Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/TYI4qzMgBzeHNB7W7yYtjPMYbeo.roa
File:                     TYI4qzMgBzeHNB7W7yYtjPMYbeo.roa (raw, json)
Hash identifier:          5RhBWYCPcthRxd4E3ByFrDp4xENl6mnfZOg9cLYD3F8=
Subject key identifier:   4D:82:38:AB:33:20:07:37:87:34:1E:D6:EF:26:2D:8C:F3:18:6D:EA
Certificate issuer:       /CN=f1f4609d0d053aec0307da44b0e678c388f641a4
Certificate serial:       018DFC5C0F8FDB657FFCAED1057DDC60C0F4
Authority key identifier: F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/TYI4qzMgBzeHNB7W7yYtjPMYbeo.roa
Signing time:             Fri 01 Mar 2024 23:31:48 +0000
ROA not before:           Fri 01 Mar 2024 23:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.18.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fc:5c:0f:8f:db:65:7f:fc:ae:d1:05:7d:dc:60:c0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f4609d0d053aec0307da44b0e678c388f641a4
        Validity
            Not Before: Mar  1 23:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d8238ab3320073787341ed6ef262d8cf3186dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2f:24:47:e0:11:f2:6b:9e:8f:aa:f7:3d:f3:
                    df:5f:03:64:dc:a7:dc:8e:25:9e:aa:d9:e2:56:4f:
                    2e:10:15:fb:0d:32:ed:bd:a4:45:9b:95:fc:3f:97:
                    3c:7a:9d:ca:56:a8:6b:ca:ec:e4:5e:22:30:f1:60:
                    1d:74:eb:3b:10:67:12:e2:c3:d7:9b:e9:5c:d2:b9:
                    fd:3f:02:bb:39:fb:71:2e:21:2d:05:e9:8d:b7:f0:
                    af:c5:cb:7e:da:04:28:9b:f2:4e:4d:48:83:74:a6:
                    aa:d0:02:6d:70:ab:91:2d:ae:88:a6:f3:9f:74:99:
                    fd:e5:fe:bb:25:d3:a0:a7:32:18:e1:65:33:87:84:
                    cb:a1:4f:48:90:30:4d:1e:5b:2a:9f:35:df:7c:b0:
                    ea:b7:74:7d:a7:9b:3f:7f:d9:df:56:82:fe:1d:70:
                    12:79:d8:ae:c1:b5:e1:6d:e1:c3:c7:eb:5f:23:0b:
                    9c:17:d2:df:fa:d1:f9:f9:fe:50:ac:d4:06:51:f8:
                    35:ca:9c:9b:a1:74:3c:b6:47:48:ce:2a:ab:06:6c:
                    6c:4a:f3:6f:48:be:40:17:f1:8e:89:a6:85:25:8e:
                    49:ba:03:1d:50:a7:6c:b7:c6:4a:20:88:92:22:96:
                    75:f5:25:4c:48:58:59:95:6a:0a:c0:0d:03:14:e6:
                    1e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:82:38:AB:33:20:07:37:87:34:1E:D6:EF:26:2D:8C:F3:18:6D:EA
            X509v3 Authority Key Identifier:
                keyid:F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/TYI4qzMgBzeHNB7W7yYtjPMYbeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:71:54:9f:e8:13:71:1e:32:d8:69:9b:eb:d8:72:eb:57:46:
         20:69:ba:d1:7f:a9:01:0f:cc:37:e3:60:f7:e7:3f:8a:72:c2:
         24:77:46:b5:7e:d8:56:31:40:ad:e5:02:5d:7e:83:3f:41:81:
         f1:80:5f:99:d4:4b:ee:14:bb:c2:2e:0b:0e:d6:1e:07:dd:19:
         fd:53:18:68:75:b9:2e:50:c4:bf:45:61:46:13:aa:5c:a1:5f:
         0b:04:4a:83:63:b9:2f:5f:24:be:e9:d9:c5:1d:72:55:e9:0c:
         bc:ea:27:b3:19:b7:7c:ed:73:68:7c:b9:2a:47:cc:5c:54:79:
         21:b6:5a:00:a8:ed:b7:c9:6a:e2:6e:b5:4b:8d:5b:cf:b6:6f:
         1b:06:a0:63:6b:88:0a:75:5a:78:62:bc:50:de:50:9a:1d:72:
         bf:aa:80:fa:c3:01:be:ba:eb:3d:0a:23:18:95:3f:4f:c6:1d:
         af:f5:76:98:2f:b9:99:c2:7d:88:68:d1:91:a1:cb:ae:26:54:
         06:ea:45:19:ff:b5:c9:62:48:a4:27:8f:92:cb:f6:af:5d:f5:
         65:0d:fa:18:67:82:d2:78:8e:8e:aa:9a:26:8e:3e:03:25:ca:
         70:6e:b4:27:db:48:5f:70:cb:56:08:e1:4f:b6:6c:bb:41:8a:
         55:2c:7a:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY38XA+P22V//K7RBX3cYMD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjQ2MDlkMGQwNTNhZWMwMzA3ZGE0NGIwZTY3OGMzODhm
NjQxYTQwHhcNMjQwMzAxMjMzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDgyMzhhYjMzMjAwNzM3ODczNDFlZDZlZjI2MmQ4Y2YzMTg2ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli8kR+AR8muej6r3PfPfXwNk3Kfc
jiWeqtniVk8uEBX7DTLtvaRFm5X8P5c8ep3KVqhryuzkXiIw8WAddOs7EGcS4sPX
m+lc0rn9PwK7OftxLiEtBemNt/Cvxct+2gQom/JOTUiDdKaq0AJtcKuRLa6IpvOf
dJn95f67JdOgpzIY4WUzh4TLoU9IkDBNHlsqnzXffLDqt3R9p5s/f9nfVoL+HXAS
ediuwbXhbeHDx+tfIwucF9Lf+tH5+f5QrNQGUfg1ypyboXQ8tkdIziqrBmxsSvNv
SL5AF/GOiaaFJY5JugMdUKdst8ZKIIiSIpZ19SVMSFhZlWoKwA0DFOYeCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2COKszIAc3hzQe1u8mLYzzGG3qMB8GA1UdIwQY
MBaAFPH0YJ0NBTrsAwfaRLDmeMOI9kGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjkt
OGNiZjkwM2U5MWNkLzEvVFlJNHF6TWdCemVITkI3Vzd5WXRqUE1ZYmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjktOGNiZjkwM2U5MWNk
LzEvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRLdMA0G
CSqGSIb3DQEBCwUAA4IBAQAicVSf6BNxHjLYaZvr2HLrV0YgabrRf6kBD8w342D3
5z+KcsIkd0a1fthWMUCt5QJdfoM/QYHxgF+Z1EvuFLvCLgsO1h4H3Rn9Uxhodbku
UMS/RWFGE6pcoV8LBEqDY7kvXyS+6dnFHXJV6Qy86iezGbd87XNofLkqR8xcVHkh
tloAqO23yWribrVLjVvPtm8bBqBja4gKdVp4YrxQ3lCaHXK/qoD6wwG+uus9CiMY
lT9Pxh2v9XaYL7mZwn2IaNGRocuuJlQG6kUZ/7XJYkikJ4+Sy/avXfVlDfoYZ4LS
eI6Oqpomjj4DJcpwbrQn20hfcMtWCOFPtmy7QYpVLHrJ
-----END CERTIFICATE-----