Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/TDNXLkHr4myptldehq1ym4odETY.roa
File:                     TDNXLkHr4myptldehq1ym4odETY.roa (raw, json)
Hash identifier:          nD6riXodu1BZHAlcnfZ5ilKK54YtUEhjWjzJKFcArm8=
Subject key identifier:   4C:33:57:2E:41:EB:E2:6C:A9:B6:57:5E:86:AD:72:9B:8A:1D:11:36
Certificate issuer:       /CN=8e7b69927dd21bb9e1455fa88ed88ed247c718da
Certificate serial:       018CC94ACA86B8CDED4E889552157E258589
Authority key identifier: 8E:7B:69:92:7D:D2:1B:B9:E1:45:5F:A8:8E:D8:8E:D2:47:C7:18:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jntpkn3SG7nhRV-ojtiO0kfHGNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/TDNXLkHr4myptldehq1ym4odETY.roa
Signing time:             Tue 02 Jan 2024 08:29:31 +0000
ROA not before:           Tue 02 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44650
IP address blocks:        185.175.240.0/24 maxlen: 24
                          185.175.242.0/24 maxlen: 24
                          185.175.243.0/24 maxlen: 24
                          185.175.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/jntpkn3SG7nhRV-ojtiO0kfHGNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/jntpkn3SG7nhRV-ojtiO0kfHGNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jntpkn3SG7nhRV-ojtiO0kfHGNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ca:86:b8:cd:ed:4e:88:95:52:15:7e:25:85:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e7b69927dd21bb9e1455fa88ed88ed247c718da
        Validity
            Not Before: Jan  2 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c33572e41ebe26ca9b6575e86ad729b8a1d1136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:88:b8:15:e4:fb:6e:65:41:9f:70:65:33:
                    72:6e:35:96:67:44:f9:dc:83:19:88:8c:64:49:71:
                    11:05:54:f9:17:6a:f7:68:f8:64:36:e4:87:64:cb:
                    e3:4b:fc:3f:7d:bb:e7:3d:5d:7f:ad:a9:3a:37:a6:
                    3d:a4:9a:16:dd:84:af:91:f5:73:45:98:24:40:25:
                    3f:79:4a:ea:a1:16:2d:27:72:54:d2:26:0f:cd:8d:
                    df:b7:1a:fb:4c:ab:98:a8:53:c7:7b:4e:25:f6:56:
                    fe:8b:a7:5b:ed:6e:47:a8:51:99:39:76:e7:f8:ab:
                    81:74:e9:66:f8:f9:73:a8:07:b8:4c:eb:44:03:06:
                    e9:43:13:48:10:9f:26:21:de:ce:82:ae:58:03:8a:
                    0a:33:b2:72:34:8e:91:12:d9:1c:51:d7:44:a7:6f:
                    4a:84:b3:2d:1e:ac:de:cc:64:a8:c3:0c:37:e3:1e:
                    e1:61:1b:45:fd:82:44:6b:e2:ea:02:3d:ef:de:e4:
                    f7:36:bf:36:bf:f5:ef:fd:d8:29:e9:ac:7f:92:b8:
                    8e:65:be:ce:e4:3c:dc:0f:a8:be:df:35:b1:1d:51:
                    9d:99:42:9b:bb:73:be:5b:79:bb:ff:e7:a3:f0:24:
                    7d:f7:29:79:96:d5:5c:13:27:df:06:66:15:f0:80:
                    35:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:33:57:2E:41:EB:E2:6C:A9:B6:57:5E:86:AD:72:9B:8A:1D:11:36
            X509v3 Authority Key Identifier:
                keyid:8E:7B:69:92:7D:D2:1B:B9:E1:45:5F:A8:8E:D8:8E:D2:47:C7:18:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jntpkn3SG7nhRV-ojtiO0kfHGNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/TDNXLkHr4myptldehq1ym4odETY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/46edcb-caaf-4d65-85c1-c0292f58b72f/1/jntpkn3SG7nhRV-ojtiO0kfHGNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:7a:0a:2a:7e:e6:64:74:3d:a7:31:16:e6:29:96:d3:49:42:
         83:29:1a:97:1b:13:b3:1f:01:8f:8c:c2:c4:9e:e1:90:ba:3f:
         4a:52:ac:23:ce:d9:ee:c8:94:33:f8:1f:12:53:a1:71:64:54:
         4c:64:d3:3c:77:b4:f6:73:d7:99:6c:3c:a9:3c:f7:01:93:48:
         1b:e6:17:c0:0a:f2:08:77:73:7a:a5:08:75:4c:5c:c3:f2:d8:
         6b:d4:79:af:ff:f0:a6:51:99:bc:49:90:ef:0d:70:e0:ce:08:
         1d:f5:24:92:2b:e2:6b:4c:ab:e9:a8:1c:15:71:0f:39:5d:93:
         c5:11:14:d5:c5:1c:4b:99:e7:2e:a2:81:78:b7:35:f5:e5:f7:
         6b:fb:03:2a:02:9c:b8:37:8a:a4:0f:43:5f:d7:86:c3:23:cd:
         d9:b5:fa:70:b8:68:98:8a:62:a8:7d:1d:63:bf:f1:1f:3c:53:
         00:04:f6:48:26:fa:0c:d6:d1:2a:55:c3:6b:e2:43:37:68:09:
         68:37:5c:2b:1f:63:fa:82:2e:ba:39:12:aa:e8:0a:78:7b:5f:
         a7:63:0a:79:f2:81:1d:69:68:6c:f9:5c:6b:7a:50:ae:8b:85:
         f9:f2:bc:16:1a:1f:20:3d:a2:76:9e:69:e0:b1:36:77:a5:5d:
         e4:b1:ac:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsqGuM3tToiVUhV+JYWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2I2OTkyN2RkMjFiYjllMTQ1NWZhODhlZDg4ZWQyNDdj
NzE4ZGEwHhcNMjQwMTAyMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMzNTcyZTQxZWJlMjZjYTliNjU3NWU4NmFkNzI5YjhhMWQxMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwweIuBXk+25lQZ9wZTNybjWWZ0T5
3IMZiIxkSXERBVT5F2r3aPhkNuSHZMvjS/w/fbvnPV1/rak6N6Y9pJoW3YSvkfVz
RZgkQCU/eUrqoRYtJ3JU0iYPzY3ftxr7TKuYqFPHe04l9lb+i6db7W5HqFGZOXbn
+KuBdOlm+PlzqAe4TOtEAwbpQxNIEJ8mId7Ogq5YA4oKM7JyNI6REtkcUddEp29K
hLMtHqzezGSowww34x7hYRtF/YJEa+LqAj3v3uT3Nr82v/Xv/dgp6ax/kriOZb7O
5DzcD6i+3zWxHVGdmUKbu3O+W3m7/+ej8CR99yl5ltVcEyffBmYV8IA1LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwzVy5B6+JsqbZXXoatcpuKHRE2MB8GA1UdIwQY
MBaAFI57aZJ90hu54UVfqI7YjtJHxxjaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam50cGtuM1NHN25oUlYtb2p0aU8wa2ZIR05vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80NmVkY2ItY2FhZi00ZDY1LTg1YzEt
YzAyOTJmNThiNzJmLzEvVEROWExrSHI0bXlwdGxkZWhxMXltNG9kRVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80NmVkY2ItY2FhZi00ZDY1LTg1YzEtYzAyOTJmNThiNzJm
LzEvam50cGtuM1NHN25oUlYtb2p0aU8wa2ZIR05vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua/wMA0G
CSqGSIb3DQEBCwUAA4IBAQBkegoqfuZkdD2nMRbmKZbTSUKDKRqXGxOzHwGPjMLE
nuGQuj9KUqwjztnuyJQz+B8SU6FxZFRMZNM8d7T2c9eZbDypPPcBk0gb5hfACvII
d3N6pQh1TFzD8thr1Hmv//CmUZm8SZDvDXDgzggd9SSSK+JrTKvpqBwVcQ85XZPF
ERTVxRxLmecuooF4tzX15fdr+wMqApy4N4qkD0Nf14bDI83ZtfpwuGiYimKofR1j
v/EfPFMABPZIJvoM1tEqVcNr4kM3aAloN1wrH2P6gi66ORKq6Ap4e1+nYwp58oEd
aWhs+VxrelCui4X58rwWGh8gPaJ2nmngsTZ3pV3ksazh
-----END CERTIFICATE-----