Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/T0i-vkPjIYsGEWVWzcpqT7GzjSA.roa
File:                     T0i-vkPjIYsGEWVWzcpqT7GzjSA.roa (raw, json)
Hash identifier:          AZNaX280xhe1JGmhv+QVloCuol2fir/kyuAwhwEW8NE=
Subject key identifier:   4F:48:BE:BE:43:E3:21:8B:06:11:65:56:CD:CA:6A:4F:B1:B3:8D:20
Certificate issuer:       /CN=ab2729642d2e3537d9ab7c45c51fe26dea468b82
Certificate serial:       018CC5004E7BE1B21A7D549C043D2E7B8A4C
Authority key identifier: AB:27:29:64:2D:2E:35:37:D9:AB:7C:45:C5:1F:E2:6D:EA:46:8B:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qycpZC0uNTfZq3xFxR_ibepGi4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/T0i-vkPjIYsGEWVWzcpqT7GzjSA.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197033
IP address blocks:        185.149.216.0/22 maxlen: 22
                          185.232.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/qycpZC0uNTfZq3xFxR_ibepGi4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/qycpZC0uNTfZq3xFxR_ibepGi4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qycpZC0uNTfZq3xFxR_ibepGi4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4e:7b:e1:b2:1a:7d:54:9c:04:3d:2e:7b:8a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2729642d2e3537d9ab7c45c51fe26dea468b82
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f48bebe43e3218b06116556cdca6a4fb1b38d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e1:a9:b1:82:48:df:f6:48:2b:96:5c:c9:31:
                    cc:35:f5:62:89:71:57:e6:3c:d6:0c:a3:a1:03:c7:
                    ec:a4:fd:dd:46:0b:9b:f5:cb:87:7b:dd:59:e5:ed:
                    13:3b:62:3d:e3:69:b7:be:e7:b8:25:8e:df:32:3a:
                    61:34:29:75:f8:b7:bb:a0:8b:fb:ce:2c:d3:f2:e8:
                    8e:e3:2d:1d:99:35:9f:4b:8d:e5:f3:9e:e6:78:d2:
                    46:91:4d:53:59:8e:fb:74:7c:db:54:3c:e9:08:ed:
                    a0:d4:6b:3e:b7:e3:98:93:1a:bb:60:58:15:9e:d0:
                    27:cb:71:79:cf:f3:77:0b:2a:2f:0c:cb:78:44:4e:
                    a9:ca:55:00:8d:50:85:ed:db:44:d3:64:fb:7b:5c:
                    0d:66:76:26:1a:32:3f:3e:7e:88:4a:0f:44:a3:ef:
                    47:e6:4b:91:b8:1e:ef:d2:08:72:af:35:7f:ce:1a:
                    f2:e8:af:79:b3:62:59:74:e8:54:bb:14:69:4f:6b:
                    5d:51:99:b1:e0:74:22:09:dd:5b:b2:ac:f3:d6:95:
                    2f:51:65:4f:63:49:80:6c:2b:22:aa:82:54:43:b0:
                    a7:e7:0f:c8:ce:c6:d7:ac:ba:98:9c:4e:8c:1e:a9:
                    e4:6d:81:43:1d:66:8e:a0:08:e8:40:48:71:e3:a4:
                    cc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:48:BE:BE:43:E3:21:8B:06:11:65:56:CD:CA:6A:4F:B1:B3:8D:20
            X509v3 Authority Key Identifier:
                keyid:AB:27:29:64:2D:2E:35:37:D9:AB:7C:45:C5:1F:E2:6D:EA:46:8B:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qycpZC0uNTfZq3xFxR_ibepGi4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/T0i-vkPjIYsGEWVWzcpqT7GzjSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/ed80de-1361-423f-91af-5d0e620f525d/1/qycpZC0uNTfZq3xFxR_ibepGi4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.216.0/22
                  185.232.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:2c:b9:d8:31:ff:a9:3a:9f:15:e8:e3:75:38:4f:5b:0a:7d:
         59:0e:c6:71:32:6c:6a:7c:38:8e:34:a1:1c:d3:68:86:7b:e6:
         73:a0:72:13:42:01:e7:34:58:09:61:25:dd:4c:fd:a0:85:f0:
         92:ae:cf:ff:6d:b8:4b:94:44:20:6d:75:9a:e0:c2:45:68:2c:
         5e:96:c9:e0:24:c4:83:63:cb:40:51:f1:87:b1:07:df:e6:8d:
         68:42:fa:45:4c:39:43:ee:b2:99:95:16:ab:42:ee:bc:fe:19:
         b8:de:07:ed:3e:c5:07:81:90:3b:03:8e:a5:d9:9e:2f:58:13:
         d9:a9:64:a7:61:dd:8b:6c:9a:20:2e:48:a0:c0:7b:dc:38:c1:
         54:94:9d:ee:7c:be:f4:60:96:5f:8f:52:73:f6:59:26:e2:fd:
         26:1e:5a:20:5c:f1:4a:87:3a:b6:21:7b:a1:98:bb:09:d6:2e:
         da:46:1c:5b:68:33:5a:fe:44:cd:93:00:80:41:bc:13:bb:90:
         2b:90:d6:60:06:00:94:6d:07:c3:93:28:5d:ff:04:1a:e2:fa:
         2e:0a:32:49:4e:c3:69:60:22:d7:42:21:4a:03:f8:70:ea:db:
         75:6b:6b:13:b7:3b:51:33:32:9b:7c:7c:11:89:6c:46:c5:a5:
         2a:b1:d5:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAE574bIafVScBD0ue4pMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjcyOTY0MmQyZTM1MzdkOWFiN2M0NWM1MWZlMjZkZWE0
NjhiODIwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ4YmViZTQzZTMyMThiMDYxMTY1NTZjZGNhNmE0ZmIxYjM4ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eGpsYJI3/ZIK5ZcyTHMNfViiXFX
5jzWDKOhA8fspP3dRgub9cuHe91Z5e0TO2I942m3vue4JY7fMjphNCl1+Le7oIv7
zizT8uiO4y0dmTWfS43l857meNJGkU1TWY77dHzbVDzpCO2g1Gs+t+OYkxq7YFgV
ntAny3F5z/N3CyovDMt4RE6pylUAjVCF7dtE02T7e1wNZnYmGjI/Pn6ISg9Eo+9H
5kuRuB7v0ghyrzV/zhry6K95s2JZdOhUuxRpT2tdUZmx4HQiCd1bsqzz1pUvUWVP
Y0mAbCsiqoJUQ7Cn5w/IzsbXrLqYnE6MHqnkbYFDHWaOoAjoQEhx46TMxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE9Ivr5D4yGLBhFlVs3Kak+xs40gMB8GA1UdIwQY
MBaAFKsnKWQtLjU32at8RcUf4m3qRouCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXljcFpDMHVOVGZacTN4RnhSX2liZXBHaTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9lZDgwZGUtMTM2MS00MjNmLTkxYWYt
NWQwZTYyMGY1MjVkLzEvVDBpLXZrUGpJWXNHRVdWV3pjcHFUN0d6alNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9lZDgwZGUtMTM2MS00MjNmLTkxYWYtNWQwZTYyMGY1MjVk
LzEvcXljcFpDMHVOVGZacTN4RnhSX2liZXBHaTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZXYAwQC
uegYMA0GCSqGSIb3DQEBCwUAA4IBAQCELLnYMf+pOp8V6ON1OE9bCn1ZDsZxMmxq
fDiONKEc02iGe+ZzoHITQgHnNFgJYSXdTP2ghfCSrs//bbhLlEQgbXWa4MJFaCxe
lsngJMSDY8tAUfGHsQff5o1oQvpFTDlD7rKZlRarQu68/hm43gftPsUHgZA7A46l
2Z4vWBPZqWSnYd2LbJogLkigwHvcOMFUlJ3ufL70YJZfj1Jz9lkm4v0mHlogXPFK
hzq2IXuhmLsJ1i7aRhxbaDNa/kTNkwCAQbwTu5ArkNZgBgCUbQfDkyhd/wQa4vou
CjJJTsNpYCLXQiFKA/hw6tt1a2sTtztRMzKbfHwRiWxGxaUqsdUI
-----END CERTIFICATE-----