Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Tbseb_vthY1-zmpTfiljGGu9kl4.roa
File:                     Tbseb_vthY1-zmpTfiljGGu9kl4.roa (raw, json)
Hash identifier:          yXZ4by2rtGbcjnvR/8Gfsie9rvupPUIx4dA+re0+01I=
Subject key identifier:   4D:BB:1E:6F:FB:ED:85:8D:7E:CE:6A:53:7E:29:63:18:6B:BD:92:5E
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       0192B6B12BE7272A0623FB68C0922BE30B99
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Tbseb_vthY1-zmpTfiljGGu9kl4.roa
Signing time:             Wed 23 Oct 2024 00:05:17 +0000
ROA not before:           Wed 23 Oct 2024 00:05:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214941
IP address blocks:        185.203.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 23:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b6:b1:2b:e7:27:2a:06:23:fb:68:c0:92:2b:e3:0b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Oct 23 00:05:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dbb1e6ffbed858d7ece6a537e2963186bbd925e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a1:3e:05:33:11:b3:d3:a3:29:51:00:c0:3b:
                    44:27:35:30:ae:ec:84:ab:7f:56:84:05:95:2b:77:
                    db:3b:cd:26:05:d9:14:57:c6:04:d0:b2:3b:29:0d:
                    97:22:6c:1f:b1:85:c5:f9:5d:04:31:0a:7d:b2:62:
                    e0:ae:ac:62:8d:49:5e:ea:a1:f6:2e:ed:a7:16:a5:
                    96:96:90:00:f2:53:f1:09:a8:bf:47:81:d0:37:c0:
                    f9:a6:66:3f:a0:ac:34:cc:e2:37:82:47:64:5a:a0:
                    92:c7:65:7e:c2:f4:8d:e3:24:ce:3d:32:d8:fa:45:
                    be:57:c8:61:d6:51:48:15:56:ce:64:29:06:ee:07:
                    11:f2:1b:79:36:13:0e:74:fa:54:ed:e9:5b:aa:4e:
                    f4:ac:52:04:49:03:e7:9e:92:d2:8c:36:ab:b9:9a:
                    57:dd:78:c5:48:11:d2:bf:3f:7f:45:d0:29:b0:ca:
                    11:d2:5d:1c:58:62:80:c4:5e:bc:54:35:b3:c1:4b:
                    3c:53:6e:6a:bd:2a:f7:4d:fd:b4:83:ca:4f:e9:24:
                    c0:e4:5d:dd:d2:b8:43:eb:ff:5b:3c:63:7e:4c:dd:
                    f2:e5:a8:e5:7b:ee:ea:8a:89:00:e7:37:59:8b:6f:
                    33:ca:91:94:5b:90:dc:1f:9a:00:32:be:13:ba:cb:
                    97:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:BB:1E:6F:FB:ED:85:8D:7E:CE:6A:53:7E:29:63:18:6B:BD:92:5E
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Tbseb_vthY1-zmpTfiljGGu9kl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:11:9e:3b:93:7e:78:7f:2c:38:86:89:a9:66:8d:03:ed:7f:
         f5:82:64:3d:7f:37:92:c0:86:a9:a9:96:93:dc:68:bc:47:df:
         89:cc:cd:55:0d:1e:43:65:0f:e8:a1:3e:3e:95:8e:d9:17:b4:
         1f:28:d2:db:d6:a6:ed:a1:0b:d2:1a:58:d5:d0:f8:3c:d7:84:
         08:b3:a6:b9:f0:a1:91:8c:58:45:7d:cc:64:38:33:8e:e0:16:
         8c:fd:1a:0d:06:65:c7:b8:d7:18:bf:7d:30:a5:1a:20:3b:e4:
         a9:40:0a:5b:b3:53:d7:6b:0c:99:85:64:55:a5:af:dc:e5:9f:
         81:44:4c:24:9a:f5:4b:1a:74:df:00:30:0f:69:ed:8b:e1:27:
         1d:43:33:35:e1:a3:f0:51:86:09:db:3f:3c:7f:f3:40:57:ca:
         98:22:1c:61:f0:c8:fe:30:d1:2b:c1:47:ba:66:c1:18:7b:7b:
         86:42:f2:60:9d:d3:b5:4c:d2:28:f8:c3:9e:11:68:ce:62:3b:
         c9:42:e4:1e:c5:81:09:12:df:a7:5f:1a:7c:86:e6:19:c3:2a:
         fb:2d:77:23:6b:55:f5:c1:86:09:db:02:26:aa:17:c0:33:8a:
         ae:38:9e:25:9d:7f:55:d4:bd:71:a9:aa:9c:75:b9:1c:d0:4e:
         29:52:eb:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK2sSvnJyoGI/towJIr4wuZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQxMDIzMDAwNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGJiMWU2ZmZiZWQ4NThkN2VjZTZhNTM3ZTI5NjMxODZiYmQ5MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqE+BTMRs9OjKVEAwDtEJzUwruyE
q39WhAWVK3fbO80mBdkUV8YE0LI7KQ2XImwfsYXF+V0EMQp9smLgrqxijUle6qH2
Lu2nFqWWlpAA8lPxCai/R4HQN8D5pmY/oKw0zOI3gkdkWqCSx2V+wvSN4yTOPTLY
+kW+V8hh1lFIFVbOZCkG7gcR8ht5NhMOdPpU7elbqk70rFIESQPnnpLSjDaruZpX
3XjFSBHSvz9/RdApsMoR0l0cWGKAxF68VDWzwUs8U25qvSr3Tf20g8pP6STA5F3d
0rhD6/9bPGN+TN3y5ajle+7qiokA5zdZi28zypGUW5DcH5oAMr4TusuX6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE27Hm/77YWNfs5qU34pYxhrvZJeMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvVGJzZWJfdnRoWTEtem1wVGZpbGpHR3U5a2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucshMA0G
CSqGSIb3DQEBCwUAA4IBAQAFEZ47k354fyw4hompZo0D7X/1gmQ9fzeSwIapqZaT
3Gi8R9+JzM1VDR5DZQ/ooT4+lY7ZF7QfKNLb1qbtoQvSGljV0Pg814QIs6a58KGR
jFhFfcxkODOO4BaM/RoNBmXHuNcYv30wpRogO+SpQApbs1PXawyZhWRVpa/c5Z+B
REwkmvVLGnTfADAPae2L4ScdQzM14aPwUYYJ2z88f/NAV8qYIhxh8Mj+MNErwUe6
ZsEYe3uGQvJgndO1TNIo+MOeEWjOYjvJQuQexYEJEt+nXxp8huYZwyr7LXcja1X1
wYYJ2wImqhfAM4quOJ4lnX9V1L1xqaqcdbkc0E4pUuso
-----END CERTIFICATE-----