Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/tNG_tLbeH6tikNMTv0SFiAzhsLA.roa
File:                     tNG_tLbeH6tikNMTv0SFiAzhsLA.roa (raw, json)
Hash identifier:          3vteUGLKbAHHwrEEdZAh8YzV6ue06zu0sLsxs5EBymQ=
Subject key identifier:   B4:D1:BF:B4:B6:DE:1F:AB:62:90:D3:13:BF:44:85:88:0C:E1:B0:B0
Certificate issuer:       /CN=3e46fa1d779c196ceb28029106b4ef7d17553d2b
Certificate serial:       018E60CE6DBC8DC1819A208FD51432004DA1
Authority key identifier: 3E:46:FA:1D:77:9C:19:6C:EB:28:02:91:06:B4:EF:7D:17:55:3D:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pkb6HXecGWzrKAKRBrTvfRdVPSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/tNG_tLbeH6tikNMTv0SFiAzhsLA.roa
Signing time:             Thu 21 Mar 2024 11:38:45 +0000
ROA not before:           Thu 21 Mar 2024 11:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203299
IP address blocks:        185.135.20.0/24 maxlen: 24
                          185.135.23.0/24 maxlen: 24
                          2a06:f080::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/Pkb6HXecGWzrKAKRBrTvfRdVPSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/Pkb6HXecGWzrKAKRBrTvfRdVPSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pkb6HXecGWzrKAKRBrTvfRdVPSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:ce:6d:bc:8d:c1:81:9a:20:8f:d5:14:32:00:4d:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e46fa1d779c196ceb28029106b4ef7d17553d2b
        Validity
            Not Before: Mar 21 11:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4d1bfb4b6de1fab6290d313bf4485880ce1b0b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d8:1b:be:b4:82:6a:a6:2c:35:c8:5c:84:4f:
                    c1:3a:87:0e:1e:bd:ef:15:f6:03:0b:e5:af:ee:51:
                    be:e1:42:c3:ce:92:5c:d0:34:0a:30:ec:5f:aa:7e:
                    34:09:43:70:0f:b3:ae:34:b0:82:ac:d5:b2:39:9f:
                    c8:89:ad:4c:6d:b0:f3:72:77:b6:7d:e3:16:c6:9f:
                    d8:de:ad:85:a3:f2:c1:4b:96:6e:f4:97:74:da:38:
                    1e:a5:06:0e:f5:2b:5f:8d:db:e6:a3:20:9e:aa:f6:
                    25:83:79:e3:fa:93:c2:01:af:de:b6:ae:ee:f6:a9:
                    c4:79:47:45:d7:2a:b2:54:8f:60:10:7d:a1:45:1d:
                    53:b2:35:e1:a3:8f:b6:07:49:c4:a3:f0:b3:c9:2b:
                    67:25:68:66:6e:6f:cc:3e:22:1f:cb:48:96:a4:d1:
                    85:c6:7c:ba:c2:df:02:b2:19:d9:fa:2b:d1:a7:5d:
                    e2:b3:b8:cb:62:fa:16:5f:94:90:c1:d4:f5:0f:69:
                    e7:6f:99:69:19:af:80:5d:99:55:7b:ef:0c:62:90:
                    94:7d:c8:39:5c:4a:d4:51:69:b0:e5:62:e6:5f:24:
                    96:8c:da:95:3e:c1:18:a0:a4:6a:d0:15:94:5e:31:
                    8f:ef:9f:ac:c7:c8:80:d8:f8:bd:12:b2:64:00:46:
                    ee:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D1:BF:B4:B6:DE:1F:AB:62:90:D3:13:BF:44:85:88:0C:E1:B0:B0
            X509v3 Authority Key Identifier:
                keyid:3E:46:FA:1D:77:9C:19:6C:EB:28:02:91:06:B4:EF:7D:17:55:3D:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pkb6HXecGWzrKAKRBrTvfRdVPSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/tNG_tLbeH6tikNMTv0SFiAzhsLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/03cb31-62f2-48c7-9b7f-0cd1d28965d1/1/Pkb6HXecGWzrKAKRBrTvfRdVPSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.20.0/24
                  185.135.23.0/24
                IPv6:
                  2a06:f080::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:24:3e:ad:c7:93:9a:10:d0:43:4f:76:83:35:55:61:b0:3b:
         d2:04:67:1e:bd:4f:ea:60:05:be:55:b6:21:67:26:27:0b:bf:
         7a:4c:fc:28:b4:4d:2a:0c:06:ae:8f:31:53:be:67:27:ff:7e:
         04:6b:1c:7f:a5:7f:f5:f5:e3:d1:0e:92:40:14:77:e4:81:32:
         bf:cc:32:6b:08:59:10:9d:47:3b:cc:29:1e:ab:14:fb:d5:a1:
         46:8a:56:6f:48:ec:36:01:1e:34:9c:b3:8d:7c:88:16:37:53:
         9f:8c:e9:e0:99:d2:3b:4f:fb:6b:07:7e:7f:f0:44:a5:0d:2a:
         52:cc:ba:75:fc:44:9f:b4:a6:20:a2:e0:15:cd:62:90:75:5b:
         57:32:34:85:97:9c:fc:ee:fe:ec:d7:a9:48:9e:ee:55:b3:60:
         84:8b:08:d7:7d:24:8b:92:01:39:7b:73:ea:82:42:5d:48:66:
         46:86:94:e1:6c:e4:59:7c:d4:bb:14:ba:e1:1e:ff:1d:92:03:
         8d:fb:6d:43:d3:27:41:b2:51:ed:31:3f:a4:7b:28:8e:f7:05:
         2c:b5:a1:dc:68:13:ab:65:7e:7d:ee:a6:54:2c:74:0e:86:e6:
         a5:20:26:5b:85:a7:64:92:6b:52:24:a6:0d:10:7c:96:d3:68:
         c2:8f:85:27
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY5gzm28jcGBmiCP1RQyAE2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNDZmYTFkNzc5YzE5NmNlYjI4MDI5MTA2YjRlZjdkMTc1
NTNkMmIwHhcNMjQwMzIxMTEzODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQxYmZiNGI2ZGUxZmFiNjI5MGQzMTNiZjQ0ODU4ODBjZTFiMGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29gbvrSCaqYsNchchE/BOocOHr3v
FfYDC+Wv7lG+4ULDzpJc0DQKMOxfqn40CUNwD7OuNLCCrNWyOZ/Iia1MbbDzcne2
feMWxp/Y3q2Fo/LBS5Zu9Jd02jgepQYO9StfjdvmoyCeqvYlg3nj+pPCAa/etq7u
9qnEeUdF1yqyVI9gEH2hRR1TsjXho4+2B0nEo/CzyStnJWhmbm/MPiIfy0iWpNGF
xny6wt8CshnZ+ivRp13is7jLYvoWX5SQwdT1D2nnb5lpGa+AXZlVe+8MYpCUfcg5
XErUUWmw5WLmXySWjNqVPsEYoKRq0BWUXjGP75+sx8iA2Pi9ErJkAEbu6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLTRv7S23h+rYpDTE79EhYgM4bCwMB8GA1UdIwQY
MBaAFD5G+h13nBls6ygCkQa0730XVT0rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGtiNkhYZWNHV3pyS0FLUkJyVHZmUmRWUFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8wM2NiMzEtNjJmMi00OGM3LTliN2Yt
MGNkMWQyODk2NWQxLzEvdE5HX3RMYmVINnRpa05NVHYwU0ZpQXpoc0xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8wM2NiMzEtNjJmMi00OGM3LTliN2YtMGNkMWQyODk2NWQx
LzEvUGtiNkhYZWNHV3pyS0FLUkJyVHZmUmRWUFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuYcUAwQA
uYcXMA0EAgACMAcDBQAqBvCAMA0GCSqGSIb3DQEBCwUAA4IBAQCMJD6tx5OaENBD
T3aDNVVhsDvSBGcevU/qYAW+VbYhZyYnC796TPwotE0qDAaujzFTvmcn/34Eaxx/
pX/19ePRDpJAFHfkgTK/zDJrCFkQnUc7zCkeqxT71aFGilZvSOw2AR40nLONfIgW
N1OfjOngmdI7T/trB35/8ESlDSpSzLp1/ESftKYgouAVzWKQdVtXMjSFl5z87v7s
16lInu5Vs2CEiwjXfSSLkgE5e3PqgkJdSGZGhpThbORZfNS7FLrhHv8dkgON+21D
0ydBslHtMT+keyiO9wUstaHcaBOrZX597qZULHQOhualICZbhadkkmtSJKYNEHyW
02jCj4Un
-----END CERTIFICATE-----