Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/TL4CID9NaIbl3OwhZvUkF0u82mY.roa
File:                     TL4CID9NaIbl3OwhZvUkF0u82mY.roa (raw, json)
Hash identifier:          70zbThRImUe/vBe8Uh5NhoL/MuZ1zgXY9SdUr4zhj7o=
Subject key identifier:   4C:BE:02:20:3F:4D:68:86:E5:DC:EC:21:66:F5:24:17:4B:BC:DA:66
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018DC29E78B90991CE934FDB2112721087CF
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/TL4CID9NaIbl3OwhZvUkF0u82mY.roa
Signing time:             Mon 19 Feb 2024 18:26:21 +0000
ROA not before:           Mon 19 Feb 2024 18:26:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59570
IP address blocks:        185.197.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:9e:78:b9:09:91:ce:93:4f:db:21:12:72:10:87:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Feb 19 18:26:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cbe02203f4d6886e5dcec2166f524174bbcda66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4e:49:5a:53:cf:71:b4:79:23:9a:b3:fa:55:
                    63:a4:d4:d6:8e:45:bb:eb:45:9c:62:36:5c:72:cd:
                    4d:37:eb:33:f8:33:98:74:7e:5a:ab:fa:41:d0:5c:
                    b1:8e:ed:97:a9:ca:04:d9:c9:d7:09:8e:5c:92:62:
                    1b:79:6a:da:56:1e:b0:34:09:03:08:26:b7:7a:4d:
                    e3:8b:1b:62:4c:71:80:a5:2e:3b:8b:09:c3:82:96:
                    f5:6e:4d:10:96:5d:11:93:6d:88:47:10:b8:b3:4f:
                    48:e2:54:0b:74:dd:fd:55:e7:8b:11:4b:03:a0:c6:
                    09:dd:a5:11:c8:67:fe:e6:37:bf:be:83:e1:ff:88:
                    0b:37:b3:56:db:35:e4:f0:5b:f3:3b:78:ab:ad:c2:
                    df:1f:75:9d:7f:6f:62:74:2e:c1:9d:1a:b4:ed:3d:
                    a7:2e:a7:ad:96:61:d0:66:e9:67:ec:02:bd:fe:cd:
                    5a:0c:06:ee:bd:41:c8:5f:ee:a1:79:01:dc:6b:e9:
                    67:dd:06:04:ae:e6:0c:91:36:c0:9c:e6:2f:a7:cb:
                    07:c6:9a:64:bd:a6:d6:5c:0f:92:1f:43:9d:2d:54:
                    68:7d:f4:42:ce:aa:ab:ef:38:c6:2f:d7:ba:11:e1:
                    d2:e3:c0:b3:cf:71:2f:88:8a:ab:34:92:79:f9:7e:
                    4c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:BE:02:20:3F:4D:68:86:E5:DC:EC:21:66:F5:24:17:4B:BC:DA:66
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/TL4CID9NaIbl3OwhZvUkF0u82mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:d2:70:02:0e:da:5d:24:ab:d0:ea:1f:dd:ba:c9:ad:25:49:
         9b:36:ed:ed:bc:9b:4a:a6:04:dd:01:00:87:9c:36:06:ac:2a:
         24:7e:23:09:23:3b:28:34:3a:88:1f:5e:3b:18:e3:ce:b7:69:
         73:33:8d:4d:e8:27:94:30:3b:ab:e6:57:a3:3e:f7:0f:45:f5:
         5e:8e:81:98:19:ad:b7:d7:4e:a1:b9:6b:14:fa:f0:67:85:ff:
         00:9e:b8:de:5f:0a:d4:8f:99:2a:7a:93:25:2c:c9:f9:f5:0e:
         7f:c0:3a:3d:9d:4f:e9:1b:13:1a:7b:08:d4:dc:6e:a1:04:1a:
         b0:6c:20:08:ba:54:9f:19:f7:72:8e:f8:14:71:5d:ca:42:0c:
         1d:39:61:cc:e0:bc:f5:58:99:0a:f6:3c:94:f6:7d:f6:f4:72:
         4f:37:46:f7:90:1a:c4:6e:e8:61:6c:5d:46:0c:e2:9d:ed:2f:
         d8:aa:05:82:d3:35:1c:86:28:ee:99:5e:5c:29:be:eb:96:82:
         4b:ef:55:ba:99:39:7f:28:83:68:5d:04:dc:8a:bf:23:c6:27:
         46:ee:87:7d:d2:5c:bb:5d:8d:e5:01:09:b6:1b:ff:4b:23:14:
         22:86:10:cc:0c:00:c5:e5:45:8a:01:bd:0c:61:c7:aa:53:95:
         d1:de:4f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Cnni5CZHOk0/bIRJyEIfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMjE5MTgyNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2JlMDIyMDNmNGQ2ODg2ZTVkY2VjMjE2NmY1MjQxNzRiYmNkYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU5JWlPPcbR5I5qz+lVjpNTWjkW7
60WcYjZccs1NN+sz+DOYdH5aq/pB0Fyxju2XqcoE2cnXCY5ckmIbeWraVh6wNAkD
CCa3ek3jixtiTHGApS47iwnDgpb1bk0Qll0Rk22IRxC4s09I4lQLdN39VeeLEUsD
oMYJ3aURyGf+5je/voPh/4gLN7NW2zXk8FvzO3irrcLfH3Wdf29idC7BnRq07T2n
LqetlmHQZuln7AK9/s1aDAbuvUHIX+6heQHca+ln3QYEruYMkTbAnOYvp8sHxppk
vabWXA+SH0OdLVRoffRCzqqr7zjGL9e6EeHS48Czz3EviIqrNJJ5+X5MewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEy+AiA/TWiG5dzsIWb1JBdLvNpmMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvVEw0Q0lEOU5hSWJsM093aFp2VWtGMHU4Mm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucWFMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ0nACDtpdJKvQ6h/dusmtJUmbNu3tvJtKpgTdAQCH
nDYGrCokfiMJIzsoNDqIH147GOPOt2lzM41N6CeUMDur5lejPvcPRfVejoGYGa23
106huWsU+vBnhf8AnrjeXwrUj5kqepMlLMn59Q5/wDo9nU/pGxMaewjU3G6hBBqw
bCAIulSfGfdyjvgUcV3KQgwdOWHM4Lz1WJkK9jyU9n329HJPN0b3kBrEbuhhbF1G
DOKd7S/YqgWC0zUchijumV5cKb7rloJL71W6mTl/KINoXQTcir8jxidG7od90ly7
XY3lAQm2G/9LIxQihhDMDADF5UWKAb0MYceqU5XR3k8M
-----END CERTIFICATE-----