Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Ts2l0p77SlBOOyQ29vGwaZcmw98.roa
File:                     Ts2l0p77SlBOOyQ29vGwaZcmw98.roa (raw, json)
Hash identifier:          StCjFlpl+DzJ7zae+phOhbSmmi94JJYx7iqr2JUS4xw=
Subject key identifier:   4E:CD:A5:D2:9E:FB:4A:50:4E:3B:24:36:F6:F1:B0:69:97:26:C3:DF
Certificate issuer:       /CN=56be7dabe8edce2dc2e654bd0f42da0b6195a0f7
Certificate serial:       018CC9BBDE14F1BB1136ACAB765E3DCECAE2
Authority key identifier: 56:BE:7D:AB:E8:ED:CE:2D:C2:E6:54:BD:0F:42:DA:0B:61:95:A0:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vr59q-jtzi3C5lS9D0LaC2GVoPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Ts2l0p77SlBOOyQ29vGwaZcmw98.roa
Signing time:             Tue 02 Jan 2024 10:33:01 +0000
ROA not before:           Tue 02 Jan 2024 10:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204488
IP address blocks:        185.247.170.0/24 maxlen: 24
                          185.247.169.0/24 maxlen: 24
                          185.247.168.0/24 maxlen: 24
                          185.247.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Vr59q-jtzi3C5lS9D0LaC2GVoPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Vr59q-jtzi3C5lS9D0LaC2GVoPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vr59q-jtzi3C5lS9D0LaC2GVoPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:de:14:f1:bb:11:36:ac:ab:76:5e:3d:ce:ca:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56be7dabe8edce2dc2e654bd0f42da0b6195a0f7
        Validity
            Not Before: Jan  2 10:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ecda5d29efb4a504e3b2436f6f1b0699726c3df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:98:7b:e7:f9:dc:72:c5:c3:7b:a9:66:6f:5c:
                    7c:64:a0:54:6e:8b:fb:3b:dc:9d:66:ec:bc:3a:cb:
                    eb:ae:f5:dc:d8:48:e7:e9:5f:1b:ab:61:6c:8f:bf:
                    32:10:ea:15:67:be:36:23:20:bf:97:1b:3f:48:0d:
                    52:fd:ca:15:9f:77:a2:5b:c1:3d:69:a4:d4:07:fc:
                    98:c3:ce:e2:ff:68:83:28:f6:95:15:fe:37:bf:8b:
                    b6:28:76:fe:fc:0f:fa:0f:02:58:41:27:74:22:2b:
                    58:08:7c:f2:73:fa:6c:62:19:b3:c7:79:ed:50:39:
                    cb:08:6a:af:e7:14:47:69:94:a4:8c:c4:82:23:89:
                    51:28:7c:20:cd:88:0d:73:c3:b4:64:8f:7d:be:6d:
                    72:a9:0b:8e:c8:0d:e3:0f:e7:57:77:fa:a3:ce:6a:
                    c5:cb:26:27:3c:3c:04:a5:32:a3:e8:b5:cc:ce:2e:
                    08:e9:97:a0:96:8a:e3:1b:f5:78:e2:5d:25:6b:3c:
                    4a:de:81:fb:13:ea:eb:b2:bd:55:76:5d:e1:e8:9c:
                    92:14:81:56:92:11:ad:30:99:42:61:a8:4b:cf:c0:
                    84:1d:66:1f:0f:f8:43:87:af:15:80:16:88:41:6e:
                    ed:57:16:3d:c7:12:fd:5e:61:eb:3d:bb:bd:f7:2d:
                    b8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CD:A5:D2:9E:FB:4A:50:4E:3B:24:36:F6:F1:B0:69:97:26:C3:DF
            X509v3 Authority Key Identifier:
                keyid:56:BE:7D:AB:E8:ED:CE:2D:C2:E6:54:BD:0F:42:DA:0B:61:95:A0:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vr59q-jtzi3C5lS9D0LaC2GVoPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Ts2l0p77SlBOOyQ29vGwaZcmw98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ef9ce3-0e7b-428a-b1dd-571bb7690e34/1/Vr59q-jtzi3C5lS9D0LaC2GVoPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:d9:51:4b:e0:f5:a2:09:7b:64:51:27:ba:19:97:ea:e6:ee:
         29:4a:f4:5f:1f:fb:6b:36:77:29:23:ea:f2:f1:62:e3:38:9c:
         c9:1e:a5:27:38:b5:de:85:6e:63:3d:e8:37:da:0a:62:18:aa:
         4f:05:8d:60:1f:90:3f:16:2d:38:23:0f:cb:ca:83:a1:ab:59:
         06:d6:57:eb:27:c1:90:03:d0:28:50:38:fa:1b:b3:b1:c8:41:
         86:d7:43:5c:e3:5a:41:3f:1b:00:b1:84:52:af:85:f3:be:d4:
         bd:47:84:7f:c2:3b:35:01:e8:0b:0b:6f:c8:dc:d9:45:cb:66:
         05:64:dc:12:48:d9:a4:73:f0:65:a2:ee:eb:15:f5:6c:c9:42:
         50:94:ee:a9:61:fb:9f:a3:fe:23:51:c4:52:d0:7c:8a:ef:4a:
         35:6b:d4:a4:e3:82:ab:db:04:0b:5d:fe:cb:32:26:84:77:30:
         11:40:ca:e1:90:16:7d:b3:dd:67:11:cb:30:dc:f0:cb:8a:22:
         cc:2c:3e:b5:9e:18:dc:7f:5d:72:ca:08:03:74:23:22:93:75:
         54:85:e1:ed:fb:8d:f8:6d:64:90:18:cb:a0:ad:b1:63:4b:c3:
         58:fb:82:f2:e6:66:42:0d:31:6f:dc:8e:fe:ad:ab:dd:b7:73:
         52:25:0b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu94U8bsRNqyrdl49zsriMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YmU3ZGFiZThlZGNlMmRjMmU2NTRiZDBmNDJkYTBiNjE5
NWEwZjcwHhcNMjQwMTAyMTAzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWNkYTVkMjllZmI0YTUwNGUzYjI0MzZmNmYxYjA2OTk3MjZjM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZh75/nccsXDe6lmb1x8ZKBUbov7
O9ydZuy8OsvrrvXc2Ejn6V8bq2Fsj78yEOoVZ742IyC/lxs/SA1S/coVn3eiW8E9
aaTUB/yYw87i/2iDKPaVFf43v4u2KHb+/A/6DwJYQSd0IitYCHzyc/psYhmzx3nt
UDnLCGqv5xRHaZSkjMSCI4lRKHwgzYgNc8O0ZI99vm1yqQuOyA3jD+dXd/qjzmrF
yyYnPDwEpTKj6LXMzi4I6ZeglorjG/V44l0lazxK3oH7E+rrsr1Vdl3h6JySFIFW
khGtMJlCYahLz8CEHWYfD/hDh68VgBaIQW7tVxY9xxL9XmHrPbu99y24EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7NpdKe+0pQTjskNvbxsGmXJsPfMB8GA1UdIwQY
MBaAFFa+favo7c4twuZUvQ9C2gthlaD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnI1OXEtanR6aTNDNWxTOUQwTGFDMkdWb1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9lZjljZTMtMGU3Yi00MjhhLWIxZGQt
NTcxYmI3NjkwZTM0LzEvVHMybDBwNzdTbEJPT3lRMjl2R3dhWmNtdzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9lZjljZTMtMGU3Yi00MjhhLWIxZGQtNTcxYmI3NjkwZTM0
LzEvVnI1OXEtanR6aTNDNWxTOUQwTGFDMkdWb1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufeoMA0G
CSqGSIb3DQEBCwUAA4IBAQB/2VFL4PWiCXtkUSe6GZfq5u4pSvRfH/trNncpI+ry
8WLjOJzJHqUnOLXehW5jPeg32gpiGKpPBY1gH5A/Fi04Iw/LyoOhq1kG1lfrJ8GQ
A9AoUDj6G7OxyEGG10Nc41pBPxsAsYRSr4XzvtS9R4R/wjs1AegLC2/I3NlFy2YF
ZNwSSNmkc/Blou7rFfVsyUJQlO6pYfufo/4jUcRS0HyK70o1a9Sk44Kr2wQLXf7L
MiaEdzARQMrhkBZ9s91nEcsw3PDLiiLMLD61nhjcf11yyggDdCMik3VUheHt+434
bWSQGMugrbFjS8NY+4Ly5mZCDTFv3I7+ravdt3NSJQv6
-----END CERTIFICATE-----