Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/TbN4VKE4v985VMv3pPaAdKy9jj0.roa
File:                     TbN4VKE4v985VMv3pPaAdKy9jj0.roa (raw, json)
Hash identifier:          dblxh2G+whQXDnZbcjljUcZ8T2kghpZpXNXycrwMt1o=
Subject key identifier:   4D:B3:78:54:A1:38:BF:DF:39:54:CB:F7:A4:F6:80:74:AC:BD:8E:3D
Certificate issuer:       /CN=f0f636fec7b5b2d18de3797e6984c06955e716d7
Certificate serial:       018CC50004607248F14041EEEEDDC9CF1B3D
Authority key identifier: F0:F6:36:FE:C7:B5:B2:D1:8D:E3:79:7E:69:84:C0:69:55:E7:16:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/TbN4VKE4v985VMv3pPaAdKy9jj0.roa
Signing time:             Mon 01 Jan 2024 12:29:21 +0000
ROA not before:           Mon 01 Jan 2024 12:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21159
IP address blocks:        185.182.80.0/22 maxlen: 22
                          2a0a:e680::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:04:60:72:48:f1:40:41:ee:ee:dd:c9:cf:1b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0f636fec7b5b2d18de3797e6984c06955e716d7
        Validity
            Not Before: Jan  1 12:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4db37854a138bfdf3954cbf7a4f68074acbd8e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d5:6f:6e:a4:3a:2d:f8:e2:89:a1:5b:63:cc:
                    f0:cb:27:df:dd:b2:9a:2b:df:8b:12:ff:8e:df:ba:
                    36:79:98:9a:48:ef:59:6c:71:18:66:35:28:35:5d:
                    64:d8:44:7b:42:a3:45:f7:81:7d:d2:4f:ff:a5:9f:
                    3f:a0:8f:17:f8:63:f2:90:a0:e6:68:49:06:6f:6d:
                    4d:86:d1:9d:cf:a4:27:cc:b5:e4:24:60:b8:30:30:
                    59:4e:e8:4f:88:79:58:24:52:ae:63:12:0a:6c:c3:
                    d3:4b:f5:d3:fe:e3:80:63:88:dd:6f:fe:f2:02:20:
                    88:ad:7d:a7:8d:ad:5f:ff:e7:2d:04:c7:c0:1e:e2:
                    1a:04:45:da:0b:aa:11:86:ca:cb:f0:73:bc:6d:e5:
                    ab:0a:01:bb:bd:25:70:54:96:90:20:af:ec:83:a5:
                    d9:a4:cd:cd:69:0e:78:e3:80:59:55:72:ab:46:c7:
                    39:82:7d:52:c1:a1:34:6b:7b:c3:11:6e:48:93:06:
                    20:cc:d3:40:33:bb:36:ec:71:35:7a:b2:01:53:b8:
                    4a:7d:47:8d:c3:21:41:fc:49:d8:04:26:71:51:ee:
                    a5:0e:42:de:a6:72:df:44:8e:bf:e2:ba:d1:4b:84:
                    a1:66:f4:21:ee:84:f7:39:e1:66:bf:a6:78:c4:cf:
                    bc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B3:78:54:A1:38:BF:DF:39:54:CB:F7:A4:F6:80:74:AC:BD:8E:3D
            X509v3 Authority Key Identifier:
                keyid:F0:F6:36:FE:C7:B5:B2:D1:8D:E3:79:7E:69:84:C0:69:55:E7:16:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/TbN4VKE4v985VMv3pPaAdKy9jj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.80.0/22
                IPv6:
                  2a0a:e680::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:35:74:ad:1a:ae:4c:4d:44:48:44:dd:f2:dc:7c:cc:a3:32:
         4a:d6:3e:ea:26:5f:fc:d2:d6:ee:11:a9:90:45:45:68:1d:dc:
         c9:63:70:23:ab:5c:90:34:cf:a0:8b:7a:94:b2:5c:b3:f9:2a:
         8c:c2:c2:4a:dd:86:fc:86:b0:27:5e:de:01:ae:41:dc:00:73:
         bb:15:a7:64:fe:61:7d:3d:bc:5b:bb:dd:ca:c8:73:0f:4b:8c:
         fc:3c:7d:cf:4d:9d:83:6c:76:d5:fa:69:66:c7:18:e8:58:53:
         ec:f4:7a:b9:97:76:cc:03:fd:23:ba:e7:23:47:58:38:c1:0f:
         15:ee:d0:ea:5f:7a:1e:38:9f:c8:76:ff:c9:c3:36:80:ab:39:
         ba:84:f9:d8:e2:34:06:45:7d:9c:a4:59:5f:6b:fa:6c:e0:47:
         39:ba:f6:08:f9:a7:e0:9f:4e:47:56:5d:a1:0d:4f:39:0b:4c:
         d1:71:70:63:f1:d9:a1:b7:b8:1e:b9:a9:31:ca:b7:ea:73:1d:
         50:2d:8d:d9:04:32:b3:1b:61:8e:46:1b:d3:f0:3d:76:a3:22:
         2b:9f:4c:bb:db:72:ef:c4:0a:99:26:73:14:91:f3:99:23:0b:
         9d:33:fb:e0:26:dd:45:2f:5b:bb:09:4e:37:70:04:a7:84:78:
         a5:b4:0a:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAARgckjxQEHu7t3Jzxs9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZjYzNmZlYzdiNWIyZDE4ZGUzNzk3ZTY5ODRjMDY5NTVl
NzE2ZDcwHhcNMjQwMTAxMTIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGIzNzg1NGExMzhiZmRmMzk1NGNiZjdhNGY2ODA3NGFjYmQ4ZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNVvbqQ6LfjiiaFbY8zwyyff3bKa
K9+LEv+O37o2eZiaSO9ZbHEYZjUoNV1k2ER7QqNF94F90k//pZ8/oI8X+GPykKDm
aEkGb21NhtGdz6QnzLXkJGC4MDBZTuhPiHlYJFKuYxIKbMPTS/XT/uOAY4jdb/7y
AiCIrX2nja1f/+ctBMfAHuIaBEXaC6oRhsrL8HO8beWrCgG7vSVwVJaQIK/sg6XZ
pM3NaQ5444BZVXKrRsc5gn1SwaE0a3vDEW5IkwYgzNNAM7s27HE1erIBU7hKfUeN
wyFB/EnYBCZxUe6lDkLepnLfRI6/4rrRS4ShZvQh7oT3OeFmv6Z4xM+8tQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE2zeFShOL/fOVTL96T2gHSsvY49MB8GA1UdIwQY
MBaAFPD2Nv7HtbLRjeN5fmmEwGlV5xbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFBZMl9zZTFzdEdONDNsLWFZVEFhVlhuRnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9hMDFhY2QtYTNkZS00ODM5LTlkMDIt
NjQzYzFmZTM4Mzg1LzEvVGJONFZLRTR2OTg1Vk12M3BQYUFkS3k5amowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9hMDFhY2QtYTNkZS00ODM5LTlkMDItNjQzYzFmZTM4Mzg1
LzEvOFBZMl9zZTFzdEdONDNsLWFZVEFhVlhuRnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubZQMA0E
AgACMAcDBQMqCuaAMA0GCSqGSIb3DQEBCwUAA4IBAQCnNXStGq5MTURIRN3y3HzM
ozJK1j7qJl/80tbuEamQRUVoHdzJY3Ajq1yQNM+gi3qUslyz+SqMwsJK3Yb8hrAn
Xt4BrkHcAHO7Fadk/mF9Pbxbu93KyHMPS4z8PH3PTZ2DbHbV+mlmxxjoWFPs9Hq5
l3bMA/0juucjR1g4wQ8V7tDqX3oeOJ/Idv/JwzaAqzm6hPnY4jQGRX2cpFlfa/ps
4Ec5uvYI+afgn05HVl2hDU85C0zRcXBj8dmht7geuakxyrfqcx1QLY3ZBDKzG2GO
RhvT8D12oyIrn0y723LvxAqZJnMUkfOZIwudM/vgJt1FL1u7CU43cASnhHiltAoy
-----END CERTIFICATE-----