Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/tvrYnosVjpv8tcXBtrz_VtpKGrk.roa
File:                     tvrYnosVjpv8tcXBtrz_VtpKGrk.roa (raw, json)
Hash identifier:          tdMySNIH7/ngO+Y0q3jLW3/9HVdgtOBQBy2N0p72LeI=
Subject key identifier:   B6:FA:D8:9E:8B:15:8E:9B:FC:B5:C5:C1:B6:BC:FF:56:DA:4A:1A:B9
Certificate issuer:       /CN=70f5d9eeefa305aecaee31e6fcb4e22321b2804a
Certificate serial:       0191D712A3C579BE1D09714C3B44C539110D
Authority key identifier: 70:F5:D9:EE:EF:A3:05:AE:CA:EE:31:E6:FC:B4:E2:23:21:B2:80:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/tvrYnosVjpv8tcXBtrz_VtpKGrk.roa
Signing time:             Mon 09 Sep 2024 13:56:48 +0000
ROA not before:           Mon 09 Sep 2024 13:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48402
IP address blocks:        185.141.128.0/23 maxlen: 23
                          2a07:2400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d7:12:a3:c5:79:be:1d:09:71:4c:3b:44:c5:39:11:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f5d9eeefa305aecaee31e6fcb4e22321b2804a
        Validity
            Not Before: Sep  9 13:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6fad89e8b158e9bfcb5c5c1b6bcff56da4a1ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:ff:fc:9d:c5:47:b9:ee:c0:e3:ff:32:97:
                    e9:64:f1:dc:de:bd:ec:e6:ee:74:13:0f:dd:32:60:
                    03:75:c5:34:4b:80:71:b2:e6:eb:96:21:d8:06:8d:
                    66:74:68:36:0f:57:c2:20:5a:c0:e9:b4:27:f5:58:
                    16:0f:1b:de:8c:3d:fb:e7:70:90:57:aa:5b:48:2a:
                    7c:8e:22:29:56:75:fd:9f:71:6c:2b:89:22:48:9f:
                    01:71:2d:9b:ba:96:20:c2:4f:b7:80:a1:86:10:2e:
                    3d:d1:08:31:e9:d7:d0:ac:c9:28:5f:57:5a:dc:8e:
                    53:6f:65:de:f4:6b:97:95:fd:ba:c3:72:e4:de:38:
                    90:13:cb:c5:9a:ff:b0:11:b6:2d:0e:40:e8:3f:9c:
                    7a:7c:72:2b:34:3f:3c:df:b8:cb:eb:6c:7b:ab:c2:
                    3d:ef:e2:17:b5:a6:39:64:d5:77:60:05:dd:e4:13:
                    45:9d:e3:27:86:3f:77:0f:37:72:c8:8f:f7:0c:59:
                    c7:78:66:52:d1:c6:97:2f:e6:57:2e:2a:57:4e:48:
                    0b:b3:b4:3a:09:f0:73:30:36:4e:e3:cc:db:d4:3d:
                    37:89:e2:b0:c8:17:d4:5d:0b:c5:46:f1:02:5e:b8:
                    5c:c0:d3:c4:d4:42:9f:a0:8f:ed:8c:92:5f:38:28:
                    82:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FA:D8:9E:8B:15:8E:9B:FC:B5:C5:C1:B6:BC:FF:56:DA:4A:1A:B9
            X509v3 Authority Key Identifier:
                keyid:70:F5:D9:EE:EF:A3:05:AE:CA:EE:31:E6:FC:B4:E2:23:21:B2:80:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPXZ7u-jBa7K7jHm_LTiIyGygEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/tvrYnosVjpv8tcXBtrz_VtpKGrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/140105-e462-48d2-a58f-a57035792e57/1/cPXZ7u-jBa7K7jHm_LTiIyGygEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.128.0/23
                IPv6:
                  2a07:2400::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:3a:b0:c1:47:4d:5f:db:e4:2d:f9:f1:27:de:48:54:0c:32:
         f8:4b:af:fd:ae:07:58:33:30:07:55:1e:c5:00:eb:52:07:81:
         43:75:c9:ef:e9:6f:3f:05:11:09:41:9b:64:73:db:d3:1e:c3:
         98:f2:99:d1:5d:2b:40:dc:3f:56:5a:8c:97:36:ec:7d:b4:b3:
         40:ba:66:c7:d3:22:44:87:7d:d7:7e:33:45:d9:05:4d:04:ea:
         37:14:a4:26:8f:3d:7a:71:04:3f:7b:08:77:60:d1:5d:39:28:
         09:dd:32:ca:04:7e:3e:f8:08:7f:70:8a:1d:d1:15:be:05:5e:
         7a:3d:c7:ce:31:ae:30:37:10:76:4b:3e:80:56:7e:1e:1d:ff:
         12:58:b1:d0:6c:98:55:c0:27:17:69:86:2d:ed:bf:49:ac:8e:
         58:af:a9:f6:7b:4f:fd:cb:4b:58:d1:de:65:01:52:7e:b3:10:
         b5:97:ba:b8:df:a5:5a:4d:f5:37:65:19:50:f7:23:24:fa:cc:
         68:4e:b4:36:9c:ce:48:32:da:f5:f3:1e:97:af:9d:0a:b3:c4:
         cb:04:da:ad:b4:e2:fb:f9:d6:a2:39:95:5f:b2:e3:3d:90:3b:
         07:c2:50:a0:7e:ce:e5:85:e0:4e:aa:41:fe:de:94:d9:51:56:
         3d:64:f2:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZHXEqPFeb4dCXFMO0TFORENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjVkOWVlZWZhMzA1YWVjYWVlMzFlNmZjYjRlMjIzMjFi
MjgwNGEwHhcNMjQwOTA5MTM1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZhZDg5ZThiMTU4ZTliZmNiNWM1YzFiNmJjZmY1NmRhNGExYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTv//J3FR7nuwOP/MpfpZPHc3r3s
5u50Ew/dMmADdcU0S4BxsubrliHYBo1mdGg2D1fCIFrA6bQn9VgWDxvejD3753CQ
V6pbSCp8jiIpVnX9n3FsK4kiSJ8BcS2bupYgwk+3gKGGEC490Qgx6dfQrMkoX1da
3I5Tb2Xe9GuXlf26w3Lk3jiQE8vFmv+wEbYtDkDoP5x6fHIrND8837jL62x7q8I9
7+IXtaY5ZNV3YAXd5BNFneMnhj93DzdyyI/3DFnHeGZS0caXL+ZXLipXTkgLs7Q6
CfBzMDZO48zb1D03ieKwyBfUXQvFRvECXrhcwNPE1EKfoI/tjJJfOCiCjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLb62J6LFY6b/LXFwba8/1baShq5MB8GA1UdIwQY
MBaAFHD12e7vowWuyu4x5vy04iMhsoBKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BYWjd1LWpCYTdLN2pIbV9MVGlJeUd5Z0VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xNDAxMDUtZTQ2Mi00OGQyLWE1OGYt
YTU3MDM1NzkyZTU3LzEvdHZyWW5vc1ZqcHY4dGNYQnRyel9WdHBLR3JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xNDAxMDUtZTQ2Mi00OGQyLWE1OGYtYTU3MDM1NzkyZTU3
LzEvY1BYWjd1LWpCYTdLN2pIbV9MVGlJeUd5Z0VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuY2AMA0E
AgACMAcDBQMqByQAMA0GCSqGSIb3DQEBCwUAA4IBAQBPOrDBR01f2+Qt+fEn3khU
DDL4S6/9rgdYMzAHVR7FAOtSB4FDdcnv6W8/BREJQZtkc9vTHsOY8pnRXStA3D9W
WoyXNux9tLNAumbH0yJEh33XfjNF2QVNBOo3FKQmjz16cQQ/ewh3YNFdOSgJ3TLK
BH4++Ah/cIod0RW+BV56PcfOMa4wNxB2Sz6AVn4eHf8SWLHQbJhVwCcXaYYt7b9J
rI5Yr6n2e0/9y0tY0d5lAVJ+sxC1l7q436VaTfU3ZRlQ9yMk+sxoTrQ2nM5IMtr1
8x6Xr50Ks8TLBNqttOL7+daiOZVfsuM9kDsHwlCgfs7lheBOqkH+3pTZUVY9ZPIs
-----END CERTIFICATE-----