Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/TcB0TF8TP5VmbkBcLGfPTXTVKcU.roa
File:                     TcB0TF8TP5VmbkBcLGfPTXTVKcU.roa (raw, json)
Hash identifier:          ovQpVAwsnIvlkkeRwWKz7NWJZhciVsnhCxLf1MGflB4=
Subject key identifier:   4D:C0:74:4C:5F:13:3F:95:66:6E:40:5C:2C:67:CF:4D:74:D5:29:C5
Certificate issuer:       /CN=193743467b4da41c6295e9351153309586ba2399
Certificate serial:       018CC6B8FD1A28877691C05F8E295E045F2C
Authority key identifier: 19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/TcB0TF8TP5VmbkBcLGfPTXTVKcU.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42293
IP address blocks:        185.253.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fd:1a:28:87:76:91:c0:5f:8e:29:5e:04:5f:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=193743467b4da41c6295e9351153309586ba2399
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dc0744c5f133f95666e405c2c67cf4d74d529c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8d:d9:27:a3:28:e4:54:fc:7f:1e:6d:c5:fb:
                    f1:ca:76:ff:2f:bc:a3:0e:d6:8d:56:d5:cf:d2:96:
                    45:0c:f4:b1:e4:b5:da:af:f2:ec:81:57:43:8b:71:
                    0b:fb:2d:9e:12:43:ff:95:9a:a5:74:03:62:9d:2f:
                    05:bf:3d:63:59:f8:82:62:82:f2:be:f7:60:70:3f:
                    66:d4:52:cf:6b:28:2f:f5:d9:ce:9e:d8:26:26:98:
                    57:45:f6:fb:0f:4c:02:0c:d3:9d:e2:02:59:f8:88:
                    ad:d1:fa:5b:bf:36:33:8b:e7:70:2d:e5:61:87:fa:
                    b6:1c:90:68:8e:45:58:ff:23:27:bc:db:08:fd:ff:
                    9a:b3:12:f5:ba:34:03:d9:5d:10:59:d6:d9:a4:8c:
                    7b:99:13:3c:aa:e1:15:90:51:80:fd:2a:4c:22:b8:
                    b6:c1:a4:c4:8a:b2:e8:2d:ba:59:9e:8b:bb:67:cc:
                    d7:15:81:0b:e7:e5:bb:6a:33:a2:55:ba:1c:fd:a8:
                    4f:63:9e:4d:29:60:d2:a0:a1:bf:fa:a2:87:52:cc:
                    10:04:18:d7:a8:2a:ec:54:40:1c:62:b0:dc:ca:a7:
                    99:95:fe:a1:70:36:fb:84:fa:15:0e:be:8c:88:58:
                    96:0a:c3:9b:c4:5e:35:5d:11:f2:00:e6:39:bc:f7:
                    be:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C0:74:4C:5F:13:3F:95:66:6E:40:5C:2C:67:CF:4D:74:D5:29:C5
            X509v3 Authority Key Identifier:
                keyid:19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/TcB0TF8TP5VmbkBcLGfPTXTVKcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e2:3a:09:c0:4b:db:5b:07:a3:5f:40:cb:03:fd:1c:0c:94:
         6c:a5:7a:87:a1:f6:38:bb:43:d6:29:95:d8:1d:04:72:20:12:
         ce:31:59:8c:db:98:4e:d3:8e:46:bd:dd:be:4e:05:61:78:dc:
         49:7e:b6:5a:fb:c5:1b:01:a6:22:35:df:65:e2:ee:be:fe:c5:
         64:1e:f1:1e:17:a1:63:46:32:0c:81:87:8e:fb:04:8e:33:51:
         87:a9:45:dd:fd:8a:a2:77:f4:17:ad:a7:ac:77:5c:22:14:db:
         92:d0:3a:b2:e3:c0:66:ca:e2:90:fe:98:4f:db:7a:21:b7:5a:
         94:e5:94:80:3b:cd:41:49:b3:e8:1e:c3:95:94:77:f2:6d:28:
         78:b8:ee:71:2a:71:39:06:8e:03:1d:ff:47:e7:19:d0:4c:4d:
         0a:dd:53:96:78:d4:fd:e2:5d:d2:db:ed:b6:6a:ca:b9:07:ee:
         99:0a:fc:fc:ea:64:0f:fc:7c:9f:fc:9a:db:74:b8:67:e4:f7:
         d2:6d:68:0a:bb:45:5f:53:75:b4:ff:4d:17:fa:24:75:f7:7e:
         dd:ca:fa:5b:2e:90:70:05:85:98:96:e1:68:64:e6:e1:9a:10:
         b0:b6:c8:44:33:99:65:69:60:9e:cc:c5:17:8d:03:6a:70:09:
         e2:67:f0:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuP0aKId2kcBfjileBF8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Mzc0MzQ2N2I0ZGE0MWM2Mjk1ZTkzNTExNTMzMDk1ODZi
YTIzOTkwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGMwNzQ0YzVmMTMzZjk1NjY2ZTQwNWMyYzY3Y2Y0ZDc0ZDUyOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY3ZJ6Mo5FT8fx5txfvxynb/L7yj
DtaNVtXP0pZFDPSx5LXar/LsgVdDi3EL+y2eEkP/lZqldANinS8Fvz1jWfiCYoLy
vvdgcD9m1FLPaygv9dnOntgmJphXRfb7D0wCDNOd4gJZ+Iit0fpbvzYzi+dwLeVh
h/q2HJBojkVY/yMnvNsI/f+asxL1ujQD2V0QWdbZpIx7mRM8quEVkFGA/SpMIri2
waTEirLoLbpZnou7Z8zXFYEL5+W7ajOiVboc/ahPY55NKWDSoKG/+qKHUswQBBjX
qCrsVEAcYrDcyqeZlf6hcDb7hPoVDr6MiFiWCsObxF41XRHyAOY5vPe+bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3AdExfEz+VZm5AXCxnz0101SnFMB8GA1UdIwQY
MBaAFBk3Q0Z7TaQcYpXpNRFTMJWGuiOZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTct
Y2E1ZmNjYmY3YThjLzEvVGNCMFRGOFRQNVZtYmtCY0xHZlBUWFRWS2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTctY2E1ZmNjYmY3YThj
LzEvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf2fMA0G
CSqGSIb3DQEBCwUAA4IBAQCB4joJwEvbWwejX0DLA/0cDJRspXqHofY4u0PWKZXY
HQRyIBLOMVmM25hO045Gvd2+TgVheNxJfrZa+8UbAaYiNd9l4u6+/sVkHvEeF6Fj
RjIMgYeO+wSOM1GHqUXd/Yqid/QXraesd1wiFNuS0Dqy48BmyuKQ/phP23oht1qU
5ZSAO81BSbPoHsOVlHfybSh4uO5xKnE5Bo4DHf9H5xnQTE0K3VOWeNT94l3S2+22
asq5B+6ZCvz86mQP/Hyf/JrbdLhn5PfSbWgKu0VfU3W0/00X+iR1937dyvpbLpBw
BYWYluFoZObhmhCwtshEM5llaWCezMUXjQNqcAniZ/DM
-----END CERTIFICATE-----