Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Tt-ecC7Y4rfqSqNT2mYseRSBEF8.roa
File:                     Tt-ecC7Y4rfqSqNT2mYseRSBEF8.roa (raw, json)
Hash identifier:          ZTMcfVv+oLE90UAlExDwFgn1hk7gCKFMHw8L7H8PwTM=
Subject key identifier:   4E:DF:9E:70:2E:D8:E2:B7:EA:4A:A3:53:DA:66:2C:79:14:81:10:5F
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018CC5011001E8A8A9DE19ED50F44593B7D7
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Tt-ecC7Y4rfqSqNT2mYseRSBEF8.roa
Signing time:             Mon 01 Jan 2024 12:30:30 +0000
ROA not before:           Mon 01 Jan 2024 12:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.255.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:10:01:e8:a8:a9:de:19:ed:50:f4:45:93:b7:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  1 12:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4edf9e702ed8e2b7ea4aa353da662c791481105f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c8:c7:bd:9c:86:2f:b8:a9:86:09:27:5f:9c:
                    0b:b0:5d:2e:f1:5e:83:fb:fd:bd:11:da:85:2f:5b:
                    dc:04:31:ae:26:ea:b2:76:de:74:69:61:ba:ea:66:
                    9b:8a:ba:35:a7:bc:44:f4:c3:67:b8:80:0f:57:c2:
                    ac:7c:9d:48:3f:67:97:41:d5:69:3e:a7:7f:2c:e9:
                    33:46:eb:e3:82:0a:ae:69:a8:b6:71:1e:78:9d:43:
                    51:4e:c1:19:78:03:60:5c:39:d4:f9:ca:84:bf:4c:
                    f0:fd:32:00:2f:8d:02:55:30:3a:1d:1f:25:ad:a6:
                    52:fa:27:6b:e3:d9:80:80:0c:d7:2d:e4:0a:c6:5b:
                    d0:0d:2f:08:ee:3c:2b:6b:c5:c5:3f:5d:36:4e:a8:
                    d1:56:6b:06:cc:af:2b:5b:e5:7f:8c:75:1c:05:43:
                    a0:c7:72:cf:c2:47:35:fd:f8:5b:dd:58:20:10:af:
                    58:0e:85:0f:0f:9d:58:e8:6f:16:49:e0:14:3d:38:
                    d2:69:b4:8d:a8:99:3d:49:85:ba:8a:f0:a1:18:50:
                    cf:f4:85:a9:1d:ba:af:5d:bc:ec:5f:e8:8c:9a:c4:
                    73:b7:72:05:57:ca:03:e5:63:9a:d8:57:bf:4b:3b:
                    b5:1f:a0:68:1b:dd:c9:f7:ad:65:94:ac:31:c0:4e:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:DF:9E:70:2E:D8:E2:B7:EA:4A:A3:53:DA:66:2C:79:14:81:10:5F
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/Tt-ecC7Y4rfqSqNT2mYseRSBEF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:66:82:e7:8f:c2:cb:9c:1b:b3:d1:c2:bb:51:ae:a2:72:70:
         73:b7:05:31:32:67:cb:1c:65:ba:5e:46:97:6c:2b:0d:6b:0a:
         98:a5:9c:20:38:a8:88:17:a5:46:81:cd:e9:a0:c2:c5:e8:3e:
         77:e2:56:55:f0:19:ad:d8:09:98:4f:e3:a5:87:ae:0c:46:f0:
         b5:33:7f:da:9c:b5:7e:66:8c:2f:a4:1c:01:b4:a8:18:66:c0:
         8c:d0:b3:8d:9c:78:06:4a:4b:5f:78:8c:29:21:ca:89:e6:28:
         28:11:99:91:06:d0:d2:ef:01:9b:4d:6c:39:3e:03:41:a7:24:
         57:58:30:a3:13:f6:42:96:d8:95:95:bd:49:ed:c4:63:0b:7a:
         6b:d5:f1:80:90:e7:f1:e7:20:fe:65:0c:fc:f5:db:c6:30:a3:
         a3:65:42:36:b0:4e:e6:ee:7b:5f:55:08:c8:c1:33:14:82:78:
         42:29:1a:a2:0e:73:20:71:52:cf:a5:32:b4:52:b8:52:ec:47:
         7d:75:e5:2b:d6:1d:a4:92:1e:7f:83:0e:40:91:4c:26:cb:bd:
         33:e6:54:b1:be:b1:d2:94:d0:e6:90:78:72:9f:23:de:77:40:
         e6:1f:20:40:e9:cc:e4:bc:39:b2:7d:94:13:c2:4b:40:aa:60:
         d1:03:a0:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARAB6Kip3hntUPRFk7fXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwMTAxMTIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRmOWU3MDJlZDhlMmI3ZWE0YWEzNTNkYTY2MmM3OTE0ODExMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8jHvZyGL7iphgknX5wLsF0u8V6D
+/29EdqFL1vcBDGuJuqydt50aWG66mabiro1p7xE9MNnuIAPV8KsfJ1IP2eXQdVp
Pqd/LOkzRuvjggquaai2cR54nUNRTsEZeANgXDnU+cqEv0zw/TIAL40CVTA6HR8l
raZS+idr49mAgAzXLeQKxlvQDS8I7jwra8XFP102TqjRVmsGzK8rW+V/jHUcBUOg
x3LPwkc1/fhb3VggEK9YDoUPD51Y6G8WSeAUPTjSabSNqJk9SYW6ivChGFDP9IWp
HbqvXbzsX+iMmsRzt3IFV8oD5WOa2Fe/Szu1H6BoG93J961llKwxwE7I4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7fnnAu2OK36kqjU9pmLHkUgRBfMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvVHQtZWNDN1k0cmZxU3FOVDJtWXNlUlNCRUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8EMA0G
CSqGSIb3DQEBCwUAA4IBAQArZoLnj8LLnBuz0cK7Ua6icnBztwUxMmfLHGW6XkaX
bCsNawqYpZwgOKiIF6VGgc3poMLF6D534lZV8Bmt2AmYT+Olh64MRvC1M3/anLV+
ZowvpBwBtKgYZsCM0LONnHgGSktfeIwpIcqJ5igoEZmRBtDS7wGbTWw5PgNBpyRX
WDCjE/ZCltiVlb1J7cRjC3pr1fGAkOfx5yD+ZQz89dvGMKOjZUI2sE7m7ntfVQjI
wTMUgnhCKRqiDnMgcVLPpTK0UrhS7Ed9deUr1h2kkh5/gw5AkUwmy70z5lSxvrHS
lNDmkHhynyPed0DmHyBA6czkvDmyfZQTwktAqmDRA6Au
-----END CERTIFICATE-----