Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/TUFSQFmtZhCCawy7xzkNJQuTrCA.roa
File:                     TUFSQFmtZhCCawy7xzkNJQuTrCA.roa (raw, json)
Hash identifier:          Tub6TeLFeURGxZx0lUxbVjgiEU5YE6dGcZJgp/e+zok=
Subject key identifier:   4D:41:52:40:59:AD:66:10:82:6B:0C:BB:C7:39:0D:25:0B:93:AC:20
Certificate issuer:       /CN=efc3605c32bbc85d235f0a9ce8f45f0796b723cb
Certificate serial:       018CC64B02E61CD9DF8D3CC09229E8F6F59D
Authority key identifier: EF:C3:60:5C:32:BB:C8:5D:23:5F:0A:9C:E8:F4:5F:07:96:B7:23:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/TUFSQFmtZhCCawy7xzkNJQuTrCA.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207199
IP address blocks:        185.232.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:02:e6:1c:d9:df:8d:3c:c0:92:29:e8:f6:f5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efc3605c32bbc85d235f0a9ce8f45f0796b723cb
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d41524059ad6610826b0cbbc7390d250b93ac20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f7:ba:91:50:23:b9:c4:13:3b:92:78:5f:ce:
                    20:69:7f:f7:f0:f2:1a:9d:65:b8:d1:e4:b6:79:7e:
                    dd:52:f6:77:10:bf:9a:aa:54:19:a5:e1:04:d2:7b:
                    09:86:59:41:68:bd:c6:6e:01:0c:e4:41:0c:06:1f:
                    f0:01:17:fb:13:a4:da:8b:1d:65:96:8b:28:f3:98:
                    17:7a:e1:75:d0:f4:0c:78:94:de:41:07:d5:c2:a1:
                    fc:cf:1b:97:f4:f3:da:ba:fa:4a:f9:be:02:57:44:
                    6b:d4:c7:78:8e:95:bc:49:d0:11:e6:a7:9c:9a:d2:
                    74:1e:0a:41:cf:7c:59:d3:48:29:ec:64:0e:77:69:
                    25:ac:07:8e:34:d4:a0:7c:ad:93:0f:88:47:34:fb:
                    9c:b3:4e:de:9d:97:f8:fa:4b:16:76:0b:ce:0c:10:
                    1d:e9:ff:b6:cf:dc:17:29:88:60:1b:11:ea:5e:32:
                    33:1d:0e:f2:83:a8:5d:c6:fc:3b:ef:13:ad:4e:82:
                    16:04:1f:ba:84:20:1b:55:a2:ca:d6:7c:bf:ea:43:
                    d2:12:bc:08:23:6b:1e:e2:ee:b1:4e:aa:fb:58:5e:
                    55:16:e0:e5:c7:b0:c0:06:9f:80:8c:de:0e:20:d5:
                    80:40:1f:14:e8:42:ee:53:09:1d:c7:b5:0b:78:6e:
                    25:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:41:52:40:59:AD:66:10:82:6B:0C:BB:C7:39:0D:25:0B:93:AC:20
            X509v3 Authority Key Identifier:
                keyid:EF:C3:60:5C:32:BB:C8:5D:23:5F:0A:9C:E8:F4:5F:07:96:B7:23:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/TUFSQFmtZhCCawy7xzkNJQuTrCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7a:5e:94:e1:ed:bd:4a:13:9e:d5:d1:94:29:38:80:cd:88:
         62:b3:20:dc:f3:33:12:3f:f5:e4:a9:0f:ca:66:b7:8f:f5:6b:
         4d:bf:6c:89:11:b0:7b:12:cf:de:f1:e4:16:66:b4:6d:84:35:
         24:ad:d5:63:b4:f4:db:a5:db:6c:99:cb:19:42:c3:3d:dd:8e:
         10:fc:6d:89:4c:5a:aa:8c:3b:2e:29:7c:32:2d:d8:9f:52:e8:
         9d:10:e8:ff:12:f9:55:b6:57:23:78:0e:8c:67:9d:dc:b9:56:
         9b:17:1b:69:63:10:00:23:e0:e9:1c:3e:a5:cf:7b:f1:f2:78:
         88:1d:59:ae:bc:2a:bb:48:5e:f8:7a:45:f6:24:f2:54:4a:64:
         60:a0:2c:32:50:85:13:28:9c:15:35:b0:8b:ae:4a:d0:45:cd:
         19:ac:c5:1a:68:1e:1a:80:cd:5d:9c:63:d5:7c:9f:c2:dd:c0:
         9d:26:ae:7e:a2:aa:7c:fa:86:b1:c3:66:2f:60:0b:6f:f0:b2:
         5e:8e:9d:bc:29:4e:3d:e5:89:27:e7:ae:f3:7d:78:bb:b3:92:
         ec:de:cc:15:d3:c3:99:b6:4d:c1:a7:4c:b6:0f:b6:f9:0c:9c:
         e1:b7:df:f4:43:e1:45:a5:16:1d:4e:71:d7:ca:b1:ef:93:32:
         1e:59:de:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwLmHNnfjTzAkino9vWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYzM2MDVjMzJiYmM4NWQyMzVmMGE5Y2U4ZjQ1ZjA3OTZi
NzIzY2IwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQxNTI0MDU5YWQ2NjEwODI2YjBjYmJjNzM5MGQyNTBiOTNhYzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/e6kVAjucQTO5J4X84gaX/38PIa
nWW40eS2eX7dUvZ3EL+aqlQZpeEE0nsJhllBaL3GbgEM5EEMBh/wARf7E6Taix1l
loso85gXeuF10PQMeJTeQQfVwqH8zxuX9PPauvpK+b4CV0Rr1Md4jpW8SdAR5qec
mtJ0HgpBz3xZ00gp7GQOd2klrAeONNSgfK2TD4hHNPucs07enZf4+ksWdgvODBAd
6f+2z9wXKYhgGxHqXjIzHQ7yg6hdxvw77xOtToIWBB+6hCAbVaLK1ny/6kPSErwI
I2se4u6xTqr7WF5VFuDlx7DABp+AjN4OINWAQB8U6ELuUwkdx7ULeG4lwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1BUkBZrWYQgmsMu8c5DSULk6wgMB8GA1UdIwQY
MBaAFO/DYFwyu8hdI18KnOj0XweWtyPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzhOZ1hESzd5RjBqWHdxYzZQUmZCNWEzSThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9lNjIxNjktNDg2ZC00MDU0LWIxMjEt
ZjJjOGJhMDIxY2E4LzEvVFVGU1FGbXRaaENDYXd5N3h6a05KUXVUckNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9lNjIxNjktNDg2ZC00MDU0LWIxMjEtZjJjOGJhMDIxY2E4
LzEvNzhOZ1hESzd5RjBqWHdxYzZQUmZCNWEzSThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueiUMA0G
CSqGSIb3DQEBCwUAA4IBAQCDel6U4e29ShOe1dGUKTiAzYhisyDc8zMSP/XkqQ/K
ZreP9WtNv2yJEbB7Es/e8eQWZrRthDUkrdVjtPTbpdtsmcsZQsM93Y4Q/G2JTFqq
jDsuKXwyLdifUuidEOj/EvlVtlcjeA6MZ53cuVabFxtpYxAAI+DpHD6lz3vx8niI
HVmuvCq7SF74ekX2JPJUSmRgoCwyUIUTKJwVNbCLrkrQRc0ZrMUaaB4agM1dnGPV
fJ/C3cCdJq5+oqp8+oaxw2YvYAtv8LJejp28KU495Ykn567zfXi7s5Ls3swV08OZ
tk3Bp0y2D7b5DJzht9/0Q+FFpRYdTnHXyrHvkzIeWd6K
-----END CERTIFICATE-----