Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/TSXSVHFmL7CGXrTM7gYDthqn5AI.roa
File:                     TSXSVHFmL7CGXrTM7gYDthqn5AI.roa (raw, json)
Hash identifier:          5mvvA7w07lXcfQVDvAEx789mi5qEtvdM6b9LSV5zlts=
Subject key identifier:   4D:25:D2:54:71:66:2F:B0:86:5E:B4:CC:EE:06:03:B6:1A:A7:E4:02
Certificate issuer:       /CN=e123860e20cdb2cfdf2cefb3753a15b822829266
Certificate serial:       018CC5DC47B51D35DE05CC84CC8F39DF432F
Authority key identifier: E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/TSXSVHFmL7CGXrTM7gYDthqn5AI.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56974
IP address blocks:        185.44.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:47:b5:1d:35:de:05:cc:84:cc:8f:39:df:43:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e123860e20cdb2cfdf2cefb3753a15b822829266
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d25d25471662fb0865eb4ccee0603b61aa7e402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:63:04:c4:ab:4b:00:ba:18:c3:57:5a:95:a7:
                    be:96:55:e7:9c:ea:1b:d9:cc:18:2b:46:82:b5:f0:
                    85:7e:28:7c:f4:c1:87:8d:b4:92:3c:24:77:da:9b:
                    04:59:62:e6:7f:f7:38:63:05:6c:79:79:51:3e:2b:
                    85:af:f0:bc:4e:71:5c:51:93:56:ee:ae:47:46:5a:
                    e2:5e:ee:38:ef:85:1f:e5:9a:da:6a:c3:f5:69:c4:
                    8a:bb:d8:96:69:42:42:c0:84:c1:8e:a6:45:68:b4:
                    84:c2:0b:c2:93:d2:74:6b:c1:fb:c3:45:32:e3:37:
                    7d:17:e1:68:0a:5c:57:62:f8:71:5b:3c:88:9e:f3:
                    12:6c:45:d8:f0:de:cc:cb:37:f8:5d:4c:ae:1f:d4:
                    8a:39:f7:b4:76:06:a7:e7:0d:4f:d3:15:23:9f:8d:
                    32:b7:49:83:d1:83:9f:08:bb:1d:31:46:af:f6:fb:
                    54:8c:13:f8:1a:90:6d:97:d4:50:ba:cd:a9:7d:da:
                    44:28:a7:40:db:72:0a:a3:c3:31:48:e3:c1:4d:f3:
                    7b:14:48:1a:1b:46:5f:a3:fc:53:67:0b:87:3a:13:
                    b9:e5:ea:db:03:f2:ed:76:5d:b3:51:34:54:f7:76:
                    2f:54:54:80:c8:ff:aa:0e:72:a8:58:c7:d0:eb:b3:
                    8e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:25:D2:54:71:66:2F:B0:86:5E:B4:CC:EE:06:03:B6:1A:A7:E4:02
            X509v3 Authority Key Identifier:
                keyid:E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/TSXSVHFmL7CGXrTM7gYDthqn5AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:5a:56:e7:7a:e7:10:db:e0:0c:d4:64:52:ba:2b:a8:dd:74:
         a1:3f:0e:5e:ca:36:fc:df:00:17:af:7d:10:b2:2b:7a:5c:be:
         2b:6d:96:46:4e:03:3f:7e:0b:12:0d:6d:2a:48:4f:bc:7c:3c:
         e9:04:72:d5:83:22:70:a1:5b:6d:8f:00:d9:be:8f:cf:ef:49:
         f3:92:f5:f0:ce:54:76:43:84:64:c5:c8:95:4c:68:6e:27:1b:
         cd:19:e9:0d:7f:63:ea:13:35:27:9e:e3:31:65:a3:3a:30:e9:
         98:55:ff:cc:85:37:a1:52:20:3a:15:d2:6f:33:41:21:1b:3c:
         06:68:f6:68:d4:11:07:00:37:3c:ad:2f:92:91:71:78:51:b6:
         62:c0:32:3c:36:62:4f:cf:2b:3c:8a:7f:bd:fe:92:0a:33:f9:
         f6:73:68:70:14:38:36:4d:3f:15:04:4f:c2:c2:14:fe:aa:b0:
         ad:1c:e5:66:72:e3:7a:96:a7:e1:07:04:ed:e7:36:5f:ba:26:
         0c:75:ff:c1:56:55:b5:fc:17:0c:0f:70:b3:04:7f:97:1d:e7:
         1c:22:a9:41:d4:c1:f6:2d:38:57:49:ad:6e:66:78:35:f3:b2:
         19:e6:2c:82:70:68:fc:d0:93:86:56:a8:fc:23:c2:bb:33:f9:
         e9:95:bb:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Ee1HTXeBcyEzI8530MvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjM4NjBlMjBjZGIyY2ZkZjJjZWZiMzc1M2ExNWI4MjI4
MjkyNjYwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDI1ZDI1NDcxNjYyZmIwODY1ZWI0Y2NlZTA2MDNiNjFhYTdlNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGMExKtLALoYw1dalae+llXnnOob
2cwYK0aCtfCFfih89MGHjbSSPCR32psEWWLmf/c4YwVseXlRPiuFr/C8TnFcUZNW
7q5HRlriXu4474Uf5ZraasP1acSKu9iWaUJCwITBjqZFaLSEwgvCk9J0a8H7w0Uy
4zd9F+FoClxXYvhxWzyInvMSbEXY8N7Myzf4XUyuH9SKOfe0dgan5w1P0xUjn40y
t0mD0YOfCLsdMUav9vtUjBP4GpBtl9RQus2pfdpEKKdA23IKo8MxSOPBTfN7FEga
G0Zfo/xTZwuHOhO55erbA/Ltdl2zUTRU93YvVFSAyP+qDnKoWMfQ67OO8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0l0lRxZi+whl60zO4GA7Yap+QCMB8GA1UdIwQY
MBaAFOEjhg4gzbLP3yzvs3U6FbgigpJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2Yt
NDc1MzdlYjY0NGY1LzEvVFNYU1ZIRm1MN0NHWHJUTTdnWUR0aHFuNUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2YtNDc1MzdlYjY0NGY1
LzEvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSzlMA0G
CSqGSIb3DQEBCwUAA4IBAQDGWlbneucQ2+AM1GRSuiuo3XShPw5eyjb83wAXr30Q
sit6XL4rbZZGTgM/fgsSDW0qSE+8fDzpBHLVgyJwoVttjwDZvo/P70nzkvXwzlR2
Q4RkxciVTGhuJxvNGekNf2PqEzUnnuMxZaM6MOmYVf/MhTehUiA6FdJvM0EhGzwG
aPZo1BEHADc8rS+SkXF4UbZiwDI8NmJPzys8in+9/pIKM/n2c2hwFDg2TT8VBE/C
whT+qrCtHOVmcuN6lqfhBwTt5zZfuiYMdf/BVlW1/BcMD3CzBH+XHeccIqlB1MH2
LThXSa1uZng187IZ5iyCcGj80JOGVqj8I8K7M/nplbvK
-----END CERTIFICATE-----