Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/tTZMquYPJR2jueSg33MO_TE77g4.roa
File:                     tTZMquYPJR2jueSg33MO_TE77g4.roa (raw, json)
Hash identifier:          DLFvSR7r3t55N18LddkE5Biiy7tDzg1DYPxv+6zlFYI=
Subject key identifier:   B5:36:4C:AA:E6:0F:25:1D:A3:B9:E4:A0:DF:73:0E:FD:31:3B:EE:0E
Certificate issuer:       /CN=651bad95276947c7be536af4c870a3721f0b7761
Certificate serial:       018CC26CFC6739A4B71FD0165EC8CE782558
Authority key identifier: 65:1B:AD:95:27:69:47:C7:BE:53:6A:F4:C8:70:A3:72:1F:0B:77:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/tTZMquYPJR2jueSg33MO_TE77g4.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        213.184.85.0/24 maxlen: 24
                          2a09:3a00:3000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:67:39:a4:b7:1f:d0:16:5e:c8:ce:78:25:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=651bad95276947c7be536af4c870a3721f0b7761
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5364caae60f251da3b9e4a0df730efd313bee0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:52:6f:8d:33:a9:d8:1e:05:08:8f:d0:08:cd:
                    47:30:02:13:ca:80:e5:54:ed:a9:e8:8e:5a:ba:2d:
                    5a:2c:96:15:c0:93:b2:7c:88:5c:2a:02:b1:16:a3:
                    25:05:f3:81:06:1c:0e:9c:b3:de:fc:9f:f9:37:5d:
                    0a:7e:ba:4c:45:a5:1d:1f:81:20:64:93:1b:c1:30:
                    8c:2f:31:3d:5c:08:a6:67:80:ea:2e:b2:c5:2f:b2:
                    d3:a5:10:9d:e1:78:5a:ee:8b:95:85:93:72:52:58:
                    c0:f7:91:ee:5c:b5:2f:cb:99:af:69:7b:bf:84:48:
                    8f:ca:6b:db:1f:74:1e:a4:3d:00:35:69:01:8a:17:
                    dc:8d:76:13:cc:6b:62:70:25:15:18:3b:6d:07:cf:
                    ea:04:fd:75:12:ed:54:c3:d3:58:ba:8e:c5:fe:98:
                    f5:28:32:7d:f5:44:4f:73:6e:f8:ae:25:36:4c:c2:
                    54:2c:f7:31:ed:89:d3:80:58:46:e9:23:5d:77:93:
                    98:2f:8f:ff:ce:ae:5a:35:ca:6f:05:3c:76:19:46:
                    70:40:3e:d9:6f:56:c9:6b:00:b6:67:2b:21:b8:e8:
                    39:6a:f2:0e:16:7b:13:3a:5c:f7:6f:03:5d:71:5e:
                    c8:c0:7d:76:13:a0:08:74:62:60:0c:fc:f0:e3:cb:
                    f4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:36:4C:AA:E6:0F:25:1D:A3:B9:E4:A0:DF:73:0E:FD:31:3B:EE:0E
            X509v3 Authority Key Identifier:
                keyid:65:1B:AD:95:27:69:47:C7:BE:53:6A:F4:C8:70:A3:72:1F:0B:77:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/tTZMquYPJR2jueSg33MO_TE77g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.184.85.0/24
                IPv6:
                  2a09:3a00:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:41:95:2f:5b:7f:90:4d:7d:d7:88:ad:53:5d:17:91:e2:b8:
         05:39:9b:c4:e7:b8:29:83:af:c3:5a:95:32:2e:b8:42:5d:0d:
         ae:b7:4c:ee:c3:16:71:80:d6:d2:31:e6:9d:b3:e0:2e:d8:c0:
         4b:04:74:a7:a2:c8:fc:d7:bf:ed:01:3e:d6:da:c0:f5:6c:2f:
         26:f4:9e:c6:05:21:ab:d9:8b:39:02:4b:4e:6c:99:44:74:a5:
         3f:30:40:7a:5e:00:f5:da:4b:99:57:56:83:8b:31:bf:3b:58:
         13:cb:db:0f:63:61:6a:43:ee:f1:67:35:e6:4a:29:4f:62:63:
         f4:06:c5:ff:a5:88:fc:df:48:67:2e:c4:d8:f5:e2:53:13:b2:
         ae:9e:64:2b:e7:95:3c:cb:f5:f3:ba:87:ec:90:7f:1b:41:b0:
         7b:ad:35:a3:18:b3:8b:75:eb:11:e6:c1:ca:c6:b9:6f:db:95:
         e0:88:ab:f9:ff:18:fd:1f:83:88:f6:ae:9b:25:ab:e5:c8:03:
         f4:60:a1:93:68:6f:fc:63:8f:11:e7:1d:16:4a:f1:e7:ec:07:
         5c:93:ee:51:da:84:6d:3b:3a:77:b3:f8:13:ef:a4:cc:98:94:
         c4:8b:b9:5c:fc:9d:68:e4:81:c9:a0:06:e4:b9:9b:ec:c2:bb:
         92:21:6e:3d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzCbPxnOaS3H9AWXsjOeCVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MWJhZDk1Mjc2OTQ3YzdiZTUzNmFmNGM4NzBhMzcyMWYw
Yjc3NjEwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM2NGNhYWU2MGYyNTFkYTNiOWU0YTBkZjczMGVmZDMxM2JlZTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVJvjTOp2B4FCI/QCM1HMAITyoDl
VO2p6I5aui1aLJYVwJOyfIhcKgKxFqMlBfOBBhwOnLPe/J/5N10KfrpMRaUdH4Eg
ZJMbwTCMLzE9XAimZ4DqLrLFL7LTpRCd4Xha7ouVhZNyUljA95HuXLUvy5mvaXu/
hEiPymvbH3QepD0ANWkBihfcjXYTzGticCUVGDttB8/qBP11Eu1Uw9NYuo7F/pj1
KDJ99URPc274riU2TMJULPcx7YnTgFhG6SNdd5OYL4//zq5aNcpvBTx2GUZwQD7Z
b1bJawC2ZyshuOg5avIOFnsTOlz3bwNdcV7IwH12E6AIdGJgDPzw48v0vQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLU2TKrmDyUdo7nkoN9zDv0xO+4OMB8GA1UdIwQY
MBaAFGUbrZUnaUfHvlNq9Mhwo3IfC3dhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJ1dGxTZHBSOGUtVTJyMHlIQ2pjaDhMZDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xZGJkNmItMzVjYy00ZjA5LWI5MmUt
MTk4YjZhNjFjZTg1LzEvdFRaTXF1WVBKUjJqdWVTZzMzTU9fVEU3N2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xZGJkNmItMzVjYy00ZjA5LWI5MmUtMTk4YjZhNjFjZTg1
LzEvWlJ1dGxTZHBSOGUtVTJyMHlIQ2pjaDhMZDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQA1bhVMA4E
AgACMAgDBgAqCToAMDANBgkqhkiG9w0BAQsFAAOCAQEAaUGVL1t/kE1914itU10X
keK4BTmbxOe4KYOvw1qVMi64Ql0NrrdM7sMWcYDW0jHmnbPgLtjASwR0p6LI/Ne/
7QE+1trA9WwvJvSexgUhq9mLOQJLTmyZRHSlPzBAel4A9dpLmVdWg4sxvztYE8vb
D2NhakPu8Wc15kopT2Jj9AbF/6WI/N9IZy7E2PXiUxOyrp5kK+eVPMv187qH7JB/
G0Gwe601oxizi3XrEebBysa5b9uV4Iir+f8Y/R+DiPaumyWr5cgD9GChk2hv/GOP
EecdFkrx5+wHXJPuUdqEbTs6d7P4E++kzJiUxIu5XPydaOSByaAG5Lmb7MK7kiFu
PQ==
-----END CERTIFICATE-----