Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/Tg7Uj_wUacafNZguHR1UYvPA0I4.roa
File:                     Tg7Uj_wUacafNZguHR1UYvPA0I4.roa (raw, json)
Hash identifier:          XiApEj7wzE+AwL+2FmssKhnOlbz8ymOwb/O1Cogq7qM=
Subject key identifier:   4E:0E:D4:8F:FC:14:69:C6:9F:35:98:2E:1D:1D:54:62:F3:C0:D0:8E
Certificate issuer:       /CN=7b597a4b0fe486e6e5c85b9ee03e729bdec7e7bd
Certificate serial:       018CC3493967681EFA0C8BF3AFE1AF44D66F
Authority key identifier: 7B:59:7A:4B:0F:E4:86:E6:E5:C8:5B:9E:E0:3E:72:9B:DE:C7:E7:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1l6Sw_khublyFue4D5ym97H570.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/Tg7Uj_wUacafNZguHR1UYvPA0I4.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42093
IP address blocks:        185.140.20.0/22 maxlen: 22
                          2a07:3c00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/e1l6Sw_khublyFue4D5ym97H570.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/e1l6Sw_khublyFue4D5ym97H570.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1l6Sw_khublyFue4D5ym97H570.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:39:67:68:1e:fa:0c:8b:f3:af:e1:af:44:d6:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b597a4b0fe486e6e5c85b9ee03e729bdec7e7bd
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e0ed48ffc1469c69f35982e1d1d5462f3c0d08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f4:a4:97:62:85:52:41:d1:ec:a4:0d:36:da:
                    6b:0c:90:38:c6:ad:e7:dc:83:94:a8:1d:cb:43:7a:
                    6b:e1:31:f3:2d:7a:ba:d4:e0:cd:eb:80:2b:6e:a2:
                    f6:30:45:33:91:54:e9:10:0d:b5:f1:f4:55:93:6c:
                    be:55:06:b1:e6:ab:4f:2f:25:bb:18:c4:fb:ca:8e:
                    82:bf:e4:4e:03:e5:48:9d:5f:7d:c8:03:11:cb:27:
                    70:8f:e9:c8:3a:b9:54:ea:b0:69:bf:69:6b:b7:f0:
                    7c:d6:95:f9:34:dc:75:99:71:9b:d5:0d:61:0c:72:
                    2f:5b:14:86:c9:ea:b5:96:2a:9d:89:86:14:65:b3:
                    c9:83:ca:c9:85:9c:c2:4f:e6:37:a9:55:1a:d9:26:
                    77:58:d2:07:84:95:ad:64:c6:4c:6d:63:c9:85:00:
                    c8:b1:83:82:91:72:6f:89:9f:6f:78:bf:b5:19:c0:
                    70:c6:20:af:35:2d:e4:c8:a7:70:60:28:6f:8f:e5:
                    d5:19:5e:f2:54:85:dd:3f:3c:20:bd:4a:83:16:36:
                    36:ec:ba:2a:cf:79:e5:ef:3c:03:2c:6e:ba:28:b1:
                    75:86:03:1d:f4:39:0f:21:87:74:ef:af:7e:02:6e:
                    3f:c0:67:78:c1:ec:4f:58:d5:a4:91:af:e9:39:53:
                    d4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:0E:D4:8F:FC:14:69:C6:9F:35:98:2E:1D:1D:54:62:F3:C0:D0:8E
            X509v3 Authority Key Identifier:
                keyid:7B:59:7A:4B:0F:E4:86:E6:E5:C8:5B:9E:E0:3E:72:9B:DE:C7:E7:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1l6Sw_khublyFue4D5ym97H570.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/Tg7Uj_wUacafNZguHR1UYvPA0I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f04636-b295-4ac8-a86f-e7a382750bb9/1/e1l6Sw_khublyFue4D5ym97H570.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.20.0/22
                IPv6:
                  2a07:3c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:6b:5f:ea:c7:00:a5:95:00:c5:d1:13:a9:76:3d:ed:c4:78:
         ae:85:2e:ff:bd:75:0f:95:6a:08:f6:5a:ab:06:eb:c5:30:7c:
         cb:4b:ea:95:57:d3:91:5e:6a:da:cd:f5:02:c7:f7:dc:ef:67:
         db:5d:fa:47:40:f1:1b:59:ff:4d:c2:ba:12:44:80:62:5a:d3:
         02:21:b6:5e:14:8e:64:22:91:a9:0e:fa:a5:b6:70:83:93:79:
         d7:a6:ee:d8:9e:d2:ec:50:41:e0:a0:22:ca:37:79:42:18:61:
         dc:56:dc:c1:96:d0:3b:fc:05:90:9d:35:c3:b8:53:f2:39:fb:
         15:d5:6d:a3:e8:b0:fe:03:6b:bf:00:e6:b4:4e:e1:94:09:8a:
         75:8a:68:82:91:a0:04:04:1d:e1:73:34:9e:eb:a5:fe:ac:8a:
         0e:59:41:82:98:89:db:3c:98:88:0b:29:39:f5:e7:97:fa:12:
         83:0b:ed:53:2f:3d:28:f2:16:32:ad:59:33:fd:c7:75:4b:cf:
         6f:d5:aa:5c:b6:96:1c:80:49:c7:45:bd:a4:28:61:55:35:d6:
         9f:fc:ff:cf:bd:e0:a7:69:2a:0f:d9:e5:d5:84:34:5b:7a:2c:
         23:26:50:b4:18:db:0b:a1:e9:b7:18:bc:4f:d2:33:1d:79:68:
         44:0f:54:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSTlnaB76DIvzr+GvRNZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNTk3YTRiMGZlNDg2ZTZlNWM4NWI5ZWUwM2U3MjliZGVj
N2U3YmQwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBlZDQ4ZmZjMTQ2OWM2OWYzNTk4MmUxZDFkNTQ2MmYzYzBkMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvSkl2KFUkHR7KQNNtprDJA4xq3n
3IOUqB3LQ3pr4THzLXq61ODN64ArbqL2MEUzkVTpEA218fRVk2y+VQax5qtPLyW7
GMT7yo6Cv+ROA+VInV99yAMRyydwj+nIOrlU6rBpv2lrt/B81pX5NNx1mXGb1Q1h
DHIvWxSGyeq1liqdiYYUZbPJg8rJhZzCT+Y3qVUa2SZ3WNIHhJWtZMZMbWPJhQDI
sYOCkXJviZ9veL+1GcBwxiCvNS3kyKdwYChvj+XVGV7yVIXdPzwgvUqDFjY27Loq
z3nl7zwDLG66KLF1hgMd9DkPIYd0769+Am4/wGd4wexPWNWkka/pOVPULQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE4O1I/8FGnGnzWYLh0dVGLzwNCOMB8GA1UdIwQY
MBaAFHtZeksP5Ibm5chbnuA+cpvex+e9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTFsNlN3X2todWJseUZ1ZTRENXltOTdINTcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDQ2MzYtYjI5NS00YWM4LWE4NmYt
ZTdhMzgyNzUwYmI5LzEvVGc3VWpfd1VhY2FmTlpndUhSMVVZdlBBMEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDQ2MzYtYjI5NS00YWM4LWE4NmYtZTdhMzgyNzUwYmI5
LzEvZTFsNlN3X2todWJseUZ1ZTRENXltOTdINTcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYwUMA0E
AgACMAcDBQMqBzwAMA0GCSqGSIb3DQEBCwUAA4IBAQCja1/qxwCllQDF0ROpdj3t
xHiuhS7/vXUPlWoI9lqrBuvFMHzLS+qVV9ORXmrazfUCx/fc72fbXfpHQPEbWf9N
wroSRIBiWtMCIbZeFI5kIpGpDvqltnCDk3nXpu7YntLsUEHgoCLKN3lCGGHcVtzB
ltA7/AWQnTXDuFPyOfsV1W2j6LD+A2u/AOa0TuGUCYp1imiCkaAEBB3hczSe66X+
rIoOWUGCmInbPJiICyk59eeX+hKDC+1TLz0o8hYyrVkz/cd1S89v1apctpYcgEnH
Rb2kKGFVNdaf/P/PveCnaSoP2eXVhDRbeiwjJlC0GNsLoem3GLxP0jMdeWhED1TE
-----END CERTIFICATE-----