Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/T-boIdoUmAHWvcfqBZ6YwVgoFzY.roa
File:                     T-boIdoUmAHWvcfqBZ6YwVgoFzY.roa (raw, json)
Hash identifier:          I+PVY53VuuJ/AkvPCPl4sBbNVKS9AyVOok3xkUhP/f0=
Subject key identifier:   4F:E6:E8:21:DA:14:98:01:D6:BD:C7:EA:05:9E:98:C1:58:28:17:36
Certificate issuer:       /CN=695dce5e37a862538a0f66883de206ffb7c93b69
Certificate serial:       018CC49245332EDB180F58E7BDE1190567C4
Authority key identifier: 69:5D:CE:5E:37:A8:62:53:8A:0F:66:88:3D:E2:06:FF:B7:C9:3B:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/T-boIdoUmAHWvcfqBZ6YwVgoFzY.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205073
IP address blocks:        185.231.0.0/24 maxlen: 24
                          185.231.1.0/24 maxlen: 24
                          185.231.2.0/24 maxlen: 24
                          185.231.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:33:2e:db:18:0f:58:e7:bd:e1:19:05:67:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=695dce5e37a862538a0f66883de206ffb7c93b69
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fe6e821da149801d6bdc7ea059e98c158281736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:83:c8:19:4e:d9:29:af:b9:a1:d8:c4:fc:1c:
                    08:56:47:c2:b0:01:83:4f:bb:b4:28:36:c1:28:5d:
                    88:c4:ac:0c:fa:8f:de:7f:19:b0:90:62:46:4c:10:
                    84:08:69:f6:60:ff:3b:91:ee:1b:f8:c6:4a:a3:06:
                    a1:81:d2:6c:e7:f2:a4:0c:ce:8a:f5:81:74:fa:98:
                    a9:b1:4b:6a:3c:58:79:63:26:49:13:ed:56:4d:e9:
                    0c:23:7b:f1:e0:05:c9:25:0c:f1:9a:39:fb:90:c9:
                    a6:75:89:31:9f:70:a5:72:3d:00:80:ea:83:4f:98:
                    b2:95:0d:cb:c0:77:4c:83:4f:33:ba:28:4a:fe:8b:
                    fd:c7:c5:b1:7c:dd:e8:7a:39:d3:df:ab:bd:3c:bd:
                    e8:6e:8b:e2:ed:ba:59:40:26:10:50:52:6e:fc:dc:
                    fa:f3:db:e7:ec:14:87:a9:9d:b7:9b:13:37:63:56:
                    45:f3:1d:28:32:27:42:d3:8e:0e:bc:b2:47:de:55:
                    1c:8d:14:6a:16:36:a9:fc:1c:18:4b:1c:c6:0c:b0:
                    ae:e5:47:01:5c:5d:d8:8e:ec:d9:4a:ee:7a:a8:3c:
                    37:ab:71:dc:89:9e:aa:06:5a:3e:e0:e9:c2:34:1a:
                    07:07:53:4d:f8:96:ab:5c:0a:8b:34:d7:cf:b0:21:
                    c4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E6:E8:21:DA:14:98:01:D6:BD:C7:EA:05:9E:98:C1:58:28:17:36
            X509v3 Authority Key Identifier:
                keyid:69:5D:CE:5E:37:A8:62:53:8A:0F:66:88:3D:E2:06:FF:B7:C9:3B:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/T-boIdoUmAHWvcfqBZ6YwVgoFzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:b1:25:5b:1d:b2:f2:ec:53:de:21:cc:e2:0e:ba:5f:72:a8:
         89:a5:32:62:35:34:b9:27:a7:da:6a:5c:e2:58:f9:50:86:ff:
         81:67:75:b6:a7:a4:11:45:a3:80:05:55:26:99:7c:43:38:13:
         08:87:22:c2:e9:a6:5b:80:9d:5b:d8:8e:f7:05:c7:34:2c:01:
         a0:ed:2a:f1:76:3c:ff:f8:f8:3e:ca:73:a0:02:be:eb:57:f3:
         3e:73:ea:f2:5b:69:9d:46:c9:ef:68:40:8b:d5:aa:21:26:e0:
         b4:5d:71:aa:81:99:28:ce:d0:d2:ae:35:48:93:d3:2b:7f:75:
         20:e6:2b:3a:d4:b1:e0:1e:9d:52:d6:3c:d7:74:c9:02:24:69:
         03:97:c3:0c:58:6f:85:a2:a2:58:2a:55:8f:5d:21:d5:22:be:
         c3:a4:1a:1a:49:21:2b:3c:01:5c:5d:43:da:18:60:8c:38:ca:
         36:aa:74:ac:b0:96:f8:57:f8:91:df:6c:4b:16:d0:4c:f7:b5:
         f6:76:a7:a6:c5:04:7f:74:a1:f2:ef:61:36:29:4d:0b:4d:40:
         8a:03:57:b0:12:83:30:6a:17:57:25:a4:b2:ca:3e:86:c4:88:
         97:a9:89:7d:87:39:42:e2:ee:15:3f:20:80:b8:47:af:80:2b:
         3f:c8:5b:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkUzLtsYD1jnveEZBWfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NWRjZTVlMzdhODYyNTM4YTBmNjY4ODNkZTIwNmZmYjdj
OTNiNjkwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmU2ZTgyMWRhMTQ5ODAxZDZiZGM3ZWEwNTllOThjMTU4MjgxNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoPIGU7ZKa+5odjE/BwIVkfCsAGD
T7u0KDbBKF2IxKwM+o/efxmwkGJGTBCECGn2YP87ke4b+MZKowahgdJs5/KkDM6K
9YF0+pipsUtqPFh5YyZJE+1WTekMI3vx4AXJJQzxmjn7kMmmdYkxn3Clcj0AgOqD
T5iylQ3LwHdMg08zuihK/ov9x8WxfN3oejnT36u9PL3obovi7bpZQCYQUFJu/Nz6
89vn7BSHqZ23mxM3Y1ZF8x0oMidC044OvLJH3lUcjRRqFjap/BwYSxzGDLCu5UcB
XF3YjuzZSu56qDw3q3HciZ6qBlo+4OnCNBoHB1NN+JarXAqLNNfPsCHExQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/m6CHaFJgB1r3H6gWemMFYKBc2MB8GA1UdIwQY
MBaAFGldzl43qGJTig9miD3iBv+3yTtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVYzT1hqZW9ZbE9LRDJhSVBlSUdfN2ZKTzJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi83MTY5MTEtMzBkZS00Yjc0LTk1OWIt
MDE3ZGVlNDUyZWM0LzEvVC1ib0lkb1VtQUhXdmNmcUJaNll3VmdvRnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi83MTY5MTEtMzBkZS00Yjc0LTk1OWItMDE3ZGVlNDUyZWM0
LzEvYVYzT1hqZW9ZbE9LRDJhSVBlSUdfN2ZKTzJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuecAMA0G
CSqGSIb3DQEBCwUAA4IBAQAfsSVbHbLy7FPeIcziDrpfcqiJpTJiNTS5J6faalzi
WPlQhv+BZ3W2p6QRRaOABVUmmXxDOBMIhyLC6aZbgJ1b2I73Bcc0LAGg7Srxdjz/
+Pg+ynOgAr7rV/M+c+ryW2mdRsnvaECL1aohJuC0XXGqgZkoztDSrjVIk9Mrf3Ug
5is61LHgHp1S1jzXdMkCJGkDl8MMWG+FoqJYKlWPXSHVIr7DpBoaSSErPAFcXUPa
GGCMOMo2qnSssJb4V/iR32xLFtBM97X2dqemxQR/dKHy72E2KU0LTUCKA1ewEoMw
ahdXJaSyyj6GxIiXqYl9hzlC4u4VPyCAuEevgCs/yFv/
-----END CERTIFICATE-----