Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/TV_ycAdYllzD3A1Qv4V2wrf--YY.roa
File:                     TV_ycAdYllzD3A1Qv4V2wrf--YY.roa (raw, json)
Hash identifier:          x9AwHVaQIkNliOR7FPVM4mQ+0ufhV5Oqdm6dp962WvY=
Subject key identifier:   4D:5F:F2:70:07:58:96:5C:C3:DC:0D:50:BF:85:76:C2:B7:FE:F9:86
Certificate issuer:       /CN=95461fbee1c06e3eafac0f2f95253ca8603accf2
Certificate serial:       018CC8013F042065A34EDBC477F288DC1185
Authority key identifier: 95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/TV_ycAdYllzD3A1Qv4V2wrf--YY.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        185.66.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3f:04:20:65:a3:4e:db:c4:77:f2:88:dc:11:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95461fbee1c06e3eafac0f2f95253ca8603accf2
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d5ff2700758965cc3dc0d50bf8576c2b7fef986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d3:5e:89:dc:60:9f:62:62:de:f9:0e:27:80:
                    55:c7:89:42:ee:5b:d4:a3:c1:0c:ef:1e:ed:b8:3f:
                    41:02:37:95:9a:9a:cf:b5:ad:34:25:13:47:e7:cc:
                    17:65:22:35:bd:c6:d9:09:24:7c:96:88:31:0e:69:
                    ba:ca:9b:27:48:9c:4a:dd:90:dd:00:a0:53:a9:61:
                    99:8b:a9:a8:66:ac:b6:da:bc:c2:19:57:50:63:c5:
                    71:18:5f:01:08:e3:d3:b8:68:4a:cc:de:f9:72:40:
                    b8:a1:e4:ba:9e:72:ff:da:51:9b:b9:12:f4:88:4b:
                    53:8d:b6:f3:24:ac:9e:7a:d5:0b:a7:c4:65:e4:5b:
                    37:2e:08:00:8b:0e:a3:9a:e5:a0:13:e7:3a:f0:ca:
                    c3:97:dc:c1:28:d9:38:5f:2e:57:89:63:11:ad:57:
                    c2:52:d6:43:ac:74:9a:62:21:c8:f6:c0:46:4d:7e:
                    bc:b7:da:78:da:e5:39:66:02:cc:cb:1a:29:04:3a:
                    fe:1a:20:7d:02:df:f8:51:be:89:a4:c8:47:43:bb:
                    d3:79:ce:c7:2c:b4:5e:bf:5d:d1:a8:7e:a1:0c:43:
                    8a:83:07:86:60:50:8c:2b:08:c9:98:55:19:f5:f8:
                    19:80:a7:21:3b:be:77:81:68:6d:97:e9:ae:6e:81:
                    8a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:5F:F2:70:07:58:96:5C:C3:DC:0D:50:BF:85:76:C2:B7:FE:F9:86
            X509v3 Authority Key Identifier:
                keyid:95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/TV_ycAdYllzD3A1Qv4V2wrf--YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:ff:ff:60:22:e4:d5:2f:48:df:b7:41:03:5e:f3:9c:06:c0:
         ab:eb:03:28:bb:8e:62:ba:df:02:90:56:4e:97:b3:04:6b:74:
         11:1a:73:5d:74:66:d5:5c:12:43:76:99:69:ac:b1:be:b6:29:
         77:95:48:01:9a:0f:9f:f0:84:1f:16:51:ee:2e:af:fa:c7:64:
         eb:bd:7b:81:64:3d:53:9f:76:ef:c6:8d:a2:c1:a1:ed:15:54:
         13:de:d1:91:05:f2:e9:bf:27:18:d1:78:27:f0:ea:50:a6:17:
         ab:64:22:eb:29:53:1c:ca:ee:be:3b:74:7b:35:06:82:60:a1:
         66:73:12:31:43:95:72:42:c5:b5:2f:e4:88:da:dd:13:4d:be:
         16:73:ec:ad:91:ce:4b:8c:02:a2:c6:a1:34:40:cc:73:59:d1:
         5c:56:17:a0:ec:a4:23:35:c9:dd:23:dd:20:a4:68:97:a3:ea:
         a2:34:47:38:f6:6b:20:f7:ef:f8:85:31:e7:73:6a:8a:f6:7b:
         9c:7c:9a:6d:84:c2:93:78:21:17:dc:8c:6b:98:9a:5a:38:43:
         07:b7:75:6c:06:ad:c5:77:8d:aa:3d:ff:86:16:e1:99:c6:c8:
         62:8a:77:50:05:a0:e9:ec:0e:70:2e:e3:2c:92:67:b8:53:64:
         31:00:c4:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAT8EIGWjTtvEd/KI3BGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDYxZmJlZTFjMDZlM2VhZmFjMGYyZjk1MjUzY2E4NjAz
YWNjZjIwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDVmZjI3MDA3NTg5NjVjYzNkYzBkNTBiZjg1NzZjMmI3ZmVmOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtNeidxgn2Ji3vkOJ4BVx4lC7lvU
o8EM7x7tuD9BAjeVmprPta00JRNH58wXZSI1vcbZCSR8logxDmm6ypsnSJxK3ZDd
AKBTqWGZi6moZqy22rzCGVdQY8VxGF8BCOPTuGhKzN75ckC4oeS6nnL/2lGbuRL0
iEtTjbbzJKyeetULp8Rl5Fs3LggAiw6jmuWgE+c68MrDl9zBKNk4Xy5XiWMRrVfC
UtZDrHSaYiHI9sBGTX68t9p42uU5ZgLMyxopBDr+GiB9At/4Ub6JpMhHQ7vTec7H
LLRev13RqH6hDEOKgweGYFCMKwjJmFUZ9fgZgKchO753gWhtl+muboGKLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1f8nAHWJZcw9wNUL+FdsK3/vmGMB8GA1UdIwQY
MBaAFJVGH77hwG4+r6wPL5UlPKhgOszyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVZZnZ1SEFiajZ2ckE4dmxTVThxR0E2elBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lNWNlOGYtNWVhMC00NzlmLTkzZTkt
ODlkNWM2MGY1MDFmLzEvVFZfeWNBZFlsbHpEM0ExUXY0VjJ3cmYtLVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lNWNlOGYtNWVhMC00NzlmLTkzZTktODlkNWM2MGY1MDFm
LzEvbFVZZnZ1SEFiajZ2ckE4dmxTVThxR0E2elBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuULEMA0G
CSqGSIb3DQEBCwUAA4IBAQBj//9gIuTVL0jft0EDXvOcBsCr6wMou45iut8CkFZO
l7MEa3QRGnNddGbVXBJDdplprLG+til3lUgBmg+f8IQfFlHuLq/6x2TrvXuBZD1T
n3bvxo2iwaHtFVQT3tGRBfLpvycY0Xgn8OpQpherZCLrKVMcyu6+O3R7NQaCYKFm
cxIxQ5VyQsW1L+SI2t0TTb4Wc+ytkc5LjAKixqE0QMxzWdFcVheg7KQjNcndI90g
pGiXo+qiNEc49msg9+/4hTHnc2qK9nucfJpthMKTeCEX3IxrmJpaOEMHt3VsBq3F
d42qPf+GFuGZxshiindQBaDp7A5wLuMskme4U2QxAMRS
-----END CERTIFICATE-----