Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/TMYjvw-6gKYGnCyflEbl3Utm43s.roa
File:                     TMYjvw-6gKYGnCyflEbl3Utm43s.roa (raw, json)
Hash identifier:          CRaHJ8ZOE69q9RlKCsU9g/Atx8bQM6YPM8kT6HQPtGE=
Subject key identifier:   4C:C6:23:BF:0F:BA:80:A6:06:9C:2C:9F:94:46:E5:DD:4B:66:E3:7B
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B384BAE4E660477455779FAEDE61
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/TMYjvw-6gKYGnCyflEbl3Utm43s.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199865
IP address blocks:        185.177.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b3:84:ba:e4:e6:60:47:74:55:77:9f:ae:de:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc623bf0fba80a6069c2c9f9446e5dd4b66e37b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:09:15:40:79:e8:ef:fb:c2:e9:84:2f:e7:f7:
                    97:8d:97:d3:bd:16:43:65:55:95:88:ba:1a:41:34:
                    0e:5d:14:b8:2e:34:83:7d:3b:8b:eb:2e:ec:11:0a:
                    f4:ba:76:38:c1:3c:14:5f:8a:7a:7d:72:d8:06:f1:
                    2e:d9:9e:37:3e:ea:7f:9e:0e:3b:83:88:46:f4:30:
                    2c:83:46:35:86:d6:c1:3b:61:57:8e:28:29:a3:64:
                    14:51:d5:36:c3:59:9d:af:53:4e:75:8a:b4:b0:04:
                    3c:38:76:66:5c:d8:fb:82:57:5d:51:6f:ff:7b:94:
                    63:19:6f:f4:a9:de:e1:49:23:71:a8:d1:87:34:ea:
                    89:5e:2c:69:69:73:5e:5c:c4:c7:8e:fd:34:ba:13:
                    85:d4:c1:90:23:64:43:46:e8:a9:64:dc:b4:08:44:
                    a7:e2:87:24:df:09:48:c6:c7:d3:66:32:21:6b:71:
                    ef:0c:ca:dc:f9:91:bc:86:61:f7:cf:64:83:e3:11:
                    59:e1:3c:e9:23:64:cc:55:47:65:7e:ab:bc:e9:a7:
                    9b:dd:cd:99:1e:00:b2:12:bf:73:1c:d2:f6:91:8a:
                    4d:de:b3:f6:72:20:b5:27:dc:b3:f0:b9:fb:c3:22:
                    5e:05:bf:c0:65:33:10:87:94:fe:1c:f1:97:38:be:
                    d8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C6:23:BF:0F:BA:80:A6:06:9C:2C:9F:94:46:E5:DD:4B:66:E3:7B
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/TMYjvw-6gKYGnCyflEbl3Utm43s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:a4:3a:be:fe:92:6d:5d:a6:e9:5c:57:ba:ac:c1:25:9c:17:
         91:c5:f8:26:17:da:bf:65:55:dc:43:ba:f2:2a:d8:ab:92:c3:
         84:aa:f2:5c:dd:d9:57:db:2a:78:29:9b:10:1c:f9:ce:48:78:
         18:cf:f5:dd:3f:ae:a7:bf:27:ee:b0:93:63:50:1d:dd:03:ba:
         f7:4c:1a:1f:d1:25:3b:37:a0:3c:b3:11:63:98:c6:38:4c:23:
         2a:fc:c9:5e:a9:93:37:ab:5a:27:ad:3c:e8:2e:dc:ea:5d:8b:
         56:78:07:4e:f6:e5:e3:39:a7:6d:01:36:72:dc:4f:58:d7:c2:
         0f:dd:db:ec:17:33:d4:b6:a3:35:60:84:06:1a:d5:37:d7:b6:
         69:42:f3:f7:f7:25:23:bf:8e:ce:01:bc:bb:8e:36:64:77:8d:
         56:d3:7f:c0:b3:a1:b0:25:b3:9a:ce:a5:e7:9b:fb:e1:4a:d0:
         37:c8:41:9b:18:3a:ed:a4:2e:78:f9:3c:d2:43:71:aa:4e:65:
         4b:5e:f2:ce:57:ef:15:21:1e:6d:21:62:78:3b:e5:64:13:2e:
         2f:19:b3:50:cb:48:b7:74:f4:b3:21:a3:97:5b:b0:c2:b2:e0:
         d9:d8:dd:bd:e6:5b:20:ce:4f:cc:94:8f:c9:22:58:22:b3:fa:
         78:6b:ed:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALOEuuTmYEd0VXefrt5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M2MjNiZjBmYmE4MGE2MDY5YzJjOWY5NDQ2ZTVkZDRiNjZlMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAkVQHno7/vC6YQv5/eXjZfTvRZD
ZVWViLoaQTQOXRS4LjSDfTuL6y7sEQr0unY4wTwUX4p6fXLYBvEu2Z43Pup/ng47
g4hG9DAsg0Y1htbBO2FXjigpo2QUUdU2w1mdr1NOdYq0sAQ8OHZmXNj7glddUW//
e5RjGW/0qd7hSSNxqNGHNOqJXixpaXNeXMTHjv00uhOF1MGQI2RDRuipZNy0CESn
4ock3wlIxsfTZjIha3HvDMrc+ZG8hmH3z2SD4xFZ4TzpI2TMVUdlfqu86aeb3c2Z
HgCyEr9zHNL2kYpN3rP2ciC1J9yz8Ln7wyJeBb/AZTMQh5T+HPGXOL7YTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzGI78PuoCmBpwsn5RG5d1LZuN7MB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvVE1ZanZ3LTZnS1lHbkN5ZmxFYmwzVXRtNDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubEZMA0G
CSqGSIb3DQEBCwUAA4IBAQA5pDq+/pJtXabpXFe6rMElnBeRxfgmF9q/ZVXcQ7ry
KtirksOEqvJc3dlX2yp4KZsQHPnOSHgYz/XdP66nvyfusJNjUB3dA7r3TBof0SU7
N6A8sxFjmMY4TCMq/MleqZM3q1onrTzoLtzqXYtWeAdO9uXjOadtATZy3E9Y18IP
3dvsFzPUtqM1YIQGGtU317ZpQvP39yUjv47OAby7jjZkd41W03/As6GwJbOazqXn
m/vhStA3yEGbGDrtpC54+TzSQ3GqTmVLXvLOV+8VIR5tIWJ4O+VkEy4vGbNQy0i3
dPSzIaOXW7DCsuDZ2N295lsgzk/MlI/JIlgis/p4a+1O
-----END CERTIFICATE-----