Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/TkJU9mWk_4vahWL4iFYhpEfr2Pc.roa
File:                     TkJU9mWk_4vahWL4iFYhpEfr2Pc.roa (raw, json)
Hash identifier:          LxQOWhmGmFVhAULOlIIRMN2kQUAKRse5Cc46eTJwd50=
Subject key identifier:   4E:42:54:F6:65:A4:FF:8B:DA:85:62:F8:88:56:21:A4:47:EB:D8:F7
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018D13D7F3E8B7714EFC8D0839E105D1752C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/TkJU9mWk_4vahWL4iFYhpEfr2Pc.roa
Signing time:             Tue 16 Jan 2024 19:55:36 +0000
ROA not before:           Tue 16 Jan 2024 19:55:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        185.159.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:f3:e8:b7:71:4e:fc:8d:08:39:e1:05:d1:75:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 16 19:55:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e4254f665a4ff8bda8562f8885621a447ebd8f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5a:b8:a7:56:de:cb:20:83:5d:5b:ab:10:08:
                    7e:b9:62:3d:07:bf:12:5d:ff:d0:90:ed:cb:c0:02:
                    be:6f:04:0f:b1:40:18:f7:e6:a8:45:a0:d8:aa:92:
                    74:dc:47:4e:de:a7:52:54:0b:d1:c3:05:cf:ad:8e:
                    d6:aa:14:c7:a3:41:84:58:41:32:bb:ab:a0:7f:ae:
                    fc:96:40:1d:f3:7a:4a:7b:08:8c:0b:24:00:62:83:
                    93:63:58:66:58:69:d3:8f:40:ba:fd:39:0c:c2:d6:
                    1d:90:51:20:f2:7d:e1:ae:39:4b:b3:01:a4:81:07:
                    07:26:49:7b:02:85:5f:f8:f3:a7:e1:ac:2d:a6:7c:
                    68:53:e3:af:f4:46:28:56:f6:2b:51:c4:39:18:66:
                    99:fb:ab:92:23:05:f1:cb:63:b1:db:92:f0:b7:a7:
                    a3:82:9a:85:05:4d:28:78:3c:6b:fe:24:c8:fa:f5:
                    16:e3:d4:b1:12:61:eb:80:06:49:b0:4f:9b:8c:bf:
                    2d:7a:8b:d6:dc:8b:c9:ec:7f:4f:bb:4b:83:32:c1:
                    1e:4c:8a:a3:89:4e:2d:0b:f9:83:95:f7:56:09:49:
                    68:01:a4:91:f3:9a:d7:77:c0:df:e0:79:3e:4c:20:
                    04:5e:85:1f:2d:9d:af:aa:2b:6e:1d:ed:7e:e9:f7:
                    81:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:42:54:F6:65:A4:FF:8B:DA:85:62:F8:88:56:21:A4:47:EB:D8:F7
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/TkJU9mWk_4vahWL4iFYhpEfr2Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:67:fd:86:30:90:90:11:4e:af:4c:d6:41:63:54:e9:cc:b4:
         9c:73:36:b7:b8:de:7c:3d:97:2d:43:27:1a:ae:85:ed:67:24:
         45:00:6f:2b:fc:0c:a7:b4:ad:75:d0:06:fb:fc:93:a8:f1:5a:
         15:5a:95:8f:53:be:6b:d5:cc:99:39:a4:e4:6c:d6:fd:c9:65:
         56:73:67:e9:6d:dc:f1:3f:28:1f:93:11:b5:38:1b:ec:92:3b:
         97:85:a6:28:18:3c:c7:eb:32:5e:cb:64:cb:fe:9f:92:c4:4a:
         59:7b:74:1c:b2:e6:5f:70:ba:1c:fe:ff:c5:5e:f8:23:20:4d:
         7f:55:55:5a:44:49:99:73:75:b1:f8:dd:e2:b9:47:b2:cc:32:
         5a:4d:63:76:f3:0a:e6:4c:93:bb:38:85:56:09:79:26:c6:67:
         9f:2e:b1:e3:a3:73:d1:e5:9d:94:52:5a:3e:33:e0:96:73:64:
         9b:5b:d2:46:5d:05:34:4e:4e:a3:1d:a8:15:23:16:fc:d1:63:
         b6:e3:88:b5:7a:5f:53:1e:9c:2d:01:43:3d:0d:ee:eb:88:df:
         2d:f1:1c:5c:f8:ea:b9:0d:eb:22:d2:64:b6:4c:c7:03:df:b8:
         2d:9c:f8:4b:af:62:9c:bc:22:9a:52:25:5d:3e:48:ee:0d:50:
         bc:80:89:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0T1/Pot3FO/I0IOeEF0XUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTE2MTk1NTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQyNTRmNjY1YTRmZjhiZGE4NTYyZjg4ODU2MjFhNDQ3ZWJkOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lq4p1beyyCDXVurEAh+uWI9B78S
Xf/QkO3LwAK+bwQPsUAY9+aoRaDYqpJ03EdO3qdSVAvRwwXPrY7WqhTHo0GEWEEy
u6ugf678lkAd83pKewiMCyQAYoOTY1hmWGnTj0C6/TkMwtYdkFEg8n3hrjlLswGk
gQcHJkl7AoVf+POn4awtpnxoU+Ov9EYoVvYrUcQ5GGaZ+6uSIwXxy2Ox25Lwt6ej
gpqFBU0oeDxr/iTI+vUW49SxEmHrgAZJsE+bjL8teovW3IvJ7H9Pu0uDMsEeTIqj
iU4tC/mDlfdWCUloAaSR85rXd8Df4Hk+TCAEXoUfLZ2vqituHe1+6feBwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5CVPZlpP+L2oVi+IhWIaRH69j3MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVGtKVTltV2tfNHZhaFdMNGlGWWhwRWZyMlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9UMA0G
CSqGSIb3DQEBCwUAA4IBAQBeZ/2GMJCQEU6vTNZBY1TpzLSccza3uN58PZctQyca
roXtZyRFAG8r/AyntK110Ab7/JOo8VoVWpWPU75r1cyZOaTkbNb9yWVWc2fpbdzx
PygfkxG1OBvskjuXhaYoGDzH6zJey2TL/p+SxEpZe3QcsuZfcLoc/v/FXvgjIE1/
VVVaREmZc3Wx+N3iuUeyzDJaTWN28wrmTJO7OIVWCXkmxmefLrHjo3PR5Z2UUlo+
M+CWc2SbW9JGXQU0Tk6jHagVIxb80WO244i1el9THpwtAUM9De7riN8t8Rxc+Oq5
Desi0mS2TMcD37gtnPhLr2KcvCKaUiVdPkjuDVC8gIlT
-----END CERTIFICATE-----