Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/TZQDyn02AwVx6EvlJI1kyyix1wU.roa
File:                     TZQDyn02AwVx6EvlJI1kyyix1wU.roa (raw, json)
Hash identifier:          tofENCcKcwlB34M0lVPdTEmcY54Y5C/ZpxIQbU9iZSo=
Subject key identifier:   4D:94:03:CA:7D:36:03:05:71:E8:4B:E5:24:8D:64:CB:28:B1:D7:05
Certificate issuer:       /CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
Certificate serial:       018D1D0EE4FC46A976B4155F8BBE79E3E4EC
Authority key identifier: 2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/TZQDyn02AwVx6EvlJI1kyyix1wU.roa
Signing time:             Thu 18 Jan 2024 14:52:11 +0000
ROA not before:           Thu 18 Jan 2024 14:52:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60847
IP address blocks:        185.218.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1d:0e:e4:fc:46:a9:76:b4:15:5f:8b:be:79:e3:e4:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
        Validity
            Not Before: Jan 18 14:52:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d9403ca7d36030571e84be5248d64cb28b1d705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:48:5a:07:15:08:08:c4:bf:06:00:d5:51:73:
                    be:49:73:a6:01:14:fa:25:46:1a:78:ca:6f:2e:01:
                    1f:7d:63:86:c7:85:c9:33:c4:98:20:58:5c:cf:d6:
                    09:37:c8:7f:de:9d:b7:10:61:b9:0e:b9:e0:1e:48:
                    86:14:c0:a9:15:aa:5d:a9:56:39:49:f0:d0:26:e0:
                    50:60:99:c3:9b:ce:64:d9:20:1d:c8:b4:77:a0:df:
                    1b:e0:31:98:bb:4f:df:24:48:0a:08:34:69:94:e5:
                    06:0b:a4:47:bf:ef:b2:5d:38:c6:2c:e4:56:ec:ca:
                    c3:0b:f0:bb:0e:ba:5e:8e:2c:3e:0d:96:32:31:e2:
                    fc:6c:48:79:10:da:9c:b8:17:57:69:12:f4:5f:c8:
                    e3:fa:62:f1:e8:cf:10:59:5a:b5:a8:14:6a:7f:d5:
                    cd:ef:dd:a0:b0:2c:24:c4:63:70:13:81:35:b7:63:
                    4e:db:42:27:90:dd:dc:af:b5:dc:59:4a:6c:80:1d:
                    fb:c3:cc:cf:15:1e:92:be:1f:0c:34:17:54:fe:e4:
                    3f:cc:66:71:5f:25:dd:5c:fd:ab:1b:78:99:4a:de:
                    2a:5e:6d:82:36:48:c2:82:87:37:22:a4:77:e1:60:
                    8b:62:d2:3f:c8:b9:a9:60:0f:ab:e2:75:39:21:de:
                    48:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:94:03:CA:7D:36:03:05:71:E8:4B:E5:24:8D:64:CB:28:B1:D7:05
            X509v3 Authority Key Identifier:
                keyid:2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/TZQDyn02AwVx6EvlJI1kyyix1wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e7:ae:37:06:78:aa:39:19:12:3d:7b:96:d2:98:c1:a9:ce:
         ff:2b:48:00:45:8f:8f:7f:45:ba:a3:33:61:d0:66:2e:9e:b2:
         98:e6:88:b9:11:bb:97:28:d3:ec:30:86:af:b8:05:24:3d:0d:
         f3:48:5c:21:b9:e8:61:3a:9d:30:5b:7a:8d:55:56:0c:93:71:
         68:ee:32:71:ff:13:11:9f:b2:18:a8:45:d3:61:71:00:99:41:
         db:04:2e:d2:86:c4:85:2d:f1:16:bc:89:a4:b3:3d:31:6a:61:
         a7:dd:b0:30:1f:8d:40:ac:f3:90:1d:5d:d4:ba:9b:d0:7c:ce:
         b2:94:c1:17:fc:e7:b9:95:6a:9c:91:9b:d3:e4:48:ec:35:76:
         d8:9c:d8:eb:39:57:87:28:64:6e:4c:5c:34:b5:83:51:2f:13:
         75:20:c2:16:c2:59:fb:a2:cf:cc:57:a5:0b:da:55:00:b8:5c:
         3a:33:20:8d:8c:3f:6c:0f:b6:f1:fb:80:68:c3:3b:5a:0a:84:
         ee:18:58:42:32:54:ff:ee:42:1d:17:55:2b:b0:8a:f6:24:31:
         5b:77:e4:01:06:73:d2:90:88:24:9b:04:35:c8:1f:9d:66:93:
         53:b7:bc:71:9c:74:bd:1e:fb:dd:80:33:3c:26:2d:0a:b0:4c:
         e3:ad:37:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0dDuT8Rql2tBVfi7554+TsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTE3MmMxYzczZjk3MWE5ZmIyZTg5Yjc5MTcyMDBjNTAw
ZWU0MDcwHhcNMjQwMTE4MTQ1MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk0MDNjYTdkMzYwMzA1NzFlODRiZTUyNDhkNjRjYjI4YjFkNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEhaBxUICMS/BgDVUXO+SXOmART6
JUYaeMpvLgEffWOGx4XJM8SYIFhcz9YJN8h/3p23EGG5DrngHkiGFMCpFapdqVY5
SfDQJuBQYJnDm85k2SAdyLR3oN8b4DGYu0/fJEgKCDRplOUGC6RHv++yXTjGLORW
7MrDC/C7Drpejiw+DZYyMeL8bEh5ENqcuBdXaRL0X8jj+mLx6M8QWVq1qBRqf9XN
792gsCwkxGNwE4E1t2NO20InkN3cr7XcWUpsgB37w8zPFR6Svh8MNBdU/uQ/zGZx
XyXdXP2rG3iZSt4qXm2CNkjCgoc3IqR34WCLYtI/yLmpYA+r4nU5Id5IvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2UA8p9NgMFcehL5SSNZMsosdcFMB8GA1UdIwQY
MBaAFC0RcsHHP5can7Lom3kXIAxQDuQHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQt
ZDUzODY2ZTkxODZhLzEvVFpRRHluMDJBd1Z4NkV2bEpJMWt5eWl4MXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQtZDUzODY2ZTkxODZh
LzEvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudrYMA0G
CSqGSIb3DQEBCwUAA4IBAQBR5643BniqORkSPXuW0pjBqc7/K0gARY+Pf0W6ozNh
0GYunrKY5oi5EbuXKNPsMIavuAUkPQ3zSFwhuehhOp0wW3qNVVYMk3Fo7jJx/xMR
n7IYqEXTYXEAmUHbBC7ShsSFLfEWvImksz0xamGn3bAwH41ArPOQHV3UupvQfM6y
lMEX/Oe5lWqckZvT5EjsNXbYnNjrOVeHKGRuTFw0tYNRLxN1IMIWwln7os/MV6UL
2lUAuFw6MyCNjD9sD7bx+4BowztaCoTuGFhCMlT/7kIdF1UrsIr2JDFbd+QBBnPS
kIgkmwQ1yB+dZpNTt7xxnHS9HvvdgDM8Ji0KsEzjrTe1
-----END CERTIFICATE-----