Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/TVZbsuvMXhSB8LsB-pRlWVPs-c0.roa
File:                     TVZbsuvMXhSB8LsB-pRlWVPs-c0.roa (raw, json)
Hash identifier:          OXFCCYckn12FOfKijypk+UtENUckftkUlupzyTT0Y04=
Subject key identifier:   4D:56:5B:B2:EB:CC:5E:14:81:F0:BB:01:FA:94:65:59:53:EC:F9:CD
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       018DABD11269BAF5DDC375739FEB9FBC5810
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/TVZbsuvMXhSB8LsB-pRlWVPs-c0.roa
Signing time:             Thu 15 Feb 2024 08:10:22 +0000
ROA not before:           Thu 15 Feb 2024 08:10:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        185.167.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ab:d1:12:69:ba:f5:dd:c3:75:73:9f:eb:9f:bc:58:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Feb 15 08:10:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d565bb2ebcc5e1481f0bb01fa94655953ecf9cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c2:86:4b:53:69:52:67:3c:c4:8d:c5:54:d0:
                    26:19:f5:6a:11:58:e3:03:ee:50:97:a5:e9:87:b3:
                    b3:ef:dd:a8:28:01:a4:7b:38:2d:2a:04:a8:c4:9b:
                    b4:49:9a:8e:6f:1f:21:a6:2a:8f:ae:91:98:af:bd:
                    e4:72:bb:62:7b:21:e9:22:68:fe:ed:36:49:67:80:
                    0a:6c:ab:f2:9b:83:fa:58:23:a4:c6:49:49:df:0c:
                    c8:e8:19:d1:bf:f4:10:0f:09:29:c2:0b:c2:85:4e:
                    45:16:e7:09:c6:29:46:83:31:56:01:a5:0f:d9:6c:
                    54:b6:c2:73:f2:fe:ce:57:9a:75:bb:7a:06:6d:cf:
                    cf:33:48:4d:12:18:64:2f:5a:ea:f0:53:b4:67:54:
                    44:be:18:1a:84:3a:96:ad:7d:7b:27:5a:fd:81:ef:
                    c5:bf:48:89:b6:71:fb:8b:00:0b:11:8e:61:72:83:
                    e7:ec:ec:73:55:e5:c8:c8:ea:f1:1b:fe:9c:cd:88:
                    6f:9b:27:93:6f:cb:d7:a8:09:cc:9e:cc:c6:01:20:
                    ca:76:5d:9f:cd:56:e1:fa:d3:2f:95:ff:e7:49:db:
                    8f:8f:5a:45:4f:70:16:11:92:59:76:b3:35:7f:39:
                    c6:cd:c1:1d:bf:a2:82:dd:40:bc:47:45:03:96:7c:
                    67:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:56:5B:B2:EB:CC:5E:14:81:F0:BB:01:FA:94:65:59:53:EC:F9:CD
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/TVZbsuvMXhSB8LsB-pRlWVPs-c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:88:1d:d7:68:fc:0a:49:fb:fe:ee:19:7b:8b:82:8d:05:f3:
         2f:af:d4:9c:b1:50:1d:dd:6a:ba:e9:35:e0:fe:b0:6f:4c:51:
         79:e4:3d:64:e7:c6:2b:7f:47:66:fe:84:c6:cf:8a:7b:3c:03:
         e2:67:f3:67:cb:86:1f:f5:6f:45:0b:63:f2:a2:17:58:d3:29:
         54:21:77:a3:b7:54:ad:b3:a0:b2:a1:67:a0:34:69:b8:dd:63:
         7d:81:df:ca:70:a2:4c:81:89:e4:25:d1:7b:54:ae:52:51:63:
         15:fa:13:8c:6f:95:68:e5:77:9b:1a:21:50:54:2d:6b:3d:72:
         4b:c1:d7:13:6c:05:44:65:4d:f3:7e:60:f7:5d:db:67:31:90:
         d9:7c:56:78:51:a4:e0:1f:ce:86:2a:62:86:25:8e:eb:e4:c6:
         37:b3:e9:fc:5f:1b:7c:44:a4:32:94:bd:8e:d8:df:e8:ff:c9:
         e8:c8:10:08:b0:71:67:3f:23:22:d6:0f:95:3f:c8:8f:21:7f:
         43:77:33:b7:22:34:5c:7d:ff:d5:f2:58:c9:8e:b7:a4:b4:e0:
         9b:61:ca:a7:d2:9d:0f:24:ce:b1:f9:f0:85:7c:3f:9c:2c:df:
         75:07:1b:0c:1c:21:e0:eb:9c:5d:eb:1f:52:84:57:53:d6:95:
         e6:08:98:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2r0RJpuvXdw3Vzn+ufvFgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjQwMjE1MDgxMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU2NWJiMmViY2M1ZTE0ODFmMGJiMDFmYTk0NjU1OTUzZWNmOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMKGS1NpUmc8xI3FVNAmGfVqEVjj
A+5Ql6Xph7Oz792oKAGkezgtKgSoxJu0SZqObx8hpiqPrpGYr73kcrtieyHpImj+
7TZJZ4AKbKvym4P6WCOkxklJ3wzI6BnRv/QQDwkpwgvChU5FFucJxilGgzFWAaUP
2WxUtsJz8v7OV5p1u3oGbc/PM0hNEhhkL1rq8FO0Z1REvhgahDqWrX17J1r9ge/F
v0iJtnH7iwALEY5hcoPn7OxzVeXIyOrxG/6czYhvmyeTb8vXqAnMnszGASDKdl2f
zVbh+tMvlf/nSduPj1pFT3AWEZJZdrM1fznGzcEdv6KC3UC8R0UDlnxnZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1WW7LrzF4UgfC7AfqUZVlT7PnNMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvVFZaYnN1dk1YaFNCOExzQi1wUmxXVlBzLWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4iB3XaPwKSfv+7hl7i4KNBfMvr9ScsVAd3Wq66TXg
/rBvTFF55D1k58Yrf0dm/oTGz4p7PAPiZ/Nny4Yf9W9FC2PyohdY0ylUIXejt1St
s6CyoWegNGm43WN9gd/KcKJMgYnkJdF7VK5SUWMV+hOMb5Vo5XebGiFQVC1rPXJL
wdcTbAVEZU3zfmD3XdtnMZDZfFZ4UaTgH86GKmKGJY7r5MY3s+n8Xxt8RKQylL2O
2N/o/8noyBAIsHFnPyMi1g+VP8iPIX9DdzO3IjRcff/V8ljJjrektOCbYcqn0p0P
JM6x+fCFfD+cLN91BxsMHCHg65xd6x9ShFdT1pXmCJjX
-----END CERTIFICATE-----