Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/gWrwtgwRGQu7bRnQF5MljY91hcM.roa
File:                     gWrwtgwRGQu7bRnQF5MljY91hcM.roa (raw, json)
Hash identifier:          apcSO7WErtKzSY7YKj2/3KaFvyeilVJcQ+SpCOs6oCE=
Subject key identifier:   81:6A:F0:B6:0C:11:19:0B:BB:6D:19:D0:17:93:25:8D:8F:75:85:C3
Certificate issuer:       /CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
Certificate serial:       019300DECBF3A6DCDF0B7171190FD57B0B9E
Authority key identifier: 4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/gWrwtgwRGQu7bRnQF5MljY91hcM.roa
Signing time:             Wed 06 Nov 2024 09:47:01 +0000
ROA not before:           Wed 06 Nov 2024 09:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48449
IP address blocks:        185.111.160.0/24 maxlen: 24
                          185.111.161.0/24 maxlen: 24
                          185.111.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:00:de:cb:f3:a6:dc:df:0b:71:71:19:0f:d5:7b:0b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
        Validity
            Not Before: Nov  6 09:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=816af0b60c11190bbb6d19d01793258d8f7585c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:52:46:6c:63:1f:96:3b:fa:5a:24:a4:d0:83:
                    fb:03:c3:3d:e1:3b:df:84:4a:c4:98:5a:5f:8f:b7:
                    92:f9:89:19:31:cd:59:b6:5e:b0:52:85:97:b2:28:
                    43:81:d6:cf:8e:54:8d:8e:99:4c:8c:2f:44:2f:7a:
                    ea:c8:ea:3d:d0:3e:bf:24:97:7b:e0:09:8d:d6:d4:
                    82:6a:41:ab:19:e5:88:ce:c3:26:68:bd:a3:48:80:
                    ee:39:74:da:e3:a4:41:94:e6:67:8b:91:29:ea:b2:
                    77:7f:85:30:bf:a0:73:8d:0c:86:b3:43:59:90:cc:
                    c0:39:9d:ac:50:be:bc:89:ca:db:60:c9:d6:36:71:
                    ec:7a:53:0d:5b:e8:fc:48:0c:a3:8a:1f:24:94:be:
                    cf:dd:2a:a0:79:87:48:c3:ef:89:fc:08:1d:ec:f6:
                    5c:fb:6e:8a:87:0f:ab:31:6e:eb:43:22:38:da:c8:
                    7a:e2:54:45:92:f4:e8:79:84:89:f8:d0:6e:f3:49:
                    b5:ce:32:1b:6f:c6:5c:c0:8a:09:f9:8c:c8:3a:37:
                    8e:45:61:c8:46:18:d5:11:c6:4c:b5:14:fe:f6:45:
                    d4:e6:05:ee:35:d7:4d:ae:08:b1:17:85:a4:e7:b5:
                    22:68:7a:85:0b:98:a0:b9:0d:8c:10:23:ad:51:79:
                    40:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:6A:F0:B6:0C:11:19:0B:BB:6D:19:D0:17:93:25:8D:8F:75:85:C3
            X509v3 Authority Key Identifier:
                keyid:4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/gWrwtgwRGQu7bRnQF5MljY91hcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.160.0-185.111.162.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:0b:6a:d4:c5:94:21:1c:d1:5c:47:df:8b:6e:6d:86:aa:94:
         7c:35:52:bd:82:94:03:32:f4:46:20:5e:46:82:5b:a1:a1:d6:
         14:6c:03:8d:0e:1b:11:c0:c8:a4:91:e1:d4:25:2e:2e:0f:d9:
         ea:9c:d6:9c:f8:96:bf:f3:09:9e:06:8e:bf:a6:4a:3a:d2:2f:
         43:02:28:46:45:6e:f0:38:6b:d8:64:54:cb:44:37:45:f9:15:
         67:8b:5b:ae:80:b1:42:b9:f1:28:8d:71:99:5a:35:93:03:28:
         eb:a6:4d:11:ff:f3:7d:8d:8e:b4:e7:8b:71:32:34:07:b2:15:
         34:d9:0a:18:5d:3f:4f:eb:e7:56:0b:8c:c5:56:30:c2:60:cb:
         21:58:92:cd:52:c1:39:07:aa:bd:c6:2c:c1:f6:ef:24:bd:3d:
         26:2a:97:fd:de:b9:5b:fd:8c:45:60:6c:b4:d2:c9:51:3f:46:
         87:36:30:a4:cc:a2:84:cb:e1:55:57:a3:af:db:fa:f6:61:71:
         4e:25:76:42:d9:36:6e:50:d4:be:02:a2:47:7c:51:ba:1f:65:
         a9:34:88:73:30:98:e8:d9:9d:27:fc:a4:ce:26:77:4c:d6:61:
         ea:b0:ac:a6:ac:19:20:4c:15:9e:bf:6b:dd:db:50:03:e4:75:
         c7:70:12:8c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZMA3svzptzfC3FxGQ/VewueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMThhNDRkNTRhNDdhNWVhOTdkZWRmZDVlZDgzNzlkN2Vl
YTAyZDAwHhcNMjQxMTA2MDk0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTZhZjBiNjBjMTExOTBiYmI2ZDE5ZDAxNzkzMjU4ZDhmNzU4NWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFJGbGMfljv6WiSk0IP7A8M94Tvf
hErEmFpfj7eS+YkZMc1Ztl6wUoWXsihDgdbPjlSNjplMjC9EL3rqyOo90D6/JJd7
4AmN1tSCakGrGeWIzsMmaL2jSIDuOXTa46RBlOZni5Ep6rJ3f4Uwv6BzjQyGs0NZ
kMzAOZ2sUL68icrbYMnWNnHselMNW+j8SAyjih8klL7P3SqgeYdIw++J/Agd7PZc
+26Khw+rMW7rQyI42sh64lRFkvToeYSJ+NBu80m1zjIbb8ZcwIoJ+YzIOjeORWHI
RhjVEcZMtRT+9kXU5gXuNddNrgixF4Wk57UiaHqFC5iguQ2MECOtUXlAxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIFq8LYMERkLu20Z0BeTJY2PdYXDMB8GA1UdIwQY
MBaAFEwYpE1UpHpeqX3t/V7YN51+6gLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQt
ZjIxMzYzMDcxNTkxLzEvZ1dyd3Rnd1JHUXU3YlJuUUY1TWxqWTkxaGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQtZjIxMzYzMDcxNTkx
LzEvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5b6AD
BAC5b6IwDQYJKoZIhvcNAQELBQADggEBADoLatTFlCEc0VxH34tubYaqlHw1Ur2C
lAMy9EYgXkaCW6Gh1hRsA40OGxHAyKSR4dQlLi4P2eqc1pz4lr/zCZ4Gjr+mSjrS
L0MCKEZFbvA4a9hkVMtEN0X5FWeLW66AsUK58SiNcZlaNZMDKOumTRH/832NjrTn
i3EyNAeyFTTZChhdP0/r51YLjMVWMMJgyyFYks1SwTkHqr3GLMH27yS9PSYql/3e
uVv9jEVgbLTSyVE/Roc2MKTMooTL4VVXo6/b+vZhcU4ldkLZNm5Q1L4Cokd8Ubof
Zak0iHMwmOjZnSf8pM4md0zWYeqwrKasGSBMFZ6/a93bUAPkdcdwEow=
-----END CERTIFICATE-----