Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/tslTlWPTFt5jytEFAuJyzOdIgW0.roa
File:                     tslTlWPTFt5jytEFAuJyzOdIgW0.roa (raw, json)
Hash identifier:          rAMHdU8R4Ahz7drTq2Niq3XS2v3mNKPuMMsgdcGqsd0=
Subject key identifier:   B6:C9:53:95:63:D3:16:DE:63:CA:D1:05:02:E2:72:CC:E7:48:81:6D
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       018CC8016A6AD1D9D7EFA178568108B8ECDD
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/tslTlWPTFt5jytEFAuJyzOdIgW0.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12414
IP address blocks:        185.91.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:6a:d1:d9:d7:ef:a1:78:56:81:08:b8:ec:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6c9539563d316de63cad10502e272cce748816d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:69:94:63:57:df:8a:a0:74:9c:57:16:f4:3f:
                    fd:c3:14:d3:a2:3d:6f:fa:98:7c:d9:03:a0:7f:36:
                    54:12:fc:3b:2c:51:2a:1e:75:b8:af:d6:74:6c:ed:
                    9c:77:f9:79:f3:78:99:be:a6:d0:ec:95:97:c5:b6:
                    7b:8b:1f:c9:c1:4f:ab:ce:55:91:c2:db:60:0e:3c:
                    12:cd:ec:b2:f6:ab:6e:89:1a:70:b5:12:cd:8f:ce:
                    1a:47:fc:c2:ce:23:08:45:a6:52:43:22:d3:40:1f:
                    3a:f3:9a:25:4b:9c:dd:e4:e4:34:7c:11:d3:f6:2c:
                    56:40:28:07:b7:c7:05:78:97:13:8b:00:7d:3a:2f:
                    21:8f:ac:6e:a7:e3:2b:31:07:64:c1:a0:4f:00:ae:
                    44:7e:50:d9:46:38:5c:a8:1a:31:6e:ad:fa:6a:19:
                    ef:8a:ad:c0:45:a1:c0:9a:7f:f5:fe:35:4d:0a:b6:
                    9d:2d:53:0d:31:0e:cf:a1:3b:70:88:6c:23:0e:c8:
                    8e:72:65:7f:48:b6:23:3c:ea:d6:c2:86:ab:70:7c:
                    bf:80:25:e3:8f:3a:93:af:4e:90:e4:96:8e:e4:59:
                    e2:5f:33:60:e0:84:54:79:0e:8f:26:0b:42:36:3d:
                    3b:85:6f:e1:6f:aa:91:2e:f8:89:bd:c3:06:b5:1f:
                    bf:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C9:53:95:63:D3:16:DE:63:CA:D1:05:02:E2:72:CC:E7:48:81:6D
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/tslTlWPTFt5jytEFAuJyzOdIgW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:e9:12:a1:6e:b2:5e:59:56:fa:38:2e:b3:6a:55:e9:01:36:
         ac:93:12:c8:84:d7:87:24:ba:3d:1f:e1:60:e3:91:ca:f2:09:
         60:f9:ee:a3:83:b7:e2:90:c5:62:5d:e4:f1:1d:d9:cc:a4:5e:
         41:c0:54:83:73:5b:44:66:9e:e6:d3:73:e3:5e:80:ee:c0:b9:
         95:0a:25:75:4f:10:45:7a:37:22:67:e4:03:1c:aa:d4:90:3b:
         ea:cf:30:6a:9e:87:c7:36:90:26:01:0d:8a:ef:65:e5:86:75:
         9c:44:8c:77:b8:b3:40:52:b7:0b:42:d4:24:e3:9b:07:5d:e6:
         27:4e:94:fd:c4:7d:3a:0e:b4:a2:25:9e:ef:c9:0b:a4:a2:93:
         7b:b1:3e:b4:2b:c7:61:9d:a2:e4:32:8d:c4:a7:a7:d0:5e:ed:
         3f:89:c2:58:43:4f:ee:0b:23:d1:1d:ef:84:f3:dc:8a:9c:38:
         d5:e0:d6:98:64:fe:9f:d5:c0:c5:d0:0a:57:35:6c:6f:eb:89:
         56:2c:b5:bd:4e:87:43:8f:9a:b6:be:f9:6d:2a:0a:f8:98:9e:
         d0:56:d6:ea:e2:8e:00:ba:7a:75:74:35:07:c7:67:5d:18:61:
         bb:a2:29:f4:be:cd:fa:07:3a:32:6b:79:f0:68:be:87:b6:f7:
         55:bc:a4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWpq0dnX76F4VoEIuOzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmM5NTM5NTYzZDMxNmRlNjNjYWQxMDUwMmUyNzJjY2U3NDg4MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GmUY1ffiqB0nFcW9D/9wxTToj1v
+ph82QOgfzZUEvw7LFEqHnW4r9Z0bO2cd/l583iZvqbQ7JWXxbZ7ix/JwU+rzlWR
wttgDjwSzeyy9qtuiRpwtRLNj84aR/zCziMIRaZSQyLTQB8685olS5zd5OQ0fBHT
9ixWQCgHt8cFeJcTiwB9Oi8hj6xup+MrMQdkwaBPAK5EflDZRjhcqBoxbq36ahnv
iq3ARaHAmn/1/jVNCradLVMNMQ7PoTtwiGwjDsiOcmV/SLYjPOrWwoarcHy/gCXj
jzqTr06Q5JaO5FniXzNg4IRUeQ6PJgtCNj07hW/hb6qRLviJvcMGtR+/BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbJU5Vj0xbeY8rRBQLicsznSIFtMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvdHNsVGxXUFRGdDVqeXRFRkF1Snl6T2RJZ1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVv4MA0G
CSqGSIb3DQEBCwUAA4IBAQBE6RKhbrJeWVb6OC6zalXpATaskxLIhNeHJLo9H+Fg
45HK8glg+e6jg7fikMViXeTxHdnMpF5BwFSDc1tEZp7m03PjXoDuwLmVCiV1TxBF
ejciZ+QDHKrUkDvqzzBqnofHNpAmAQ2K72XlhnWcRIx3uLNAUrcLQtQk45sHXeYn
TpT9xH06DrSiJZ7vyQukopN7sT60K8dhnaLkMo3Ep6fQXu0/icJYQ0/uCyPRHe+E
89yKnDjV4NaYZP6f1cDF0ApXNWxv64lWLLW9TodDj5q2vvltKgr4mJ7QVtbq4o4A
unp1dDUHx2ddGGG7oin0vs36Bzoya3nwaL6HtvdVvKSw
-----END CERTIFICATE-----