Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/TVXCGi25RhM6OF9QEnQ7xb9yXiM.roa
File:                     TVXCGi25RhM6OF9QEnQ7xb9yXiM.roa (raw, json)
Hash identifier:          vVirhc5WTuhIalSyGE9FHrkZgchCCXkiSnvfXkHfYxg=
Subject key identifier:   4D:55:C2:1A:2D:B9:46:13:3A:38:5F:50:12:74:3B:C5:BF:72:5E:23
Certificate issuer:       /CN=e168e36ba577ed47e6928729691991e4e7f235da
Certificate serial:       018CC5DCA54759EDBD60A0AB6EEE12B61217
Authority key identifier: E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/TVXCGi25RhM6OF9QEnQ7xb9yXiM.roa
Signing time:             Mon 01 Jan 2024 16:30:20 +0000
ROA not before:           Mon 01 Jan 2024 16:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        185.211.9.0/24 maxlen: 24
                          185.211.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a5:47:59:ed:bd:60:a0:ab:6e:ee:12:b6:12:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e168e36ba577ed47e6928729691991e4e7f235da
        Validity
            Not Before: Jan  1 16:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d55c21a2db946133a385f5012743bc5bf725e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:02:ef:7a:ab:32:65:a3:90:a3:66:b2:ff:fd:
                    60:c2:1f:80:8c:34:6a:63:03:4c:e1:95:0e:28:92:
                    a6:f8:f2:a4:9e:66:05:f4:34:30:4d:85:b2:5b:71:
                    d9:c7:e5:f9:f6:ef:ff:56:f8:18:82:09:53:4f:48:
                    e3:47:89:c0:ac:be:77:9c:8d:3b:77:2c:ad:01:e6:
                    3c:0a:5f:6f:3c:b0:18:ed:5d:c7:90:05:c1:91:fb:
                    ce:ba:de:30:13:f7:f7:2a:c7:35:bf:a5:e6:b4:60:
                    88:5e:98:85:2b:8c:5c:9d:0e:84:5e:60:0f:ad:ef:
                    6d:36:73:90:e1:17:fe:e7:84:ea:66:3d:50:8b:7d:
                    1d:eb:83:66:f2:ba:6a:a1:50:f5:d1:e1:97:5d:31:
                    d0:db:a3:75:fb:b9:d4:90:ab:48:b7:6e:25:55:11:
                    e1:3c:15:2e:e9:3e:32:57:55:90:33:19:c4:e2:bd:
                    e8:2f:e8:78:7a:01:49:24:b2:d5:46:ae:66:f5:5b:
                    37:df:48:40:69:d1:9f:73:10:b1:54:0b:1d:9d:bc:
                    60:34:fc:ab:87:74:fd:e3:b6:2f:9a:91:7e:b2:16:
                    24:89:58:8c:c1:7d:96:00:ce:89:7b:a7:10:bc:f1:
                    bc:cb:d5:cd:d1:96:eb:37:d5:0a:12:36:58:bd:3a:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:55:C2:1A:2D:B9:46:13:3A:38:5F:50:12:74:3B:C5:BF:72:5E:23
            X509v3 Authority Key Identifier:
                keyid:E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/TVXCGi25RhM6OF9QEnQ7xb9yXiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:05:97:4b:f1:e4:01:e7:e7:5d:25:46:ad:70:db:38:e1:41:
         b1:3f:d1:aa:ac:74:ac:82:63:08:11:4e:86:98:22:3d:30:9c:
         de:b6:4f:e0:52:ce:70:f3:7d:24:c0:a3:50:a4:d3:24:7c:be:
         9a:83:19:b0:2b:77:48:54:da:6c:31:8f:a4:b8:b0:2e:61:f3:
         84:ea:59:5b:1f:dc:de:62:0f:60:b6:a1:d2:c2:d3:51:35:89:
         6f:b4:ab:7c:82:5f:87:d8:be:ba:f3:df:bb:fe:e1:5a:5c:fb:
         aa:ed:60:25:88:2a:1e:13:3a:ad:e2:1d:d5:b7:ea:00:8e:3f:
         05:bc:f6:f5:fa:76:17:b9:3d:c1:33:f4:17:d9:7e:1f:ef:0e:
         5b:42:91:42:ba:82:3a:c9:6f:6f:ce:12:75:2e:db:bf:88:b3:
         76:ce:74:9c:79:2b:ae:1f:82:1e:d1:d2:68:49:1b:10:bd:63:
         9a:13:26:c6:a6:4b:0a:b4:a4:4c:46:7b:04:1d:91:00:e4:d1:
         b7:bc:40:89:d1:28:26:51:0b:e8:4f:b2:a5:07:81:60:06:82:
         b5:56:05:ab:d5:e1:7c:c5:b2:79:92:27:c0:69:63:19:e8:be:
         f2:d5:7b:55:0e:4e:b3:4f:ba:23:35:e0:05:1f:d2:48:d0:b6:
         55:95:90:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KVHWe29YKCrbu4SthIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNjhlMzZiYTU3N2VkNDdlNjkyODcyOTY5MTk5MWU0ZTdm
MjM1ZGEwHhcNMjQwMTAxMTYzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU1YzIxYTJkYjk0NjEzM2EzODVmNTAxMjc0M2JjNWJmNzI1ZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gLveqsyZaOQo2ay//1gwh+AjDRq
YwNM4ZUOKJKm+PKknmYF9DQwTYWyW3HZx+X59u//VvgYgglTT0jjR4nArL53nI07
dyytAeY8Cl9vPLAY7V3HkAXBkfvOut4wE/f3Ksc1v6XmtGCIXpiFK4xcnQ6EXmAP
re9tNnOQ4Rf+54TqZj1Qi30d64Nm8rpqoVD10eGXXTHQ26N1+7nUkKtIt24lVRHh
PBUu6T4yV1WQMxnE4r3oL+h4egFJJLLVRq5m9Vs330hAadGfcxCxVAsdnbxgNPyr
h3T947YvmpF+shYkiViMwX2WAM6Je6cQvPG8y9XN0ZbrN9UKEjZYvTpPGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1VwhotuUYTOjhfUBJ0O8W/cl4jMB8GA1UdIwQY
MBaAFOFo42uld+1H5pKHKWkZkeTn8jXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgt
Y2I0YmFiZTlkYzhmLzEvVFZYQ0dpMjVSaE02T0Y5UUVuUTd4Yjl5WGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgtY2I0YmFiZTlkYzhm
LzEvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudMIMA0G
CSqGSIb3DQEBCwUAA4IBAQCgBZdL8eQB5+ddJUatcNs44UGxP9GqrHSsgmMIEU6G
mCI9MJzetk/gUs5w830kwKNQpNMkfL6agxmwK3dIVNpsMY+kuLAuYfOE6llbH9ze
Yg9gtqHSwtNRNYlvtKt8gl+H2L6689+7/uFaXPuq7WAliCoeEzqt4h3Vt+oAjj8F
vPb1+nYXuT3BM/QX2X4f7w5bQpFCuoI6yW9vzhJ1Ltu/iLN2znSceSuuH4Ie0dJo
SRsQvWOaEybGpksKtKRMRnsEHZEA5NG3vECJ0SgmUQvoT7KlB4FgBoK1VgWr1eF8
xbJ5kifAaWMZ6L7y1XtVDk6zT7ojNeAFH9JI0LZVlZDD
-----END CERTIFICATE-----