Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/TpXUvNsyn_vwF8K2GRhROBefTIY.roa
File:                     TpXUvNsyn_vwF8K2GRhROBefTIY.roa (raw, json)
Hash identifier:          GAa3EpC2Gs1BdhqgkmvFECzhWiq/kXVk4+7cuqTGTfE=
Subject key identifier:   4E:95:D4:BC:DB:32:9F:FB:F0:17:C2:B6:19:18:51:38:17:9F:4C:86
Certificate issuer:       /CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
Certificate serial:       018CC424732BA6C5781E831AB8CCE081936D
Authority key identifier: 90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/TpXUvNsyn_vwF8K2GRhROBefTIY.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49374
IP address blocks:        185.1.136.0/24 maxlen: 24
                          2001:7f8:da::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:73:2b:a6:c5:78:1e:83:1a:b8:cc:e0:81:93:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e95d4bcdb329ffbf017c2b619185138179f4c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:2a:68:2c:c4:ca:9e:51:98:f3:d9:ef:ab:
                    26:b9:e8:7d:51:39:68:f2:df:9a:b7:9b:bf:16:82:
                    82:67:4a:19:74:06:d5:a6:a0:85:9d:f7:f5:d3:40:
                    75:29:07:81:62:33:6f:9b:7d:d8:5d:1f:5d:3d:ad:
                    d6:a9:44:4a:a3:56:c1:02:a9:4a:b1:db:c6:d5:a7:
                    a7:f2:cb:dd:a7:cf:6c:2f:85:68:5c:0b:22:a7:0e:
                    76:d4:75:00:8e:70:c3:bd:b2:51:66:20:5a:91:7a:
                    5a:9d:26:02:8e:b2:c4:7a:75:f4:2f:a1:bf:fe:4b:
                    c6:3c:d0:5f:41:2e:40:f9:8a:9d:a9:d1:21:11:21:
                    4e:5a:cc:05:a3:5a:3c:81:05:3e:73:6f:e8:70:0a:
                    e3:f6:22:31:e7:fd:39:8e:ac:5a:9e:e0:61:5f:f6:
                    a3:79:9a:fd:f1:55:a5:af:0c:1d:10:0a:b3:e0:00:
                    6c:1c:9e:42:c4:c0:36:aa:f4:f5:e3:56:be:cb:1f:
                    41:1c:f7:fa:e0:4e:0f:5c:c0:2d:d5:6d:15:5b:f5:
                    03:39:f2:79:d5:7e:b8:3d:d2:95:4d:79:7f:2f:58:
                    ae:99:4d:08:19:4c:6c:c3:a7:85:c5:d6:70:d2:f4:
                    b7:2f:af:aa:5f:73:02:43:7b:31:15:7b:db:5f:2c:
                    14:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:95:D4:BC:DB:32:9F:FB:F0:17:C2:B6:19:18:51:38:17:9F:4C:86
            X509v3 Authority Key Identifier:
                keyid:90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/TpXUvNsyn_vwF8K2GRhROBefTIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.136.0/24
                IPv6:
                  2001:7f8:da::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:74:40:0d:15:6c:ff:03:58:5c:dc:cc:40:10:14:30:6f:2f:
         ab:df:45:0b:6d:1a:21:f5:14:9a:b8:20:04:0f:30:b0:75:0a:
         57:6f:76:60:52:8f:03:3a:11:2e:ef:96:d1:10:6c:56:a2:fc:
         4b:7a:2a:6c:92:2a:07:95:32:f9:44:21:04:31:25:10:59:b0:
         d7:2d:a1:1f:67:ef:fa:2d:03:d6:a1:db:47:14:63:72:40:b1:
         2a:f5:24:cb:77:52:fa:7b:5c:23:7c:49:c4:c5:77:8e:0e:51:
         96:e2:c2:3b:06:59:85:b3:27:17:b7:25:2c:ee:48:c8:d4:58:
         09:51:74:39:46:e7:96:4d:4f:2d:d3:ba:77:d4:48:7f:fe:1a:
         29:3a:38:b6:9c:24:f2:e3:ed:d5:b5:dc:48:47:af:06:73:ef:
         70:a4:5f:33:cd:de:ce:9d:06:fb:ec:65:86:94:4b:9f:c9:53:
         b7:44:33:9f:dc:57:53:ac:3d:40:83:4d:e5:6b:93:66:a4:cb:
         3e:ad:2c:15:6c:63:b8:b5:92:fb:46:73:33:7a:2e:54:c7:f6:
         1b:86:b9:f6:46:64:d6:79:f5:a0:14:ea:19:45:50:11:16:a8:
         20:b0:e1:29:48:39:97:29:f4:60:8e:a3:4f:7e:f6:bd:5e:7f:
         d4:07:1f:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJHMrpsV4HoMauMzggZNtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNDJlODM5NzZlMzVmZTI5YTAxZDNjNDNhOWJjNTk2NGIz
N2I0NDMwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTk1ZDRiY2RiMzI5ZmZiZjAxN2MyYjYxOTE4NTEzODE3OWY0Yzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0cqaCzEyp5RmPPZ76smueh9UTlo
8t+at5u/FoKCZ0oZdAbVpqCFnff100B1KQeBYjNvm33YXR9dPa3WqURKo1bBAqlK
sdvG1aen8svdp89sL4VoXAsipw521HUAjnDDvbJRZiBakXpanSYCjrLEenX0L6G/
/kvGPNBfQS5A+YqdqdEhESFOWswFo1o8gQU+c2/ocArj9iIx5/05jqxanuBhX/aj
eZr98VWlrwwdEAqz4ABsHJ5CxMA2qvT141a+yx9BHPf64E4PXMAt1W0VW/UDOfJ5
1X64PdKVTXl/L1iumU0IGUxsw6eFxdZw0vS3L6+qX3MCQ3sxFXvbXywUHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE6V1LzbMp/78BfCthkYUTgXn0yGMB8GA1UdIwQY
MBaAFJBC6Dl241/imgHTxDqbxZZLN7RDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWIt
MjEwOTQwZGExNzdiLzEvVHBYVXZOc3luX3Z3RjhLMkdSaFJPQmVmVElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWItMjEwOTQwZGExNzdi
LzEva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGIMA8E
AgACMAkDBwAgAQf4ANowDQYJKoZIhvcNAQELBQADggEBAEl0QA0VbP8DWFzczEAQ
FDBvL6vfRQttGiH1FJq4IAQPMLB1CldvdmBSjwM6ES7vltEQbFai/Et6KmySKgeV
MvlEIQQxJRBZsNctoR9n7/otA9ah20cUY3JAsSr1JMt3Uvp7XCN8ScTFd44OUZbi
wjsGWYWzJxe3JSzuSMjUWAlRdDlG55ZNTy3TunfUSH/+Gik6OLacJPLj7dW13EhH
rwZz73CkXzPN3s6dBvvsZYaUS5/JU7dEM5/cV1OsPUCDTeVrk2akyz6tLBVsY7i1
kvtGczN6LlTH9huGufZGZNZ59aAU6hlFUBEWqCCw4SlIOZcp9GCOo09+9r1ef9QH
Hx0=
-----END CERTIFICATE-----