Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/TqJLC5T4qcU83RFlw_zjrj7i0Q4.roa
File:                     TqJLC5T4qcU83RFlw_zjrj7i0Q4.roa (raw, json)
Hash identifier:          9ID69/1oJ36KmKFpX8gutiLoNsxwXLg7m07ievGlz8A=
Subject key identifier:   4E:A2:4B:0B:94:F8:A9:C5:3C:DD:11:65:C3:FC:E3:AE:3E:E2:D1:0E
Certificate issuer:       /CN=b0e25bcc5530b6f46f3d11cb8113f219a46dfdab
Certificate serial:       018CC2DB0142F35731D353FDEADE034F28A3
Authority key identifier: B0:E2:5B:CC:55:30:B6:F4:6F:3D:11:CB:81:13:F2:19:A4:6D:FD:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/TqJLC5T4qcU83RFlw_zjrj7i0Q4.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208869
IP address blocks:        185.248.146.0/24 maxlen: 24
                          2a12:6bc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:42:f3:57:31:d3:53:fd:ea:de:03:4f:28:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0e25bcc5530b6f46f3d11cb8113f219a46dfdab
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ea24b0b94f8a9c53cdd1165c3fce3ae3ee2d10e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8f:c5:21:6c:a7:50:8e:cf:b2:93:81:f6:ae:
                    5f:3c:b7:9a:c3:16:46:81:90:68:0d:fb:93:27:fd:
                    14:4f:3c:5a:38:68:93:e2:f9:e0:c7:36:19:93:fc:
                    8c:25:4d:bb:a2:66:4b:ce:32:99:cc:b2:8b:8f:68:
                    8f:04:b6:40:31:b9:ff:70:89:e9:48:eb:a1:31:63:
                    77:ad:3d:ef:c6:16:76:39:0f:53:56:b8:95:ec:6c:
                    7f:9f:ee:0f:bd:62:a1:a4:82:55:5d:8f:bd:95:12:
                    30:55:81:45:f3:78:f4:40:d0:70:8b:bd:9e:c5:1a:
                    0a:8d:89:0e:74:31:54:08:ce:62:a5:07:81:79:3a:
                    9b:b8:f6:e9:fd:99:23:b7:08:47:85:ec:56:a6:84:
                    d6:1c:d5:71:67:af:1c:b5:e4:df:b7:6c:ce:4e:8a:
                    18:26:8c:ad:19:a7:cb:26:0d:76:50:ae:fd:05:42:
                    f2:ea:4c:a7:a1:de:04:d3:07:74:94:fd:cc:38:8a:
                    3f:55:09:b8:2a:e2:12:50:f3:06:ef:60:47:62:10:
                    0e:ea:08:a4:6f:41:53:31:68:9d:3d:b7:6a:22:a9:
                    ec:ab:c4:f9:1d:a0:5e:42:3b:1f:1e:99:b7:ad:77:
                    60:56:78:cc:0d:df:61:4d:e2:11:44:93:1c:f8:5a:
                    83:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A2:4B:0B:94:F8:A9:C5:3C:DD:11:65:C3:FC:E3:AE:3E:E2:D1:0E
            X509v3 Authority Key Identifier:
                keyid:B0:E2:5B:CC:55:30:B6:F4:6F:3D:11:CB:81:13:F2:19:A4:6D:FD:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sOJbzFUwtvRvPRHLgRPyGaRt_as.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/TqJLC5T4qcU83RFlw_zjrj7i0Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/3830c8-802f-4846-b6e5-1aadaba80072/1/sOJbzFUwtvRvPRHLgRPyGaRt_as.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.146.0/24
                IPv6:
                  2a12:6bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:a2:8f:e8:a8:b1:b6:eb:a4:ce:25:24:ff:09:b0:97:8c:c0:
         02:b8:73:87:9b:50:73:88:9e:45:07:ca:aa:30:c4:6e:9c:d8:
         67:c6:1e:39:87:5d:df:42:66:b4:3c:0e:da:e4:f4:f3:48:fb:
         8e:48:71:df:cf:48:b3:e8:27:9b:cb:38:20:94:f5:5d:95:f2:
         0e:85:1e:39:6d:9d:59:a6:b8:2a:4b:9d:c8:04:27:d5:4f:b8:
         78:dd:8b:35:f7:95:fb:ef:6f:e4:56:5f:0b:f2:9e:57:31:20:
         2c:ed:0d:89:e6:3c:d1:f5:73:a0:95:68:77:db:33:1c:98:39:
         73:75:5d:71:37:37:15:fc:cf:5b:62:57:c2:42:f1:25:28:97:
         8d:e9:f9:93:5f:fe:73:dc:fb:6d:67:3f:cc:6c:e2:e3:f3:9a:
         e6:d1:6a:91:a1:c4:cb:fa:e5:f6:99:a4:79:7c:3d:d8:43:17:
         b6:06:88:bd:5e:9c:b1:e7:3e:a7:a1:05:e7:2b:d7:8a:48:53:
         fa:81:1b:d7:7a:b9:77:e5:4d:75:16:90:8f:4c:13:00:0a:0d:
         02:7a:e0:92:d0:e4:0b:71:2b:fc:f6:8a:fb:e1:aa:a8:01:96:
         34:75:e7:f1:f1:8e:76:82:b5:63:96:5e:0c:12:ee:73:a2:53:
         58:e0:5c:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2wFC81cx01P96t4DTyijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZTI1YmNjNTUzMGI2ZjQ2ZjNkMTFjYjgxMTNmMjE5YTQ2
ZGZkYWIwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWEyNGIwYjk0ZjhhOWM1M2NkZDExNjVjM2ZjZTNhZTNlZTJkMTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgY/FIWynUI7PspOB9q5fPLeawxZG
gZBoDfuTJ/0UTzxaOGiT4vngxzYZk/yMJU27omZLzjKZzLKLj2iPBLZAMbn/cInp
SOuhMWN3rT3vxhZ2OQ9TVriV7Gx/n+4PvWKhpIJVXY+9lRIwVYFF83j0QNBwi72e
xRoKjYkOdDFUCM5ipQeBeTqbuPbp/ZkjtwhHhexWpoTWHNVxZ68cteTft2zOTooY
JoytGafLJg12UK79BULy6kynod4E0wd0lP3MOIo/VQm4KuISUPMG72BHYhAO6gik
b0FTMWidPbdqIqnsq8T5HaBeQjsfHpm3rXdgVnjMDd9hTeIRRJMc+FqDxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE6iSwuU+KnFPN0RZcP8464+4tEOMB8GA1UdIwQY
MBaAFLDiW8xVMLb0bz0Ry4ET8hmkbf2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc09KYnpGVXd0dlJ2UFJITGdSUHlHYVJ0X2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8zODMwYzgtODAyZi00ODQ2LWI2ZTUt
MWFhZGFiYTgwMDcyLzEvVHFKTEM1VDRxY1U4M1JGbHdfempyajdpMFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8zODMwYzgtODAyZi00ODQ2LWI2ZTUtMWFhZGFiYTgwMDcy
LzEvc09KYnpGVXd0dlJ2UFJITGdSUHlHYVJ0X2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufiSMA0E
AgACMAcDBQMqEmvAMA0GCSqGSIb3DQEBCwUAA4IBAQBioo/oqLG266TOJST/CbCX
jMACuHOHm1BziJ5FB8qqMMRunNhnxh45h13fQma0PA7a5PTzSPuOSHHfz0iz6Ceb
yzgglPVdlfIOhR45bZ1ZprgqS53IBCfVT7h43Ys195X772/kVl8L8p5XMSAs7Q2J
5jzR9XOglWh32zMcmDlzdV1xNzcV/M9bYlfCQvElKJeN6fmTX/5z3PttZz/MbOLj
85rm0WqRocTL+uX2maR5fD3YQxe2Boi9Xpyx5z6noQXnK9eKSFP6gRvXerl35U11
FpCPTBMACg0CeuCS0OQLcSv89or74aqoAZY0defx8Y52grVjll4MEu5zolNY4Fxc
-----END CERTIFICATE-----