Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/TMVTvvocHhSoDsWL7Gop_A-XcbA.roa
File:                     TMVTvvocHhSoDsWL7Gop_A-XcbA.roa (raw, json)
Hash identifier:          E0wX2XqjRkldYClNP8k3kdEQzlUZvocDrlmGwAKmRFY=
Subject key identifier:   4C:C5:53:BE:FA:1C:1E:14:A8:0E:C5:8B:EC:6A:29:FC:0F:97:71:B0
Certificate issuer:       /CN=0b84ea549f88211058b34bfcab0640c3030393c3
Certificate serial:       018CC26D0FAE6150FD18F4523D332D81D62F
Authority key identifier: 0B:84:EA:54:9F:88:21:10:58:B3:4B:FC:AB:06:40:C3:03:03:93:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/TMVTvvocHhSoDsWL7Gop_A-XcbA.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203408
IP address blocks:        185.237.161.0/24 maxlen: 24
                          185.237.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0f:ae:61:50:fd:18:f4:52:3d:33:2d:81:d6:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b84ea549f88211058b34bfcab0640c3030393c3
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc553befa1c1e14a80ec58bec6a29fc0f9771b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2c:fa:35:b8:28:c0:4e:99:11:da:d3:72:88:
                    72:10:61:f8:6b:85:ba:0b:a6:c1:6e:18:be:10:a8:
                    02:03:3e:22:a5:7d:3d:d6:ad:cf:6e:64:a5:86:7f:
                    a3:9d:5f:bf:2d:95:3a:db:c7:b2:8a:d8:12:65:33:
                    b7:db:86:91:4a:d4:5a:34:fd:a6:37:de:97:fe:a3:
                    c5:04:5f:7a:43:95:62:db:06:e0:e9:82:12:78:4f:
                    fa:08:d9:e1:5a:65:0c:0e:a7:86:38:ae:6c:b9:ee:
                    bf:37:92:87:e5:40:0d:91:81:9f:db:70:c3:d7:54:
                    23:e2:8f:20:40:a6:70:ca:c5:a1:c3:f4:1d:9f:9b:
                    39:b9:e1:21:09:b8:67:54:4e:25:33:e2:4e:85:7a:
                    2b:99:3d:65:05:1e:ac:8c:7f:f3:97:2f:32:40:3b:
                    99:43:41:10:f4:4b:d6:80:a7:6d:49:02:a5:33:01:
                    5b:f0:9c:7c:b6:25:ea:4e:7b:b2:e4:e6:2f:4c:07:
                    42:60:97:81:9f:a6:19:dc:49:0f:a1:8b:de:6f:a5:
                    c6:f1:41:29:b7:f5:0e:fa:54:cf:2d:e7:09:a5:10:
                    12:6b:e7:82:c1:c4:6e:93:03:46:a0:1b:c1:56:0e:
                    18:54:04:74:b4:1f:c0:4f:f8:8e:ae:d5:31:32:0a:
                    ea:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C5:53:BE:FA:1C:1E:14:A8:0E:C5:8B:EC:6A:29:FC:0F:97:71:B0
            X509v3 Authority Key Identifier:
                keyid:0B:84:EA:54:9F:88:21:10:58:B3:4B:FC:AB:06:40:C3:03:03:93:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/TMVTvvocHhSoDsWL7Gop_A-XcbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/2fc167-b357-4394-b4e8-c825be2813bc/1/C4TqVJ-IIRBYs0v8qwZAwwMDk8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:c5:8b:b6:06:c9:6d:40:79:8e:67:14:ed:9b:b4:b5:72:4e:
         eb:b7:d3:8c:20:33:2a:65:c3:2a:95:a5:45:f2:13:6a:ac:5c:
         05:fd:ed:b3:4d:02:ec:df:5e:b4:3e:31:ed:ea:3b:cd:f3:f4:
         d6:d0:2f:78:b0:b0:58:7e:76:b1:b8:a6:14:ac:3e:ef:ee:e3:
         99:1d:d6:6f:94:7a:88:a7:61:c9:26:ee:79:5b:49:42:aa:c0:
         63:14:79:a7:71:b9:5c:cd:80:e4:8b:4f:95:c5:e3:57:12:e9:
         49:ec:66:43:61:81:fb:ce:28:26:e8:df:93:81:86:d0:8b:18:
         2f:f4:17:b9:d8:86:b6:74:2c:0b:d8:00:6e:22:cb:d8:f1:cd:
         aa:f7:1b:21:23:67:f3:40:a4:1b:a2:f0:76:f5:6b:bf:37:ff:
         5a:88:65:08:9b:d4:b1:28:2d:4d:2b:fc:e3:ff:9f:6b:55:e2:
         25:65:a4:0f:ee:63:f0:5e:99:6f:58:ec:e0:37:7d:58:2f:65:
         52:10:e6:ab:15:fe:09:59:6f:c7:ec:14:60:24:29:54:c1:51:
         6b:aa:6e:0c:cb:ef:59:41:0f:03:1a:c5:a4:c8:07:3b:a3:0f:
         65:90:d8:2d:02:12:01:a1:9c:a3:00:e3:9d:d1:e2:03:43:ad:
         b5:b9:4f:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQ+uYVD9GPRSPTMtgdYvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiODRlYTU0OWY4ODIxMTA1OGIzNGJmY2FiMDY0MGMzMDMw
MzkzYzMwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M1NTNiZWZhMWMxZTE0YTgwZWM1OGJlYzZhMjlmYzBmOTc3MWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCz6NbgowE6ZEdrTcohyEGH4a4W6
C6bBbhi+EKgCAz4ipX091q3PbmSlhn+jnV+/LZU628eyitgSZTO324aRStRaNP2m
N96X/qPFBF96Q5Vi2wbg6YISeE/6CNnhWmUMDqeGOK5sue6/N5KH5UANkYGf23DD
11Qj4o8gQKZwysWhw/Qdn5s5ueEhCbhnVE4lM+JOhXormT1lBR6sjH/zly8yQDuZ
Q0EQ9EvWgKdtSQKlMwFb8Jx8tiXqTnuy5OYvTAdCYJeBn6YZ3EkPoYveb6XG8UEp
t/UO+lTPLecJpRASa+eCwcRukwNGoBvBVg4YVAR0tB/AT/iOrtUxMgrq/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzFU776HB4UqA7Fi+xqKfwPl3GwMB8GA1UdIwQY
MBaAFAuE6lSfiCEQWLNL/KsGQMMDA5PDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzRUcVZKLUlJUkJZczB2OHF3WkF3d01EazhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yZmMxNjctYjM1Ny00Mzk0LWI0ZTgt
YzgyNWJlMjgxM2JjLzEvVE1WVHZ2b2NIaFNvRHNXTDdHb3BfQS1YY2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yZmMxNjctYjM1Ny00Mzk0LWI0ZTgtYzgyNWJlMjgxM2Jj
LzEvQzRUcVZKLUlJUkJZczB2OHF3WkF3d01EazhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue2gMA0G
CSqGSIb3DQEBCwUAA4IBAQBgxYu2BsltQHmOZxTtm7S1ck7rt9OMIDMqZcMqlaVF
8hNqrFwF/e2zTQLs3160PjHt6jvN8/TW0C94sLBYfnaxuKYUrD7v7uOZHdZvlHqI
p2HJJu55W0lCqsBjFHmncblczYDki0+VxeNXEulJ7GZDYYH7zigm6N+TgYbQixgv
9Be52Ia2dCwL2ABuIsvY8c2q9xshI2fzQKQbovB29Wu/N/9aiGUIm9SxKC1NK/zj
/59rVeIlZaQP7mPwXplvWOzgN31YL2VSEOarFf4JWW/H7BRgJClUwVFrqm4My+9Z
QQ8DGsWkyAc7ow9lkNgtAhIBoZyjAOOd0eIDQ621uU+N
-----END CERTIFICATE-----