Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/TFoxFphTzuHyhh7yt8aJpg4TC2w.roa
File:                     TFoxFphTzuHyhh7yt8aJpg4TC2w.roa (raw, json)
Hash identifier:          Xe/WVQXeKSMyd6z0dl2AkbWD87EzLKH/vT+lTDdSowA=
Subject key identifier:   4C:5A:31:16:98:53:CE:E1:F2:86:1E:F2:B7:C6:89:A6:0E:13:0B:6C
Certificate issuer:       /CN=47f29d2bd15e024bb97e72b21242b523dc915181
Certificate serial:       018CC2DAC4DDDE0F680A40487EF548425BD7
Authority key identifier: 47:F2:9D:2B:D1:5E:02:4B:B9:7E:72:B2:12:42:B5:23:DC:91:51:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/TFoxFphTzuHyhh7yt8aJpg4TC2w.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        185.53.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c4:dd:de:0f:68:0a:40:48:7e:f5:48:42:5b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47f29d2bd15e024bb97e72b21242b523dc915181
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5a31169853cee1f2861ef2b7c689a60e130b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ec:9f:ab:34:7c:76:37:1f:55:0d:2a:de:2e:
                    83:6b:d9:7b:c5:53:43:9a:37:ab:de:5e:e2:78:3c:
                    30:e0:09:89:eb:ef:08:62:ed:a0:d4:ae:84:01:a3:
                    ad:f8:28:30:f1:9e:98:8b:f2:65:86:5a:8b:29:05:
                    0a:b2:b9:91:e0:e2:89:d4:74:1c:be:72:37:59:1a:
                    81:ed:02:bd:5b:01:13:13:c9:10:45:a7:ea:a0:6a:
                    70:3a:db:a9:7e:99:33:0b:d8:d0:d2:d5:51:d2:f1:
                    0f:87:a7:cd:86:3c:4a:26:b0:63:90:c1:08:5e:f8:
                    0d:65:6f:4b:5c:bf:03:70:fe:e3:b4:a4:6e:bf:1d:
                    9e:8e:30:49:8d:6b:df:d5:ba:11:68:89:5e:8d:17:
                    4b:21:70:25:f7:86:3a:c9:6f:15:34:10:8f:e9:4a:
                    3d:87:8b:d3:86:34:e0:e2:63:a0:4f:c1:24:a4:3d:
                    23:ec:94:bd:e0:f8:40:9e:7e:46:2b:e9:d8:2d:6b:
                    5a:1f:4c:85:71:60:d7:9b:62:fc:e0:f7:bf:61:73:
                    93:61:38:d2:df:dc:7a:72:1d:e2:ac:7d:e0:52:1c:
                    a2:07:e3:7a:d9:d2:bd:b1:fa:3f:62:78:e2:0b:26:
                    b5:c9:d9:46:19:55:cd:45:62:c8:d8:c8:3d:13:96:
                    97:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5A:31:16:98:53:CE:E1:F2:86:1E:F2:B7:C6:89:A6:0E:13:0B:6C
            X509v3 Authority Key Identifier:
                keyid:47:F2:9D:2B:D1:5E:02:4B:B9:7E:72:B2:12:42:B5:23:DC:91:51:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/TFoxFphTzuHyhh7yt8aJpg4TC2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:8d:93:3e:2b:f8:3b:a8:71:8a:db:25:43:b0:f8:e3:02:4e:
         cf:56:12:b1:e5:75:ca:26:6c:bc:93:b5:f9:ea:bf:36:94:6f:
         1e:d3:a2:20:a7:60:af:75:26:cb:db:0c:38:77:41:83:7d:0e:
         94:dd:bc:f8:67:59:da:aa:92:22:e4:cd:60:6b:a3:12:c8:17:
         bc:d1:f8:34:7f:90:49:18:4c:27:eb:0a:91:5b:d2:01:e9:56:
         ab:8d:c4:2a:ea:c9:a1:03:63:59:d6:97:ba:25:39:cd:66:af:
         aa:5e:4a:24:d4:33:aa:3b:c7:3b:ed:39:95:16:4f:9a:22:3f:
         a1:ea:1c:4f:e3:2e:ec:c6:c9:e7:db:5c:29:f8:9f:d4:a8:1b:
         3f:2b:cf:3b:a0:35:37:82:19:43:10:b7:d9:6a:64:b8:7c:55:
         40:04:90:f6:9a:03:8b:b4:61:66:82:1a:4e:42:8a:a5:8a:39:
         56:30:b9:ab:57:a6:6d:15:a7:75:9e:15:c0:9a:db:94:0f:bc:
         3d:74:f3:47:ef:86:04:d1:4a:40:9c:91:ac:be:1a:c9:53:c6:
         97:07:e0:0a:34:a7:8f:b6:b3:62:7b:5a:8d:c2:80:b9:1f:5c:
         ba:cd:ea:f3:b0:d2:e2:c6:c7:4d:e4:46:9d:ca:bf:bd:22:e9:
         e9:4e:0a:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sTd3g9oCkBIfvVIQlvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZjI5ZDJiZDE1ZTAyNGJiOTdlNzJiMjEyNDJiNTIzZGM5
MTUxODEwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVhMzExNjk4NTNjZWUxZjI4NjFlZjJiN2M2ODlhNjBlMTMwYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuyfqzR8djcfVQ0q3i6Da9l7xVND
mjer3l7ieDww4AmJ6+8IYu2g1K6EAaOt+Cgw8Z6Yi/JlhlqLKQUKsrmR4OKJ1HQc
vnI3WRqB7QK9WwETE8kQRafqoGpwOtupfpkzC9jQ0tVR0vEPh6fNhjxKJrBjkMEI
XvgNZW9LXL8DcP7jtKRuvx2ejjBJjWvf1boRaIlejRdLIXAl94Y6yW8VNBCP6Uo9
h4vThjTg4mOgT8EkpD0j7JS94PhAnn5GK+nYLWtaH0yFcWDXm2L84Pe/YXOTYTjS
39x6ch3irH3gUhyiB+N62dK9sfo/YnjiCya1ydlGGVXNRWLI2Mg9E5aXmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExaMRaYU87h8oYe8rfGiaYOEwtsMB8GA1UdIwQY
MBaAFEfynSvRXgJLuX5yshJCtSPckVGBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUl9LZEs5RmVBa3U1Zm5LeUVrSzFJOXlSVVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMzI1OTgtMmE5NS00M2M0LTliNmEt
MDE2NjUzMmRhYzU2LzEvVEZveEZwaFR6dUh5aGg3eXQ4YUpwZzRUQzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMzI1OTgtMmE5NS00M2M0LTliNmEtMDE2NjUzMmRhYzU2
LzEvUl9LZEs5RmVBa3U1Zm5LeUVrSzFJOXlSVVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTVsMA0G
CSqGSIb3DQEBCwUAA4IBAQCkjZM+K/g7qHGK2yVDsPjjAk7PVhKx5XXKJmy8k7X5
6r82lG8e06Igp2CvdSbL2ww4d0GDfQ6U3bz4Z1naqpIi5M1ga6MSyBe80fg0f5BJ
GEwn6wqRW9IB6VarjcQq6smhA2NZ1pe6JTnNZq+qXkok1DOqO8c77TmVFk+aIj+h
6hxP4y7sxsnn21wp+J/UqBs/K887oDU3ghlDELfZamS4fFVABJD2mgOLtGFmghpO
QoqlijlWMLmrV6ZtFad1nhXAmtuUD7w9dPNH74YE0UpAnJGsvhrJU8aXB+AKNKeP
trNie1qNwoC5H1y6zerzsNLixsdN5Eadyr+9IunpTgq7
-----END CERTIFICATE-----