Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/TFkcWaIRMSoNv2ncedZDVCEy4dI.roa
File:                     TFkcWaIRMSoNv2ncedZDVCEy4dI.roa (raw, json)
Hash identifier:          0Q6FKerbVgV528MChygPlA8rBoIVuC2ed+aJbUrXhrc=
Subject key identifier:   4C:59:1C:59:A2:11:31:2A:0D:BF:69:DC:79:D6:43:54:21:32:E1:D2
Certificate issuer:       /CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
Certificate serial:       018FC4B896EF8C4CDDE7D5E7057C50CB87C7
Authority key identifier: BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/TFkcWaIRMSoNv2ncedZDVCEy4dI.roa
Signing time:             Wed 29 May 2024 14:19:42 +0000
ROA not before:           Wed 29 May 2024 14:19:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.214.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:b8:96:ef:8c:4c:dd:e7:d5:e7:05:7c:50:cb:87:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
        Validity
            Not Before: May 29 14:19:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c591c59a211312a0dbf69dc79d643542132e1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ad:15:31:4b:52:09:b2:c0:a1:aa:c0:cc:3d:
                    be:57:82:21:53:c7:80:3e:05:52:a4:14:62:c5:aa:
                    e2:35:19:13:cb:0c:77:73:b4:65:cc:90:2e:92:8a:
                    31:22:f2:61:70:d7:7d:3d:df:09:8a:31:26:5c:93:
                    31:58:1f:94:1b:fe:b5:93:93:2d:b7:e6:10:26:84:
                    c8:6a:19:57:71:e9:e2:6a:05:66:22:d1:23:0e:6d:
                    6b:b8:a7:f7:9a:12:fa:11:ed:50:c9:40:86:fb:34:
                    46:04:60:51:ef:b9:10:ad:98:b0:3b:2a:a2:2d:7c:
                    46:5b:20:73:cc:42:08:a0:99:0f:1a:41:a0:32:f4:
                    a6:6b:4b:bd:66:3f:f9:f0:d3:12:5c:13:fa:17:37:
                    6e:7f:93:32:69:b4:13:57:0b:93:f7:56:42:29:bc:
                    33:a0:b7:22:e1:9d:0a:56:7a:e6:97:74:2f:5b:b5:
                    90:f9:d4:ac:7a:28:89:e2:94:77:11:9f:3d:8d:a3:
                    e4:65:f5:87:c3:1f:b8:3d:96:53:3a:b9:07:3b:83:
                    a4:cd:c0:e7:ed:28:6f:53:cf:d0:ad:f1:89:ce:50:
                    df:66:95:b2:80:8e:7b:44:68:3e:9e:26:61:ed:fb:
                    9f:01:db:4e:70:6d:b6:ff:00:74:82:4b:66:b6:82:
                    5e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:59:1C:59:A2:11:31:2A:0D:BF:69:DC:79:D6:43:54:21:32:E1:D2
            X509v3 Authority Key Identifier:
                keyid:BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/TFkcWaIRMSoNv2ncedZDVCEy4dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c5:21:44:2f:0f:e8:82:35:f8:46:1c:c0:52:e2:dc:64:0e:
         37:ab:6f:2a:0d:f6:fb:1c:e5:8e:41:cd:ec:9d:ce:46:4e:c4:
         18:b0:a3:81:43:27:23:2e:27:90:7e:4a:b0:92:92:f0:c7:22:
         96:b0:23:9e:6b:79:8d:90:b7:69:da:2a:28:de:35:53:d9:f8:
         93:6c:15:ba:b0:eb:bf:c3:1b:3f:ce:eb:9e:80:77:9b:ea:82:
         dc:54:33:27:23:91:8e:e4:6e:f2:05:2b:f2:1b:21:8d:bc:20:
         c6:9b:a4:98:93:c8:12:cc:a9:14:c4:6a:20:92:22:75:57:3e:
         d4:bb:30:12:27:0c:3f:23:61:14:f0:ba:6b:28:ab:74:1d:35:
         0d:5c:df:24:3f:9a:74:44:d9:0f:d1:a6:15:fc:15:f7:b6:09:
         c3:b8:ea:df:57:27:44:c0:e6:df:bc:b4:f7:a5:b5:4b:5c:10:
         1d:b3:eb:b4:44:5d:6a:10:cd:a5:45:cf:1c:80:19:01:e5:aa:
         30:e7:a5:d8:21:ea:86:2e:26:f3:ea:f1:8f:fa:dd:4a:00:a0:
         e8:d5:7a:bb:db:34:ef:fc:89:dd:32:90:91:cf:70:0b:a2:83:
         28:94:57:36:65:7f:f3:70:c9:ed:67:90:fa:85:b1:01:ac:1e:
         a6:53:10:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/EuJbvjEzd59XnBXxQy4fHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjIzMmMxZDcyZGMxY2FiYmRhMTZjODcwZWM5NDFkNDU4
YTlmZGMwHhcNMjQwNTI5MTQxOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU5MWM1OWEyMTEzMTJhMGRiZjY5ZGM3OWQ2NDM1NDIxMzJlMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq0VMUtSCbLAoarAzD2+V4IhU8eA
PgVSpBRixariNRkTywx3c7RlzJAukooxIvJhcNd9Pd8JijEmXJMxWB+UG/61k5Mt
t+YQJoTIahlXceniagVmItEjDm1ruKf3mhL6Ee1QyUCG+zRGBGBR77kQrZiwOyqi
LXxGWyBzzEIIoJkPGkGgMvSma0u9Zj/58NMSXBP6Fzduf5MyabQTVwuT91ZCKbwz
oLci4Z0KVnrml3QvW7WQ+dSseiiJ4pR3EZ89jaPkZfWHwx+4PZZTOrkHO4OkzcDn
7ShvU8/QrfGJzlDfZpWygI57RGg+niZh7fufAdtOcG22/wB0gktmtoJeJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExZHFmiETEqDb9p3HnWQ1QhMuHSMB8GA1UdIwQY
MBaAFLqyMsHXLcHKu9oWyHDslB1Fip/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAt
N2QzZWZiNGE2YTdmLzEvVEZrY1dhSVJNU29OdjJuY2VkWkRWQ0V5NGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAtN2QzZWZiNGE2YTdm
LzEvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZRMA0G
CSqGSIb3DQEBCwUAA4IBAQAXxSFELw/ogjX4RhzAUuLcZA43q28qDfb7HOWOQc3s
nc5GTsQYsKOBQycjLieQfkqwkpLwxyKWsCOea3mNkLdp2ioo3jVT2fiTbBW6sOu/
wxs/zuuegHeb6oLcVDMnI5GO5G7yBSvyGyGNvCDGm6SYk8gSzKkUxGogkiJ1Vz7U
uzASJww/I2EU8LprKKt0HTUNXN8kP5p0RNkP0aYV/BX3tgnDuOrfVydEwObfvLT3
pbVLXBAds+u0RF1qEM2lRc8cgBkB5aow56XYIeqGLibz6vGP+t1KAKDo1Xq72zTv
/IndMpCRz3ALooMolFc2ZX/zcMntZ5D6hbEBrB6mUxAu
-----END CERTIFICATE-----