Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tKRKLT4k6gTBGXUwVqoQP5wf828.roa
File:                     tKRKLT4k6gTBGXUwVqoQP5wf828.roa (raw, json)
Hash identifier:          mHlH0m5gNtQodNsj6u7qW5OHRqBubPK99/1nL+d+Ats=
Subject key identifier:   B4:A4:4A:2D:3E:24:EA:04:C1:19:75:30:56:AA:10:3F:9C:1F:F3:6F
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DA05629ED51B8ECFC78BC2C11F64
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tKRKLT4k6gTBGXUwVqoQP5wf828.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        185.222.217.0/24 maxlen: 24
                          2a09:0:14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:da:05:62:9e:d5:1b:8e:cf:c7:8b:c2:c1:1f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4a44a2d3e24ea04c119753056aa103f9c1ff36f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ad:0b:0c:5a:51:c1:05:9e:8d:19:1f:5d:0a:
                    41:fc:44:0b:f7:13:a2:ab:3d:0f:4c:e0:b0:57:0c:
                    6e:c0:82:2a:4f:34:c4:f3:4a:e3:f6:5d:9e:2f:73:
                    24:41:da:6a:42:3e:47:e4:3b:2a:b5:4d:4b:d5:40:
                    f7:cf:87:b2:32:f1:73:b3:f3:61:c1:89:33:e0:1d:
                    e1:6d:29:c5:99:ed:f0:9f:ad:16:76:0a:dc:e5:2c:
                    5c:43:9a:4b:4a:4f:62:60:35:65:90:62:4e:4e:df:
                    b2:3b:7e:e7:07:c1:fb:ad:5a:b2:21:45:ef:59:41:
                    cf:ce:d0:86:e7:1f:2e:c1:4c:23:c8:ad:37:9f:2d:
                    b7:6b:d5:1c:e6:9e:cb:bb:86:b5:e0:39:39:89:37:
                    68:3a:b6:d1:46:46:c6:35:90:56:ec:71:5c:3a:60:
                    3f:93:06:87:5b:72:b3:91:d7:95:d5:03:d2:d2:fe:
                    7c:44:cc:46:e4:b1:da:2d:f5:1d:66:74:0d:aa:44:
                    e2:2a:a7:59:a7:75:e6:40:cb:89:eb:67:0c:1d:14:
                    ed:b1:b8:6a:a6:c8:b8:1b:9b:3e:96:e8:ee:9b:8a:
                    df:f5:1c:39:93:da:ca:c2:54:f7:34:9f:54:7e:c3:
                    c2:0a:44:58:9c:56:31:3c:e4:b4:46:91:58:02:7c:
                    ff:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A4:4A:2D:3E:24:EA:04:C1:19:75:30:56:AA:10:3F:9C:1F:F3:6F
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tKRKLT4k6gTBGXUwVqoQP5wf828.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.217.0/24
                IPv6:
                  2a09:0:14::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:5f:f5:8e:99:f4:46:8f:5d:44:4f:a2:2e:7d:bb:c7:0d:c3:
         c1:d7:57:7a:bc:d9:c3:30:49:c5:d1:3e:21:9a:3f:15:c0:93:
         9c:a4:c0:78:02:cf:67:3b:94:64:94:cf:ef:8f:3d:04:b6:3e:
         47:09:25:f0:54:07:8b:d4:ad:1f:c6:d9:8c:07:dd:cf:5b:52:
         47:ed:47:1c:43:df:c1:e9:2f:32:5f:d6:43:23:5f:64:37:8f:
         a5:81:9d:a7:6b:d1:da:27:08:9c:93:fa:25:31:97:9f:92:cb:
         27:1a:4c:26:d6:29:9e:f7:23:ad:72:e3:3e:5a:a5:fa:e1:7e:
         78:e6:8f:4f:bf:8f:9f:6f:82:55:07:37:2e:f9:6e:eb:ed:fd:
         ff:92:b7:82:6e:f4:4e:8e:7b:9c:c8:4e:05:2f:e2:0c:75:7a:
         d7:24:15:b3:2e:4a:f5:51:7a:59:e2:14:5d:0c:84:b4:49:e8:
         b3:b6:27:d4:01:ac:87:5d:7f:53:71:ed:26:80:aa:57:5e:69:
         5a:bd:72:63:95:23:f4:0a:21:cf:97:92:4b:e6:a0:95:54:b4:
         66:c3:06:5e:ac:ca:c9:86:25:8f:50:6f:26:1c:11:d8:1f:7d:
         81:5c:4e:6c:ae:d5:0e:46:f6:32:4b:00:59:68:dd:c5:56:5b:
         f9:c5:f7:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAdoFYp7VG47Px4vCwR9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE0NGEyZDNlMjRlYTA0YzExOTc1MzA1NmFhMTAzZjljMWZmMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa0LDFpRwQWejRkfXQpB/EQL9xOi
qz0PTOCwVwxuwIIqTzTE80rj9l2eL3MkQdpqQj5H5DsqtU1L1UD3z4eyMvFzs/Nh
wYkz4B3hbSnFme3wn60Wdgrc5SxcQ5pLSk9iYDVlkGJOTt+yO37nB8H7rVqyIUXv
WUHPztCG5x8uwUwjyK03ny23a9Uc5p7Lu4a14Dk5iTdoOrbRRkbGNZBW7HFcOmA/
kwaHW3KzkdeV1QPS0v58RMxG5LHaLfUdZnQNqkTiKqdZp3XmQMuJ62cMHRTtsbhq
psi4G5s+lujum4rf9Rw5k9rKwlT3NJ9UfsPCCkRYnFYxPOS0RpFYAnz/LwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLSkSi0+JOoEwRl1MFaqED+cH/NvMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdEtSS0xUNGs2Z1RCR1hVd1Zxb1FQNXdmODI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAud7ZMA8E
AgACMAkDBwAqCQAAABQwDQYJKoZIhvcNAQELBQADggEBADJf9Y6Z9EaPXURPoi59
u8cNw8HXV3q82cMwScXRPiGaPxXAk5ykwHgCz2c7lGSUz++PPQS2PkcJJfBUB4vU
rR/G2YwH3c9bUkftRxxD38HpLzJf1kMjX2Q3j6WBnadr0donCJyT+iUxl5+Syyca
TCbWKZ73I61y4z5apfrhfnjmj0+/j59vglUHNy75buvt/f+St4Ju9E6Oe5zITgUv
4gx1etckFbMuSvVRelniFF0MhLRJ6LO2J9QBrIddf1Nx7SaAqldeaVq9cmOVI/QK
Ic+XkkvmoJVUtGbDBl6sysmGJY9QbyYcEdgffYFcTmyu1Q5G9jJLAFlo3cVWW/nF
9zM=
-----END CERTIFICATE-----