Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/TilEHtV5Q7oBynf2yfZAsUPzvpU.roa
File:                     TilEHtV5Q7oBynf2yfZAsUPzvpU.roa (raw, json)
Hash identifier:          Fxmu3WxEv3nsLFYjiGFGYWlzYETClo8Wbk7NlPOtsAU=
Subject key identifier:   4E:29:44:1E:D5:79:43:BA:01:CA:77:F6:C9:F6:40:B1:43:F3:BE:95
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCBEFFC8A7AEED708F642DA7A512D
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/TilEHtV5Q7oBynf2yfZAsUPzvpU.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29183
IP address blocks:        81.182.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cb:ef:fc:8a:7a:ee:d7:08:f6:42:da:7a:51:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e29441ed57943ba01ca77f6c9f640b143f3be95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cc:c8:76:dc:5b:12:64:87:c1:fd:e6:43:5e:
                    3b:7f:35:ba:55:af:29:77:df:b9:01:28:20:3d:ab:
                    cd:df:47:e8:55:dd:5e:9a:2f:fb:bf:23:39:b3:37:
                    f3:92:93:de:b2:bd:5d:c9:9f:f8:be:0f:6f:b0:2b:
                    db:27:5e:c5:84:61:59:67:44:d6:ec:28:8b:1b:6e:
                    5b:1b:eb:c3:63:c2:29:52:d6:ee:4d:78:34:1f:65:
                    2b:3c:d1:87:49:c2:c6:76:6f:98:e6:b2:62:eb:68:
                    f7:df:29:fe:ce:a2:1f:05:e6:3c:de:02:ca:e3:60:
                    75:c5:7e:9d:69:c2:45:80:be:54:8a:12:92:29:31:
                    18:c1:89:df:f6:cf:12:4e:22:45:f8:18:11:32:75:
                    c1:d5:8e:67:99:cc:22:b3:50:2a:80:77:b8:ad:20:
                    b2:7c:ff:67:18:b9:76:3c:47:7a:cd:27:79:13:ab:
                    81:ea:e5:e6:02:68:cd:d4:80:ad:71:8c:d9:ca:1b:
                    bc:22:bf:df:35:ba:c3:4a:d4:fe:32:5a:22:80:9d:
                    bb:86:6c:21:74:8b:d0:64:85:bd:1e:4a:2d:5b:de:
                    64:a5:c8:7a:ee:5b:74:d5:b0:aa:99:a3:31:7b:79:
                    60:a2:1b:ca:8c:51:67:48:db:90:03:f5:af:f9:34:
                    13:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:29:44:1E:D5:79:43:BA:01:CA:77:F6:C9:F6:40:B1:43:F3:BE:95
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/TilEHtV5Q7oBynf2yfZAsUPzvpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.182.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:27:bd:6b:40:a6:9c:cd:4a:b7:fa:e3:80:50:85:d0:ad:34:
         7f:09:ac:cb:1d:4d:72:5b:95:7c:d9:d3:b9:a0:19:b0:a2:91:
         39:6d:0e:8b:49:be:90:2f:8c:0c:55:08:bf:7e:12:6b:f6:87:
         08:48:c2:2c:ae:9c:20:19:a0:bb:3d:46:2c:65:7d:6c:bb:b0:
         0a:37:3a:d6:3d:f2:8a:a0:f2:c9:4d:0f:40:8a:72:43:12:91:
         5e:cb:7f:0e:51:6e:e7:48:06:5e:b9:ae:0d:45:1d:91:60:d1:
         7c:35:da:15:f3:01:70:bf:7c:24:c5:37:2b:33:ff:5b:99:e7:
         26:35:3f:28:23:08:34:d5:11:9f:c4:07:c7:a4:0a:53:4e:66:
         bb:ef:0f:f3:d5:db:03:4c:c6:3f:a4:46:45:ba:62:ce:ab:a9:
         9c:13:0c:28:a4:f5:d6:ba:7a:79:38:a3:6e:4c:df:d1:0e:14:
         1f:98:e5:36:1d:12:7a:75:32:69:82:3a:c2:ab:69:3e:98:c6:
         d0:9b:b5:fd:d6:d8:95:31:06:11:75:84:09:1f:25:ea:99:72:
         2b:40:43:05:aa:20:cc:a7:16:f8:b1:14:db:96:95:38:08:fc:
         0c:45:d9:ab:47:a9:46:69:e6:0d:47:4a:1c:95:83:06:03:40:
         37:42:4b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8vv/Ip67tcI9kLaelEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTI5NDQxZWQ1Nzk0M2JhMDFjYTc3ZjZjOWY2NDBiMTQzZjNiZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxczIdtxbEmSHwf3mQ147fzW6Va8p
d9+5ASggPavN30foVd1emi/7vyM5szfzkpPesr1dyZ/4vg9vsCvbJ17FhGFZZ0TW
7CiLG25bG+vDY8IpUtbuTXg0H2UrPNGHScLGdm+Y5rJi62j33yn+zqIfBeY83gLK
42B1xX6dacJFgL5UihKSKTEYwYnf9s8STiJF+BgRMnXB1Y5nmcwis1AqgHe4rSCy
fP9nGLl2PEd6zSd5E6uB6uXmAmjN1ICtcYzZyhu8Ir/fNbrDStT+MloigJ27hmwh
dIvQZIW9HkotW95kpch67lt01bCqmaMxe3lgohvKjFFnSNuQA/Wv+TQTfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4pRB7VeUO6Acp39sn2QLFD876VMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvVGlsRUh0VjVRN29CeW5mMnlmWkFzVVB6dnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbb/MA0G
CSqGSIb3DQEBCwUAA4IBAQAgJ71rQKaczUq3+uOAUIXQrTR/CazLHU1yW5V82dO5
oBmwopE5bQ6LSb6QL4wMVQi/fhJr9ocISMIsrpwgGaC7PUYsZX1su7AKNzrWPfKK
oPLJTQ9AinJDEpFey38OUW7nSAZeua4NRR2RYNF8NdoV8wFwv3wkxTcrM/9bmecm
NT8oIwg01RGfxAfHpApTTma77w/z1dsDTMY/pEZFumLOq6mcEwwopPXWunp5OKNu
TN/RDhQfmOU2HRJ6dTJpgjrCq2k+mMbQm7X91tiVMQYRdYQJHyXqmXIrQEMFqiDM
pxb4sRTblpU4CPwMRdmrR6lGaeYNR0oclYMGA0A3QktI
-----END CERTIFICATE-----