Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/TkzmdKdpmagrf7kEdNjlEjiH9PY.roa
File:                     TkzmdKdpmagrf7kEdNjlEjiH9PY.roa (raw, json)
Hash identifier:          yREBMToKxfFyM2WgcA6rsQQofM7SzDvHaIudvYoJZj4=
Subject key identifier:   4E:4C:E6:74:A7:69:99:A8:2B:7F:B9:04:74:D8:E5:12:38:87:F4:F6
Certificate issuer:       /CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
Certificate serial:       018D0790198CBC51B538BC25152D1E063248
Authority key identifier: 6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/TkzmdKdpmagrf7kEdNjlEjiH9PY.roa
Signing time:             Sun 14 Jan 2024 10:41:40 +0000
ROA not before:           Sun 14 Jan 2024 10:41:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.180.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:07:90:19:8c:bc:51:b5:38:bc:25:15:2d:1e:06:32:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
        Validity
            Not Before: Jan 14 10:41:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e4ce674a76999a82b7fb90474d8e5123887f4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:bd:ac:72:2a:51:75:27:f2:ce:0d:f5:68:09:
                    a3:38:08:88:fe:4c:e3:e0:1f:5d:6b:8e:1e:a4:7a:
                    8f:7f:b8:1a:e2:c3:84:42:dd:9b:cf:27:80:f8:10:
                    ea:d9:14:04:dc:f9:1e:0d:b2:6c:f5:a3:62:b9:0a:
                    a1:18:a9:9b:57:69:6f:11:a8:75:8f:82:8a:d6:64:
                    ab:42:51:95:4f:a3:2f:27:8c:94:71:27:b3:02:dd:
                    ff:ce:06:68:66:90:66:ba:a6:09:df:8d:aa:63:ed:
                    06:b4:a4:11:d5:ad:92:25:a5:66:e4:54:43:5e:95:
                    58:80:66:94:46:a7:53:49:6b:a8:7d:c8:d7:9a:ef:
                    cb:ba:fa:53:4c:0b:f6:ff:f0:f6:c6:40:19:c1:67:
                    2a:86:08:40:34:2a:89:b1:34:16:fa:db:dc:a9:4d:
                    d2:12:49:41:e1:91:96:1a:a2:c9:e5:dc:17:f2:f6:
                    b6:8a:06:52:b6:00:d9:b8:65:d8:38:6c:2a:b0:47:
                    03:e9:2c:46:2d:0a:d2:ae:be:d6:5b:99:25:07:70:
                    73:cb:fc:1d:fc:3f:47:b4:e2:b2:47:90:c4:d4:32:
                    4d:ce:86:fd:61:0e:90:fc:6e:f3:3c:22:61:55:97:
                    ce:c9:3d:33:78:61:33:fa:f4:14:20:e9:dc:52:cd:
                    8e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4C:E6:74:A7:69:99:A8:2B:7F:B9:04:74:D8:E5:12:38:87:F4:F6
            X509v3 Authority Key Identifier:
                keyid:6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/TkzmdKdpmagrf7kEdNjlEjiH9PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:be:1e:ba:cb:88:ae:24:1b:73:8b:67:d5:b5:b1:e3:53:12:
         3b:f1:5f:3e:55:5a:be:c1:80:46:f7:a3:f4:62:b2:21:c8:dc:
         cf:90:bb:bd:02:8e:20:d3:5f:bd:ea:48:7e:e8:93:35:40:59:
         b5:5c:6c:1f:8e:75:76:a7:a7:f1:fd:6c:13:f9:9e:2e:ad:fc:
         49:32:a2:77:74:b8:7a:d6:e1:22:cb:48:e3:d0:76:f6:32:0b:
         c2:88:42:da:4f:1d:72:c5:43:95:14:c0:fe:50:a5:59:e9:4b:
         b1:8f:3f:97:8c:cd:de:16:29:3e:01:a8:d8:f4:73:c8:60:a1:
         29:80:3a:e8:a3:34:b8:2f:93:75:8c:53:24:1b:64:28:8c:9e:
         00:03:d3:00:c9:0e:fa:4a:9f:49:cf:0b:2e:bb:ec:03:45:4e:
         30:60:d7:6f:f6:11:13:37:a5:ec:82:d8:d2:00:98:91:69:7b:
         b9:a1:2e:25:bf:00:0f:98:d5:af:1e:1b:f7:af:6d:4d:72:32:
         4b:cb:26:11:94:80:cd:1b:f0:a0:0b:5e:39:34:54:40:33:02:
         52:d2:3f:bd:66:c3:86:a7:fd:80:36:21:42:44:e3:a8:d1:ae:
         d1:d9:44:f1:d0:71:fe:c2:83:99:69:95:8b:5b:cb:18:10:49:
         c7:40:5a:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0HkBmMvFG1OLwlFS0eBjJIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiODRmNGEyOTZiY2UxNGQ2ZGVlZDI1MTE2YWE3MGI2MGJj
Y2U0YTQwHhcNMjQwMTE0MTA0MTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTRjZTY3NGE3Njk5OWE4MmI3ZmI5MDQ3NGQ4ZTUxMjM4ODdmNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi72scipRdSfyzg31aAmjOAiI/kzj
4B9da44epHqPf7ga4sOEQt2bzyeA+BDq2RQE3PkeDbJs9aNiuQqhGKmbV2lvEah1
j4KK1mSrQlGVT6MvJ4yUcSezAt3/zgZoZpBmuqYJ342qY+0GtKQR1a2SJaVm5FRD
XpVYgGaURqdTSWuofcjXmu/LuvpTTAv2//D2xkAZwWcqhghANCqJsTQW+tvcqU3S
EklB4ZGWGqLJ5dwX8va2igZStgDZuGXYOGwqsEcD6SxGLQrSrr7WW5klB3Bzy/wd
/D9HtOKyR5DE1DJNzob9YQ6Q/G7zPCJhVZfOyT0zeGEz+vQUIOncUs2OqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5M5nSnaZmoK3+5BHTY5RI4h/T2MB8GA1UdIwQY
MBaAFGuE9KKWvOFNbe7SURaqcLYLzOSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2Yzkt
MTRmYWIwMjQ0OTQ4LzEvVGt6bWRLZHBtYWdyZjdrRWROamxFamlIOVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2YzktMTRmYWIwMjQ0OTQ4
LzEvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAfvh66y4iuJBtzi2fVtbHjUxI78V8+VVq+wYBG96P0
YrIhyNzPkLu9Ao4g01+96kh+6JM1QFm1XGwfjnV2p6fx/WwT+Z4urfxJMqJ3dLh6
1uEiy0jj0Hb2MgvCiELaTx1yxUOVFMD+UKVZ6Uuxjz+XjM3eFik+AajY9HPIYKEp
gDroozS4L5N1jFMkG2QojJ4AA9MAyQ76Sp9Jzwsuu+wDRU4wYNdv9hETN6XsgtjS
AJiRaXu5oS4lvwAPmNWvHhv3r21NcjJLyyYRlIDNG/CgC145NFRAMwJS0j+9ZsOG
p/2ANiFCROOo0a7R2UTx0HH+woOZaZWLW8sYEEnHQFoC
-----END CERTIFICATE-----