Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/1-TW7-mIFR3nf7NPgSQ0A4ZRajCs.roa
File:                     1-TW7-mIFR3nf7NPgSQ0A4ZRajCs.roa (raw, json)
Hash identifier:          Iz8ROVBSC72j52gY4Xmk9KuLztIvtWbMkh96ET20xeE=
Subject key identifier:   F9:35:BB:FA:62:05:47:79:DF:EC:D3:E0:49:0D:00:E1:94:5A:8C:2B
Certificate issuer:       /CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
Certificate serial:       018CCA9945802C3D5A76B566C2048707E5BA
Authority key identifier: 1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/1-TW7-mIFR3nf7NPgSQ0A4ZRajCs.roa
Signing time:             Tue 02 Jan 2024 14:34:51 +0000
ROA not before:           Tue 02 Jan 2024 14:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203936
IP address blocks:        185.238.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:45:80:2c:3d:5a:76:b5:66:c2:04:87:07:e5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
        Validity
            Not Before: Jan  2 14:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f935bbfa62054779dfecd3e0490d00e1945a8c2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5c:e2:41:7f:a0:73:e3:5d:83:c3:a4:de:a9:
                    10:00:f6:4d:32:ef:00:72:86:7e:71:a9:2d:4d:93:
                    5a:02:d3:8e:ee:b9:cd:cc:1a:e6:dc:9e:65:f7:e2:
                    0d:7c:ba:f0:3f:5d:29:11:5b:5f:24:bf:6b:1c:63:
                    3f:6f:63:96:ac:13:db:cc:1d:5a:42:36:f0:03:d2:
                    5d:bb:a5:cb:00:93:b2:3f:db:98:35:7f:c6:86:2e:
                    88:55:d6:ee:04:a1:f9:d5:f4:91:b9:16:a8:86:1b:
                    f9:c0:31:2f:5f:a9:8f:cf:01:68:5f:d5:01:78:2c:
                    73:21:a7:54:c6:e7:13:a3:51:79:01:ea:e0:ed:f6:
                    9c:d6:90:e0:af:82:93:9e:08:e8:99:ef:4c:a7:3a:
                    c3:cf:6e:63:ca:70:f4:ef:11:ef:06:03:0e:5d:3c:
                    1a:8e:f6:b6:43:d1:33:63:e8:3c:44:1a:56:18:72:
                    f8:36:00:0a:51:2b:71:c7:c6:87:00:07:2f:c5:82:
                    cd:dd:03:7a:43:a4:26:d3:41:f6:45:7c:89:e7:d3:
                    c8:62:9e:83:b6:5c:db:9b:75:d7:b5:bb:b0:36:df:
                    da:32:c9:9d:24:d4:99:ab:3b:27:53:61:a7:55:bf:
                    63:c3:67:5d:16:a7:51:72:7a:f6:e1:bd:3a:9a:68:
                    c0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:35:BB:FA:62:05:47:79:DF:EC:D3:E0:49:0D:00:E1:94:5A:8C:2B
            X509v3 Authority Key Identifier:
                keyid:1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/1-TW7-mIFR3nf7NPgSQ0A4ZRajCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:05:bc:2b:c4:d7:7f:c9:58:ce:66:b3:f1:05:1a:70:79:f2:
         b9:48:59:1b:1c:d4:4e:ee:cc:f2:d7:91:c4:5f:9e:45:f3:f0:
         cc:a2:07:19:61:68:f2:8a:26:da:63:0a:4a:c0:59:32:1a:1c:
         78:b0:8c:00:8c:57:a4:e2:77:b6:bc:0a:a7:25:c1:0f:59:8f:
         b2:15:9e:46:dd:60:08:cb:9c:4d:3f:ba:52:84:02:d1:f2:5f:
         a4:5d:96:e1:d5:18:de:43:f7:d6:7d:b5:f4:9f:6d:5f:6e:88:
         43:76:33:2b:49:4e:ad:6f:b9:ad:4a:c7:1a:42:b5:42:7a:4e:
         91:92:57:24:23:dd:0a:32:bb:93:96:9b:24:73:e7:f2:6c:f2:
         ca:eb:ea:dd:2f:b9:72:0d:0e:c9:ee:92:47:c2:4c:bd:9d:a8:
         4f:fa:44:ef:cb:cf:67:d0:06:ae:91:c7:ce:e4:f0:78:e3:f9:
         b3:89:3f:ad:c7:10:ee:7d:d1:2d:e1:53:6b:1a:d0:7a:48:12:
         35:59:bf:12:ec:0b:a2:4b:0f:cb:89:dd:92:d8:db:1c:be:81:
         2d:8b:bc:81:00:35:b0:97:c0:a6:14:6a:45:17:0d:94:4b:66:
         5e:ee:a6:6a:68:67:0c:57:1a:ef:d0:0c:da:b3:d2:60:a2:2e:
         7a:c9:50:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKmUWALD1adrVmwgSHB+W6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGM3ZTdiYjI3YzUzM2E5OTdkMjc3Y2FkZDQxN2VjN2Jk
Mjg0ZjAwHhcNMjQwMTAyMTQzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTM1YmJmYTYyMDU0Nzc5ZGZlY2QzZTA0OTBkMDBlMTk0NWE4YzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlziQX+gc+Ndg8Ok3qkQAPZNMu8A
coZ+caktTZNaAtOO7rnNzBrm3J5l9+INfLrwP10pEVtfJL9rHGM/b2OWrBPbzB1a
QjbwA9Jdu6XLAJOyP9uYNX/Ghi6IVdbuBKH51fSRuRaohhv5wDEvX6mPzwFoX9UB
eCxzIadUxucTo1F5Aerg7fac1pDgr4KTngjome9MpzrDz25jynD07xHvBgMOXTwa
jva2Q9EzY+g8RBpWGHL4NgAKUStxx8aHAAcvxYLN3QN6Q6Qm00H2RXyJ59PIYp6D
tlzbm3XXtbuwNt/aMsmdJNSZqzsnU2GnVb9jw2ddFqdRcnr24b06mmjAiwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPk1u/piBUd53+zT4EkNAOGUWowrMB8GA1UdIwQY
MBaAFB0MfnuyfFM6mX0nfK3UF+x70oTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFF4LWU3SjhVenFaZlNkOHJkUVg3SHZTaFBBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9kZGQzNDktYWM1MC00M2U1LWE4OGEt
YjI4ZjA3YjJmNDViLzEvMS1UVzctbUlGUjNuZjdOUGdTUTBBNFpSYWpDcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzAvZGRkMzQ5LWFjNTAtNDNlNS1hODhhLWIyOGYwN2IyZjQ1
Yi8xL0hReC1lN0o4VXpxWmZTZDhyZFFYN0h2U2hQQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnuVzAN
BgkqhkiG9w0BAQsFAAOCAQEANQW8K8TXf8lYzmaz8QUacHnyuUhZGxzUTu7M8teR
xF+eRfPwzKIHGWFo8oom2mMKSsBZMhoceLCMAIxXpOJ3trwKpyXBD1mPshWeRt1g
CMucTT+6UoQC0fJfpF2W4dUY3kP31n219J9tX26IQ3YzK0lOrW+5rUrHGkK1QnpO
kZJXJCPdCjK7k5abJHPn8mzyyuvq3S+5cg0Oye6SR8JMvZ2oT/pE78vPZ9AGrpHH
zuTweOP5s4k/rccQ7n3RLeFTaxrQekgSNVm/EuwLoksPy4ndktjbHL6BLYu8gQA1
sJfAphRqRRcNlEtmXu6mamhnDFca79AM2rPSYKIueslQcg==
-----END CERTIFICATE-----