Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/TRHxqnVXgbvRUlGcM2meNVyY_BI.roa
File:                     TRHxqnVXgbvRUlGcM2meNVyY_BI.roa (raw, json)
Hash identifier:          FGgNqo4XgM5r0iNKWUOmNj2sBRGFYr0gkFiac83xGD4=
Subject key identifier:   4D:11:F1:AA:75:57:81:BB:D1:52:51:9C:33:69:9E:35:5C:98:FC:12
Certificate issuer:       /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial:       018CC86F7AE74FAAD8C0A2CE599672D4427D
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/TRHxqnVXgbvRUlGcM2meNVyY_BI.roa
Signing time:             Tue 02 Jan 2024 04:29:58 +0000
ROA not before:           Tue 02 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206495
IP address blocks:        185.188.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7a:e7:4f:aa:d8:c0:a2:ce:59:96:72:d4:42:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
        Validity
            Not Before: Jan  2 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d11f1aa755781bbd152519c33699e355c98fc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:49:67:24:3b:e8:8a:a3:5c:99:78:3e:ba:cb:
                    49:51:b7:58:74:e4:de:8b:2e:ed:d5:17:fd:e6:bd:
                    3c:f2:73:af:2d:4c:54:47:1d:ad:7f:57:b5:0c:aa:
                    c7:d5:59:fb:f8:cf:f2:43:fc:24:58:41:39:7d:ab:
                    fb:28:11:a2:75:69:61:89:82:63:90:db:19:44:97:
                    86:53:7a:c4:c0:35:c8:4d:45:7e:62:8d:d4:12:f8:
                    e8:0b:fe:d6:69:ec:12:8c:fb:c2:4e:2c:83:96:dd:
                    ad:57:00:73:29:59:89:db:80:07:3a:b9:cd:6b:66:
                    1c:7c:40:1a:45:9a:93:16:ca:9b:2d:04:27:68:e5:
                    f4:08:ed:79:ef:79:1c:b3:06:fd:f7:83:83:44:ea:
                    f6:6d:d5:cc:9e:96:02:33:9e:c8:fc:0f:7f:dd:7d:
                    56:8f:97:c0:a2:85:94:c3:77:27:f8:2c:41:32:29:
                    28:e1:c3:59:54:19:8a:19:1e:b5:07:f5:17:df:1a:
                    6f:62:40:7f:d5:c5:0c:ab:df:68:f4:e9:d7:6e:8d:
                    ae:3b:9c:17:ee:18:6e:55:72:ae:6d:65:8b:d5:7e:
                    e3:d9:69:93:12:a4:50:02:23:33:0a:fb:13:90:b2:
                    66:21:81:0e:de:3f:03:22:1c:d0:c8:34:cb:f8:e5:
                    01:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:11:F1:AA:75:57:81:BB:D1:52:51:9C:33:69:9E:35:5C:98:FC:12
            X509v3 Authority Key Identifier:
                keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/TRHxqnVXgbvRUlGcM2meNVyY_BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:7d:ad:ec:7c:23:ee:09:a9:d8:cc:7a:0d:75:f7:1c:30:85:
         c8:18:e5:0b:e1:fb:ae:5d:71:75:96:7a:8a:0c:59:0f:da:8e:
         4b:9e:4e:c3:7c:7e:61:b7:de:aa:71:fa:34:09:37:5f:c4:de:
         ab:1f:32:a0:ce:e9:e1:f9:c3:78:56:7d:41:38:1e:04:37:bd:
         3f:6e:76:5b:1e:9d:02:79:5f:79:43:6d:44:02:06:6b:a9:0b:
         c0:b2:35:33:9b:a3:5c:10:08:1b:bc:57:56:bd:59:d0:ca:ed:
         c4:3f:b2:11:94:71:9c:4e:3c:58:6f:08:cd:84:c2:4a:63:70:
         a4:94:07:41:ee:d2:01:c8:40:f0:f6:fc:c6:40:a6:34:d4:87:
         e7:fb:f4:33:79:c3:21:8e:f9:bd:a8:05:a4:0e:4e:fb:26:bc:
         17:9b:87:07:18:dd:c9:7b:e8:9b:42:9c:64:bc:6e:00:da:4a:
         61:09:b3:7a:d9:df:0e:1a:07:13:ba:e4:e2:78:a2:d3:a1:62:
         9a:cb:8e:07:eb:2f:45:02:28:a7:1e:f4:c6:95:a2:75:ae:d6:
         25:fd:2e:08:8c:82:cb:7e:95:40:81:e0:45:7b:cd:f6:f4:47:
         d1:6e:9f:2a:0a:9b:c7:da:62:58:1b:cb:4d:b4:3b:43:e9:f3:
         0d:49:f1:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3rnT6rYwKLOWZZy1EJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyM2Q5MzA1NGYwNjNjZjhhMjkxODYxNzM1ZjkwMDU5YWI5
ZWMxNjkwHhcNMjQwMTAyMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDExZjFhYTc1NTc4MWJiZDE1MjUxOWMzMzY5OWUzNTVjOThmYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0lnJDvoiqNcmXg+ustJUbdYdOTe
iy7t1Rf95r088nOvLUxURx2tf1e1DKrH1Vn7+M/yQ/wkWEE5fav7KBGidWlhiYJj
kNsZRJeGU3rEwDXITUV+Yo3UEvjoC/7WaewSjPvCTiyDlt2tVwBzKVmJ24AHOrnN
a2YcfEAaRZqTFsqbLQQnaOX0CO1573kcswb994ODROr2bdXMnpYCM57I/A9/3X1W
j5fAooWUw3cn+CxBMiko4cNZVBmKGR61B/UX3xpvYkB/1cUMq99o9OnXbo2uO5wX
7hhuVXKubWWL1X7j2WmTEqRQAiMzCvsTkLJmIYEO3j8DIhzQyDTL+OUBEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0R8ap1V4G70VJRnDNpnjVcmPwSMB8GA1UdIwQY
MBaAFEI9kwVPBjz4opGGFzX5AFmrnsFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgt
NWYxYjY5MDQ4ZmUyLzEvVFJIeHFuVlhnYnZSVWxHY00ybWVOVnlZX0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgtNWYxYjY5MDQ4ZmUy
LzEvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubxxMA0G
CSqGSIb3DQEBCwUAA4IBAQCVfa3sfCPuCanYzHoNdfccMIXIGOUL4fuuXXF1lnqK
DFkP2o5Lnk7DfH5ht96qcfo0CTdfxN6rHzKgzunh+cN4Vn1BOB4EN70/bnZbHp0C
eV95Q21EAgZrqQvAsjUzm6NcEAgbvFdWvVnQyu3EP7IRlHGcTjxYbwjNhMJKY3Ck
lAdB7tIByEDw9vzGQKY01Ifn+/QzecMhjvm9qAWkDk77JrwXm4cHGN3Je+ibQpxk
vG4A2kphCbN62d8OGgcTuuTieKLToWKay44H6y9FAiinHvTGlaJ1rtYl/S4IjILL
fpVAgeBFe8329EfRbp8qCpvH2mJYG8tNtDtD6fMNSfEc
-----END CERTIFICATE-----