Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/tlt3xCB-nNMWv5uEHH-LzxfJzd8.roa
File:                     tlt3xCB-nNMWv5uEHH-LzxfJzd8.roa (raw, json)
Hash identifier:          jz99xs3SRIlWJkPYBQHw+peQcplkS8yGEnVMhjHEcxA=
Subject key identifier:   B6:5B:77:C4:20:7E:9C:D3:16:BF:9B:84:1C:7F:8B:CF:17:C9:CD:DF
Certificate issuer:       /CN=da3d2580c54980cab3db1356182ed8cc819ffc07
Certificate serial:       018E582F18A1EE34C794C37483E0BA852962
Authority key identifier: DA:3D:25:80:C5:49:80:CA:B3:DB:13:56:18:2E:D8:CC:81:9F:FC:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/tlt3xCB-nNMWv5uEHH-LzxfJzd8.roa
Signing time:             Tue 19 Mar 2024 19:27:45 +0000
ROA not before:           Tue 19 Mar 2024 19:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199883
IP address blocks:        185.43.208.0/22 maxlen: 24
                          2a01:6e60::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:2f:18:a1:ee:34:c7:94:c3:74:83:e0:ba:85:29:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da3d2580c54980cab3db1356182ed8cc819ffc07
        Validity
            Not Before: Mar 19 19:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b65b77c4207e9cd316bf9b841c7f8bcf17c9cddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:93:ac:8a:8c:05:53:5e:42:65:59:aa:93:ae:
                    dc:5b:af:6c:8a:fa:28:0b:ae:a1:3e:30:67:cf:69:
                    bd:2a:c8:28:7f:dc:06:2b:3c:fb:83:da:c6:75:65:
                    00:eb:66:62:8a:0a:4b:fd:ab:c9:9d:0b:c9:d6:4f:
                    d8:53:66:f6:fe:3c:7b:86:96:28:cd:36:5b:6f:3b:
                    ea:39:99:94:fb:ec:23:3f:54:15:94:e1:75:85:46:
                    51:b5:65:cb:42:9b:d7:e8:22:e8:ad:48:94:c2:6c:
                    d7:a6:bb:3f:60:87:c9:fe:36:66:9c:db:0e:af:d9:
                    5a:f2:98:eb:16:5c:3d:31:11:c5:22:26:93:af:06:
                    11:1a:61:69:44:a0:0e:58:5e:bb:36:08:83:ff:aa:
                    03:cf:24:33:e5:2c:a6:e6:96:f4:78:fd:6e:dc:62:
                    16:e6:12:c5:bf:5f:97:28:ff:20:29:2c:80:13:65:
                    60:ae:83:48:b2:9e:1d:00:3a:26:87:75:a2:ec:ec:
                    31:8d:63:dc:27:d1:4d:39:54:8e:34:53:33:a9:79:
                    4b:ed:69:1d:85:1f:2d:cc:d1:ca:74:60:53:49:88:
                    b2:66:cb:da:1d:68:29:da:ea:3e:41:b0:40:3e:e7:
                    60:33:b0:2e:2d:72:41:a1:8a:50:d7:d5:3a:01:22:
                    31:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:5B:77:C4:20:7E:9C:D3:16:BF:9B:84:1C:7F:8B:CF:17:C9:CD:DF
            X509v3 Authority Key Identifier:
                keyid:DA:3D:25:80:C5:49:80:CA:B3:DB:13:56:18:2E:D8:CC:81:9F:FC:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/tlt3xCB-nNMWv5uEHH-LzxfJzd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/57e627-a45a-4673-86d2-6f2f5b4de65d/1/2j0lgMVJgMqz2xNWGC7YzIGf_Ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.208.0/22
                IPv6:
                  2a01:6e60::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:60:41:76:aa:77:1e:4c:9d:30:12:bf:cf:7f:82:ef:13:39:
         c9:ca:f3:1a:e8:f3:53:ea:0a:71:78:a1:84:2c:e7:a9:9a:71:
         37:b1:43:26:b5:85:49:c6:e2:13:23:26:28:88:cb:23:03:db:
         bc:52:77:b1:0a:6d:bf:ac:97:ee:26:ac:d0:75:f7:24:1c:50:
         60:64:4b:de:67:36:ab:0d:1b:56:ff:16:41:28:69:b8:69:da:
         b4:3d:3b:16:df:cc:73:37:b6:8a:b1:61:e9:c5:a4:9a:bf:bc:
         fb:64:24:4c:aa:89:ac:5a:ca:e8:32:24:47:d1:5a:75:12:d6:
         95:cc:4e:92:d2:5e:56:c1:6d:28:19:e9:a2:47:37:c2:0a:7e:
         4b:4a:0e:77:05:eb:27:56:5d:71:5a:c7:ee:27:fc:e6:72:eb:
         8c:de:44:d3:23:5b:30:76:a6:fb:3b:bc:66:05:ed:87:05:f8:
         1d:05:bc:ac:69:bc:fe:d0:26:0c:66:45:97:81:9e:f4:a1:35:
         4f:a6:de:97:7d:6e:86:0c:51:29:23:6b:ca:f7:b1:86:b9:31:
         89:17:52:99:95:e8:0b:54:23:0d:70:68:6d:f5:66:42:89:0d:
         d1:70:07:3e:55:d0:e2:11:93:e1:9c:cd:c3:4a:c1:c7:b5:c7:
         0a:fe:dd:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5YLxih7jTHlMN0g+C6hSliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhM2QyNTgwYzU0OTgwY2FiM2RiMTM1NjE4MmVkOGNjODE5
ZmZjMDcwHhcNMjQwMzE5MTkyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjViNzdjNDIwN2U5Y2QzMTZiZjliODQxYzdmOGJjZjE3YzljZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpOsiowFU15CZVmqk67cW69sivoo
C66hPjBnz2m9Ksgof9wGKzz7g9rGdWUA62ZiigpL/avJnQvJ1k/YU2b2/jx7hpYo
zTZbbzvqOZmU++wjP1QVlOF1hUZRtWXLQpvX6CLorUiUwmzXprs/YIfJ/jZmnNsO
r9la8pjrFlw9MRHFIiaTrwYRGmFpRKAOWF67NgiD/6oDzyQz5Sym5pb0eP1u3GIW
5hLFv1+XKP8gKSyAE2VgroNIsp4dADomh3Wi7OwxjWPcJ9FNOVSONFMzqXlL7Wkd
hR8tzNHKdGBTSYiyZsvaHWgp2uo+QbBAPudgM7AuLXJBoYpQ19U6ASIxlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLZbd8QgfpzTFr+bhBx/i88Xyc3fMB8GA1UdIwQY
MBaAFNo9JYDFSYDKs9sTVhgu2MyBn/wHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmowbGdNVkpnTXF6MnhOV0dDN1l6SUdmX0FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi81N2U2MjctYTQ1YS00NjczLTg2ZDIt
NmYyZjViNGRlNjVkLzEvdGx0M3hDQi1uTk1XdjV1RUhILUx6eGZKemQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi81N2U2MjctYTQ1YS00NjczLTg2ZDItNmYyZjViNGRlNjVk
LzEvMmowbGdNVkpnTXF6MnhOV0dDN1l6SUdmX0FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSvQMA0E
AgACMAcDBQAqAW5gMA0GCSqGSIb3DQEBCwUAA4IBAQCXYEF2qnceTJ0wEr/Pf4Lv
EznJyvMa6PNT6gpxeKGELOepmnE3sUMmtYVJxuITIyYoiMsjA9u8UnexCm2/rJfu
JqzQdfckHFBgZEveZzarDRtW/xZBKGm4adq0PTsW38xzN7aKsWHpxaSav7z7ZCRM
qomsWsroMiRH0Vp1EtaVzE6S0l5WwW0oGemiRzfCCn5LSg53BesnVl1xWsfuJ/zm
cuuM3kTTI1swdqb7O7xmBe2HBfgdBbysabz+0CYMZkWXgZ70oTVPpt6XfW6GDFEp
I2vK97GGuTGJF1KZlegLVCMNcGht9WZCiQ3RcAc+VdDiEZPhnM3DSsHHtccK/t3h
-----END CERTIFICATE-----