Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TJR2JEhQkiipSC0W_yAiU_xjyHU.roa
File:                     TJR2JEhQkiipSC0W_yAiU_xjyHU.roa (raw, json)
Hash identifier:          +L5HAjuULMp4KcOi+jt6hb41hYgpF4o2oE7KW00poTQ=
Subject key identifier:   4C:94:76:24:48:50:92:28:A9:48:2D:16:FF:20:22:53:FC:63:C8:75
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018EE750094A65FB2C873B337584B11C1B41
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TJR2JEhQkiipSC0W_yAiU_xjyHU.roa
Signing time:             Tue 16 Apr 2024 14:29:25 +0000
ROA not before:           Tue 16 Apr 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211619
IP address blocks:        185.244.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:50:09:4a:65:fb:2c:87:3b:33:75:84:b1:1c:1b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Apr 16 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c94762448509228a9482d16ff202253fc63c875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:13:89:2c:a5:3f:55:92:42:99:2b:97:b8:82:
                    60:6c:1e:8a:af:98:e5:7d:ce:9c:b3:1d:6b:1d:e1:
                    a0:fc:4e:c2:75:0f:49:54:6e:4a:95:67:0d:df:34:
                    89:39:34:23:c5:03:94:54:23:a0:7f:81:66:17:88:
                    3d:14:cb:e6:a0:ca:32:b4:65:ac:7f:c7:93:f6:29:
                    af:72:c4:71:20:46:9e:4e:34:ee:02:de:fa:c9:89:
                    0f:c4:3e:e5:40:5e:fa:44:22:ad:a6:0c:71:c3:55:
                    13:c5:0a:ca:06:b2:8d:59:22:17:77:47:a5:82:e0:
                    86:0e:cc:ec:7e:fb:23:ed:4f:61:cc:20:a7:05:ab:
                    0a:66:d1:51:04:f6:04:02:62:13:da:22:c2:35:65:
                    cc:45:c6:95:d5:fb:bd:d6:b6:5a:d4:16:e3:5c:d1:
                    ac:3b:5b:c0:2f:0a:8a:fd:6e:cf:6b:30:89:34:d3:
                    01:9d:99:21:77:97:7a:15:62:87:1b:90:9f:ba:1f:
                    b7:77:24:82:d8:86:6e:d8:6a:b7:3c:59:89:7e:6e:
                    4f:83:2b:ea:59:38:63:2b:91:67:86:3b:21:e6:d0:
                    d0:cf:95:7c:15:a2:7d:12:6c:4d:0f:82:0b:58:83:
                    7a:29:f9:dc:b0:83:f1:e1:20:ae:27:d9:d4:25:39:
                    fd:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:94:76:24:48:50:92:28:A9:48:2D:16:FF:20:22:53:FC:63:C8:75
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TJR2JEhQkiipSC0W_yAiU_xjyHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:50:2a:fb:cb:74:dd:75:74:d5:8a:a6:88:d8:a7:7e:01:bb:
         f3:af:34:b6:65:f1:ff:c0:d2:85:25:ad:8b:4c:fd:5d:9d:bb:
         98:24:14:85:67:08:3c:43:6f:d9:a5:be:9a:43:d6:24:38:25:
         65:3b:36:67:3b:22:26:77:43:06:c6:5a:a5:fd:cf:c5:95:e8:
         75:e1:6a:46:b2:a2:63:07:e4:f6:23:71:c1:6a:46:c1:67:ee:
         0c:f4:48:27:c4:59:fc:e3:1b:36:fe:0f:a0:4e:cb:27:1e:cb:
         35:7f:ba:ae:50:a5:f9:c3:d5:e7:03:a2:fb:53:74:79:51:e7:
         79:04:09:e4:42:d4:95:81:12:5a:a0:4d:14:4f:e1:04:15:d6:
         88:fb:a1:5e:a6:6c:bf:68:93:a2:11:c7:2c:59:2e:3c:9a:7f:
         38:85:51:d6:85:17:3a:78:0c:e4:59:26:52:64:d1:4b:3c:6b:
         e2:84:bb:e2:c2:a1:84:e7:3f:24:9a:1d:6f:e9:9b:3d:e4:40:
         59:1a:b4:36:c3:c9:38:ca:3d:a9:e2:98:18:fd:6b:14:a5:d3:
         36:1e:95:e4:8e:ce:a0:e2:0f:f7:66:76:b6:1f:93:cb:50:29:
         60:c6:a0:d9:a1:9d:49:04:20:72:6e:38:00:26:1a:d4:e7:c9:
         59:95:8e:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nUAlKZfsshzszdYSxHBtBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwNDE2MTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk0NzYyNDQ4NTA5MjI4YTk0ODJkMTZmZjIwMjI1M2ZjNjNjODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxOJLKU/VZJCmSuXuIJgbB6Kr5jl
fc6csx1rHeGg/E7CdQ9JVG5KlWcN3zSJOTQjxQOUVCOgf4FmF4g9FMvmoMoytGWs
f8eT9imvcsRxIEaeTjTuAt76yYkPxD7lQF76RCKtpgxxw1UTxQrKBrKNWSIXd0el
guCGDszsfvsj7U9hzCCnBasKZtFRBPYEAmIT2iLCNWXMRcaV1fu91rZa1BbjXNGs
O1vALwqK/W7PazCJNNMBnZkhd5d6FWKHG5Cfuh+3dySC2IZu2Gq3PFmJfm5Pgyvq
WThjK5Fnhjsh5tDQz5V8FaJ9EmxND4ILWIN6KfncsIPx4SCuJ9nUJTn9XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyUdiRIUJIoqUgtFv8gIlP8Y8h1MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvVEpSMkpFaFFraWlwU0MwV195QWlVX3hqeUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQeMA0G
CSqGSIb3DQEBCwUAA4IBAQAtUCr7y3TddXTViqaI2Kd+AbvzrzS2ZfH/wNKFJa2L
TP1dnbuYJBSFZwg8Q2/Zpb6aQ9YkOCVlOzZnOyImd0MGxlql/c/Fleh14WpGsqJj
B+T2I3HBakbBZ+4M9EgnxFn84xs2/g+gTssnHss1f7quUKX5w9XnA6L7U3R5Ued5
BAnkQtSVgRJaoE0UT+EEFdaI+6Fepmy/aJOiEccsWS48mn84hVHWhRc6eAzkWSZS
ZNFLPGvihLviwqGE5z8kmh1v6Zs95EBZGrQ2w8k4yj2p4pgY/WsUpdM2HpXkjs6g
4g/3Zna2H5PLUClgxqDZoZ1JBCBybjgAJhrU58lZlY4H
-----END CERTIFICATE-----