Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/TSBVqN-q4gFL2xnBzcLoNSaEF14.roa
File:                     TSBVqN-q4gFL2xnBzcLoNSaEF14.roa (raw, json)
Hash identifier:          aN3PElmz6uoj7dhdKoLePOiU/o2fDJBnIhp+cy+lO/M=
Subject key identifier:   4D:20:55:A8:DF:AA:E2:01:4B:DB:19:C1:CD:C2:E8:35:26:84:17:5E
Certificate issuer:       /CN=191e27b29f65a24d9f94215715cd3671825a9eae
Certificate serial:       018CC86F63442FECA13E820E439D63EAEE63
Authority key identifier: 19:1E:27:B2:9F:65:A2:4D:9F:94:21:57:15:CD:36:71:82:5A:9E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/TSBVqN-q4gFL2xnBzcLoNSaEF14.roa
Signing time:             Tue 02 Jan 2024 04:29:52 +0000
ROA not before:           Tue 02 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        185.102.26.0/24 maxlen: 24
                          185.102.24.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:63:44:2f:ec:a1:3e:82:0e:43:9d:63:ea:ee:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=191e27b29f65a24d9f94215715cd3671825a9eae
        Validity
            Not Before: Jan  2 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d2055a8dfaae2014bdb19c1cdc2e8352684175e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a4:72:51:ed:d2:42:a1:2e:41:5c:38:2a:e4:
                    5b:ec:3b:c3:b0:1a:5f:09:e3:5c:50:74:36:a6:78:
                    5b:69:e9:31:f2:30:88:13:77:ae:2f:dc:94:44:e4:
                    ee:fc:e8:7f:9b:be:4c:46:f0:a9:b5:45:67:bd:78:
                    e2:ca:70:2c:77:35:da:3b:a1:c8:73:20:ed:98:f8:
                    d5:71:f5:81:bc:96:fd:8b:9b:68:39:9b:fd:eb:83:
                    8e:87:d4:8a:6e:47:dc:44:e2:5c:71:71:f7:0f:91:
                    4d:96:36:31:79:f2:bf:15:c4:2d:81:ab:1e:a6:63:
                    b2:ec:eb:8d:94:e0:fb:23:fe:ea:03:39:21:ea:43:
                    a7:60:7c:93:95:3d:a2:b9:ac:83:8b:ea:21:a3:3e:
                    f3:4a:24:ff:dc:9f:2c:92:43:ba:77:11:46:13:a3:
                    ab:2d:3e:10:34:30:06:a3:66:70:34:62:c3:92:15:
                    e7:9f:02:1e:d3:c1:61:c1:fc:d7:74:21:e6:b5:be:
                    ff:69:ea:3c:f1:59:f3:51:c8:5c:ad:0d:e1:2a:76:
                    0f:a3:35:4b:99:74:39:24:f3:b2:ca:42:76:14:a2:
                    70:64:41:8b:6c:ff:03:58:57:8f:4d:29:e0:7d:c6:
                    40:66:ac:8d:3e:04:d8:e8:d4:f1:ac:96:35:18:2b:
                    ba:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:20:55:A8:DF:AA:E2:01:4B:DB:19:C1:CD:C2:E8:35:26:84:17:5E
            X509v3 Authority Key Identifier:
                keyid:19:1E:27:B2:9F:65:A2:4D:9F:94:21:57:15:CD:36:71:82:5A:9E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/TSBVqN-q4gFL2xnBzcLoNSaEF14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.24.0-185.102.26.255

    Signature Algorithm: sha256WithRSAEncryption
         b4:16:1a:80:33:02:92:7d:7e:c9:c7:78:7f:9d:1c:0f:80:7c:
         03:cd:c6:39:05:a8:8d:84:cf:09:af:bf:85:c4:4d:c4:05:e9:
         80:8c:73:64:8a:1e:85:1c:a0:fa:0b:7f:86:90:36:e2:1a:18:
         cd:a5:bf:35:cb:d4:c9:87:21:cc:21:b9:7a:04:23:8b:57:c8:
         bc:d9:e6:6f:84:d4:91:f8:5c:61:2e:6b:4a:40:39:8d:88:02:
         2e:cf:4a:36:6a:fc:17:92:81:e6:02:1f:06:49:9c:4f:24:c7:
         d5:34:00:59:28:9a:e8:44:7e:26:11:39:fa:6d:25:bb:56:21:
         fc:33:56:e1:7e:84:65:37:34:0c:5c:1b:e9:e7:e4:3c:89:e2:
         09:1f:ec:7e:bd:8f:07:85:56:77:07:83:ef:13:e6:47:af:d4:
         d2:b3:42:51:cf:e0:33:e1:8d:68:46:53:00:18:41:2d:73:76:
         e9:f5:5a:8e:30:0c:c1:55:d7:75:1a:67:ec:b5:0e:b6:e3:9e:
         f7:c9:f4:25:39:a0:61:f8:29:46:68:95:db:81:94:45:63:01:
         fb:94:fe:aa:80:7f:b6:fe:58:58:9b:3c:de:57:42:9d:1c:53:
         e6:8b:50:41:8d:f7:51:71:09:f7:db:45:cc:3a:f3:05:0a:f1:
         05:fb:d9:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb2NEL+yhPoIOQ51j6u5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MWUyN2IyOWY2NWEyNGQ5Zjk0MjE1NzE1Y2QzNjcxODI1
YTllYWUwHhcNMjQwMTAyMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDIwNTVhOGRmYWFlMjAxNGJkYjE5YzFjZGMyZTgzNTI2ODQxNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06RyUe3SQqEuQVw4KuRb7DvDsBpf
CeNcUHQ2pnhbaekx8jCIE3euL9yUROTu/Oh/m75MRvCptUVnvXjiynAsdzXaO6HI
cyDtmPjVcfWBvJb9i5toOZv964OOh9SKbkfcROJccXH3D5FNljYxefK/FcQtgase
pmOy7OuNlOD7I/7qAzkh6kOnYHyTlT2iuayDi+ohoz7zSiT/3J8skkO6dxFGE6Or
LT4QNDAGo2ZwNGLDkhXnnwIe08FhwfzXdCHmtb7/aeo88VnzUchcrQ3hKnYPozVL
mXQ5JPOyykJ2FKJwZEGLbP8DWFePTSngfcZAZqyNPgTY6NTxrJY1GCu6eQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE0gVajfquIBS9sZwc3C6DUmhBdeMB8GA1UdIwQY
MBaAFBkeJ7KfZaJNn5QhVxXNNnGCWp6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1I0bnNwOWxvazJmbENGWEZjMDJjWUphbnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hODk4MDEtYzcyMS00MWJiLWI1MTct
YjhjNjY2ZTZkMzUxLzEvVFNCVnFOLXE0Z0ZMMnhuQnpjTG9OU2FFRjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hODk4MDEtYzcyMS00MWJiLWI1MTctYjhjNjY2ZTZkMzUx
LzEvR1I0bnNwOWxvazJmbENGWEZjMDJjWUphbnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5ZhgD
BAC5ZhowDQYJKoZIhvcNAQELBQADggEBALQWGoAzApJ9fsnHeH+dHA+AfAPNxjkF
qI2Ezwmvv4XETcQF6YCMc2SKHoUcoPoLf4aQNuIaGM2lvzXL1MmHIcwhuXoEI4tX
yLzZ5m+E1JH4XGEua0pAOY2IAi7PSjZq/BeSgeYCHwZJnE8kx9U0AFkomuhEfiYR
OfptJbtWIfwzVuF+hGU3NAxcG+nn5DyJ4gkf7H69jweFVncHg+8T5kev1NKzQlHP
4DPhjWhGUwAYQS1zdun1Wo4wDMFV13UaZ+y1DrbjnvfJ9CU5oGH4KUZolduBlEVj
AfuU/qqAf7b+WFibPN5XQp0cU+aLUEGN91FxCffbRcw68wUK8QX72U8=
-----END CERTIFICATE-----