Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/TDWdQnyyUoy5ZzDVYf7fJ7q9vI8.roa
File:                     TDWdQnyyUoy5ZzDVYf7fJ7q9vI8.roa (raw, json)
Hash identifier:          Z4LBSHvfeKroOirv78BQyzjKEaqAR5iWuuq1hEmSV4Y=
Subject key identifier:   4C:35:9D:42:7C:B2:52:8C:B9:67:30:D5:61:FE:DF:27:BA:BD:BC:8F
Certificate issuer:       /CN=b6a897c798f019b2477b1a9ce3b23bb5d76166c3
Certificate serial:       018CC34891D3C8FE7C10C74028577BFA237F
Authority key identifier: B6:A8:97:C7:98:F0:19:B2:47:7B:1A:9C:E3:B2:3B:B5:D7:61:66:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqiXx5jwGbJHexqc47I7tddhZsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/TDWdQnyyUoy5ZzDVYf7fJ7q9vI8.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209345
IP address blocks:        85.208.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/tqiXx5jwGbJHexqc47I7tddhZsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/tqiXx5jwGbJHexqc47I7tddhZsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqiXx5jwGbJHexqc47I7tddhZsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:91:d3:c8:fe:7c:10:c7:40:28:57:7b:fa:23:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a897c798f019b2477b1a9ce3b23bb5d76166c3
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c359d427cb2528cb96730d561fedf27babdbc8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:31:d2:46:a7:80:6d:5d:b7:9d:d1:8e:fe:47:
                    26:09:87:61:10:cf:64:4b:3a:0c:47:2b:e3:79:f6:
                    01:89:62:eb:50:d3:b2:64:56:37:3d:2f:d4:66:20:
                    a7:4a:f6:07:6e:22:f3:93:b0:2a:ee:25:93:60:59:
                    23:30:da:b8:d5:ca:16:50:d8:be:2e:69:06:7d:63:
                    dc:a5:2c:3c:b9:ea:ce:ff:f1:ae:af:d7:b3:88:39:
                    ba:76:e3:1b:f6:18:e4:bc:2e:4d:72:a4:c8:70:4f:
                    94:b8:34:0c:f5:1a:6c:bd:ba:f7:c7:ca:e4:75:a5:
                    ee:bc:d6:5a:da:57:03:6c:d5:b5:59:6c:00:2f:bb:
                    bf:ef:84:5a:68:74:3e:58:c9:11:a6:3f:f7:fe:fa:
                    26:0f:6f:07:3f:9d:cb:83:22:a7:48:6e:74:be:df:
                    a1:03:db:0e:d3:e1:85:e3:e1:2b:94:47:e7:06:0b:
                    1b:e7:9a:6b:7c:fb:4f:d3:ed:77:b9:0b:2f:94:91:
                    12:e2:1a:4f:98:60:1c:ec:95:4c:3e:0c:f9:cf:ae:
                    dc:8c:d3:92:20:2c:58:b8:5d:0c:07:02:17:d7:28:
                    78:b8:8d:93:b0:6c:e4:6a:30:a0:a7:ca:c7:bb:11:
                    61:14:42:eb:d3:9f:cc:80:1e:b9:2d:55:f8:6c:09:
                    77:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:35:9D:42:7C:B2:52:8C:B9:67:30:D5:61:FE:DF:27:BA:BD:BC:8F
            X509v3 Authority Key Identifier:
                keyid:B6:A8:97:C7:98:F0:19:B2:47:7B:1A:9C:E3:B2:3B:B5:D7:61:66:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqiXx5jwGbJHexqc47I7tddhZsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/TDWdQnyyUoy5ZzDVYf7fJ7q9vI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/497dd7-7f7c-494d-b886-52f850ca55c6/1/tqiXx5jwGbJHexqc47I7tddhZsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:0f:af:dc:48:89:b1:65:02:a7:37:98:48:87:24:6c:0a:b0:
         6d:69:7b:2b:7c:7c:ae:1a:19:a1:8f:16:00:fd:a3:78:0c:de:
         fe:2e:b3:9e:c0:63:0d:8f:12:ff:b1:0b:13:da:3f:bf:8d:a7:
         57:6c:6e:01:4e:ec:f7:fb:d5:81:73:87:0b:eb:da:cc:46:2a:
         fc:b9:52:b5:34:71:d3:07:d4:0c:71:f8:1e:21:a9:6f:00:c0:
         e6:79:0a:7b:5c:c2:c4:c0:cf:89:a1:3a:7d:8f:2d:1a:d3:d9:
         fe:89:5d:58:3b:79:75:de:e0:a6:37:7e:5e:9a:a0:71:6f:52:
         5c:a2:43:28:ef:70:f3:10:94:c8:a9:f0:cd:e0:38:d3:54:df:
         c1:a0:86:be:ce:23:72:d3:04:59:c5:9a:6f:ae:56:37:49:cd:
         a5:3c:e0:fa:22:7c:e8:1d:ec:d3:3f:54:3e:67:55:22:bf:ea:
         dd:33:96:36:60:7c:4a:03:a6:3e:19:5a:25:69:e9:67:00:6f:
         0e:9d:c0:a3:94:b1:bc:85:5d:36:a4:10:bb:a7:8e:07:00:af:
         28:01:90:3c:e9:6d:c5:5d:3b:a4:d6:be:ca:a6:b5:a3:49:ae:
         b7:60:22:53:8e:e6:b7:d7:b1:9c:1c:86:1d:f6:0d:ec:d8:1a:
         80:52:f2:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJHTyP58EMdAKFd7+iN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTg5N2M3OThmMDE5YjI0NzdiMWE5Y2UzYjIzYmI1ZDc2
MTY2YzMwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzM1OWQ0MjdjYjI1MjhjYjk2NzMwZDU2MWZlZGYyN2JhYmRiYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTHSRqeAbV23ndGO/kcmCYdhEM9k
SzoMRyvjefYBiWLrUNOyZFY3PS/UZiCnSvYHbiLzk7Aq7iWTYFkjMNq41coWUNi+
LmkGfWPcpSw8uerO//Gur9eziDm6duMb9hjkvC5NcqTIcE+UuDQM9Rpsvbr3x8rk
daXuvNZa2lcDbNW1WWwAL7u/74RaaHQ+WMkRpj/3/vomD28HP53LgyKnSG50vt+h
A9sO0+GF4+ErlEfnBgsb55prfPtP0+13uQsvlJES4hpPmGAc7JVMPgz5z67cjNOS
ICxYuF0MBwIX1yh4uI2TsGzkajCgp8rHuxFhFELr05/MgB65LVX4bAl34wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEw1nUJ8slKMuWcw1WH+3ye6vbyPMB8GA1UdIwQY
MBaAFLaol8eY8BmyR3sanOOyO7XXYWbDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFpWHg1andHYkpIZXhxYzQ3STd0ZGRoWnNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTdkZDctN2Y3Yy00OTRkLWI4ODYt
NTJmODUwY2E1NWM2LzEvVERXZFFueXlVb3k1WnpEVllmN2ZKN3E5dkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTdkZDctN2Y3Yy00OTRkLWI4ODYtNTJmODUwY2E1NWM2
LzEvdHFpWHg1andHYkpIZXhxYzQ3STd0ZGRoWnNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdDwMA0G
CSqGSIb3DQEBCwUAA4IBAQC+D6/cSImxZQKnN5hIhyRsCrBtaXsrfHyuGhmhjxYA
/aN4DN7+LrOewGMNjxL/sQsT2j+/jadXbG4BTuz3+9WBc4cL69rMRir8uVK1NHHT
B9QMcfgeIalvAMDmeQp7XMLEwM+JoTp9jy0a09n+iV1YO3l13uCmN35emqBxb1Jc
okMo73DzEJTIqfDN4DjTVN/BoIa+ziNy0wRZxZpvrlY3Sc2lPOD6InzoHezTP1Q+
Z1Uiv+rdM5Y2YHxKA6Y+GVolaelnAG8OncCjlLG8hV02pBC7p44HAK8oAZA86W3F
XTuk1r7KprWjSa63YCJTjua317GcHIYd9g3s2BqAUvJ1
-----END CERTIFICATE-----