Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/TfU2d4TFPFwgQgI0kY-LD7n2NV8.roa
File:                     TfU2d4TFPFwgQgI0kY-LD7n2NV8.roa (raw, json)
Hash identifier:          sK0QjRw+rPZkQ1emq3BGagE4+cJ9ZYhQrhwr1TqIt7w=
Subject key identifier:   4D:F5:36:77:84:C5:3C:5C:20:42:02:34:91:8F:8B:0F:B9:F6:35:5F
Certificate issuer:       /CN=65cd7803f41fe499e800664e0aacadee19b66d9d
Certificate serial:       018CC3491E22281E0410D5F8AFDBC2ACB622
Authority key identifier: 65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/TfU2d4TFPFwgQgI0kY-LD7n2NV8.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34622
IP address blocks:        85.197.128.0/18 maxlen: 18
                          2a05:e840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1e:22:28:1e:04:10:d5:f8:af:db:c2:ac:b6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65cd7803f41fe499e800664e0aacadee19b66d9d
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4df5367784c53c5c20420234918f8b0fb9f6355f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ff:c8:b5:43:ff:4b:89:2a:57:75:b3:86:55:
                    90:90:8a:3c:ad:85:77:5d:a6:40:df:78:c7:0b:66:
                    32:87:75:97:1c:09:21:f0:04:aa:53:29:eb:2a:cc:
                    be:9a:3c:e7:89:ff:e3:1b:db:bf:f6:06:b2:22:8c:
                    27:d2:db:ac:8b:8e:28:c5:25:ee:dc:07:69:bb:eb:
                    79:28:c7:fe:28:6e:9f:eb:1b:f3:3a:18:45:72:1d:
                    8b:0a:e6:84:c4:ba:95:08:de:b4:15:21:ba:56:50:
                    85:b4:ac:56:40:8a:90:a6:39:6e:7f:37:40:68:81:
                    b4:95:27:fa:0d:6c:2f:f1:a8:26:d8:3e:1f:0d:ea:
                    5f:2d:48:00:9c:95:68:7b:6f:0f:cd:6a:eb:ee:a3:
                    b7:40:8d:b1:8b:44:5a:6d:11:82:99:de:d1:79:ec:
                    fc:b1:43:c8:11:d8:1b:b7:b2:5f:dc:36:dd:bc:9d:
                    63:2f:48:48:a1:ca:28:d3:ba:96:64:fd:ee:38:4a:
                    c2:84:ca:a5:9e:7b:18:66:82:0c:e1:e4:e6:73:3b:
                    b4:f6:b0:3e:45:58:2c:5b:df:0c:87:28:d2:83:73:
                    da:85:f8:4e:6a:5e:06:04:fb:e3:b3:81:64:aa:42:
                    e3:88:95:1e:43:ac:32:1c:90:22:e5:9b:e5:b8:d3:
                    d0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F5:36:77:84:C5:3C:5C:20:42:02:34:91:8F:8B:0F:B9:F6:35:5F
            X509v3 Authority Key Identifier:
                keyid:65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/TfU2d4TFPFwgQgI0kY-LD7n2NV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.197.128.0/18
                IPv6:
                  2a05:e840::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:41:3f:34:43:08:14:5a:37:ae:68:2e:02:49:1d:7d:b2:84:
         a2:9b:04:c9:14:e1:bf:c4:25:e2:a0:1e:3c:e4:10:f1:66:fd:
         79:ad:f6:f6:a2:e2:bf:49:2b:ca:b3:d0:d0:22:c1:f6:93:0e:
         5c:47:59:39:32:28:fb:b9:11:98:fc:46:1e:71:52:59:fc:32:
         b7:01:34:d3:72:66:b0:8a:4b:f2:71:00:47:20:eb:49:72:4f:
         fc:34:26:f9:e8:09:7e:02:8e:05:ca:7a:bd:c1:89:5d:74:9d:
         2a:c0:3f:8f:d5:82:00:9e:b9:3b:16:de:c4:87:54:73:03:ef:
         58:81:36:03:2b:23:d9:e9:ec:84:71:ed:9d:6c:ac:cb:2b:78:
         34:7f:3d:49:e3:fe:da:f6:d3:b1:c4:e7:e8:cb:17:40:1b:8a:
         9c:d8:d8:8b:5d:11:e8:bb:33:b2:0c:7e:6a:0a:fa:9d:61:d5:
         71:4d:fd:ed:2b:69:70:14:c1:b6:05:cd:a2:20:b9:e6:8f:23:
         03:06:bc:e2:db:d6:22:42:39:51:a6:d3:2e:8c:d5:d5:39:2f:
         67:b6:ef:ad:71:17:2c:e6:18:0b:bf:5f:2b:bc:c7:3e:ca:db:
         85:6a:be:0e:37:39:a6:00:f5:be:8a:3c:30:dc:d4:ba:b5:5e:
         8e:ef:61:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSR4iKB4EENX4r9vCrLYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1Y2Q3ODAzZjQxZmU0OTllODAwNjY0ZTBhYWNhZGVlMTli
NjZkOWQwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY1MzY3Nzg0YzUzYzVjMjA0MjAyMzQ5MThmOGIwZmI5ZjYzNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkf/ItUP/S4kqV3WzhlWQkIo8rYV3
XaZA33jHC2Yyh3WXHAkh8ASqUynrKsy+mjznif/jG9u/9gayIown0tusi44oxSXu
3Adpu+t5KMf+KG6f6xvzOhhFch2LCuaExLqVCN60FSG6VlCFtKxWQIqQpjlufzdA
aIG0lSf6DWwv8agm2D4fDepfLUgAnJVoe28PzWrr7qO3QI2xi0RabRGCmd7Reez8
sUPIEdgbt7Jf3DbdvJ1jL0hIocoo07qWZP3uOErChMqlnnsYZoIM4eTmczu09rA+
RVgsW98MhyjSg3PahfhOal4GBPvjs4FkqkLjiJUeQ6wyHJAi5ZvluNPQUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE31NneExTxcIEICNJGPiw+59jVfMB8GA1UdIwQY
MBaAFGXNeAP0H+SZ6ABmTgqsre4Ztm2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEt
Zjk2YmZiMDRlNjQ1LzEvVGZVMmQ0VEZQRndnUWdJMGtZLUxEN24yTlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEtZjk2YmZiMDRlNjQ1
LzEvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGVcWAMA0E
AgACMAcDBQMqBehAMA0GCSqGSIb3DQEBCwUAA4IBAQA4QT80QwgUWjeuaC4CSR19
soSimwTJFOG/xCXioB485BDxZv15rfb2ouK/SSvKs9DQIsH2kw5cR1k5Mij7uRGY
/EYecVJZ/DK3ATTTcmawikvycQBHIOtJck/8NCb56Al+Ao4Fynq9wYlddJ0qwD+P
1YIAnrk7Ft7Eh1RzA+9YgTYDKyPZ6eyEce2dbKzLK3g0fz1J4/7a9tOxxOfoyxdA
G4qc2NiLXRHouzOyDH5qCvqdYdVxTf3tK2lwFMG2Bc2iILnmjyMDBrzi29YiQjlR
ptMujNXVOS9ntu+tcRcs5hgLv18rvMc+ytuFar4ONzmmAPW+ijww3NS6tV6O72FI
-----END CERTIFICATE-----