Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJ1UjMUcvjY60KyBqfwkDFM6tZ4.roa
File:                     TJ1UjMUcvjY60KyBqfwkDFM6tZ4.roa (raw, json)
Hash identifier:          SyFmwIpnptOlGDB03IEK7Ln2RguSbprl2g2QnLCtXbM=
Subject key identifier:   4C:9D:54:8C:C5:1C:BE:36:3A:D0:AC:81:A9:FC:24:0C:53:3A:B5:9E
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       018CC8012935739B70FB4D21B130B3B8E77D
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJ1UjMUcvjY60KyBqfwkDFM6tZ4.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34323
IP address blocks:        185.93.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:29:35:73:9b:70:fb:4d:21:b1:30:b3:b8:e7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c9d548cc51cbe363ad0ac81a9fc240c533ab59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e7:a2:ce:77:63:01:3e:85:b5:8a:0d:ef:e9:
                    c4:87:71:52:49:02:97:97:8d:b3:10:bb:09:3b:c1:
                    48:75:db:da:bf:bc:ae:91:66:90:23:f9:69:1d:39:
                    05:b4:66:df:87:e5:7d:89:eb:f6:fe:1f:31:29:88:
                    cf:50:10:01:05:ec:4e:58:ee:1e:86:d5:93:4c:95:
                    e4:7c:65:d5:1a:50:31:ec:74:b6:6a:7b:0f:75:64:
                    17:5e:3d:41:91:b7:6d:de:92:e8:02:60:c3:7b:d5:
                    22:a3:23:b2:15:a6:dc:f3:61:9b:1f:0e:76:ab:e9:
                    9c:41:58:78:c7:03:8b:19:9e:cf:0b:ef:2a:84:4c:
                    64:24:3d:a9:f4:4c:2d:84:c6:fc:32:d9:7c:e3:21:
                    7e:58:cf:c9:3b:81:40:e2:d3:63:6f:e1:68:76:03:
                    37:47:dd:46:39:ec:df:df:c2:66:a4:c7:7f:21:0f:
                    23:d8:30:5e:d0:e7:b3:a3:d5:cb:fe:96:75:2d:65:
                    8d:06:97:f6:f3:1d:ce:be:1e:b3:e3:1b:b2:5c:e2:
                    17:6d:a6:24:9b:67:a3:d6:e2:d0:cf:e6:f4:5e:34:
                    25:c0:50:68:b2:27:88:8c:a5:9e:c6:a6:c5:02:5f:
                    83:00:bb:ba:2a:0b:cb:d4:16:c7:e1:e0:31:96:c3:
                    6f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9D:54:8C:C5:1C:BE:36:3A:D0:AC:81:A9:FC:24:0C:53:3A:B5:9E
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJ1UjMUcvjY60KyBqfwkDFM6tZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:8b:97:64:db:a5:5d:e6:d0:60:cc:20:d3:02:c0:b0:bd:e0:
         73:ae:d8:5d:a7:52:b8:62:d2:e1:f1:c5:58:71:60:3b:ff:4e:
         50:57:e9:1d:cd:5a:24:eb:92:eb:59:7a:38:d6:37:c2:1b:12:
         6c:16:8b:5c:cd:77:31:19:df:c8:ad:ed:0a:4c:3e:77:56:6b:
         51:8a:2a:91:32:5f:6a:01:40:13:3b:49:9d:4b:8a:b8:92:77:
         60:b6:c3:64:51:9b:50:4c:f9:14:7f:7c:1b:63:f1:9a:7a:46:
         49:3a:8f:ef:0a:5a:05:7a:7a:d7:63:be:2f:fe:c3:61:fe:fe:
         85:27:57:87:e7:4e:0d:53:2d:c0:5f:6c:61:6c:ed:24:aa:97:
         c4:02:88:71:1c:09:9c:59:36:2a:98:55:a1:a5:05:b9:4e:4a:
         27:ac:ec:e4:8f:2a:9d:c4:c1:b2:28:86:11:5e:c3:6c:71:3f:
         fb:f0:c2:24:56:9f:d6:0f:be:77:58:70:5c:b7:7a:47:20:a5:
         b2:fa:84:98:60:05:1b:14:f8:ce:c1:7e:a6:83:8c:2b:ce:09:
         6e:6b:e7:88:42:55:c0:29:c8:c8:85:5d:d9:d5:e8:9b:31:cd:
         04:56:43:1a:d0:bb:6a:42:18:5a:4c:e5:7e:7e:86:cf:f8:5e:
         55:8a:d5:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASk1c5tw+00hsTCzuOd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzlkNTQ4Y2M1MWNiZTM2M2FkMGFjODFhOWZjMjQwYzUzM2FiNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOeizndjAT6FtYoN7+nEh3FSSQKX
l42zELsJO8FIddvav7yukWaQI/lpHTkFtGbfh+V9iev2/h8xKYjPUBABBexOWO4e
htWTTJXkfGXVGlAx7HS2ansPdWQXXj1Bkbdt3pLoAmDDe9UioyOyFabc82GbHw52
q+mcQVh4xwOLGZ7PC+8qhExkJD2p9EwthMb8Mtl84yF+WM/JO4FA4tNjb+FodgM3
R91GOezf38JmpMd/IQ8j2DBe0Oezo9XL/pZ1LWWNBpf28x3Ovh6z4xuyXOIXbaYk
m2ej1uLQz+b0XjQlwFBosieIjKWexqbFAl+DALu6KgvL1BbH4eAxlsNviwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEydVIzFHL42OtCsgan8JAxTOrWeMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvVEoxVWpNVWN2alk2MEt5QnFmd2tERk02dFo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV27MA0G
CSqGSIb3DQEBCwUAA4IBAQBmi5dk26Vd5tBgzCDTAsCwveBzrthdp1K4YtLh8cVY
cWA7/05QV+kdzVok65LrWXo41jfCGxJsFotczXcxGd/Ire0KTD53VmtRiiqRMl9q
AUATO0mdS4q4kndgtsNkUZtQTPkUf3wbY/GaekZJOo/vCloFenrXY74v/sNh/v6F
J1eH504NUy3AX2xhbO0kqpfEAohxHAmcWTYqmFWhpQW5TkonrOzkjyqdxMGyKIYR
XsNscT/78MIkVp/WD753WHBct3pHIKWy+oSYYAUbFPjOwX6mg4wrzglua+eIQlXA
KcjIhV3Z1eibMc0EVkMa0LtqQhhaTOV+fobP+F5VitWA
-----END CERTIFICATE-----