Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/T4r7ehHWZFTA3luDjdTgYYK_bEg.roa
File:                     T4r7ehHWZFTA3luDjdTgYYK_bEg.roa (raw, json)
Hash identifier:          +FTwBsLYDy3+I+qE8F+Oa96qmYh1ezdf8ZuzFI6ztIs=
Subject key identifier:   4F:8A:FB:7A:11:D6:64:54:C0:DE:5B:83:8D:D4:E0:61:82:BF:6C:48
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       018FDCA74FB6471BBE4AA1FB29FC75B313DF
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/T4r7ehHWZFTA3luDjdTgYYK_bEg.roa
Signing time:             Mon 03 Jun 2024 05:51:43 +0000
ROA not before:           Mon 03 Jun 2024 05:51:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.148.68.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dc:a7:4f:b6:47:1b:be:4a:a1:fb:29:fc:75:b3:13:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jun  3 05:51:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f8afb7a11d66454c0de5b838dd4e06182bf6c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:56:1b:94:b3:f2:fb:a0:09:d2:76:a8:0f:b9:
                    57:ff:2c:7d:35:25:b9:c3:de:a0:22:ad:c9:ed:bd:
                    27:5c:9c:fb:b3:ff:81:d4:88:1d:a9:1d:e6:73:66:
                    8f:0d:3e:1a:77:b1:ae:d4:0c:09:ca:d4:3c:b6:59:
                    f0:8a:89:cd:e9:70:86:eb:1d:50:37:22:78:62:de:
                    91:69:ec:c9:23:f7:c6:47:ac:a7:af:ff:a4:b4:b1:
                    65:e6:95:b7:26:41:a7:32:21:f8:25:71:ae:59:47:
                    6e:24:32:50:9d:d6:52:50:c3:7b:9d:da:84:ff:c4:
                    e4:42:f1:d9:2c:d8:e8:c7:8d:ca:f9:af:cf:a3:2a:
                    84:e2:93:36:37:24:2f:e9:c7:da:52:99:3c:3a:d0:
                    d7:4a:d3:74:de:34:45:c2:e9:69:22:d7:26:a4:09:
                    af:f4:f3:5b:b7:78:08:f6:c3:62:20:9e:f7:90:32:
                    aa:d0:35:d1:9c:53:54:32:56:7c:ec:f9:f4:bb:34:
                    51:84:f2:90:42:15:d1:a0:60:be:a7:13:68:fc:3e:
                    14:7c:57:f9:4b:98:d4:b5:a0:5e:0e:c2:b6:95:66:
                    88:14:fc:cd:ba:f0:f1:76:b1:4b:c4:92:70:08:d1:
                    80:72:0d:b3:b2:25:3b:c6:8a:a3:c4:70:dd:85:83:
                    74:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:8A:FB:7A:11:D6:64:54:C0:DE:5B:83:8D:D4:E0:61:82:BF:6C:48
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/T4r7ehHWZFTA3luDjdTgYYK_bEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:b0:a7:16:07:6e:e3:bd:67:2c:f2:1d:47:0c:17:a8:d4:84:
         e2:7b:05:73:97:7e:0e:0c:d2:4e:56:d8:00:4d:9f:cc:59:e5:
         bf:c9:bb:fe:7f:89:50:07:a2:70:18:e2:e1:73:7e:7b:62:86:
         4a:f3:66:00:ff:11:04:bc:0e:85:3f:3c:db:89:f0:c6:9e:13:
         fc:10:d2:be:40:d8:d8:f9:a1:91:09:7d:86:ca:42:eb:21:a9:
         3d:ab:c3:b1:04:53:52:17:83:5d:74:38:cf:0a:4d:16:48:24:
         d4:63:e1:92:5e:3c:7f:4d:73:93:62:76:47:a8:fa:63:15:8e:
         a2:ff:fa:a5:77:5b:b6:ea:9c:96:02:15:22:ea:5c:92:a7:59:
         54:61:1c:ef:ce:69:87:2b:ed:1c:de:31:0c:03:ae:c2:1d:e4:
         eb:3e:bc:f2:87:76:ff:55:a3:26:7c:38:e4:83:cd:ae:14:04:
         e4:92:ef:01:3f:9f:1c:4b:d1:1e:46:ca:a4:56:7f:0a:e4:d8:
         79:19:6c:6b:6d:94:c6:31:07:8d:03:76:30:73:dc:18:58:0c:
         9b:83:1b:94:b2:f6:13:38:4f:e8:43:e7:1b:31:96:57:fc:16:
         b5:87:f4:1d:f2:0c:d8:16:fe:e6:25:e2:ac:02:9a:69:94:96:
         a6:65:af:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/cp0+2Rxu+SqH7Kfx1sxPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNjAzMDU1MTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjhhZmI3YTExZDY2NDU0YzBkZTViODM4ZGQ0ZTA2MTgyYmY2YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlYblLPy+6AJ0naoD7lX/yx9NSW5
w96gIq3J7b0nXJz7s/+B1IgdqR3mc2aPDT4ad7Gu1AwJytQ8tlnwionN6XCG6x1Q
NyJ4Yt6RaezJI/fGR6ynr/+ktLFl5pW3JkGnMiH4JXGuWUduJDJQndZSUMN7ndqE
/8TkQvHZLNjox43K+a/PoyqE4pM2NyQv6cfaUpk8OtDXStN03jRFwulpItcmpAmv
9PNbt3gI9sNiIJ73kDKq0DXRnFNUMlZ87Pn0uzRRhPKQQhXRoGC+pxNo/D4UfFf5
S5jUtaBeDsK2lWaIFPzNuvDxdrFLxJJwCNGAcg2zsiU7xoqjxHDdhYN0mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+K+3oR1mRUwN5bg43U4GGCv2xIMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvVDRyN2VoSFdaRlRBM2x1RGpkVGdZWUtfYkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZREMA0G
CSqGSIb3DQEBCwUAA4IBAQBEsKcWB27jvWcs8h1HDBeo1ITiewVzl34ODNJOVtgA
TZ/MWeW/ybv+f4lQB6JwGOLhc357YoZK82YA/xEEvA6FPzzbifDGnhP8ENK+QNjY
+aGRCX2GykLrIak9q8OxBFNSF4NddDjPCk0WSCTUY+GSXjx/TXOTYnZHqPpjFY6i
//qld1u26pyWAhUi6lySp1lUYRzvzmmHK+0c3jEMA67CHeTrPrzyh3b/VaMmfDjk
g82uFATkku8BP58cS9EeRsqkVn8K5Nh5GWxrbZTGMQeNA3Ywc9wYWAybgxuUsvYT
OE/oQ+cbMZZX/Ba1h/Qd8gzYFv7mJeKsAppplJamZa+k
-----END CERTIFICATE-----