Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/Z8GKnnmE7MVsy6VMb3CmkxH50Yc.roa
File:                     Z8GKnnmE7MVsy6VMb3CmkxH50Yc.roa (raw, json)
Hash identifier:          ZoMc9ztnOLmWgPs9iarPFlALSd/RblIYddo8U/gKS8s=
Subject key identifier:   67:C1:8A:9E:79:84:EC:C5:6C:CB:A5:4C:6F:70:A6:93:11:F9:D1:87
Certificate issuer:       /CN=4d69fe11ba001b12a6fbd189629a3fb181bd8c9b
Certificate serial:       018CC6B9328A5F7B8570CB7B628433F247DE
Authority key identifier: 4D:69:FE:11:BA:00:1B:12:A6:FB:D1:89:62:9A:3F:B1:81:BD:8C:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/Z8GKnnmE7MVsy6VMb3CmkxH50Yc.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200539
IP address blocks:        185.239.12.0/22 maxlen: 22
                          185.103.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:32:8a:5f:7b:85:70:cb:7b:62:84:33:f2:47:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d69fe11ba001b12a6fbd189629a3fb181bd8c9b
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c18a9e7984ecc56ccba54c6f70a69311f9d187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:70:ad:ac:d1:73:f6:79:f8:d9:a5:7a:37:23:
                    8d:e9:da:61:88:56:b8:9e:67:9d:1d:48:fb:b3:e0:
                    5e:16:d3:31:1c:a0:87:22:80:9e:83:fb:2c:97:cf:
                    a5:cc:3d:7c:fb:1c:08:db:d3:bb:44:17:57:6e:e5:
                    50:52:65:a0:81:7d:37:4e:26:69:c3:50:de:15:ed:
                    f2:37:6f:5c:f0:ef:ff:25:28:d1:d3:3a:eb:09:72:
                    70:8d:4a:aa:86:fd:d0:8f:0f:f2:d8:b9:e1:66:ba:
                    0a:ca:fa:70:64:a0:5a:ea:c6:c4:11:88:96:a2:f4:
                    82:ef:fa:ec:73:64:a6:d9:4a:c7:b9:45:f2:5b:17:
                    88:bb:59:5f:ef:4f:c8:10:e7:0f:16:2b:f1:06:06:
                    9a:0a:42:dc:6e:b4:18:49:ce:f7:3d:5b:1a:56:b4:
                    54:4a:65:4d:52:fc:74:9d:ed:e1:74:38:dd:79:1b:
                    6f:30:51:a1:0f:a8:3c:90:fe:83:ee:cf:5d:8c:2e:
                    34:5f:b4:62:04:bd:44:03:bb:0f:da:4f:aa:57:93:
                    7e:9e:de:5f:a8:93:94:5e:75:57:fd:10:29:ce:4d:
                    44:bc:bb:a0:58:52:00:6a:a8:c8:95:47:03:3e:88:
                    26:c6:31:89:7f:8b:63:66:02:63:4b:68:ef:e6:c9:
                    43:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C1:8A:9E:79:84:EC:C5:6C:CB:A5:4C:6F:70:A6:93:11:F9:D1:87
            X509v3 Authority Key Identifier:
                keyid:4D:69:FE:11:BA:00:1B:12:A6:FB:D1:89:62:9A:3F:B1:81:BD:8C:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/Z8GKnnmE7MVsy6VMb3CmkxH50Yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.152.0/22
                  185.239.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:f4:fc:81:4f:b4:4c:2d:f8:9a:3c:c5:bf:06:b3:70:96:b9:
         5f:d7:9e:27:34:94:95:53:7e:c0:30:e6:e5:5c:6c:3f:70:d7:
         6a:c9:cb:ad:12:a9:d8:64:d7:e0:2e:65:2f:ad:01:88:0b:a3:
         72:f9:b7:d6:d6:6d:da:b3:30:54:a4:f6:63:d6:e9:e9:2e:ec:
         07:a8:5d:a3:a5:6b:5f:4e:ae:06:78:4b:96:f2:51:58:34:1d:
         60:99:f3:19:59:1e:91:09:86:93:01:ad:9f:90:67:35:07:7c:
         d2:fd:8c:ea:a8:b8:f5:a9:88:bb:43:57:4f:80:72:8f:7f:f9:
         a8:11:9b:3e:03:f2:9a:61:f6:a5:68:1f:0a:d5:e0:1b:b7:65:
         32:60:b5:dc:ea:28:bc:53:98:34:0b:02:fc:f3:4c:91:ee:9f:
         5c:fd:58:05:5a:12:4c:17:6b:fb:61:49:64:8c:0c:0a:1b:51:
         c4:71:79:0b:c2:31:3d:9f:2f:cd:ae:93:dc:3d:8a:ab:ce:e8:
         a4:d3:bd:d0:83:33:c5:c0:d8:69:fe:99:94:b3:4d:96:52:f2:
         ce:f7:73:f2:88:4d:30:29:af:5e:79:3b:ff:2a:70:ec:f3:f2:
         62:6f:21:14:db:69:96:2b:1b:af:24:ad:62:6b:31:2d:28:13:
         e4:ad:fe:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTKKX3uFcMt7YoQz8kfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNjlmZTExYmEwMDFiMTJhNmZiZDE4OTYyOWEzZmIxODFi
ZDhjOWIwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MxOGE5ZTc5ODRlY2M1NmNjYmE1NGM2ZjcwYTY5MzExZjlkMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3CtrNFz9nn42aV6NyON6dphiFa4
nmedHUj7s+BeFtMxHKCHIoCeg/ssl8+lzD18+xwI29O7RBdXbuVQUmWggX03TiZp
w1DeFe3yN29c8O//JSjR0zrrCXJwjUqqhv3Qjw/y2LnhZroKyvpwZKBa6sbEEYiW
ovSC7/rsc2Sm2UrHuUXyWxeIu1lf70/IEOcPFivxBgaaCkLcbrQYSc73PVsaVrRU
SmVNUvx0ne3hdDjdeRtvMFGhD6g8kP6D7s9djC40X7RiBL1EA7sP2k+qV5N+nt5f
qJOUXnVX/RApzk1EvLugWFIAaqjIlUcDPogmxjGJf4tjZgJjS2jv5slDHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGfBip55hOzFbMulTG9wppMR+dGHMB8GA1UdIwQY
MBaAFE1p/hG6ABsSpvvRiWKaP7GBvYybMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFduLUVib0FHeEttLTlHSllwb19zWUc5akpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zMjZhZTctZWQ5Zi00MTA1LThiNWQt
M2I2OGE4NGNkMmI4LzEvWjhHS25ubUU3TVZzeTZWTWIzQ21reEg1MFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zMjZhZTctZWQ5Zi00MTA1LThiNWQtM2I2OGE4NGNkMmI4
LzEvVFduLUVib0FHeEttLTlHSllwb19zWUc5akpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWeYAwQC
ue8MMA0GCSqGSIb3DQEBCwUAA4IBAQCe9PyBT7RMLfiaPMW/BrNwlrlf154nNJSV
U37AMOblXGw/cNdqycutEqnYZNfgLmUvrQGIC6Ny+bfW1m3aszBUpPZj1unpLuwH
qF2jpWtfTq4GeEuW8lFYNB1gmfMZWR6RCYaTAa2fkGc1B3zS/YzqqLj1qYi7Q1dP
gHKPf/moEZs+A/KaYfalaB8K1eAbt2UyYLXc6ii8U5g0CwL880yR7p9c/VgFWhJM
F2v7YUlkjAwKG1HEcXkLwjE9ny/NrpPcPYqrzuik073QgzPFwNhp/pmUs02WUvLO
93PyiE0wKa9eeTv/KnDs8/JibyEU22mWKxuvJK1iazEtKBPkrf4x
-----END CERTIFICATE-----