Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/tUL9e54uvY4D8yoqAKIRlcsugxw.roa
File:                     tUL9e54uvY4D8yoqAKIRlcsugxw.roa (raw, json)
Hash identifier:          CxkLKMXSR2h2TXdW5qPctHlueh2vk9YLgD30b1wz3w0=
Subject key identifier:   B5:42:FD:7B:9E:2E:BD:8E:03:F3:2A:2A:00:A2:11:95:CB:2E:83:1C
Certificate issuer:       /CN=29085fc534c13e0882e260a895f3cf0c5543ef08
Certificate serial:       018DC10919BDE98776D0A57AC06362DFC81E
Authority key identifier: 29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/tUL9e54uvY4D8yoqAKIRlcsugxw.roa
Signing time:             Mon 19 Feb 2024 11:03:35 +0000
ROA not before:           Mon 19 Feb 2024 11:03:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.187.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:09:19:bd:e9:87:76:d0:a5:7a:c0:63:62:df:c8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29085fc534c13e0882e260a895f3cf0c5543ef08
        Validity
            Not Before: Feb 19 11:03:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b542fd7b9e2ebd8e03f32a2a00a21195cb2e831c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:48:45:06:ce:64:21:f8:d2:ba:0f:9e:a1:d8:
                    eb:d3:16:32:04:b8:95:ed:30:7b:4e:01:85:1e:d8:
                    b3:71:c9:8f:e1:33:34:ba:c5:e9:8a:b6:f3:aa:1b:
                    9a:36:9c:c0:14:05:68:b7:29:e2:d5:9f:be:5d:69:
                    67:6f:80:84:46:37:04:7d:2f:fe:fe:f7:08:f2:b5:
                    3f:0b:57:81:5f:c1:51:74:69:1c:c1:bc:02:e7:32:
                    79:61:b0:82:d1:74:e0:51:04:b4:ea:66:e0:aa:c7:
                    06:c3:b4:aa:7e:8e:bf:0d:10:28:de:4c:19:55:f0:
                    82:7b:95:00:be:5a:7c:ba:37:fd:95:4c:3d:4b:c1:
                    4f:d0:d0:46:08:86:de:2d:64:b1:e2:49:fe:1b:d2:
                    a9:14:ca:fd:98:bb:ba:60:4f:47:2c:fb:3a:5c:64:
                    86:c5:1b:5b:ec:5f:fc:ef:9b:02:ba:f3:8d:97:2b:
                    5c:b7:2a:32:d9:b9:31:73:09:5d:15:7d:17:be:24:
                    26:d8:b2:e0:b6:33:f5:b3:6a:66:3d:78:0d:75:dd:
                    34:30:4b:bb:ee:25:83:74:e0:cd:95:94:8f:69:c6:
                    b5:9c:f0:fe:14:db:91:48:d7:99:d4:47:a4:f8:07:
                    b0:8a:32:d7:bc:a9:2d:da:fe:ee:dd:da:5a:06:4c:
                    31:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:42:FD:7B:9E:2E:BD:8E:03:F3:2A:2A:00:A2:11:95:CB:2E:83:1C
            X509v3 Authority Key Identifier:
                keyid:29:08:5F:C5:34:C1:3E:08:82:E2:60:A8:95:F3:CF:0C:55:43:EF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQhfxTTBPgiC4mColfPPDFVD7wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/tUL9e54uvY4D8yoqAKIRlcsugxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/56d490-0196-45ac-83eb-c3297129e4d3/1/KQhfxTTBPgiC4mColfPPDFVD7wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:fb:f6:6a:8a:bf:d6:42:31:d9:35:4e:e6:b0:91:d8:95:af:
         69:8e:36:a6:af:db:d3:ce:6f:7a:59:17:af:26:d1:40:6e:81:
         0a:5b:00:19:92:75:1a:45:9f:ef:ab:50:15:17:4d:01:a1:fd:
         9b:07:68:fb:c3:ae:a8:17:49:f5:da:36:f3:0e:44:c1:2c:04:
         c6:d5:d2:e0:2a:6e:71:c6:3b:21:b9:63:3d:3d:32:a8:2c:be:
         36:28:3c:00:17:cc:06:00:f9:d3:8d:71:dd:20:7e:1f:19:e6:
         ac:62:50:54:1f:0d:94:ed:51:80:f5:66:13:3e:32:0f:c6:58:
         1c:34:15:09:9f:70:37:ef:3a:c9:30:6a:0f:d2:68:87:72:d2:
         3e:f1:86:5d:73:af:e4:a2:89:74:8a:c4:ad:71:91:fa:a3:b2:
         e1:66:38:31:9e:17:bb:1d:36:51:e5:46:aa:88:23:cf:78:29:
         da:90:09:1f:a8:51:50:35:68:76:9a:cf:39:98:3d:a4:91:9b:
         5b:8a:7d:49:57:3d:31:c4:3f:6a:af:09:19:ad:71:c5:d0:d9:
         a7:2d:50:ae:38:de:c8:5e:2a:36:45:88:36:6a:30:f9:0c:19:
         63:81:9c:6a:70:7a:df:75:b2:ff:a2:bb:1d:d9:b7:04:28:30:
         46:0c:17:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BCRm96Yd20KV6wGNi38geMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDg1ZmM1MzRjMTNlMDg4MmUyNjBhODk1ZjNjZjBjNTU0
M2VmMDgwHhcNMjQwMjE5MTEwMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQyZmQ3YjllMmViZDhlMDNmMzJhMmEwMGEyMTE5NWNiMmU4MzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0hFBs5kIfjSug+eodjr0xYyBLiV
7TB7TgGFHtizccmP4TM0usXpirbzqhuaNpzAFAVotyni1Z++XWlnb4CERjcEfS/+
/vcI8rU/C1eBX8FRdGkcwbwC5zJ5YbCC0XTgUQS06mbgqscGw7Sqfo6/DRAo3kwZ
VfCCe5UAvlp8ujf9lUw9S8FP0NBGCIbeLWSx4kn+G9KpFMr9mLu6YE9HLPs6XGSG
xRtb7F/875sCuvONlytctyoy2bkxcwldFX0XviQm2LLgtjP1s2pmPXgNdd00MEu7
7iWDdODNlZSPaca1nPD+FNuRSNeZ1Eek+AewijLXvKkt2v7u3dpaBkwxlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVC/XueLr2OA/MqKgCiEZXLLoMcMB8GA1UdIwQY
MBaAFCkIX8U0wT4IguJgqJXzzwxVQ+8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWIt
YzMyOTcxMjllNGQzLzEvdFVMOWU1NHV2WTREOHlvcUFLSVJsY3N1Z3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NmQ0OTAtMDE5Ni00NWFjLTgzZWItYzMyOTcxMjllNGQz
LzEvS1FoZnhUVEJQZ2lDNG1Db2xmUFBERlZEN3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubs8MA0G
CSqGSIb3DQEBCwUAA4IBAQBz+/Zqir/WQjHZNU7msJHYla9pjjamr9vTzm96WRev
JtFAboEKWwAZknUaRZ/vq1AVF00Bof2bB2j7w66oF0n12jbzDkTBLATG1dLgKm5x
xjshuWM9PTKoLL42KDwAF8wGAPnTjXHdIH4fGeasYlBUHw2U7VGA9WYTPjIPxlgc
NBUJn3A37zrJMGoP0miHctI+8YZdc6/kool0isStcZH6o7LhZjgxnhe7HTZR5Uaq
iCPPeCnakAkfqFFQNWh2ms85mD2kkZtbin1JVz0xxD9qrwkZrXHF0NmnLVCuON7I
Xio2RYg2ajD5DBljgZxqcHrfdbL/orsd2bcEKDBGDBdz
-----END CERTIFICATE-----