Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/z5_TECSh3LIW4x1VOykY8-htZF8.roa
File:                     z5_TECSh3LIW4x1VOykY8-htZF8.roa (raw, json)
Hash identifier:          It8vQpt2eeCbtz2SCrwWEoclvygcW0J0xwVn1c5UxQk=
Subject key identifier:   CF:9F:D3:10:24:A1:DC:B2:16:E3:1D:55:3B:29:18:F3:E8:6D:64:5F
Certificate issuer:       /CN=6d38b540831c9cd5df480851a7280667ed7cd647
Certificate serial:       019063F1551C40A3FDBADB204C398FF6FA4A
Authority key identifier: 6D:38:B5:40:83:1C:9C:D5:DF:48:08:51:A7:28:06:67:ED:7C:D6:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/z5_TECSh3LIW4x1VOykY8-htZF8.roa
Signing time:             Sat 29 Jun 2024 12:21:18 +0000
ROA not before:           Sat 29 Jun 2024 12:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49052
IP address blocks:        185.128.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:63:f1:55:1c:40:a3:fd:ba:db:20:4c:39:8f:f6:fa:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d38b540831c9cd5df480851a7280667ed7cd647
        Validity
            Not Before: Jun 29 12:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf9fd31024a1dcb216e31d553b2918f3e86d645f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e9:d8:83:b1:2b:4d:4e:64:4d:95:e7:91:b1:
                    f9:f0:39:21:53:6c:43:e4:45:bc:9d:04:83:cb:7a:
                    5d:d4:fb:ed:de:cf:7b:df:d8:86:91:ca:c8:2b:1f:
                    16:6e:17:19:6a:1c:fe:dc:94:d1:fd:78:92:12:2e:
                    3e:e9:f4:12:63:a7:ac:e1:ad:fc:e6:37:5e:4f:0b:
                    1d:d5:d5:1c:6d:cb:1a:08:6d:6f:0a:6a:91:83:80:
                    5a:30:18:ae:e5:c6:dd:79:1e:7b:35:64:20:89:f3:
                    64:ba:56:0e:50:0d:01:cd:3f:89:a1:66:d3:38:82:
                    b1:db:4e:c9:dd:44:ca:67:53:50:0d:97:46:a5:4f:
                    49:f4:2b:2c:64:93:e6:e3:83:f9:39:fa:bd:f3:35:
                    74:f1:a0:7f:86:1a:22:09:2d:ad:86:99:f5:1e:63:
                    e7:1d:04:07:6b:aa:95:f6:8f:13:a5:6f:50:a0:78:
                    9f:ff:ed:23:31:03:84:d0:8b:e9:a4:5b:92:c1:a6:
                    40:36:da:bb:5a:70:ef:74:1f:c0:f3:cd:65:c0:c0:
                    47:8e:00:35:83:12:20:bd:8a:a1:ea:3a:3c:76:16:
                    54:b4:49:a6:f7:77:24:88:62:4c:2a:b3:0a:01:bf:
                    16:51:62:d1:4a:b3:45:f5:a6:78:de:6d:e6:3e:c9:
                    42:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9F:D3:10:24:A1:DC:B2:16:E3:1D:55:3B:29:18:F3:E8:6D:64:5F
            X509v3 Authority Key Identifier:
                keyid:6D:38:B5:40:83:1C:9C:D5:DF:48:08:51:A7:28:06:67:ED:7C:D6:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/z5_TECSh3LIW4x1VOykY8-htZF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:31:ef:01:e6:3d:c5:d5:c7:f0:33:01:a3:64:c3:de:19:84:
         3a:0e:e0:a1:0e:00:b0:8e:2c:17:ad:d4:dc:65:86:58:d9:a3:
         57:5e:b3:2e:01:00:e0:9e:00:9e:cd:ae:58:b2:81:4d:91:8e:
         c0:ac:07:2e:a4:28:5e:36:ef:21:9b:1b:18:56:4d:8f:19:6c:
         3e:e0:13:73:6f:59:0f:d0:16:4c:16:7d:fb:4e:6d:79:22:d9:
         d1:47:cb:07:8a:94:67:f1:aa:55:ac:ca:d4:66:f9:17:41:9b:
         00:b7:2d:e6:0f:db:46:e4:5c:2b:b9:d5:4f:62:52:65:07:2f:
         dd:f0:33:50:c8:0c:c4:c8:54:a5:3c:c3:8f:cc:13:00:2a:2d:
         08:9d:ca:c7:8d:ce:55:2f:71:40:9e:2b:95:87:02:52:9c:75:
         87:ec:9a:33:01:b0:da:61:71:96:69:b1:af:a6:2b:6b:08:38:
         83:f9:f1:ff:cf:b5:41:02:ee:9d:09:21:cc:77:3e:bd:c5:dd:
         48:17:c9:fd:2d:93:cd:2d:b5:f1:f8:5b:26:a0:81:bf:bb:1f:
         95:fb:4b:fc:8c:ef:06:6d:bd:43:2e:af:c0:dd:86:b2:92:6a:
         f7:e7:3a:5e:aa:3f:e7:79:47:0d:bb:8e:38:3e:86:a4:29:52:
         35:9f:fe:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBj8VUcQKP9utsgTDmP9vpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzhiNTQwODMxYzljZDVkZjQ4MDg1MWE3MjgwNjY3ZWQ3
Y2Q2NDcwHhcNMjQwNjI5MTIyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjlmZDMxMDI0YTFkY2IyMTZlMzFkNTUzYjI5MThmM2U4NmQ2NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9OnYg7ErTU5kTZXnkbH58DkhU2xD
5EW8nQSDy3pd1Pvt3s9739iGkcrIKx8WbhcZahz+3JTR/XiSEi4+6fQSY6es4a38
5jdeTwsd1dUcbcsaCG1vCmqRg4BaMBiu5cbdeR57NWQgifNkulYOUA0BzT+JoWbT
OIKx207J3UTKZ1NQDZdGpU9J9CssZJPm44P5Ofq98zV08aB/hhoiCS2thpn1HmPn
HQQHa6qV9o8TpW9QoHif/+0jMQOE0IvppFuSwaZANtq7WnDvdB/A881lwMBHjgA1
gxIgvYqh6jo8dhZUtEmm93ckiGJMKrMKAb8WUWLRSrNF9aZ43m3mPslCYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+f0xAkodyyFuMdVTspGPPobWRfMB8GA1UdIwQY
MBaAFG04tUCDHJzV30gIUacoBmftfNZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRpMVFJTWNuTlhmU0FoUnB5Z0daLTE4MWtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mNzMwOGEtNDEwOC00YWNjLWI2MDAt
MzYzMDU0M2I1MjFiLzEvejVfVEVDU2gzTElXNHgxVk95a1k4LWh0WkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mNzMwOGEtNDEwOC00YWNjLWI2MDAtMzYzMDU0M2I1MjFi
LzEvYlRpMVFJTWNuTlhmU0FoUnB5Z0daLTE4MWtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYDwMA0G
CSqGSIb3DQEBCwUAA4IBAQAIMe8B5j3F1cfwMwGjZMPeGYQ6DuChDgCwjiwXrdTc
ZYZY2aNXXrMuAQDgngCeza5YsoFNkY7ArAcupCheNu8hmxsYVk2PGWw+4BNzb1kP
0BZMFn37Tm15ItnRR8sHipRn8apVrMrUZvkXQZsAty3mD9tG5FwrudVPYlJlBy/d
8DNQyAzEyFSlPMOPzBMAKi0IncrHjc5VL3FAniuVhwJSnHWH7JozAbDaYXGWabGv
pitrCDiD+fH/z7VBAu6dCSHMdz69xd1IF8n9LZPNLbXx+FsmoIG/ux+V+0v8jO8G
bb1DLq/A3Yaykmr35zpeqj/neUcNu444PoakKVI1n/5/
-----END CERTIFICATE-----