Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/TRAv-9QMU0euD5z4qCwkOBiW-HE.roa
File:                     TRAv-9QMU0euD5z4qCwkOBiW-HE.roa (raw, json)
Hash identifier:          9LJ7qoJ5CebkuRYkSbWGy2ojW1xsuctoxQ9jXtIWm1o=
Subject key identifier:   4D:10:2F:FB:D4:0C:53:47:AE:0F:9C:F8:A8:2C:24:38:18:96:F8:71
Certificate issuer:       /CN=c97edcedec3254b357b09615a02b16e06ebe63eb
Certificate serial:       018CC26D837A2DA352E91EDDD7F035BD9383
Authority key identifier: C9:7E:DC:ED:EC:32:54:B3:57:B0:96:15:A0:2B:16:E0:6E:BE:63:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/TRAv-9QMU0euD5z4qCwkOBiW-HE.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12941
IP address blocks:        185.104.204.0/22 maxlen: 22
                          2a06:3380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:83:7a:2d:a3:52:e9:1e:dd:d7:f0:35:bd:93:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97edcedec3254b357b09615a02b16e06ebe63eb
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d102ffbd40c5347ae0f9cf8a82c24381896f871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e4:69:6c:14:d2:2a:5d:4c:1b:0b:60:77:3d:
                    69:75:1f:51:5f:d9:d9:c8:39:79:92:cf:4f:be:a0:
                    28:2b:61:4c:0c:da:f4:71:8b:7a:f7:f4:7b:cc:6f:
                    46:d2:9c:db:32:46:d8:6b:7a:f2:0c:96:cc:d4:05:
                    8f:7b:5d:6a:2d:e5:5f:99:e2:37:03:c2:48:11:33:
                    78:6a:32:aa:02:bf:a2:09:67:bd:87:98:54:cd:5c:
                    8f:98:60:81:3f:06:54:e9:0c:b4:aa:3d:21:f6:b1:
                    b0:04:ca:dc:d1:10:e6:21:fa:e3:9d:e5:fd:7c:03:
                    b8:94:f0:59:ff:d0:ab:80:2f:c3:26:fc:35:ca:6a:
                    da:e4:d1:ed:ee:55:72:f3:e1:24:f1:bc:68:ef:fa:
                    49:2c:b4:ea:34:2b:55:c0:3b:46:a6:9f:71:50:bd:
                    53:ce:d8:24:74:c4:c6:b8:27:3b:29:93:35:71:77:
                    f5:e4:18:0f:4d:2c:a3:e0:5b:37:40:35:51:8e:90:
                    73:36:ac:88:e5:93:f2:29:2a:53:7b:8e:6e:92:4b:
                    58:3e:ba:ae:4f:46:3e:23:ac:4e:01:70:69:3e:a3:
                    38:08:08:fd:04:2e:75:7a:6a:3a:56:f0:b4:56:03:
                    2f:7c:ad:35:ab:9c:c3:ab:48:60:26:03:0b:b7:6f:
                    3f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:10:2F:FB:D4:0C:53:47:AE:0F:9C:F8:A8:2C:24:38:18:96:F8:71
            X509v3 Authority Key Identifier:
                keyid:C9:7E:DC:ED:EC:32:54:B3:57:B0:96:15:A0:2B:16:E0:6E:BE:63:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/TRAv-9QMU0euD5z4qCwkOBiW-HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.204.0/22
                IPv6:
                  2a06:3380::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:ee:9b:fd:19:c7:17:68:95:66:74:bc:e0:87:84:f3:fe:9d:
         44:7f:8a:a5:26:ac:fc:20:c9:e7:05:e2:57:82:e0:84:b2:e0:
         56:8b:c2:25:6e:1f:06:40:77:c5:77:47:5e:df:15:af:5b:29:
         c6:65:7a:36:c3:2c:3f:b8:e2:be:f2:3e:3d:e5:b6:56:91:b5:
         4a:12:23:48:d1:1b:1f:b8:c8:b3:13:9a:e6:9a:ca:81:c9:fa:
         34:04:d1:5b:0d:40:fe:b9:c2:5b:58:71:fd:34:1a:9c:fa:6c:
         21:fc:4e:5c:66:5f:95:2b:04:84:af:50:08:c8:b1:62:23:97:
         c9:54:a9:99:77:b5:98:e2:db:75:e7:2c:c7:ee:24:6f:9c:31:
         fd:c9:f4:78:42:1e:43:78:a5:de:3b:95:47:d7:e9:75:08:6b:
         de:80:d6:a6:90:56:ea:e2:ee:d7:e1:7a:e1:1d:be:78:fd:f0:
         4f:28:f9:e9:43:eb:e8:58:2e:dc:be:68:4e:73:9a:b5:ca:d3:
         c6:e1:f6:b6:46:0a:52:b8:8c:e9:f4:36:ab:a5:b7:19:27:32:
         58:50:2b:a3:ca:2b:e9:56:9d:26:b1:ea:fb:b8:ed:96:44:c6:
         44:92:bf:ef:26:5a:c3:05:18:8f:a3:73:75:0f:b6:a4:c2:fe:
         9f:4f:5c:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbYN6LaNS6R7d1/A1vZODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2VkY2VkZWMzMjU0YjM1N2IwOTYxNWEwMmIxNmUwNmVi
ZTYzZWIwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDEwMmZmYmQ0MGM1MzQ3YWUwZjljZjhhODJjMjQzODE4OTZmODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueRpbBTSKl1MGwtgdz1pdR9RX9nZ
yDl5ks9PvqAoK2FMDNr0cYt69/R7zG9G0pzbMkbYa3ryDJbM1AWPe11qLeVfmeI3
A8JIETN4ajKqAr+iCWe9h5hUzVyPmGCBPwZU6Qy0qj0h9rGwBMrc0RDmIfrjneX9
fAO4lPBZ/9CrgC/DJvw1ymra5NHt7lVy8+Ek8bxo7/pJLLTqNCtVwDtGpp9xUL1T
ztgkdMTGuCc7KZM1cXf15BgPTSyj4Fs3QDVRjpBzNqyI5ZPyKSpTe45ukktYPrqu
T0Y+I6xOAXBpPqM4CAj9BC51emo6VvC0VgMvfK01q5zDq0hgJgMLt28/dQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE0QL/vUDFNHrg+c+KgsJDgYlvhxMB8GA1UdIwQY
MBaAFMl+3O3sMlSzV7CWFaArFuBuvmPrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVg3Yzdld3lWTE5Yc0pZVm9Dc1c0RzYtWS1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lZmQyODItMzNiMi00MzczLTk5NDgt
MzIzOWE4MWM5ZmM4LzEvVFJBdi05UU1VMGV1RDV6NHFDd2tPQmlXLUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lZmQyODItMzNiMi00MzczLTk5NDgtMzIzOWE4MWM5ZmM4
LzEveVg3Yzdld3lWTE5Yc0pZVm9Dc1c0RzYtWS1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWjMMA0E
AgACMAcDBQMqBjOAMA0GCSqGSIb3DQEBCwUAA4IBAQCi7pv9GccXaJVmdLzgh4Tz
/p1Ef4qlJqz8IMnnBeJXguCEsuBWi8Ilbh8GQHfFd0de3xWvWynGZXo2wyw/uOK+
8j495bZWkbVKEiNI0RsfuMizE5rmmsqByfo0BNFbDUD+ucJbWHH9NBqc+mwh/E5c
Zl+VKwSEr1AIyLFiI5fJVKmZd7WY4tt15yzH7iRvnDH9yfR4Qh5DeKXeO5VH1+l1
CGvegNamkFbq4u7X4XrhHb54/fBPKPnpQ+voWC7cvmhOc5q1ytPG4fa2RgpSuIzp
9DarpbcZJzJYUCujyivpVp0mser7uO2WRMZEkr/vJlrDBRiPo3N1D7akwv6fT1wJ
-----END CERTIFICATE-----