Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/aTSK_FwmsWXvqqLgkRWfZyn0y2c.roa
File:                     aTSK_FwmsWXvqqLgkRWfZyn0y2c.roa (raw, json)
Hash identifier:          ZyE3m33f01D86H5p9Ajn+B6G2kkj9khtIYDBogaNbiM=
Subject key identifier:   69:34:8A:FC:5C:26:B1:65:EF:AA:A2:E0:91:15:9F:67:29:F4:CB:67
Certificate issuer:       /CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
Certificate serial:       018CC4937EF4FF509FFD2230182973913BB7
Authority key identifier: 00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/aTSK_FwmsWXvqqLgkRWfZyn0y2c.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24634
IP address blocks:        185.40.208.0/22 maxlen: 24
                          2a04:86c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7e:f4:ff:50:9f:fd:22:30:18:29:73:91:3b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69348afc5c26b165efaaa2e091159f6729f4cb67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0d:5f:d9:12:9e:61:4e:f9:0c:5e:ab:d2:9c:
                    e1:ac:c8:2d:01:36:23:b4:a6:44:95:40:11:a0:75:
                    30:7d:b3:dc:6f:0a:0d:ff:40:2a:47:5a:c8:fa:6b:
                    63:e7:4e:3e:59:03:c2:df:8a:a0:9e:75:79:51:18:
                    f9:83:44:59:40:81:44:22:86:96:f9:cb:92:72:6f:
                    b5:54:86:b7:a7:67:47:d8:f5:d7:a9:71:b1:19:6a:
                    4c:72:c6:2b:08:53:ff:da:86:c7:93:ec:14:0d:56:
                    0d:8c:a8:d5:4e:3a:24:ae:e8:b4:9f:2e:a0:e4:be:
                    46:6b:55:39:9f:30:7d:31:94:ca:ab:7f:2e:a9:2b:
                    20:2e:84:ab:48:0d:a5:eb:3f:c8:13:ce:2c:e8:ce:
                    2b:da:77:15:ce:cc:69:81:cd:ec:89:b1:b6:9b:9a:
                    fb:db:22:a7:60:3c:d7:76:0d:60:fb:14:72:03:43:
                    92:f3:3a:86:5b:ab:4b:48:80:42:37:57:ee:84:83:
                    09:d5:e5:59:5f:f2:6d:97:24:95:4f:97:a2:b0:8d:
                    b1:9b:06:42:29:13:0b:fd:03:41:45:94:3e:27:b2:
                    40:0f:0b:5d:ac:90:9f:fc:ef:08:d1:ee:62:96:95:
                    19:72:2d:d4:70:73:95:4e:7f:6b:7f:b2:b6:03:b2:
                    76:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:34:8A:FC:5C:26:B1:65:EF:AA:A2:E0:91:15:9F:67:29:F4:CB:67
            X509v3 Authority Key Identifier:
                keyid:00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/aTSK_FwmsWXvqqLgkRWfZyn0y2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.208.0/22
                IPv6:
                  2a04:86c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:f2:d7:d2:6b:a0:a8:0c:52:1b:d1:37:da:56:7b:94:9c:bc:
         29:a0:74:fa:51:03:50:cc:b9:00:73:5a:00:51:23:b5:3d:df:
         9a:0f:db:57:59:54:05:15:39:51:c9:7c:38:64:23:04:25:71:
         ba:c8:4b:08:82:01:c2:bd:8f:fe:c5:51:a5:ac:fa:37:75:a4:
         ad:8a:48:b1:8b:1f:f0:4d:a0:db:66:91:f5:61:14:4b:e2:05:
         9c:df:4c:c8:66:eb:74:11:bf:49:ab:bc:d4:e9:5e:59:6c:78:
         46:eb:3d:47:3f:74:5b:9c:75:2f:15:a4:16:c3:91:58:de:40:
         6a:91:4b:e5:18:1d:09:97:34:e7:94:bb:1e:05:dc:55:a9:08:
         c1:fb:de:64:ec:a0:72:ed:3c:15:13:c8:c0:7a:60:b1:25:c4:
         41:2b:b7:3e:f0:15:75:db:e5:9d:45:df:29:b4:c7:17:8e:13:
         65:61:81:96:41:4c:f1:88:71:cd:fd:d3:c7:a8:f1:59:47:c3:
         92:10:a8:1c:d1:e7:f1:5c:a4:80:2d:3d:32:ec:38:92:3c:18:
         26:fa:1b:2c:3f:f1:54:54:a6:c8:79:62:3c:a7:b6:0a:d0:20:
         f8:f0:95:20:04:ec:9d:46:7a:42:d8:e4:36:e3:22:04:2c:21:
         0c:5e:d5:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk370/1Cf/SIwGClzkTu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWY5ZGRhMzA3Y2I1MjUzODVlZjkwZjUwNmQwZDU3YmI5
ZDJiZjIwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM0OGFmYzVjMjZiMTY1ZWZhYWEyZTA5MTE1OWY2NzI5ZjRjYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA1f2RKeYU75DF6r0pzhrMgtATYj
tKZElUARoHUwfbPcbwoN/0AqR1rI+mtj504+WQPC34qgnnV5URj5g0RZQIFEIoaW
+cuScm+1VIa3p2dH2PXXqXGxGWpMcsYrCFP/2obHk+wUDVYNjKjVTjokrui0ny6g
5L5Ga1U5nzB9MZTKq38uqSsgLoSrSA2l6z/IE84s6M4r2ncVzsxpgc3sibG2m5r7
2yKnYDzXdg1g+xRyA0OS8zqGW6tLSIBCN1fuhIMJ1eVZX/JtlySVT5eisI2xmwZC
KRML/QNBRZQ+J7JADwtdrJCf/O8I0e5ilpUZci3UcHOVTn9rf7K2A7J2uQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGk0ivxcJrFl76qi4JEVn2cp9MtnMB8GA1UdIwQY
MBaAFACvndowfLUlOF75D1BtDVe7nSvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTkt
OTBlYWNlOWUwNTllLzEvYVRTS19Gd21zV1h2cXFMZ2tSV2ZaeW4weTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTktOTBlYWNlOWUwNTll
LzEvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSjQMA0E
AgACMAcDBQMqBIbAMA0GCSqGSIb3DQEBCwUAA4IBAQAB8tfSa6CoDFIb0TfaVnuU
nLwpoHT6UQNQzLkAc1oAUSO1Pd+aD9tXWVQFFTlRyXw4ZCMEJXG6yEsIggHCvY/+
xVGlrPo3daStikixix/wTaDbZpH1YRRL4gWc30zIZut0Eb9Jq7zU6V5ZbHhG6z1H
P3RbnHUvFaQWw5FY3kBqkUvlGB0JlzTnlLseBdxVqQjB+95k7KBy7TwVE8jAemCx
JcRBK7c+8BV12+WdRd8ptMcXjhNlYYGWQUzxiHHN/dPHqPFZR8OSEKgc0efxXKSA
LT0y7DiSPBgm+hssP/FUVKbIeWI8p7YK0CD48JUgBOydRnpC2OQ24yIELCEMXtUr
-----END CERTIFICATE-----