Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/TgvbB6i4HXWnjLNcKegQywUTDJ0.roa
File:                     TgvbB6i4HXWnjLNcKegQywUTDJ0.roa (raw, json)
Hash identifier:          YcgfPOv/+fj5b6yQFbK2Xl9gZETkgOC07GVbs5vfuds=
Subject key identifier:   4E:0B:DB:07:A8:B8:1D:75:A7:8C:B3:5C:29:E8:10:CB:05:13:0C:9D
Certificate issuer:       /CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
Certificate serial:       019428230A4FEFEB211CE1FF576B2783A666
Authority key identifier: 30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/TgvbB6i4HXWnjLNcKegQywUTDJ0.roa
Signing time:             Thu 02 Jan 2025 17:49:32 +0000
ROA not before:           Thu 02 Jan 2025 17:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211720
IP address blocks:        185.56.83.0/24 maxlen: 24
                          2a06:e80:3000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:0a:4f:ef:eb:21:1c:e1:ff:57:6b:27:83:a6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
        Validity
            Not Before: Jan  2 17:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e0bdb07a8b81d75a78cb35c29e810cb05130c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5a:f6:2c:cd:05:b5:87:f4:d8:fa:dd:90:22:
                    69:c3:4d:05:6f:c5:6a:59:3c:d8:20:fc:f3:86:ed:
                    d3:e4:54:9e:9f:58:87:f2:f9:fb:fe:33:72:9a:a1:
                    55:44:87:16:6c:91:cf:75:fe:76:a0:ca:98:5d:9c:
                    ae:58:a5:05:22:be:7d:75:df:99:48:9b:23:e9:c0:
                    12:43:9b:4e:74:5c:c9:e5:f7:a7:b0:62:d3:d6:0f:
                    28:ca:c5:d5:e0:3c:fa:46:a5:0c:d4:e1:16:26:bd:
                    0c:4b:52:bf:56:b8:06:71:7f:0c:90:11:2f:81:74:
                    95:d7:83:6a:a7:f6:41:1b:99:71:8c:68:5f:9f:48:
                    31:fa:f1:c3:7a:37:5e:03:23:eb:6e:14:02:41:da:
                    b9:ab:42:c8:87:41:c1:e8:4a:b9:1f:a9:cf:a2:68:
                    af:4b:5f:a9:56:eb:33:15:7f:0d:21:6d:9c:5e:58:
                    4a:ad:95:cc:d4:65:2a:fb:e7:22:00:bc:ec:2a:31:
                    3b:aa:cf:76:6b:c2:6e:17:81:d3:5f:ef:d7:20:42:
                    f6:18:27:2b:48:84:42:d4:99:43:66:0b:26:b8:b9:
                    a1:78:44:6f:9d:6d:ad:4d:eb:be:ae:6c:0b:11:44:
                    38:df:c8:b0:3d:28:1c:2f:ed:21:7d:68:5c:a3:f5:
                    62:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:0B:DB:07:A8:B8:1D:75:A7:8C:B3:5C:29:E8:10:CB:05:13:0C:9D
            X509v3 Authority Key Identifier:
                keyid:30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/TgvbB6i4HXWnjLNcKegQywUTDJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.83.0/24
                IPv6:
                  2a06:e80:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a1:9d:a1:4f:7d:98:10:1b:9c:9e:dd:82:5b:53:50:37:2a:8e:
         3f:60:89:83:ab:79:c9:f9:f1:bb:14:a9:cf:ae:34:ea:9a:63:
         fd:12:ea:e0:9a:f2:eb:f3:74:ce:4f:67:b9:ce:8d:d8:1c:6a:
         0c:a3:92:86:e1:9c:21:16:08:ef:4d:bc:88:90:57:a9:24:a8:
         10:d2:8c:74:b4:7d:6b:ac:57:16:1b:22:fe:df:11:04:06:a7:
         7d:4b:0f:d6:f8:a1:7d:22:a2:b7:40:35:11:18:53:45:df:06:
         77:9c:24:01:ea:79:3d:2e:52:cf:b5:02:95:16:fd:d7:1d:b3:
         f7:75:56:2f:3c:2b:f3:ef:e2:ec:e3:56:48:a1:ec:08:9d:07:
         f2:87:d9:97:58:10:56:1d:85:79:ae:04:de:e8:5d:0e:af:49:
         2a:98:ed:bf:15:20:71:59:ff:6f:4c:86:f4:95:5e:7a:ec:98:
         4d:49:91:29:0c:87:4c:b8:b2:dc:dd:45:03:fc:d9:ef:86:f3:
         a8:16:e4:df:09:71:c0:2a:bf:7a:14:9b:4d:ff:d7:8f:d4:53:
         3b:d4:dc:18:4c:b0:67:01:2e:04:56:d0:31:c5:17:ce:88:d9:
         92:59:60:ef:7d:f3:75:65:f2:ba:df:bc:c2:d8:4f:02:71:a9:
         da:4c:c0:00
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQoIwpP7+shHOH/V2sng6ZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNmMwODY2ZGMyNTIwOGU2YzA3ZDRhMjFkN2Q4MDUwYjUw
OGQ2YTIwHhcNMjUwMTAyMTc0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBiZGIwN2E4YjgxZDc1YTc4Y2IzNWMyOWU4MTBjYjA1MTMwYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41r2LM0FtYf02PrdkCJpw00Fb8Vq
WTzYIPzzhu3T5FSen1iH8vn7/jNymqFVRIcWbJHPdf52oMqYXZyuWKUFIr59dd+Z
SJsj6cASQ5tOdFzJ5fensGLT1g8oysXV4Dz6RqUM1OEWJr0MS1K/VrgGcX8MkBEv
gXSV14Nqp/ZBG5lxjGhfn0gx+vHDejdeAyPrbhQCQdq5q0LIh0HB6Eq5H6nPomiv
S1+pVuszFX8NIW2cXlhKrZXM1GUq++ciALzsKjE7qs92a8JuF4HTX+/XIEL2GCcr
SIRC1JlDZgsmuLmheERvnW2tTeu+rmwLEUQ438iwPSgcL+0hfWhco/ViSwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFE4L2weouB11p4yzXCnoEMsFEwydMB8GA1UdIwQY
MBaAFDBsCGbcJSCObAfUoh19gFC1CNaiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUt
MTBlZGI1NDFlNmZmLzEvVGd2YkI2aTRIWFduakxOY0tlZ1F5d1VUREowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUtMTBlZGI1NDFlNmZm
LzEvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuThTMA4E
AgACMAgDBgQqBg6AMDANBgkqhkiG9w0BAQsFAAOCAQEAoZ2hT32YEBucnt2CW1NQ
NyqOP2CJg6t5yfnxuxSpz6406ppj/RLq4Jry6/N0zk9nuc6N2BxqDKOShuGcIRYI
7028iJBXqSSoENKMdLR9a6xXFhsi/t8RBAanfUsP1vihfSKit0A1ERhTRd8Gd5wk
Aep5PS5Sz7UClRb91x2z93VWLzwr8+/i7ONWSKHsCJ0H8ofZl1gQVh2Fea4E3uhd
Dq9JKpjtvxUgcVn/b0yG9JVeeuyYTUmRKQyHTLiy3N1FA/zZ74bzqBbk3wlxwCq/
ehSbTf/Xj9RTO9TcGEywZwEuBFbQMcUXzojZkllg733zdWXyut+8wthPAnGp2kzA
AA==
-----END CERTIFICATE-----