Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/TBu6mY2iS2_xW4qC5QMLqPYmGuM.roa
File:                     TBu6mY2iS2_xW4qC5QMLqPYmGuM.roa (raw, json)
Hash identifier:          Wzf/lhHq+eNiUeJNFMvk6NtIVEOmbQtiLRSCIdp8Nbo=
Subject key identifier:   4C:1B:BA:99:8D:A2:4B:6F:F1:5B:8A:82:E5:03:0B:A8:F6:26:1A:E3
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       018CC3B6B2A466077B706D438DC811E22F8B
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/TBu6mY2iS2_xW4qC5QMLqPYmGuM.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206774
IP address blocks:        185.176.246.0/23 maxlen: 23
                          2a0a:2787::/32 maxlen: 32
                          2a0a:2784::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b2:a4:66:07:7b:70:6d:43:8d:c8:11:e2:2f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c1bba998da24b6ff15b8a82e5030ba8f6261ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c1:9e:fb:94:37:fc:71:3a:0b:b1:c1:e1:81:
                    93:3a:07:81:7c:ef:9b:85:a5:e2:49:c4:ff:a6:4d:
                    c6:7c:b0:81:67:1f:7a:4c:14:11:7b:14:17:ba:d7:
                    95:71:d5:09:66:5c:76:18:48:9b:4a:5e:c2:40:37:
                    b2:82:61:68:97:a5:bf:96:0d:ec:91:61:d1:65:c0:
                    72:b5:94:41:ea:a7:96:9f:d2:93:74:80:9a:55:c8:
                    42:95:78:41:d6:85:9a:cd:b1:52:0f:9b:25:c3:33:
                    eb:d2:9c:79:6c:9c:62:6e:75:18:22:4d:48:71:c0:
                    f9:af:3d:b4:89:a8:84:59:f2:d7:5f:99:70:51:c6:
                    2b:11:7c:fc:33:51:69:df:dd:3d:83:41:c0:f5:a1:
                    34:a9:67:b7:3a:23:20:63:7f:8e:dd:52:cb:5a:a3:
                    db:44:81:cd:a0:d2:6b:1a:c1:f6:da:68:49:41:85:
                    29:55:91:15:c9:2e:78:05:64:9d:f9:4b:7e:99:ef:
                    12:55:db:87:2d:67:cd:79:cc:fa:c3:54:a3:69:50:
                    04:e8:ec:ad:f7:0a:99:ee:c9:ee:64:44:88:c5:a9:
                    60:79:75:6a:37:bc:4e:e7:4c:be:2f:f6:cc:aa:6a:
                    fc:84:f1:fe:2f:21:7d:e4:a4:4e:79:9c:e0:c2:c7:
                    03:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1B:BA:99:8D:A2:4B:6F:F1:5B:8A:82:E5:03:0B:A8:F6:26:1A:E3
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/TBu6mY2iS2_xW4qC5QMLqPYmGuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.246.0/23
                IPv6:
                  2a0a:2784::/32
                  2a0a:2787::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:ad:7a:87:b6:ca:e3:d0:83:ac:e1:e4:b9:cf:5f:90:4d:f5:
         c2:b1:8c:88:08:90:9b:5a:07:b6:82:b3:84:90:f6:0a:48:67:
         8a:df:2c:62:61:a8:37:b5:5f:a4:bd:84:0e:73:82:e4:5f:a7:
         48:16:51:c1:d8:5f:56:eb:56:40:92:c3:ef:4e:2e:ec:d9:69:
         78:db:f6:ea:04:f4:96:6a:e8:07:bd:be:9a:63:90:35:d3:72:
         bb:89:ca:24:65:83:19:92:74:76:7c:f6:11:60:2a:75:b8:ef:
         59:60:92:eb:f7:a8:70:e3:1e:5a:12:f6:45:ab:81:c3:36:37:
         12:58:0e:55:fe:d2:d2:a2:85:f5:18:94:41:fa:81:02:8e:ef:
         eb:d1:c3:b4:00:70:23:c3:7a:4f:3c:5e:64:74:fd:ce:89:e4:
         ab:c3:fc:c7:03:56:9c:1f:bb:75:22:06:03:f2:56:53:4e:7d:
         c6:cc:a4:b3:02:71:8b:d4:d8:72:cf:33:bf:99:b5:51:dc:30:
         21:8a:29:e0:25:d1:88:e1:ff:1a:2f:8f:f9:fb:67:0f:c1:ab:
         c3:0a:56:6b:40:42:67:ac:fe:06:8d:4f:2b:13:7b:71:7e:85:
         de:ea:9f:20:e5:29:fd:73:10:96:55:d0:de:28:66:bf:e5:21:
         ef:1d:ce:22
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzDtrKkZgd7cG1DjcgR4i+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFiYmE5OThkYTI0YjZmZjE1YjhhODJlNTAzMGJhOGY2MjYxYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMGe+5Q3/HE6C7HB4YGTOgeBfO+b
haXiScT/pk3GfLCBZx96TBQRexQXuteVcdUJZlx2GEibSl7CQDeygmFol6W/lg3s
kWHRZcBytZRB6qeWn9KTdICaVchClXhB1oWazbFSD5slwzPr0px5bJxibnUYIk1I
ccD5rz20iaiEWfLXX5lwUcYrEXz8M1Fp3909g0HA9aE0qWe3OiMgY3+O3VLLWqPb
RIHNoNJrGsH22mhJQYUpVZEVyS54BWSd+Ut+me8SVduHLWfNecz6w1SjaVAE6Oyt
9wqZ7snuZESIxalgeXVqN7xO50y+L/bMqmr8hPH+LyF95KROeZzgwscDUwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEwbupmNoktv8VuKguUDC6j2JhrjMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvVEJ1Nm1ZMmlTMl94VzRxQzVRTUxxUFltR3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQBubD2MBQE
AgACMA4DBQAqCieEAwUAKgonhzANBgkqhkiG9w0BAQsFAAOCAQEAf616h7bK49CD
rOHkuc9fkE31wrGMiAiQm1oHtoKzhJD2Ckhnit8sYmGoN7VfpL2EDnOC5F+nSBZR
wdhfVutWQJLD704u7NlpeNv26gT0lmroB72+mmOQNdNyu4nKJGWDGZJ0dnz2EWAq
dbjvWWCS6/eocOMeWhL2RauBwzY3ElgOVf7S0qKF9RiUQfqBAo7v69HDtABwI8N6
TzxeZHT9zonkq8P8xwNWnB+7dSIGA/JWU059xsykswJxi9TYcs8zv5m1UdwwIYop
4CXRiOH/Gi+P+ftnD8GrwwpWa0BCZ6z+Bo1PKxN7cX6F3uqfIOUp/XMQllXQ3ihm
v+Uh7x3OIg==
-----END CERTIFICATE-----