Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/TDLfzInkzLVa-Dcdb7sBUKelGAI.roa
File:                     TDLfzInkzLVa-Dcdb7sBUKelGAI.roa (raw, json)
Hash identifier:          Rvb0bucj4AJeAaSQ+kxaL4z7Y+egWQWeo8gYHACOmFk=
Subject key identifier:   4C:32:DF:CC:89:E4:CC:B5:5A:F8:37:1D:6F:BB:01:50:A7:A5:18:02
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F8EEAF7F81FC8C8E61C32B54791E
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/TDLfzInkzLVa-Dcdb7sBUKelGAI.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51453
IP address blocks:        37.235.0.0/23 maxlen: 23
                          37.235.2.0/24 maxlen: 24
                          185.81.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:ee:af:7f:81:fc:8c:8e:61:c3:2b:54:79:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c32dfcc89e4ccb55af8371d6fbb0150a7a51802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:57:99:f7:e1:ec:11:d3:69:35:52:6e:60:2d:
                    0e:80:48:b7:59:e3:9c:01:1f:ac:72:30:ae:d0:05:
                    da:ec:75:05:1b:93:0c:44:51:2d:1e:08:d0:ff:78:
                    a2:75:e1:16:2f:8d:d8:94:70:71:06:77:42:e0:04:
                    ac:2f:3d:40:ea:38:68:8c:c8:ed:01:83:47:d9:47:
                    d7:c6:34:05:eb:4e:2e:fd:e2:0a:42:fd:a5:96:f9:
                    5c:21:9d:2c:92:b8:ac:8d:c7:b3:f0:77:a2:f3:14:
                    5f:f2:e9:c7:9d:f1:f0:cc:e4:8d:cf:28:8e:46:21:
                    ea:0a:37:f3:0f:ce:9b:53:1e:a7:83:25:61:76:eb:
                    6d:ed:7c:5b:94:ee:41:69:67:2d:66:27:58:cd:5d:
                    7f:b5:b2:4a:73:4a:a1:00:51:d7:f4:54:6e:29:4d:
                    d7:d0:11:02:1e:b1:25:d5:8e:3f:a2:62:0b:87:8d:
                    36:43:c7:8b:2a:9e:f2:01:cd:26:99:61:41:03:c9:
                    10:85:17:bc:30:cb:6a:89:aa:6d:47:de:49:a9:38:
                    2a:a9:58:39:8d:88:a5:c4:bd:fc:dc:35:09:b5:1f:
                    b6:fd:b4:05:34:95:c1:6c:6f:d8:5f:ff:5f:56:03:
                    96:20:c6:d1:f1:cf:06:67:ce:6e:a0:61:d1:20:99:
                    25:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:32:DF:CC:89:E4:CC:B5:5A:F8:37:1D:6F:BB:01:50:A7:A5:18:02
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/TDLfzInkzLVa-Dcdb7sBUKelGAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.0.0-37.235.2.255
                  185.81.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:fb:00:3a:3a:4d:54:78:3f:b5:b0:62:38:67:22:5b:df:d2:
         e5:58:41:70:c8:2d:ca:29:d6:d6:0e:ae:ba:b0:1e:73:14:1d:
         32:ba:50:c3:3b:ed:c6:0f:32:f4:90:0a:96:8a:77:1b:b6:c3:
         ac:ce:f1:d4:02:cc:bf:58:09:c1:36:73:5d:fb:ff:8b:43:4f:
         a1:10:dc:d0:3f:c5:21:c5:45:ec:e4:85:02:4a:b1:c1:a8:f9:
         55:da:89:3e:ca:a9:d0:cd:1c:77:a7:47:5e:b5:28:f3:e6:6a:
         af:ea:7d:0e:10:28:91:f2:72:ad:e6:01:c5:0b:1e:04:72:24:
         cb:61:09:bd:c9:ef:bb:ee:99:96:9d:24:7c:71:f7:9b:85:ad:
         1b:5e:60:4a:21:e3:c1:e7:df:ab:95:05:7c:84:3c:ef:e7:1b:
         a1:a9:13:b8:2d:09:c9:80:f3:1f:e4:9e:65:e6:61:56:6a:25:
         65:24:d1:dc:5c:43:66:18:a2:1a:50:c9:73:18:7c:e1:6e:a9:
         1b:cf:87:e6:bb:32:f5:16:76:3d:54:d6:d5:b7:25:c8:5f:b2:
         ef:d9:0f:68:59:2f:1f:f2:26:39:41:c9:a8:32:3c:a6:89:9a:
         a4:b7:15:25:7b:7f:da:1a:d7:15:51:a3:ac:22:03:82:ff:d5:
         6a:8b:1e:0b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzDSPjur3+B/IyOYcMrVHkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMyZGZjYzg5ZTRjY2I1NWFmODM3MWQ2ZmJiMDE1MGE3YTUxODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1eZ9+HsEdNpNVJuYC0OgEi3WeOc
AR+scjCu0AXa7HUFG5MMRFEtHgjQ/3iideEWL43YlHBxBndC4ASsLz1A6jhojMjt
AYNH2UfXxjQF604u/eIKQv2llvlcIZ0skrisjcez8Hei8xRf8unHnfHwzOSNzyiO
RiHqCjfzD86bUx6ngyVhdutt7XxblO5BaWctZidYzV1/tbJKc0qhAFHX9FRuKU3X
0BECHrEl1Y4/omILh402Q8eLKp7yAc0mmWFBA8kQhRe8MMtqiaptR95JqTgqqVg5
jYilxL383DUJtR+2/bQFNJXBbG/YX/9fVgOWIMbR8c8GZ85uoGHRIJkldQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFEwy38yJ5My1Wvg3HW+7AVCnpRgCMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvVERMZnpJbmt6TFZhLURjZGI3c0JVS2VsR0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwAl6wME
ACXrAgMEALlRzDANBgkqhkiG9w0BAQsFAAOCAQEAu/sAOjpNVHg/tbBiOGciW9/S
5VhBcMgtyinW1g6uurAecxQdMrpQwzvtxg8y9JAKlop3G7bDrM7x1ALMv1gJwTZz
Xfv/i0NPoRDc0D/FIcVF7OSFAkqxwaj5VdqJPsqp0M0cd6dHXrUo8+Zqr+p9DhAo
kfJyreYBxQseBHIky2EJvcnvu+6Zlp0kfHH3m4WtG15gSiHjweffq5UFfIQ87+cb
oakTuC0JyYDzH+SeZeZhVmolZSTR3FxDZhiiGlDJcxh84W6pG8+H5rsy9RZ2PVTW
1bclyF+y79kPaFkvH/ImOUHJqDI8pomapLcVJXt/2hrXFVGjrCIDgv/VaoseCw==
-----END CERTIFICATE-----