Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/TCrlXuhSNiKxR5LV3BO-u-CtrcM.roa
File:                     TCrlXuhSNiKxR5LV3BO-u-CtrcM.roa (raw, json)
Hash identifier:          6FaRzK4HIosYMMNFuM/ebyLSpE7vjkctFicuB5gl4OA=
Subject key identifier:   4C:2A:E5:5E:E8:52:36:22:B1:47:92:D5:DC:13:BE:BB:E0:AD:AD:C3
Certificate issuer:       /CN=af938503d72931626dcb8d1e946b2ae06a73d02e
Certificate serial:       01925180CED883C46DC2FC9FA0BEA4013978
Authority key identifier: AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/TCrlXuhSNiKxR5LV3BO-u-CtrcM.roa
Signing time:             Thu 03 Oct 2024 08:30:48 +0000
ROA not before:           Thu 03 Oct 2024 08:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51815
IP address blocks:        185.31.196.0/22 maxlen: 22
                          213.185.224.0/19 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:80:ce:d8:83:c4:6d:c2:fc:9f:a0:be:a4:01:39:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af938503d72931626dcb8d1e946b2ae06a73d02e
        Validity
            Not Before: Oct  3 08:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c2ae55ee8523622b14792d5dc13bebbe0adadc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:bf:38:bf:a3:f7:8e:d7:17:44:67:db:5d:91:
                    5c:d9:b6:68:f2:cc:6f:a2:71:e8:3f:76:9e:e1:2c:
                    56:01:71:06:bf:ca:84:58:f5:94:5e:5f:d2:2f:be:
                    f5:7f:c0:a4:ca:2e:cc:e3:46:2e:34:b9:bd:fb:f6:
                    99:32:cf:75:64:f4:9d:ab:60:46:8e:b6:03:4f:aa:
                    c7:6d:69:ed:9a:b4:45:9a:a1:71:1f:89:92:fa:b9:
                    26:a8:26:90:ce:eb:c5:42:74:f3:c2:ff:f0:8c:f3:
                    4f:ae:df:60:aa:f6:4a:0a:0c:a9:41:a6:24:03:1d:
                    b9:4b:56:f8:da:fd:a8:12:49:dc:54:a9:51:af:4f:
                    ac:e0:f4:72:27:fb:af:5f:19:c3:4b:ce:8d:75:88:
                    8d:ec:63:f3:fc:83:c8:95:48:06:ae:3b:9e:31:4c:
                    30:87:71:0e:5b:d2:e3:54:6c:fa:28:da:82:7c:6a:
                    d6:68:23:a1:c4:b9:f1:ed:d5:9a:0c:cd:2a:b1:f7:
                    a5:db:67:8b:7b:7f:8d:0e:f7:cb:1d:96:4a:fe:ed:
                    0c:62:43:ff:15:a7:f9:d1:5d:6d:5d:e7:3b:62:c8:
                    94:83:e2:4e:99:05:26:cd:81:28:9e:77:29:05:17:
                    82:5e:e9:2c:69:30:d1:11:e8:b4:45:db:04:0a:09:
                    b0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2A:E5:5E:E8:52:36:22:B1:47:92:D5:DC:13:BE:BB:E0:AD:AD:C3
            X509v3 Authority Key Identifier:
                keyid:AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/TCrlXuhSNiKxR5LV3BO-u-CtrcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.196.0/22
                  213.185.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2b:68:8b:24:13:fd:94:f6:38:f5:a2:02:c9:93:61:40:73:d7:
         79:cc:74:5a:75:89:78:cd:9b:2c:b7:3f:31:6a:b5:38:a4:72:
         b4:a2:67:7d:74:37:0f:cf:6d:85:65:57:9f:95:8d:9b:0b:4b:
         6b:f0:6f:8d:04:c8:90:77:d5:a3:e7:da:15:63:96:97:c4:54:
         87:3f:03:f6:be:49:3a:fb:7b:01:c6:93:5d:5a:7b:0f:be:ff:
         3e:65:3f:23:0b:47:b0:ca:77:24:c5:5c:29:90:b1:c8:5a:56:
         b2:87:62:49:b0:37:81:52:33:9d:9e:63:1e:07:aa:29:3e:43:
         8f:e7:d2:c2:0f:2d:e7:dd:2c:55:84:12:0e:f0:73:51:63:08:
         64:a5:f3:e6:24:ca:9d:31:8e:a5:75:06:7e:5b:dd:59:a0:ca:
         43:49:72:55:62:54:1d:77:7f:3f:0e:e0:8f:b2:fe:7f:fa:b8:
         9c:c7:bb:96:8a:94:dd:df:cd:61:80:b0:a3:60:a9:11:aa:e5:
         26:6e:21:5f:3f:af:5a:1d:50:c7:b4:16:1c:f0:11:5e:99:43:
         2d:0d:93:66:da:ad:5d:55:71:a3:82:a0:8b:2f:1d:ba:54:df:
         ca:a0:93:fc:bb:c3:40:56:9f:e2:e9:27:33:22:6a:84:a6:06:
         67:5e:76:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJRgM7Yg8RtwvyfoL6kATl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM4NTAzZDcyOTMxNjI2ZGNiOGQxZTk0NmIyYWUwNmE3
M2QwMmUwHhcNMjQxMDAzMDgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJhZTU1ZWU4NTIzNjIyYjE0NzkyZDVkYzEzYmViYmUwYWRhZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9L84v6P3jtcXRGfbXZFc2bZo8sxv
onHoP3ae4SxWAXEGv8qEWPWUXl/SL771f8Ckyi7M40YuNLm9+/aZMs91ZPSdq2BG
jrYDT6rHbWntmrRFmqFxH4mS+rkmqCaQzuvFQnTzwv/wjPNPrt9gqvZKCgypQaYk
Ax25S1b42v2oEkncVKlRr0+s4PRyJ/uvXxnDS86NdYiN7GPz/IPIlUgGrjueMUww
h3EOW9LjVGz6KNqCfGrWaCOhxLnx7dWaDM0qsfel22eLe3+NDvfLHZZK/u0MYkP/
Faf50V1tXec7YsiUg+JOmQUmzYEonncpBReCXuksaTDREei0RdsECgmwFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEwq5V7oUjYisUeS1dwTvrvgra3DMB8GA1UdIwQY
MBaAFK+ThQPXKTFibcuNHpRrKuBqc9AuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYt
M2I4YjBkMWE1OWE5LzEvVENybFh1aFNOaUt4UjVMVjNCTy11LUN0cmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYtM2I4YjBkMWE1OWE5
LzEvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuR/EAwQF
1bngMA0GCSqGSIb3DQEBCwUAA4IBAQAraIskE/2U9jj1ogLJk2FAc9d5zHRadYl4
zZsstz8xarU4pHK0omd9dDcPz22FZVeflY2bC0tr8G+NBMiQd9Wj59oVY5aXxFSH
PwP2vkk6+3sBxpNdWnsPvv8+ZT8jC0ewynckxVwpkLHIWlayh2JJsDeBUjOdnmMe
B6opPkOP59LCDy3n3SxVhBIO8HNRYwhkpfPmJMqdMY6ldQZ+W91ZoMpDSXJVYlQd
d38/DuCPsv5/+ricx7uWipTd381hgLCjYKkRquUmbiFfP69aHVDHtBYc8BFemUMt
DZNm2q1dVXGjgqCLLx26VN/KoJP8u8NAVp/i6SczImqEpgZnXnZi
-----END CERTIFICATE-----