Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/TTcKd2jkze2Y5we1tFSD_F_NGeQ.roa
File:                     TTcKd2jkze2Y5we1tFSD_F_NGeQ.roa (raw, json)
Hash identifier:          s3hqx1zfNHae+yr5XZBLiHp0rU5+qfo41icgwJHr79k=
Subject key identifier:   4D:37:0A:77:68:E4:CD:ED:98:E7:07:B5:B4:54:83:FC:5F:CD:19:E4
Certificate issuer:       /CN=e858338dea6ae4ddbb24850a0707f43aa1794c3f
Certificate serial:       018CC7275700FB05A0B40742F5B318079E24
Authority key identifier: E8:58:33:8D:EA:6A:E4:DD:BB:24:85:0A:07:07:F4:3A:A1:79:4C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Fgzjepq5N27JIUKBwf0OqF5TD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/TTcKd2jkze2Y5we1tFSD_F_NGeQ.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205262
IP address blocks:        185.246.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/6Fgzjepq5N27JIUKBwf0OqF5TD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/6Fgzjepq5N27JIUKBwf0OqF5TD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Fgzjepq5N27JIUKBwf0OqF5TD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:00:fb:05:a0:b4:07:42:f5:b3:18:07:9e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e858338dea6ae4ddbb24850a0707f43aa1794c3f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d370a7768e4cded98e707b5b45483fc5fcd19e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4e:19:c3:98:2f:2b:a3:49:e4:0b:22:52:be:
                    8a:c9:a7:db:63:5a:62:6d:cd:34:88:0f:42:26:3f:
                    f6:47:cc:2f:6f:bd:78:7f:79:89:c8:62:0e:4c:66:
                    a2:e7:a6:dc:6b:bc:29:13:b4:44:87:ca:85:18:d1:
                    23:c4:b0:20:96:07:bb:7d:11:ad:31:c4:49:69:c5:
                    e4:e1:12:ea:4f:fb:55:1e:6d:08:59:29:6a:27:47:
                    a8:96:3a:17:34:b8:4a:1f:5a:7d:10:91:1e:7b:da:
                    4f:4c:42:92:54:19:0e:79:c0:68:91:64:78:b0:d7:
                    aa:d1:f3:82:59:aa:46:2e:5f:3e:f7:b2:c2:20:8f:
                    2a:13:b6:a4:30:91:2e:f2:3d:a1:a4:ea:4f:8a:59:
                    84:5d:53:5c:ce:ee:02:4c:2f:a7:9d:5b:2a:15:56:
                    72:fe:1b:ff:16:5e:2b:29:ff:8f:09:5f:8e:41:94:
                    d0:96:5c:c7:3e:68:08:2e:c0:74:d3:44:fb:9b:ad:
                    92:e0:7e:c5:a7:0e:27:f8:f5:7f:26:f0:96:72:c7:
                    4b:ba:dd:fb:a0:26:c3:60:1d:cf:c5:7a:5c:7d:77:
                    92:bf:37:e8:27:56:7a:74:5b:0a:a5:0c:2d:e3:25:
                    a2:d7:b3:35:ce:65:3d:08:0b:77:b8:be:cf:f4:22:
                    7a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:37:0A:77:68:E4:CD:ED:98:E7:07:B5:B4:54:83:FC:5F:CD:19:E4
            X509v3 Authority Key Identifier:
                keyid:E8:58:33:8D:EA:6A:E4:DD:BB:24:85:0A:07:07:F4:3A:A1:79:4C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Fgzjepq5N27JIUKBwf0OqF5TD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/TTcKd2jkze2Y5we1tFSD_F_NGeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/376662-87eb-4c97-9373-a1dce6ad150c/1/6Fgzjepq5N27JIUKBwf0OqF5TD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:3a:71:23:3f:62:1d:91:b1:04:0d:98:11:86:62:b6:90:0b:
         14:71:c8:7d:ea:be:2b:7a:be:59:e5:eb:4c:0d:99:1a:8a:74:
         91:59:cd:83:d2:38:ec:56:23:ec:0c:2f:05:5b:b0:80:14:83:
         1b:71:1c:fe:b4:69:a9:c3:3c:77:8a:9f:35:bf:c0:66:7e:62:
         a6:c6:62:eb:06:36:69:bf:ea:3d:1f:48:15:1f:9d:20:60:3d:
         52:fe:71:85:b4:ef:90:59:d4:f4:70:26:95:06:21:c9:c2:2d:
         d4:91:4e:45:eb:d3:ed:a4:21:8e:50:71:d4:25:0a:fc:5d:78:
         23:a1:a9:34:4b:f0:50:d9:a5:55:b7:4b:2b:bf:61:e8:c7:9c:
         6d:d9:77:2f:f2:ad:d6:d0:4c:bd:67:2a:63:9a:56:51:26:14:
         ec:49:93:a5:96:19:a2:d0:ac:24:db:2e:43:df:62:73:6f:c9:
         bb:4e:b5:93:58:83:58:06:f6:48:a7:14:7d:c3:6d:6c:c3:01:
         0e:c5:34:23:a3:4b:0f:2a:74:5c:b5:4f:7e:ed:0d:62:be:ff:
         8e:bf:95:4f:13:39:d2:c1:ac:02:7d:e3:37:e0:08:01:af:30:
         c9:f2:d3:8c:de:ec:07:81:8d:98:8c:41:67:90:76:4a:ed:4c:
         8e:a0:65:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1cA+wWgtAdC9bMYB54kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NTgzMzhkZWE2YWU0ZGRiYjI0ODUwYTA3MDdmNDNhYTE3
OTRjM2YwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDM3MGE3NzY4ZTRjZGVkOThlNzA3YjViNDU0ODNmYzVmY2QxOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU4Zw5gvK6NJ5AsiUr6KyafbY1pi
bc00iA9CJj/2R8wvb714f3mJyGIOTGai56bca7wpE7REh8qFGNEjxLAglge7fRGt
McRJacXk4RLqT/tVHm0IWSlqJ0eoljoXNLhKH1p9EJEee9pPTEKSVBkOecBokWR4
sNeq0fOCWapGLl8+97LCII8qE7akMJEu8j2hpOpPilmEXVNczu4CTC+nnVsqFVZy
/hv/Fl4rKf+PCV+OQZTQllzHPmgILsB000T7m62S4H7Fpw4n+PV/JvCWcsdLut37
oCbDYB3PxXpcfXeSvzfoJ1Z6dFsKpQwt4yWi17M1zmU9CAt3uL7P9CJ6zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE03Cndo5M3tmOcHtbRUg/xfzRnkMB8GA1UdIwQY
MBaAFOhYM43qauTduySFCgcH9DqheUw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkZnemplcHE1TjI3SklVS0J3ZjBPcUY1VEQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zNzY2NjItODdlYi00Yzk3LTkzNzMt
YTFkY2U2YWQxNTBjLzEvVFRjS2Qyamt6ZTJZNXdlMXRGU0RfRl9OR2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zNzY2NjItODdlYi00Yzk3LTkzNzMtYTFkY2U2YWQxNTBj
LzEvNkZnemplcHE1TjI3SklVS0J3ZjBPcUY1VEQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufZkMA0G
CSqGSIb3DQEBCwUAA4IBAQB6OnEjP2IdkbEEDZgRhmK2kAsUcch96r4rer5Z5etM
DZkainSRWc2D0jjsViPsDC8FW7CAFIMbcRz+tGmpwzx3ip81v8BmfmKmxmLrBjZp
v+o9H0gVH50gYD1S/nGFtO+QWdT0cCaVBiHJwi3UkU5F69PtpCGOUHHUJQr8XXgj
oak0S/BQ2aVVt0srv2Hox5xt2Xcv8q3W0Ey9ZypjmlZRJhTsSZOllhmi0Kwk2y5D
32Jzb8m7TrWTWINYBvZIpxR9w21swwEOxTQjo0sPKnRctU9+7Q1ivv+Ov5VPEznS
wawCfeM34AgBrzDJ8tOM3uwHgY2YjEFnkHZK7UyOoGXr
-----END CERTIFICATE-----