Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/TF-gH1k3GqbY7VazwESZmPlGHic.roa
File:                     TF-gH1k3GqbY7VazwESZmPlGHic.roa (raw, json)
Hash identifier:          mqA8t8j4eSlofW6uAt45YB5acR7c84sAbFajGONXgus=
Subject key identifier:   4C:5F:A0:1F:59:37:1A:A6:D8:ED:56:B3:C0:44:99:98:F9:46:1E:27
Certificate issuer:       /CN=504523f8811ebe5aa3598511a48f3baf0001a8e8
Certificate serial:       018CC8DEAC3A468134B17AF68BD0DC92A91D
Authority key identifier: 50:45:23:F8:81:1E:BE:5A:A3:59:85:11:A4:8F:3B:AF:00:01:A8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/TF-gH1k3GqbY7VazwESZmPlGHic.roa
Signing time:             Tue 02 Jan 2024 06:31:25 +0000
ROA not before:           Tue 02 Jan 2024 06:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204806
IP address blocks:        185.239.92.0/22 maxlen: 24
                          185.239.92.0/24 maxlen: 24
                          185.239.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ac:3a:46:81:34:b1:7a:f6:8b:d0:dc:92:a9:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=504523f8811ebe5aa3598511a48f3baf0001a8e8
        Validity
            Not Before: Jan  2 06:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5fa01f59371aa6d8ed56b3c0449998f9461e27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:dd:d8:15:98:8c:e8:97:24:15:bb:91:0f:27:
                    17:fe:50:4e:3f:00:3e:87:44:3d:c6:cb:b8:4e:24:
                    1d:78:e2:50:09:c3:a2:60:19:af:c3:ce:0e:d1:b4:
                    e5:a2:58:af:9d:d4:7d:9f:05:11:42:f1:2a:a2:0a:
                    52:95:14:ef:72:85:90:96:86:86:55:55:33:33:74:
                    34:53:51:ec:9a:67:c5:ff:db:53:85:c5:6d:fc:2a:
                    6d:c7:83:94:c2:a0:95:91:44:4d:13:4f:22:72:44:
                    b4:5c:1a:84:d3:bb:6f:70:03:2e:ae:b0:74:06:e7:
                    73:6e:ef:b1:cd:2e:25:73:73:6c:b4:c9:5b:bb:f9:
                    34:f5:cd:d7:e1:73:bd:e9:a2:30:f4:99:94:4d:c9:
                    c8:8e:3f:eb:ed:75:1f:bf:d6:be:c4:7f:b1:8b:4a:
                    96:d9:91:d4:34:08:d9:48:5f:9a:ec:9d:43:19:5e:
                    02:3b:1b:2e:9e:a6:4f:e3:f4:94:67:1d:1c:12:d6:
                    39:21:68:de:7f:aa:e3:6f:b9:c0:7c:61:f4:61:21:
                    64:97:7a:68:86:ec:62:ec:4a:b3:78:02:9a:e2:af:
                    b4:70:a5:4c:f0:f9:a8:51:ca:74:6c:88:e0:d0:22:
                    dd:03:b2:e6:61:7e:02:a2:ad:a1:ae:0f:22:4d:bb:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5F:A0:1F:59:37:1A:A6:D8:ED:56:B3:C0:44:99:98:F9:46:1E:27
            X509v3 Authority Key Identifier:
                keyid:50:45:23:F8:81:1E:BE:5A:A3:59:85:11:A4:8F:3B:AF:00:01:A8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/TF-gH1k3GqbY7VazwESZmPlGHic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:28:af:40:24:30:d3:f9:fe:0c:39:33:4f:2b:3d:bb:dc:32:
         bf:76:ca:13:02:0a:ec:10:c5:94:e8:0a:e5:9c:a8:33:17:b0:
         f7:c2:eb:23:38:cc:b0:7a:c7:19:ad:6d:52:9e:4e:ba:2d:dd:
         f7:1d:90:d9:9d:85:e1:e1:aa:18:a6:aa:b9:7e:b6:77:6d:98:
         8e:77:c0:06:7d:05:92:14:f3:79:94:83:d0:51:fd:1b:85:9c:
         94:10:78:d0:3a:36:22:32:84:81:50:b7:61:40:31:1d:cb:ce:
         2e:70:3d:50:0e:ae:bf:db:98:9d:64:7b:ff:5e:c7:b5:62:42:
         8f:1b:d3:aa:d7:69:8b:75:b9:45:6f:02:d6:8a:0b:e8:07:71:
         97:32:fd:31:93:b6:f3:4e:0d:69:58:3d:f1:d3:4e:76:44:0e:
         05:32:61:79:96:bd:3b:9b:a3:5d:1a:49:18:47:77:d2:eb:11:
         ce:41:4a:44:b7:38:68:5a:f1:c2:e4:ec:b5:f7:20:4e:8a:c7:
         78:25:65:0a:c2:8e:91:2a:ab:a9:9f:6a:2c:98:8d:ae:1d:30:
         99:ad:ae:b1:24:07:10:47:21:91:09:d5:4a:c2:a5:b4:28:44:
         3d:e9:4e:f2:88:b0:19:1a:63:26:40:cf:a9:b5:90:e8:b7:89:
         d9:31:d9:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qw6RoE0sXr2i9DckqkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNDUyM2Y4ODExZWJlNWFhMzU5ODUxMWE0OGYzYmFmMDAw
MWE4ZTgwHhcNMjQwMTAyMDYzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVmYTAxZjU5MzcxYWE2ZDhlZDU2YjNjMDQ0OTk5OGY5NDYxZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN3YFZiM6JckFbuRDycX/lBOPwA+
h0Q9xsu4TiQdeOJQCcOiYBmvw84O0bTlolivndR9nwURQvEqogpSlRTvcoWQloaG
VVUzM3Q0U1HsmmfF/9tThcVt/Cptx4OUwqCVkURNE08ickS0XBqE07tvcAMurrB0
Budzbu+xzS4lc3NstMlbu/k09c3X4XO96aIw9JmUTcnIjj/r7XUfv9a+xH+xi0qW
2ZHUNAjZSF+a7J1DGV4COxsunqZP4/SUZx0cEtY5IWjef6rjb7nAfGH0YSFkl3po
huxi7EqzeAKa4q+0cKVM8PmoUcp0bIjg0CLdA7LmYX4Coq2hrg8iTbtBjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExfoB9ZNxqm2O1Ws8BEmZj5Rh4nMB8GA1UdIwQY
MBaAFFBFI/iBHr5ao1mFEaSPO68AAajoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUVVai1JRWV2bHFqV1lVUnBJODdyd0FCcU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8zYjAyM2UtYTM5Ny00NmJiLTk0NjUt
YmYzZjYyYjk1ZjEwLzEvVEYtZ0gxazNHcWJZN1ZhendFU1ptUGxHSGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8zYjAyM2UtYTM5Ny00NmJiLTk0NjUtYmYzZjYyYjk1ZjEw
LzEvVUVVai1JRWV2bHFqV1lVUnBJODdyd0FCcU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue9cMA0G
CSqGSIb3DQEBCwUAA4IBAQAVKK9AJDDT+f4MOTNPKz273DK/dsoTAgrsEMWU6Arl
nKgzF7D3wusjOMywescZrW1Snk66Ld33HZDZnYXh4aoYpqq5frZ3bZiOd8AGfQWS
FPN5lIPQUf0bhZyUEHjQOjYiMoSBULdhQDEdy84ucD1QDq6/25idZHv/Xse1YkKP
G9Oq12mLdblFbwLWigvoB3GXMv0xk7bzTg1pWD3x0052RA4FMmF5lr07m6NdGkkY
R3fS6xHOQUpEtzhoWvHC5Oy19yBOisd4JWUKwo6RKqupn2osmI2uHTCZra6xJAcQ
RyGRCdVKwqW0KEQ96U7yiLAZGmMmQM+ptZDot4nZMdkV
-----END CERTIFICATE-----