Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/TtvNTrhsW3wjOkk9eOHVRXZxsEg.roa
File:                     TtvNTrhsW3wjOkk9eOHVRXZxsEg.roa (raw, json)
Hash identifier:          gPmUeUcfbob5JNxYnTxCOkrudyCPlteleGt+PSj2/00=
Subject key identifier:   4E:DB:CD:4E:B8:6C:5B:7C:23:3A:49:3D:78:E1:D5:45:76:71:B0:48
Certificate issuer:       /CN=2af5e4866ba09820124a6e511104fc41fa541995
Certificate serial:       019428283FBFEA4D405DD8D17E578180CCBE
Authority key identifier: 2A:F5:E4:86:6B:A0:98:20:12:4A:6E:51:11:04:FC:41:FA:54:19:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KvXkhmugmCASSm5REQT8QfpUGZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/TtvNTrhsW3wjOkk9eOHVRXZxsEg.roa
Signing time:             Thu 02 Jan 2025 17:55:13 +0000
ROA not before:           Thu 02 Jan 2025 17:55:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50114
IP address blocks:        185.110.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/KvXkhmugmCASSm5REQT8QfpUGZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/KvXkhmugmCASSm5REQT8QfpUGZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KvXkhmugmCASSm5REQT8QfpUGZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:3f:bf:ea:4d:40:5d:d8:d1:7e:57:81:80:cc:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2af5e4866ba09820124a6e511104fc41fa541995
        Validity
            Not Before: Jan  2 17:55:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4edbcd4eb86c5b7c233a493d78e1d5457671b048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:aa:e1:12:15:cb:b5:16:91:8e:09:88:90:49:
                    88:30:c5:20:8e:c8:cf:a9:78:ba:4f:70:ad:d2:63:
                    63:ea:53:07:74:09:05:ea:8f:08:46:ed:2b:61:e2:
                    1a:9b:f6:4b:45:f9:18:aa:be:8e:48:0a:e9:e1:f1:
                    43:50:0c:86:24:7a:c0:41:23:5d:1f:ab:f3:54:96:
                    73:bd:cf:46:ac:d4:d7:01:a4:25:73:78:2b:1a:bc:
                    2b:1a:7c:ca:46:92:04:1a:e4:81:fe:72:97:35:9e:
                    49:f0:bc:e8:4c:14:19:fc:49:67:c7:38:69:44:f6:
                    7b:3f:e4:3c:73:72:af:b5:22:93:a8:7f:c4:38:78:
                    0f:c0:68:f6:e6:1f:dd:46:36:4e:e7:4c:60:23:14:
                    54:a7:e7:dd:98:0f:ff:55:ea:42:e7:55:26:0d:ed:
                    aa:ed:1d:e5:2f:0d:65:ce:79:c4:d5:a7:8e:2f:78:
                    d6:38:fe:d8:b1:a0:af:18:43:64:3d:c7:86:3b:a7:
                    7d:83:23:bf:cc:ee:a9:46:38:d4:ec:bc:66:9f:13:
                    6b:10:a6:78:0e:31:11:5a:32:5f:90:17:49:ce:e1:
                    1f:c8:03:7c:5e:42:68:e2:75:1e:14:67:33:9d:7f:
                    2c:6e:f5:48:1a:76:1b:18:f8:36:48:05:a6:cb:30:
                    03:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:DB:CD:4E:B8:6C:5B:7C:23:3A:49:3D:78:E1:D5:45:76:71:B0:48
            X509v3 Authority Key Identifier:
                keyid:2A:F5:E4:86:6B:A0:98:20:12:4A:6E:51:11:04:FC:41:FA:54:19:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KvXkhmugmCASSm5REQT8QfpUGZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/TtvNTrhsW3wjOkk9eOHVRXZxsEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/252761-019a-4de5-957d-c320e50a3c79/1/KvXkhmugmCASSm5REQT8QfpUGZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:15:de:24:01:1b:f4:8a:4c:5a:1b:1f:db:e9:16:31:71:e7:
         0e:2e:cf:84:c0:42:ce:f3:39:d1:5a:e9:94:25:0b:ff:cf:3a:
         e4:5e:80:58:9f:d3:8d:f9:65:42:80:17:a2:b3:d5:fc:9b:64:
         9f:77:9c:22:54:a1:9c:e8:ef:74:6f:51:9c:e7:b0:5c:ad:cc:
         79:09:7a:e1:b7:3b:57:10:94:35:d8:9e:81:e2:b3:08:fd:56:
         ab:1c:25:ab:96:24:aa:7e:17:57:ce:26:e3:31:f1:35:10:aa:
         47:bf:c3:b6:b4:02:2b:85:24:ab:f1:e5:86:0c:e3:e9:cb:ae:
         cf:10:4d:91:a5:af:9e:2d:e5:89:3c:cf:41:5e:46:02:aa:f3:
         54:12:fd:6d:c5:2d:a1:d4:57:b3:01:94:24:c0:81:62:f4:5a:
         42:49:6a:3c:5d:60:75:0b:bb:a2:8b:38:b4:7d:04:85:11:79:
         3f:72:58:3c:52:ce:e7:ac:ef:02:f3:ac:3f:39:8e:7e:29:99:
         58:59:34:72:6e:f1:fa:db:63:b1:de:80:e4:2f:d4:f9:12:bb:
         1f:52:29:cf:4f:ea:2a:99:81:40:be:40:f0:20:9b:17:d8:1d:
         4c:70:ce:22:77:32:60:cd:e8:8b:a0:9b:42:f4:d7:33:8a:80:
         75:60:f5:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKD+/6k1AXdjRfleBgMy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZjVlNDg2NmJhMDk4MjAxMjRhNmU1MTExMDRmYzQxZmE1
NDE5OTUwHhcNMjUwMTAyMTc1NTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRiY2Q0ZWI4NmM1YjdjMjMzYTQ5M2Q3OGUxZDU0NTc2NzFiMDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KrhEhXLtRaRjgmIkEmIMMUgjsjP
qXi6T3Ct0mNj6lMHdAkF6o8IRu0rYeIam/ZLRfkYqr6OSArp4fFDUAyGJHrAQSNd
H6vzVJZzvc9GrNTXAaQlc3grGrwrGnzKRpIEGuSB/nKXNZ5J8LzoTBQZ/Elnxzhp
RPZ7P+Q8c3KvtSKTqH/EOHgPwGj25h/dRjZO50xgIxRUp+fdmA//VepC51UmDe2q
7R3lLw1lznnE1aeOL3jWOP7YsaCvGENkPceGO6d9gyO/zO6pRjjU7LxmnxNrEKZ4
DjERWjJfkBdJzuEfyAN8XkJo4nUeFGcznX8sbvVIGnYbGPg2SAWmyzADDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7bzU64bFt8IzpJPXjh1UV2cbBIMB8GA1UdIwQY
MBaAFCr15IZroJggEkpuUREE/EH6VBmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3ZYa2htdWdtQ0FTU201UkVRVDhRZnBVR1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8yNTI3NjEtMDE5YS00ZGU1LTk1N2Qt
YzMyMGU1MGEzYzc5LzEvVHR2TlRyaHNXM3dqT2trOWVPSFZSWFp4c0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8yNTI3NjEtMDE5YS00ZGU1LTk1N2QtYzMyMGU1MGEzYzc5
LzEvS3ZYa2htdWdtQ0FTU201UkVRVDhRZnBVR1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW7tMA0G
CSqGSIb3DQEBCwUAA4IBAQAiFd4kARv0ikxaGx/b6RYxcecOLs+EwELO8znRWumU
JQv/zzrkXoBYn9ON+WVCgBeis9X8m2Sfd5wiVKGc6O90b1Gc57Bcrcx5CXrhtztX
EJQ12J6B4rMI/VarHCWrliSqfhdXzibjMfE1EKpHv8O2tAIrhSSr8eWGDOPpy67P
EE2Rpa+eLeWJPM9BXkYCqvNUEv1txS2h1FezAZQkwIFi9FpCSWo8XWB1C7uiizi0
fQSFEXk/clg8Us7nrO8C86w/OY5+KZlYWTRybvH622Ox3oDkL9T5ErsfUinPT+oq
mYFAvkDwIJsX2B1McM4idzJgzeiLoJtC9NczioB1YPXi
-----END CERTIFICATE-----