:c2:59:44:f3:47:66:d5:78:42:a0:3e:35:65:3e:2b:10:
         2a:61:a6:f4:5c:35:b6:17:e5:56:f0:dd:57:1c:c7:f1:9a:cb:
         99:5d:83:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0TPApKo3tdDETG4TQbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmOWI0Y2ZkYzliMGQ5ZTNjMzFlMGViYjgxZTZmMWIxY2Ji
ZGM5ZTQwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjVlZTY3NGQxNWZhZjljZDZkMTFkNmQzZGQ5NWZlYzY2M2Q5MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHROT6tEV0LMuqTCROeqozQfs/bu
pdGHSR7I9NPqkkEepTKcwUeU8pr1KYhEtcYEf4EUUjJSsZddtusIriCYmLijQ+lz
OiPZBpcOH1ZuBtUwT/pgvkUSnTbzKVFN5g2WzOKS/XMLx2i+XT2JdmLztjnY3r0i
OhXiWqRfmjrLWI5ugXBhpW6m3UuW9Btvi7fAkBEr1PyISoB0x3q5y+h6SQAx7gJz
bnzQrZQq+ye1uqGeKf6gdRFbPr5RkWEQiZ8Qt4bdYuK/BYRhkqmn+04DjiKwiDDK
uWsczYrQUMFTcuIfKBuzaW6PaQAc43uW/uv9JuMGYfWmiAmW3dyjB1BztQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9e5nTRX6+c1tEdbT3ZX+xmPZM3MB8GA1UdIwQY
MBaAFH+bTP3JsNnjwx4Ou4Hm8bHLvcnkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjV0TV9jbXcyZVBESGc2N2dlYnhzY3U5eWVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84MjQ2ZWItODQ2OS00MmRmLWEwOGYt
OTBjNDIxZjU1YWRiLzEvVDE3bWRORmZyNXpXMFIxdFBkbGY3R1k5a3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84MjQ2ZWItODQ2OS00MmRmLWEwOGYtOTBjNDIxZjU1YWRi
LzEvZjV0TV9jbXcyZVBESGc2N2dlYnhzY3U5eWVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua/AMA0G
CSqGSIb3DQEBCwUAA4IBAQA0RPGgqlHX3E5uTOFMr4Nbs+xFIndlwjnnSHkDyNlD
o+fV1luhpBYcCNjnqMSDGZSbrW6KwZ8K+OU+1Wztq3chMb8tFmfD4NnozlUEl1Vh
VdL6+h4T+/744wSO+nd1awg+0dpqmTJ/2IEwGBCy3Ysb/B9zL3Pzosczub/xUMRG
x0sxHu2giPXFOmeyzUt6SopIgp1pnB2uunsZdm42CJ/HaHUwQ++Z722BXSjdOM5j
S5DO6VqwhmmCvVooWKJgNzF+ptBybfyQG13ns5+7rsByaXECIgQX5bQulMJZRPNH
ZtV4QqA+NWU+KxAqYab0XDW2F+VW8N1XHMfxmsuZXYNX
-----END CERTIFICATE-----