Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/Tgi7Yd0JogdcliacwgGozffK9VA.roa
File:                     Tgi7Yd0JogdcliacwgGozffK9VA.roa (raw, json)
Hash identifier:          awzjufSnBwNC3WG/x9iSmzxUY/55IZZWXukn4m6AXfI=
Subject key identifier:   4E:08:BB:61:DD:09:A2:07:5C:96:26:9C:C2:01:A8:CD:F7:CA:F5:50
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       018E3926262584C97855411838BDCA48A6DC
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/Tgi7Yd0JogdcliacwgGozffK9VA.roa
Signing time:             Wed 13 Mar 2024 18:49:45 +0000
ROA not before:           Wed 13 Mar 2024 18:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40368
IP address blocks:        185.150.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:39:26:26:25:84:c9:78:55:41:18:38:bd:ca:48:a6:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Mar 13 18:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e08bb61dd09a2075c96269cc201a8cdf7caf550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0b:0c:69:1f:3f:00:d2:11:03:3e:ec:94:97:
                    f1:68:64:26:3a:2c:69:ab:48:ea:76:79:ca:22:f3:
                    21:63:34:52:9f:c6:9c:41:f7:21:32:45:f0:e3:cf:
                    1b:57:bc:0b:19:74:36:23:1b:88:91:c8:83:61:74:
                    74:0a:cd:ff:b1:83:01:53:b6:be:96:8f:11:09:a5:
                    c5:9e:e8:c8:5e:8f:2f:af:f2:11:8d:62:9f:a1:82:
                    aa:1b:87:19:7c:2c:24:3a:10:cd:73:fb:03:25:1d:
                    53:c9:e3:b9:b2:83:a2:21:06:f6:82:27:43:7f:6f:
                    07:53:cb:d2:7c:e9:5d:ea:e6:af:1a:d0:1b:a0:60:
                    cc:66:e2:d7:aa:63:85:03:97:bd:b3:de:0b:00:3d:
                    ec:98:b2:01:33:57:0f:fa:ec:10:82:0d:ea:b0:16:
                    45:63:3f:3f:4e:6b:22:98:d5:16:a4:0d:a1:b4:38:
                    f6:e2:0e:3c:6a:b3:28:3f:85:d5:4a:7d:69:3d:ff:
                    87:ef:fb:59:8b:66:6d:14:65:1b:67:e8:06:bf:86:
                    2b:69:f0:9d:f7:95:13:37:d1:a2:a9:1f:f8:4b:ea:
                    5a:b1:6d:4a:e4:3a:26:22:71:b1:26:7a:d1:2c:86:
                    78:dc:34:e5:c6:cc:2e:34:c0:a9:49:31:95:3b:0c:
                    1e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:08:BB:61:DD:09:A2:07:5C:96:26:9C:C2:01:A8:CD:F7:CA:F5:50
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/Tgi7Yd0JogdcliacwgGozffK9VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:b2:3f:6a:14:73:2d:1a:5d:da:a8:57:57:77:35:ed:78:a6:
         da:4e:12:f4:ce:c8:55:7a:31:d1:bf:43:0c:47:69:20:c3:67:
         8e:0c:a8:a0:9a:de:dd:b6:fd:89:51:b0:20:2c:f1:d7:31:39:
         0d:14:df:d5:c5:f3:42:61:26:c1:a6:49:b8:42:dc:71:d9:bb:
         42:89:ef:ab:36:b8:47:f6:81:fb:b3:42:ae:82:d7:92:11:70:
         68:4f:70:1b:92:a9:f7:74:4c:16:fb:fd:1e:bd:44:06:bc:4c:
         f3:29:b9:31:2e:ef:1d:7f:e5:7b:06:e5:37:3b:8a:9b:b8:c2:
         4c:7e:f3:4e:00:42:58:43:0a:54:9a:0b:2f:4b:55:85:c4:d3:
         e6:fa:8d:96:53:c3:d4:6d:7a:85:6a:33:d6:85:af:e6:1e:ef:
         a1:2f:ce:cc:81:83:9c:c5:ff:7e:e3:63:f6:10:9d:d2:00:37:
         6b:49:17:dd:98:82:d1:6d:d3:25:24:a9:0b:0d:16:69:f5:b8:
         39:ac:67:31:72:55:08:42:f0:07:72:f0:4f:48:d3:c5:3a:e9:
         75:50:25:fc:3a:94:20:3c:dd:50:4b:61:b5:ea:20:a9:79:10:
         4c:fb:79:44:f6:f5:e2:fd:62:e6:77:fd:e5:5e:6e:0f:59:8d:
         fd:7e:00:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY45JiYlhMl4VUEYOL3KSKbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjQwMzEzMTg0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTA4YmI2MWRkMDlhMjA3NWM5NjI2OWNjMjAxYThjZGY3Y2FmNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwsMaR8/ANIRAz7slJfxaGQmOixp
q0jqdnnKIvMhYzRSn8acQfchMkXw488bV7wLGXQ2IxuIkciDYXR0Cs3/sYMBU7a+
lo8RCaXFnujIXo8vr/IRjWKfoYKqG4cZfCwkOhDNc/sDJR1TyeO5soOiIQb2gidD
f28HU8vSfOld6uavGtAboGDMZuLXqmOFA5e9s94LAD3smLIBM1cP+uwQgg3qsBZF
Yz8/TmsimNUWpA2htDj24g48arMoP4XVSn1pPf+H7/tZi2ZtFGUbZ+gGv4YrafCd
95UTN9GiqR/4S+pasW1K5DomInGxJnrRLIZ43DTlxswuNMCpSTGVOwweoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4Iu2HdCaIHXJYmnMIBqM33yvVQMB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvVGdpN1lkMEpvZ2RjbGlhY3dnR296ZmZLOVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZaCMA0G
CSqGSIb3DQEBCwUAA4IBAQCwsj9qFHMtGl3aqFdXdzXteKbaThL0zshVejHRv0MM
R2kgw2eODKigmt7dtv2JUbAgLPHXMTkNFN/VxfNCYSbBpkm4Qtxx2btCie+rNrhH
9oH7s0KugteSEXBoT3Abkqn3dEwW+/0evUQGvEzzKbkxLu8df+V7BuU3O4qbuMJM
fvNOAEJYQwpUmgsvS1WFxNPm+o2WU8PUbXqFajPWha/mHu+hL87MgYOcxf9+42P2
EJ3SADdrSRfdmILRbdMlJKkLDRZp9bg5rGcxclUIQvAHcvBPSNPFOul1UCX8OpQg
PN1QS2G16iCpeRBM+3lE9vXi/WLmd/3lXm4PWY39fgAN
-----END CERTIFICATE-----