Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/tpkA3qRi64Kq9kts3BktURuTRl0.roa
File:                     tpkA3qRi64Kq9kts3BktURuTRl0.roa (raw, json)
Hash identifier:          iZQ27cYreiw4P2WxjAel7u8J5YN8kvy8aOBeGAZ5nhU=
Subject key identifier:   B6:99:00:DE:A4:62:EB:82:AA:F6:4B:6C:DC:19:2D:51:1B:93:46:5D
Certificate issuer:       /CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
Certificate serial:       018CC5DC5804EA93767C1D631DCD9BC5A0D0
Authority key identifier: 01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/tpkA3qRi64Kq9kts3BktURuTRl0.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211109
IP address blocks:        85.209.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:58:04:ea:93:76:7c:1d:63:1d:cd:9b:c5:a0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b69900dea462eb82aaf64b6cdc192d511b93465d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:aa:15:15:53:d8:a1:d1:86:97:f9:f6:b3:79:
                    ec:9f:b7:8f:ed:bd:df:28:76:c7:da:7e:9f:c9:ac:
                    cb:c1:2a:b4:1a:81:33:ce:32:7b:19:8d:ea:90:05:
                    b2:13:9a:ba:3c:5d:63:2e:bb:05:1b:10:01:7d:2c:
                    9d:22:85:ea:9f:81:2c:04:36:8a:5f:d1:f5:bb:03:
                    4f:d6:d2:2a:a9:46:65:6e:c9:2c:6b:50:89:f4:9a:
                    49:3a:85:9b:a5:87:a9:17:ce:3f:98:cd:ea:92:4f:
                    f3:24:4c:7c:54:8e:9b:d4:14:f5:15:12:23:c3:e4:
                    d1:b1:30:fb:81:57:9a:db:4f:13:c0:3a:b7:62:d7:
                    b0:a5:40:3e:86:d6:dd:5b:35:f5:09:4b:3a:65:32:
                    1b:58:3d:61:e7:c2:5c:4b:1a:30:f2:eb:b5:cd:90:
                    06:83:9e:b8:1f:e3:75:42:ee:60:06:6c:bc:ed:3b:
                    84:bb:dd:c3:28:f2:ab:ef:31:3b:28:46:80:a0:84:
                    f5:a3:49:ce:28:8d:f1:c6:eb:af:be:8f:62:20:7f:
                    73:c9:32:90:d0:f8:a8:57:ff:6d:7f:e8:be:e2:87:
                    3a:62:61:8e:1d:83:79:e7:da:06:c2:5c:5c:88:f9:
                    80:b5:4f:c5:20:96:00:d1:3c:82:f0:79:d3:73:3d:
                    96:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:99:00:DE:A4:62:EB:82:AA:F6:4B:6C:DC:19:2D:51:1B:93:46:5D
            X509v3 Authority Key Identifier:
                keyid:01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/tpkA3qRi64Kq9kts3BktURuTRl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:d0:3f:75:f3:4f:6b:53:da:b5:2c:6d:60:16:11:13:7a:41:
         03:bc:17:c0:ef:8d:5b:4e:36:c9:22:59:99:80:81:e8:b4:e4:
         ec:02:b3:99:cd:9d:d2:0e:e9:07:df:43:21:00:9b:d3:a9:5d:
         84:43:8f:61:14:2b:97:38:80:fc:df:5e:1c:68:99:b5:15:44:
         31:42:90:d0:61:5b:68:fa:e8:5f:85:07:86:e7:ec:05:e6:f9:
         1f:75:75:ed:58:88:ec:be:4f:4a:05:77:d8:f6:76:59:b9:d2:
         da:05:47:93:a1:85:62:e7:04:08:0c:05:a2:56:74:1f:ef:23:
         b4:bd:93:b4:26:4e:a7:34:a6:2e:4c:7b:cd:bd:fb:ee:e4:76:
         13:88:74:62:da:57:c2:f9:ce:dc:81:41:f5:71:44:0f:87:9e:
         83:a2:47:6c:11:dc:27:ea:fa:01:cf:04:12:e8:16:04:4b:17:
         b0:43:5d:7c:da:7e:87:d0:13:7a:28:d1:b9:74:b9:a2:7f:b1:
         f1:d9:0d:05:01:e3:f5:5f:de:14:81:05:a2:8f:fc:8e:f3:66:
         1b:bb:bd:c6:33:d0:fc:15:16:42:6c:2e:8d:3a:c8:1a:7f:21:
         57:06:24:02:ff:ed:4e:e0:cb:01:d0:ac:89:f4:8d:fa:52:94:
         d9:a9:9d:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FgE6pN2fB1jHc2bxaDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDUwYjk4MDcxNTBkYTM5NjMyMmI5ZDRkY2ZjMGQyZmIy
YjY1MjAwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk5MDBkZWE0NjJlYjgyYWFmNjRiNmNkYzE5MmQ1MTFiOTM0NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKoVFVPYodGGl/n2s3nsn7eP7b3f
KHbH2n6fyazLwSq0GoEzzjJ7GY3qkAWyE5q6PF1jLrsFGxABfSydIoXqn4EsBDaK
X9H1uwNP1tIqqUZlbsksa1CJ9JpJOoWbpYepF84/mM3qkk/zJEx8VI6b1BT1FRIj
w+TRsTD7gVea208TwDq3YtewpUA+htbdWzX1CUs6ZTIbWD1h58JcSxow8uu1zZAG
g564H+N1Qu5gBmy87TuEu93DKPKr7zE7KEaAoIT1o0nOKI3xxuuvvo9iIH9zyTKQ
0PioV/9tf+i+4oc6YmGOHYN559oGwlxciPmAtU/FIJYA0TyC8HnTcz2WGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaZAN6kYuuCqvZLbNwZLVEbk0ZdMB8GA1UdIwQY
MBaAFAHVC5gHFQ2jljIrnU3PwNL7K2UgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODkt
ODEyNGJkOTQ5YjBlLzEvdHBrQTNxUmk2NEtxOWt0czNCa3RVUnVUUmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODktODEyNGJkOTQ5YjBl
LzEvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdHsMA0G
CSqGSIb3DQEBCwUAA4IBAQBC0D91809rU9q1LG1gFhETekEDvBfA741bTjbJIlmZ
gIHotOTsArOZzZ3SDukH30MhAJvTqV2EQ49hFCuXOID8314caJm1FUQxQpDQYVto
+uhfhQeG5+wF5vkfdXXtWIjsvk9KBXfY9nZZudLaBUeToYVi5wQIDAWiVnQf7yO0
vZO0Jk6nNKYuTHvNvfvu5HYTiHRi2lfC+c7cgUH1cUQPh56DokdsEdwn6voBzwQS
6BYESxewQ1182n6H0BN6KNG5dLmif7Hx2Q0FAeP1X94UgQWij/yO82Ybu73GM9D8
FRZCbC6NOsgafyFXBiQC/+1O4MsB0KyJ9I36UpTZqZ3U
-----END CERTIFICATE-----