Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/TRyxfiyJxt-8QKrN302pgPN2aeA.roa
File:                     TRyxfiyJxt-8QKrN302pgPN2aeA.roa (raw, json)
Hash identifier:          YPXhUnz+yeoxDZ2Hd/eBcsG5z69fSD0ys05j1dHqf8s=
Subject key identifier:   4D:1C:B1:7E:2C:89:C6:DF:BC:40:AA:CD:DF:4D:A9:80:F3:76:69:E0
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0190BDE40268BABBF19F8EBF53C86C9A5572
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/TRyxfiyJxt-8QKrN302pgPN2aeA.roa
Signing time:             Tue 16 Jul 2024 23:32:34 +0000
ROA not before:           Tue 16 Jul 2024 23:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:e4:02:68:ba:bb:f1:9f:8e:bf:53:c8:6c:9a:55:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jul 16 23:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d1cb17e2c89c6dfbc40aacddf4da980f37669e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:76:9f:a7:a5:6d:23:ac:79:6f:67:94:36:e5:
                    0b:ab:84:db:a3:26:d7:c3:66:63:2d:ac:76:23:d5:
                    4b:20:13:dd:65:18:d7:53:3f:7c:01:b1:a4:81:a0:
                    b6:cb:b7:bd:77:e9:6d:43:f5:3e:8c:83:39:98:b3:
                    80:6c:2c:1f:40:0e:02:6d:d9:60:a0:5d:28:cf:0b:
                    0f:bf:56:95:c1:10:4c:ae:35:9e:02:7e:db:42:f1:
                    1d:80:33:2b:27:5e:33:61:99:64:7c:18:62:fd:eb:
                    12:e9:3e:48:2b:d5:17:c5:c8:aa:10:13:78:18:d0:
                    73:0f:99:dd:d8:21:7f:d5:24:5a:9f:5c:c1:52:21:
                    d8:2e:a7:5b:19:44:fd:a7:95:56:45:b3:ec:34:58:
                    f8:f3:d2:5b:90:24:e9:ad:62:64:c7:40:04:38:94:
                    85:56:f7:56:33:0b:ad:60:54:0b:8f:5f:1e:3b:29:
                    2b:1e:d0:e1:a5:98:70:48:f1:dd:1e:7d:ad:a5:9f:
                    69:4a:55:e5:66:7f:0d:d5:05:e4:b4:b7:bd:e7:7e:
                    fb:8e:52:57:ac:15:d9:79:af:7f:07:a3:87:10:8f:
                    c5:f2:50:b9:fc:58:9d:20:f7:cb:ad:73:75:da:ca:
                    5c:ab:7d:27:cc:3e:66:b2:23:f5:c1:58:01:c3:0d:
                    bd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1C:B1:7E:2C:89:C6:DF:BC:40:AA:CD:DF:4D:A9:80:F3:76:69:E0
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/TRyxfiyJxt-8QKrN302pgPN2aeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:a5:ca:e7:09:ae:66:0a:68:c8:da:c0:61:f9:e8:29:d2:9c:
         7b:96:ac:53:1d:22:9f:5e:0d:b1:e5:1b:e6:73:98:49:66:ea:
         5d:6a:6c:98:71:24:18:94:26:a5:9e:6b:13:63:6d:8c:f2:1b:
         72:67:13:ad:ec:f6:1d:29:8d:a1:0c:16:18:04:06:1f:f2:5f:
         2b:22:11:29:5a:77:c1:a3:1b:48:22:8d:a9:ab:28:7a:d8:5d:
         39:7a:5e:1f:e8:45:6e:14:de:4c:f6:ca:77:c5:c8:4f:97:1c:
         32:ea:b9:cf:8f:a6:37:22:60:7b:43:e2:3e:0c:92:88:1f:46:
         5c:24:93:b8:5e:36:37:a2:26:40:2a:98:e9:ad:eb:13:c8:48:
         b7:a8:22:af:47:b9:4b:09:e9:ee:16:a5:23:4a:95:8a:75:99:
         0a:58:be:b9:54:85:57:d8:5b:82:c1:3f:ab:79:6b:e5:0f:27:
         27:9f:d6:a7:9e:89:03:e0:6d:d5:34:b2:f3:0e:72:d6:53:6e:
         82:0a:f8:b4:92:db:f7:c0:f5:32:20:b2:e6:51:b7:c5:8c:91:
         d8:7a:38:a5:a2:df:94:49:48:63:0e:87:7e:14:d1:62:52:59:
         bd:35:1d:69:b3:3d:22:b7:07:1b:02:62:2e:77:5e:e2:09:bc:
         ba:dc:2c:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZC95AJourvxn46/U8hsmlVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNzE2MjMzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFjYjE3ZTJjODljNmRmYmM0MGFhY2RkZjRkYTk4MGYzNzY2OWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHafp6VtI6x5b2eUNuULq4TboybX
w2ZjLax2I9VLIBPdZRjXUz98AbGkgaC2y7e9d+ltQ/U+jIM5mLOAbCwfQA4Cbdlg
oF0ozwsPv1aVwRBMrjWeAn7bQvEdgDMrJ14zYZlkfBhi/esS6T5IK9UXxciqEBN4
GNBzD5nd2CF/1SRan1zBUiHYLqdbGUT9p5VWRbPsNFj489JbkCTprWJkx0AEOJSF
VvdWMwutYFQLj18eOykrHtDhpZhwSPHdHn2tpZ9pSlXlZn8N1QXktLe95377jlJX
rBXZea9/B6OHEI/F8lC5/FidIPfLrXN12spcq30nzD5msiP1wVgBww29zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE0csX4sicbfvECqzd9NqYDzdmngMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvVFJ5eGZpeUp4dC04UUtyTjMwMnBnUE4yYWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubPaAwQC
vEBoMA0GCSqGSIb3DQEBCwUAA4IBAQCIpcrnCa5mCmjI2sBh+egp0px7lqxTHSKf
Xg2x5Rvmc5hJZupdamyYcSQYlCalnmsTY22M8htyZxOt7PYdKY2hDBYYBAYf8l8r
IhEpWnfBoxtIIo2pqyh62F05el4f6EVuFN5M9sp3xchPlxwy6rnPj6Y3ImB7Q+I+
DJKIH0ZcJJO4XjY3oiZAKpjpresTyEi3qCKvR7lLCenuFqUjSpWKdZkKWL65VIVX
2FuCwT+reWvlDycnn9annokD4G3VNLLzDnLWU26CCvi0ktv3wPUyILLmUbfFjJHY
ejilot+USUhjDod+FNFiUlm9NR1psz0itwcbAmIud17iCby63Cwo
-----END CERTIFICATE-----