Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/tUvpUBDjecZ8vIMrcjCzUtUqGeU.roa
File:                     tUvpUBDjecZ8vIMrcjCzUtUqGeU.roa (raw, json)
Hash identifier:          zL2UCTdEO1Pmso3pZtDbLU5tOvRunLf+F04yhDxdePQ=
Subject key identifier:   B5:4B:E9:50:10:E3:79:C6:7C:BC:83:2B:72:30:B3:52:D5:2A:19:E5
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B611C44D3823EE70D485343B17168
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/tUvpUBDjecZ8vIMrcjCzUtUqGeU.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202365
IP address blocks:        185.255.155.0/24 maxlen: 24
                          2a0c:da04::/48 maxlen: 48
                          2a0c:da04::/38 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:61:1c:44:d3:82:3e:e7:0d:48:53:43:b1:71:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b54be95010e379c67cbc832b7230b352d52a19e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:7a:be:d6:96:50:a8:c3:90:de:30:bc:94:
                    35:da:c8:6c:cb:e9:71:39:4c:3d:20:5e:93:96:9a:
                    de:33:4b:1b:5e:71:4a:62:40:43:6c:02:34:fb:88:
                    7d:db:60:80:34:dc:18:dc:d0:3d:7a:9c:2c:e9:eb:
                    96:15:8a:6d:b6:a7:6a:63:37:cc:c6:c5:4b:00:c4:
                    b0:e7:2a:d5:0e:67:db:e4:b3:c1:45:b5:22:45:2c:
                    5f:60:ff:c3:f7:ae:3e:7a:f9:bf:95:42:74:ce:e4:
                    dc:0d:01:e3:c1:93:6c:3c:db:2d:ec:26:9a:4f:2f:
                    47:1b:09:6f:f1:54:5a:96:1f:be:e8:49:55:0f:e3:
                    c1:84:b5:f0:52:1a:90:5d:a3:b4:be:7f:46:f0:88:
                    8b:2c:c5:44:75:d4:8b:05:79:91:65:9e:ff:a2:c5:
                    43:79:dd:d6:00:bd:49:36:2e:28:87:5e:fa:55:21:
                    86:3e:ec:fc:34:58:e8:d6:52:e0:1a:68:e1:df:e1:
                    c6:bb:3b:31:d7:44:a1:56:d7:2c:cf:6b:f4:84:6e:
                    7f:f0:42:57:ab:e4:61:f2:ba:76:cb:6b:d6:2f:2f:
                    6b:47:2a:1c:47:f1:59:11:84:78:7c:8f:16:f4:f7:
                    ae:2d:cc:ff:5e:8b:b7:25:88:2f:cf:7b:9e:1a:c2:
                    1f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4B:E9:50:10:E3:79:C6:7C:BC:83:2B:72:30:B3:52:D5:2A:19:E5
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/tUvpUBDjecZ8vIMrcjCzUtUqGeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.155.0/24
                IPv6:
                  2a0c:da04::/38

    Signature Algorithm: sha256WithRSAEncryption
         9f:bc:21:26:3d:3b:e3:45:c8:81:d8:7c:f5:38:92:d0:73:8d:
         94:1a:eb:97:09:6c:5b:58:3d:2e:10:38:d5:ad:89:dc:24:1f:
         74:0e:12:77:05:9d:a3:68:86:7b:6f:5a:68:07:a6:be:d3:69:
         26:e1:ed:43:ef:c6:1a:44:f3:da:18:13:33:28:bd:8b:c4:3b:
         21:15:08:f6:3d:95:23:9a:50:71:58:d8:fa:b4:85:fc:8a:31:
         0e:05:7f:9c:a9:f1:0d:49:b9:5d:65:91:be:e8:d7:af:27:1d:
         5e:2e:a4:a3:35:bf:6f:51:5c:54:fd:4f:6e:18:21:c2:34:07:
         c3:66:d6:65:30:f7:37:07:46:40:fc:1f:07:49:e4:56:5f:d4:
         06:3b:e3:af:28:15:96:91:76:d3:87:83:7b:63:83:9d:ff:a0:
         07:74:d6:db:aa:77:e4:c5:8c:da:36:0b:dc:7f:4d:e1:bb:47:
         cc:12:0b:52:9a:9e:1f:ac:51:d4:75:99:cc:35:c9:b9:f4:f9:
         31:11:51:a9:1a:ca:52:c1:59:8d:84:bb:d0:30:72:d9:90:c8:
         f4:38:07:92:ea:9c:46:87:05:7d:6b:8d:02:09:d7:7e:4a:e8:
         57:84:83:0e:87:c3:52:76:a5:a9:65:79:5d:3b:6a:09:91:0f:
         13:6f:9d:af
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzKK2EcRNOCPucNSFNDsXFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRiZTk1MDEwZTM3OWM2N2NiYzgzMmI3MjMwYjM1MmQ1MmExOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL16vtaWUKjDkN4wvJQ12shsy+lx
OUw9IF6TlpreM0sbXnFKYkBDbAI0+4h922CANNwY3NA9epws6euWFYpttqdqYzfM
xsVLAMSw5yrVDmfb5LPBRbUiRSxfYP/D964+evm/lUJ0zuTcDQHjwZNsPNst7Caa
Ty9HGwlv8VRalh++6ElVD+PBhLXwUhqQXaO0vn9G8IiLLMVEddSLBXmRZZ7/osVD
ed3WAL1JNi4oh176VSGGPuz8NFjo1lLgGmjh3+HGuzsx10ShVtcsz2v0hG5/8EJX
q+Rh8rp2y2vWLy9rRyocR/FZEYR4fI8W9PeuLcz/Xou3JYgvz3ueGsIf7wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLVL6VAQ43nGfLyDK3Iws1LVKhnlMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvdFV2cFVCRGplY1o4dklNcmNqQ3pVdFVxR2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuf+bMA4E
AgACMAgDBgIqDNoEADANBgkqhkiG9w0BAQsFAAOCAQEAn7whJj0740XIgdh89TiS
0HONlBrrlwlsW1g9LhA41a2J3CQfdA4SdwWdo2iGe29aaAemvtNpJuHtQ+/GGkTz
2hgTMyi9i8Q7IRUI9j2VI5pQcVjY+rSF/IoxDgV/nKnxDUm5XWWRvujXrycdXi6k
ozW/b1FcVP1PbhghwjQHw2bWZTD3NwdGQPwfB0nkVl/UBjvjrygVlpF204eDe2OD
nf+gB3TW26p35MWM2jYL3H9N4btHzBILUpqeH6xR1HWZzDXJufT5MRFRqRrKUsFZ
jYS70DBy2ZDI9DgHkuqcRocFfWuNAgnXfkroV4SDDofDUnalqWV5XTtqCZEPE2+d
rw==
-----END CERTIFICATE-----