Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/TS1plHbkMHXkR3TBGdCFY0Zr1JE.roa
File:                     TS1plHbkMHXkR3TBGdCFY0Zr1JE.roa (raw, json)
Hash identifier:          4Sjc5/CJdr7+gb9rw8zPPE9K8Qe6AAuo9nTvaiZ+KZE=
Subject key identifier:   4D:2D:69:94:76:E4:30:75:E4:47:74:C1:19:D0:85:63:46:6B:D4:91
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       018EBE13314541B27A18D6C4DC712EB79DED
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/TS1plHbkMHXkR3TBGdCFY0Zr1JE.roa
Signing time:             Mon 08 Apr 2024 14:18:32 +0000
ROA not before:           Mon 08 Apr 2024 14:18:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199967
IP address blocks:        178.212.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:13:31:45:41:b2:7a:18:d6:c4:dc:71:2e:b7:9d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Apr  8 14:18:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d2d699476e43075e44774c119d08563466bd491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4b:e8:1a:c3:dd:0a:c5:b2:60:26:46:98:53:
                    b5:de:0e:66:a3:a0:3a:4f:9b:42:d6:34:1a:cf:41:
                    39:39:a2:a0:bf:f4:c4:44:01:98:67:7f:53:9c:f5:
                    41:9a:6e:24:dd:0c:66:10:24:bb:bf:3e:43:97:4f:
                    2a:33:e1:48:6a:84:08:01:44:f8:19:56:b4:b7:4c:
                    5c:86:80:70:7f:77:db:24:b5:20:a4:b5:57:64:be:
                    cc:3a:96:f0:d3:79:25:7a:03:69:0a:94:b5:91:1b:
                    61:f6:c6:35:19:a3:40:e4:07:e8:7c:dc:91:d5:22:
                    34:24:6d:8d:db:de:44:73:8c:35:82:1b:7c:79:1e:
                    3a:7b:e5:68:fe:bc:d7:3e:f6:ab:43:58:90:63:c6:
                    5b:90:6e:44:55:b8:6e:4e:c1:54:15:20:5e:53:21:
                    f0:46:5a:76:0c:37:80:ae:19:69:28:e8:f4:e6:31:
                    86:98:05:84:d4:f3:ca:6d:d3:e0:34:c8:55:b0:1d:
                    d9:8e:a5:56:d3:e0:a0:14:1b:e4:be:4f:ef:9b:c0:
                    b4:b4:3f:06:8e:b1:07:5c:3c:51:b5:d0:8f:79:53:
                    a9:17:23:f1:7c:42:c8:4a:8a:e8:4d:ca:aa:f8:d3:
                    fa:aa:04:c5:47:cc:5f:aa:c3:85:04:2c:91:b0:7d:
                    49:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2D:69:94:76:E4:30:75:E4:47:74:C1:19:D0:85:63:46:6B:D4:91
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/TS1plHbkMHXkR3TBGdCFY0Zr1JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:49:af:de:e7:4d:b3:93:af:7d:c7:04:3d:f6:0c:b8:95:0d:
         03:6d:1c:da:09:7b:f4:45:0e:05:1b:2a:25:f0:fa:2b:7b:96:
         32:65:96:7f:5c:78:b3:15:46:df:01:f5:13:1a:71:ba:56:34:
         9b:65:66:1b:3b:dc:30:4f:bd:06:56:8d:80:d2:2c:b2:7c:84:
         9e:1b:fc:9b:6d:a1:94:c5:d4:85:84:bf:6d:83:55:67:00:94:
         81:66:52:e5:a1:4c:e9:44:07:f0:dd:dd:23:10:6c:d4:d8:01:
         00:be:af:15:e9:6f:ec:bc:88:dc:31:65:a8:de:08:74:61:45:
         66:76:ee:ee:7d:32:bf:9b:b3:cc:ba:0a:8b:f2:27:56:d4:6d:
         66:e0:9a:c2:e8:e1:c5:14:96:8c:75:91:f5:75:82:45:42:6d:
         12:64:c9:fb:c6:e8:d6:b7:a5:16:40:8b:7a:06:0b:01:29:2a:
         a0:2b:d8:9b:b9:27:d3:c0:90:bb:78:b8:c7:17:09:b0:fe:b9:
         b6:46:de:46:27:07:85:46:17:e1:c9:fb:99:0b:2b:1d:80:23:
         23:b6:95:9a:49:9d:09:2f:13:46:cb:fa:95:ca:3e:35:7d:69:
         ce:38:c1:5f:b1:86:bc:af:23:d5:a2:98:37:40:ce:9a:4a:ef:
         a4:dd:64:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+EzFFQbJ6GNbE3HEut53tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjQwNDA4MTQxODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDJkNjk5NDc2ZTQzMDc1ZTQ0Nzc0YzExOWQwODU2MzQ2NmJkNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUvoGsPdCsWyYCZGmFO13g5mo6A6
T5tC1jQaz0E5OaKgv/TERAGYZ39TnPVBmm4k3QxmECS7vz5Dl08qM+FIaoQIAUT4
GVa0t0xchoBwf3fbJLUgpLVXZL7MOpbw03klegNpCpS1kRth9sY1GaNA5AfofNyR
1SI0JG2N295Ec4w1ght8eR46e+Vo/rzXPvarQ1iQY8ZbkG5EVbhuTsFUFSBeUyHw
Rlp2DDeArhlpKOj05jGGmAWE1PPKbdPgNMhVsB3ZjqVW0+CgFBvkvk/vm8C0tD8G
jrEHXDxRtdCPeVOpFyPxfELISoroTcqq+NP6qgTFR8xfqsOFBCyRsH1J1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0taZR25DB15Ed0wRnQhWNGa9SRMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvVFMxcGxIYmtNSFhrUjNUQkdkQ0ZZMFpyMUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCstQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQCJSa/e502zk699xwQ99gy4lQ0DbRzaCXv0RQ4FGyol
8Pore5YyZZZ/XHizFUbfAfUTGnG6VjSbZWYbO9wwT70GVo2A0iyyfISeG/ybbaGU
xdSFhL9tg1VnAJSBZlLloUzpRAfw3d0jEGzU2AEAvq8V6W/svIjcMWWo3gh0YUVm
du7ufTK/m7PMugqL8idW1G1m4JrC6OHFFJaMdZH1dYJFQm0SZMn7xujWt6UWQIt6
BgsBKSqgK9ibuSfTwJC7eLjHFwmw/rm2Rt5GJweFRhfhyfuZCysdgCMjtpWaSZ0J
LxNGy/qVyj41fWnOOMFfsYa8ryPVopg3QM6aSu+k3WSp
-----END CERTIFICATE-----