Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/TZzPnpLteaPFeJLUKEdqNO6jsYc.roa
File:                     TZzPnpLteaPFeJLUKEdqNO6jsYc.roa (raw, json)
Hash identifier:          2pxwaY7W9JmM2Hw3KfUkw5bQ7+F7B1xV6wqHk6rxz70=
Subject key identifier:   4D:9C:CF:9E:92:ED:79:A3:C5:78:92:D4:28:47:6A:34:EE:A3:B1:87
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5B2533051B5CF2F81807C7458D94
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/TZzPnpLteaPFeJLUKEdqNO6jsYc.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.180.0/24 maxlen: 24
                          2001:7f8:fd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:25:33:05:1b:5c:f2:f8:18:07:c7:45:8d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d9ccf9e92ed79a3c57892d428476a34eea3b187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c3:4a:c9:84:9a:2a:46:08:d6:f8:41:6e:76:
                    a7:2f:89:f7:fe:44:e9:d1:17:58:87:76:77:2b:46:
                    6f:97:17:69:cb:1b:48:cf:16:c0:eb:15:e5:92:cc:
                    e0:82:78:9c:d8:7d:2f:09:af:fd:16:c9:71:bc:2c:
                    9a:b0:1c:4b:41:95:2f:33:27:a6:2f:28:dd:37:bf:
                    b6:18:4f:df:91:28:ab:59:ae:8f:66:97:76:01:58:
                    45:91:83:c9:a2:fb:5c:1e:c6:94:c1:7e:a6:bd:23:
                    9f:02:35:ab:d5:16:f4:3f:05:38:2c:30:fa:b3:a8:
                    ad:e7:b8:29:c9:9b:c2:c5:28:75:31:2e:1f:48:a6:
                    14:2b:c7:4b:fa:d1:20:d8:66:27:c9:60:03:f5:dd:
                    3d:27:31:a2:53:f7:fe:45:39:a3:f1:9e:e0:c8:b9:
                    7b:4c:86:ab:0d:74:c3:d9:42:d0:0b:2d:04:50:78:
                    39:4d:42:cd:19:9d:54:ea:7e:f5:df:00:29:6f:17:
                    9c:70:fa:0d:66:ba:1f:c7:b1:1e:c3:65:34:42:49:
                    31:1c:12:15:3b:1a:37:e4:33:02:10:7e:42:05:0b:
                    36:15:ef:1a:cd:10:6f:16:8d:5c:90:13:a4:d4:90:
                    f0:46:ab:c2:2b:5b:56:86:54:3a:7b:fe:c3:75:0d:
                    92:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:9C:CF:9E:92:ED:79:A3:C5:78:92:D4:28:47:6A:34:EE:A3:B1:87
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/TZzPnpLteaPFeJLUKEdqNO6jsYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.180.0/24
                IPv6:
                  2001:7f8:fd::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:bb:cf:e7:e4:4e:eb:66:9b:43:0e:8a:ec:3e:07:48:a3:0e:
         4b:1e:cd:82:67:12:e8:d5:95:da:8e:4d:22:77:28:4c:24:06:
         0a:a2:67:e1:af:93:a6:0a:46:34:dd:aa:95:f9:62:ce:97:9b:
         fd:df:61:d7:7c:a1:54:68:1e:ea:e6:a8:36:c4:91:b1:91:a1:
         40:c2:b0:0f:36:47:8d:6e:98:38:a3:68:ed:22:b5:94:1a:09:
         a6:e2:7c:37:ee:09:38:85:ad:18:f7:58:e3:a8:e0:c3:41:1d:
         48:9d:e8:b8:85:6f:c3:c0:0d:74:a9:0b:c6:4c:bb:17:ee:ce:
         89:d7:d0:9c:66:66:6a:3f:75:87:5e:e4:1e:aa:b1:29:f1:26:
         95:c4:43:88:ec:0f:36:d6:bc:43:6b:19:2f:0d:c8:40:d6:02:
         cf:52:2a:a1:ca:2f:18:a2:27:de:30:94:d2:9f:99:db:da:78:
         cf:0e:49:c7:d2:1e:02:d5:3c:37:81:65:6d:2e:a0:cc:e2:03:
         63:3e:3f:49:75:c8:1b:b5:3e:2a:25:82:c2:82:5e:27:51:3e:
         6c:f9:a0:78:fb:15:22:e1:6b:32:39:4f:60:32:4c:f5:10:6d:
         a7:6e:5b:2f:59:5f:3d:39:59:fa:4d:f2:79:78:89:a1:18:77:
         85:0c:02:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC21slMwUbXPL4GAfHRY2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDljY2Y5ZTkyZWQ3OWEzYzU3ODkyZDQyODQ3NmEzNGVlYTNiMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8NKyYSaKkYI1vhBbnanL4n3/kTp
0RdYh3Z3K0ZvlxdpyxtIzxbA6xXlkszggnic2H0vCa/9FslxvCyasBxLQZUvMyem
LyjdN7+2GE/fkSirWa6PZpd2AVhFkYPJovtcHsaUwX6mvSOfAjWr1Rb0PwU4LDD6
s6it57gpyZvCxSh1MS4fSKYUK8dL+tEg2GYnyWAD9d09JzGiU/f+RTmj8Z7gyLl7
TIarDXTD2ULQCy0EUHg5TULNGZ1U6n713wApbxeccPoNZrofx7Eew2U0QkkxHBIV
Oxo35DMCEH5CBQs2Fe8azRBvFo1ckBOk1JDwRqvCK1tWhlQ6e/7DdQ2S7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE2cz56S7XmjxXiS1ChHajTuo7GHMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvVFp6UG5wTHRlYVBGZUpMVUtFZHFOTzZqc1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQG0MA8E
AgACMAkDBwAgAQf4AP0wDQYJKoZIhvcNAQELBQADggEBAK67z+fkTutmm0MOiuw+
B0ijDksezYJnEujVldqOTSJ3KEwkBgqiZ+Gvk6YKRjTdqpX5Ys6Xm/3fYdd8oVRo
HurmqDbEkbGRoUDCsA82R41umDijaO0itZQaCabifDfuCTiFrRj3WOOo4MNBHUid
6LiFb8PADXSpC8ZMuxfuzonX0JxmZmo/dYde5B6qsSnxJpXEQ4jsDzbWvENrGS8N
yEDWAs9SKqHKLxiiJ94wlNKfmdvaeM8OScfSHgLVPDeBZW0uoMziA2M+P0l1yBu1
PiolgsKCXidRPmz5oHj7FSLhazI5T2AyTPUQbaduWy9ZXz05WfpN8nl4iaEYd4UM
Avk=
-----END CERTIFICATE-----