Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/TF44lA07fpOQS4XY0RHcx40c114.roa
File:                     TF44lA07fpOQS4XY0RHcx40c114.roa (raw, json)
Hash identifier:          1kbR6MzbGPoJQMSrHBsE9wAZjCiCyoE2b2+geXjhcTA=
Subject key identifier:   4C:5E:38:94:0D:3B:7E:93:90:4B:85:D8:D1:11:DC:C7:8D:1C:D7:5E
Certificate issuer:       /CN=2e426fe9086cb6af01f391ff4f69c008364d6eed
Certificate serial:       018CC3B72E521BDEBAA7DE32DC02320CFDF6
Authority key identifier: 2E:42:6F:E9:08:6C:B6:AF:01:F3:91:FF:4F:69:C0:08:36:4D:6E:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkJv6Qhstq8B85H_T2nACDZNbu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/TF44lA07fpOQS4XY0RHcx40c114.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.145.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/LkJv6Qhstq8B85H_T2nACDZNbu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/LkJv6Qhstq8B85H_T2nACDZNbu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkJv6Qhstq8B85H_T2nACDZNbu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2e:52:1b:de:ba:a7:de:32:dc:02:32:0c:fd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e426fe9086cb6af01f391ff4f69c008364d6eed
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5e38940d3b7e93904b85d8d111dcc78d1cd75e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:51:51:83:5e:7c:e9:9e:e2:d9:5a:3d:a6:b7:
                    d9:39:94:d8:ef:df:83:f1:37:40:11:d0:67:ea:3e:
                    9f:98:4b:27:44:8d:1a:79:d2:6a:e5:17:6d:02:48:
                    08:06:91:86:d1:9b:c0:0a:c7:5f:df:54:67:90:1e:
                    78:9e:3e:38:98:c1:7c:16:08:c6:c7:25:43:3f:f6:
                    e1:ee:b4:ac:7a:c4:84:e1:30:0e:d7:72:e5:2d:1a:
                    d3:6e:b4:01:0a:ba:f9:e7:8f:60:1e:ab:d1:00:2e:
                    cb:42:d5:fb:22:8f:e0:33:8b:26:6e:61:71:23:53:
                    8d:5f:fa:da:f7:19:6e:05:d8:65:87:1c:0f:12:2c:
                    d9:3e:0a:66:ad:93:b6:eb:12:8d:9a:57:e8:fb:95:
                    21:33:2e:67:bc:1a:cc:5e:72:8a:8a:cb:db:3d:95:
                    32:54:f3:c2:57:aa:a2:42:e8:f0:f9:97:2b:86:5d:
                    09:55:6b:6c:65:c8:0d:54:83:69:b7:1c:5a:7c:fd:
                    1a:a8:3d:0e:c4:ba:94:3a:be:fd:14:f1:16:4f:bd:
                    c8:b8:9e:c9:ef:35:d8:1e:40:05:2b:06:25:f6:cf:
                    1f:75:f7:ab:d0:c3:4e:aa:46:1f:f4:d2:06:52:ba:
                    23:56:4c:67:8d:d7:3a:84:22:96:78:4b:d7:c1:8d:
                    e0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5E:38:94:0D:3B:7E:93:90:4B:85:D8:D1:11:DC:C7:8D:1C:D7:5E
            X509v3 Authority Key Identifier:
                keyid:2E:42:6F:E9:08:6C:B6:AF:01:F3:91:FF:4F:69:C0:08:36:4D:6E:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkJv6Qhstq8B85H_T2nACDZNbu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/TF44lA07fpOQS4XY0RHcx40c114.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ae7101-e4fa-450c-a301-68ad3bdbd39b/1/LkJv6Qhstq8B85H_T2nACDZNbu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:78:9b:ed:76:55:0f:23:c3:8e:eb:1a:9b:f5:47:07:69:a9:
         79:4f:c9:e0:85:d5:1f:45:20:34:33:cc:89:a6:6d:54:d6:ef:
         b2:89:f4:bc:2d:a0:0b:cc:2e:2d:98:d6:ae:45:98:44:91:c1:
         46:47:46:91:15:fe:60:02:5d:41:11:7e:c4:fc:b3:91:b0:8b:
         25:e9:f1:fd:8a:79:68:ba:a1:f5:ba:7f:58:bf:a6:99:29:b2:
         da:61:fc:12:2f:52:b9:d9:9d:2a:ae:1c:86:ac:0c:f2:4c:ac:
         4f:02:81:a0:23:70:e2:e1:26:40:58:8d:45:b7:34:76:66:0c:
         08:b8:f8:46:07:d1:14:fe:53:f8:1c:89:84:07:d8:83:8d:43:
         f0:ca:30:5c:43:6e:8c:e6:9d:b7:66:d6:8b:de:a1:cb:72:c4:
         75:cc:34:9f:88:b1:1a:a3:95:2a:8b:35:79:a0:4f:48:16:87:
         33:79:3e:9e:9b:61:07:52:8b:0a:45:a5:15:cd:1e:51:d7:77:
         ea:0a:9f:22:fa:1a:8d:8c:44:b0:f3:fd:c5:fa:d4:e9:59:52:
         c2:16:89:9a:71:77:6c:d9:df:d0:d8:99:9b:1b:20:06:5d:8d:
         79:b9:8b:96:5b:a2:9f:60:99:f3:12:41:70:19:fe:ce:a4:bd:
         e1:4b:69:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDty5SG966p94y3AIyDP32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDI2ZmU5MDg2Y2I2YWYwMWYzOTFmZjRmNjljMDA4MzY0
ZDZlZWQwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVlMzg5NDBkM2I3ZTkzOTA0Yjg1ZDhkMTExZGNjNzhkMWNkNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlFRg1586Z7i2Vo9prfZOZTY79+D
8TdAEdBn6j6fmEsnRI0aedJq5RdtAkgIBpGG0ZvACsdf31RnkB54nj44mMF8FgjG
xyVDP/bh7rSsesSE4TAO13LlLRrTbrQBCrr5549gHqvRAC7LQtX7Io/gM4smbmFx
I1ONX/ra9xluBdhlhxwPEizZPgpmrZO26xKNmlfo+5UhMy5nvBrMXnKKisvbPZUy
VPPCV6qiQujw+Zcrhl0JVWtsZcgNVINptxxafP0aqD0OxLqUOr79FPEWT73IuJ7J
7zXYHkAFKwYl9s8fdfer0MNOqkYf9NIGUrojVkxnjdc6hCKWeEvXwY3gDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExeOJQNO36TkEuF2NER3MeNHNdeMB8GA1UdIwQY
MBaAFC5Cb+kIbLavAfOR/09pwAg2TW7tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtKdjZRaHN0cThCODVIX1QybkFDRFpOYnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hZTcxMDEtZTRmYS00NTBjLWEzMDEt
NjhhZDNiZGJkMzliLzEvVEY0NGxBMDdmcE9RUzRYWTBSSGN4NDBjMTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hZTcxMDEtZTRmYS00NTBjLWEzMDEtNjhhZDNiZGJkMzli
LzEvTGtKdjZRaHN0cThCODVIX1QybkFDRFpOYnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZH3MA0G
CSqGSIb3DQEBCwUAA4IBAQAIeJvtdlUPI8OO6xqb9UcHaal5T8nghdUfRSA0M8yJ
pm1U1u+yifS8LaALzC4tmNauRZhEkcFGR0aRFf5gAl1BEX7E/LORsIsl6fH9inlo
uqH1un9Yv6aZKbLaYfwSL1K52Z0qrhyGrAzyTKxPAoGgI3Di4SZAWI1FtzR2ZgwI
uPhGB9EU/lP4HImEB9iDjUPwyjBcQ26M5p23ZtaL3qHLcsR1zDSfiLEao5UqizV5
oE9IFoczeT6em2EHUosKRaUVzR5R13fqCp8i+hqNjESw8/3F+tTpWVLCFomacXds
2d/Q2JmbGyAGXY15uYuWW6KfYJnzEkFwGf7OpL3hS2kg
-----END CERTIFICATE-----