Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/tUMXTTo-lYRQtw56Xi716rHe09c.roa
File:                     tUMXTTo-lYRQtw56Xi716rHe09c.roa (raw, json)
Hash identifier:          Jfc6QrQpssU5qvex7K2mtK0UESrHoXB83tC+/f5wPHg=
Subject key identifier:   B5:43:17:4D:3A:3E:95:84:50:B7:0E:7A:5E:2E:F5:EA:B1:DE:D3:D7
Certificate issuer:       /CN=a48da5209bd6cf90c6df6d7e6d63a63955bad4b5
Certificate serial:       018CC3B7479BE41071A40BF2A855C0F17EC4
Authority key identifier: A4:8D:A5:20:9B:D6:CF:90:C6:DF:6D:7E:6D:63:A6:39:55:BA:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pI2lIJvWz5DG321-bWOmOVW61LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/tUMXTTo-lYRQtw56Xi716rHe09c.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206865
IP address blocks:        185.168.190.0/23 maxlen: 23
                          185.168.188.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/pI2lIJvWz5DG321-bWOmOVW61LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/pI2lIJvWz5DG321-bWOmOVW61LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pI2lIJvWz5DG321-bWOmOVW61LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 21:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:9b:e4:10:71:a4:0b:f2:a8:55:c0:f1:7e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a48da5209bd6cf90c6df6d7e6d63a63955bad4b5
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b543174d3a3e958450b70e7a5e2ef5eab1ded3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f6:17:de:48:8a:5f:b1:47:d1:fb:e6:70:81:
                    ab:f7:92:57:4c:ed:bc:4e:bf:e5:8f:9c:33:0e:91:
                    1d:1f:90:91:da:96:e8:4d:bb:89:ce:39:91:d8:fa:
                    dd:b4:9e:09:ef:47:cb:f8:a9:43:69:3e:ce:b7:aa:
                    35:f3:2f:c5:61:91:fc:b1:5c:ec:49:d6:26:44:31:
                    ac:28:b8:42:f8:01:c8:1f:29:09:b0:a0:05:e9:8e:
                    3b:71:61:1d:5c:67:1c:e1:ea:50:8d:70:81:48:c1:
                    25:5f:f9:92:35:1f:d3:5c:51:05:d1:1a:44:81:ca:
                    66:0c:28:de:91:5f:03:76:92:f1:1c:87:cb:9c:94:
                    f1:f3:9a:75:98:25:70:9d:40:15:67:71:a8:b4:02:
                    a8:70:2c:1e:33:68:77:dc:e4:75:7a:8d:59:cd:c0:
                    d8:27:47:7f:6d:d0:da:4d:93:c1:b3:87:14:c0:69:
                    9d:2b:79:68:ee:4d:d6:81:ac:f5:42:12:52:22:3d:
                    0d:63:2f:95:10:dd:6a:84:cf:1a:bd:ae:7a:f5:14:
                    f4:e2:76:73:00:69:ad:a4:4b:1d:1a:1c:ea:37:22:
                    d0:fd:11:7e:da:22:21:59:af:f5:88:dc:71:d1:d5:
                    45:87:c4:1c:a0:95:bf:11:1b:fb:42:c1:21:3c:56:
                    28:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:43:17:4D:3A:3E:95:84:50:B7:0E:7A:5E:2E:F5:EA:B1:DE:D3:D7
            X509v3 Authority Key Identifier:
                keyid:A4:8D:A5:20:9B:D6:CF:90:C6:DF:6D:7E:6D:63:A6:39:55:BA:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pI2lIJvWz5DG321-bWOmOVW61LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/tUMXTTo-lYRQtw56Xi716rHe09c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/e631bf-de95-4cff-b0dd-5cb2d7258b0d/1/pI2lIJvWz5DG321-bWOmOVW61LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:29:e2:a6:2f:2f:20:50:e4:cd:11:47:2e:84:a2:fb:45:c5:
         0c:91:e7:e4:28:e4:62:4f:3a:f8:bf:da:f4:43:d4:28:ef:99:
         25:bf:15:ea:8b:60:8f:ce:5f:67:a7:de:a3:7f:a1:a5:9b:40:
         a8:5d:c0:a2:ce:ea:d9:5f:17:cc:f2:69:a1:06:32:d3:dc:5b:
         0b:c3:37:80:eb:bc:60:5c:e5:e1:0b:19:89:be:40:21:fe:80:
         80:db:4c:9b:be:f1:3b:04:15:e6:dc:4b:09:2a:34:1c:75:32:
         ad:69:4a:00:30:c8:5b:b8:5d:59:1f:43:29:bb:ed:d5:7c:67:
         da:b1:19:12:e9:fa:75:9a:d6:d3:9f:9f:d1:f1:09:71:f7:f4:
         73:6c:ab:96:31:7f:82:2f:c3:a6:0a:7a:a6:87:81:92:17:c1:
         a5:45:62:b4:43:a5:53:d6:d5:f1:ff:14:ca:bf:39:0a:07:0f:
         88:f5:c3:83:6a:b0:e5:32:ac:cc:d2:64:be:54:05:24:f2:b4:
         c1:87:a2:2e:3a:bc:9e:15:d0:e3:9e:8b:68:5c:9a:7e:fb:e8:
         ba:c4:bf:e6:87:f7:02:3c:b4:04:6a:c8:c4:ac:92:39:84:f3:
         0f:7e:ce:a2:ff:42:14:ba:42:ff:57:1a:3a:cd:e6:08:52:94:
         db:53:97:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0eb5BBxpAvyqFXA8X7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OGRhNTIwOWJkNmNmOTBjNmRmNmQ3ZTZkNjNhNjM5NTVi
YWQ0YjUwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQzMTc0ZDNhM2U5NTg0NTBiNzBlN2E1ZTJlZjVlYWIxZGVkM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvYX3kiKX7FH0fvmcIGr95JXTO28
Tr/lj5wzDpEdH5CR2pboTbuJzjmR2PrdtJ4J70fL+KlDaT7Ot6o18y/FYZH8sVzs
SdYmRDGsKLhC+AHIHykJsKAF6Y47cWEdXGcc4epQjXCBSMElX/mSNR/TXFEF0RpE
gcpmDCjekV8DdpLxHIfLnJTx85p1mCVwnUAVZ3GotAKocCweM2h33OR1eo1ZzcDY
J0d/bdDaTZPBs4cUwGmdK3lo7k3Wgaz1QhJSIj0NYy+VEN1qhM8ava569RT04nZz
AGmtpEsdGhzqNyLQ/RF+2iIhWa/1iNxx0dVFh8QcoJW/ERv7QsEhPFYoFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVDF006PpWEULcOel4u9eqx3tPXMB8GA1UdIwQY
MBaAFKSNpSCb1s+Qxt9tfm1jpjlVutS1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEkybElKdld6NURHMzIxLWJXT21PVlc2MUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lNjMxYmYtZGU5NS00Y2ZmLWIwZGQt
NWNiMmQ3MjU4YjBkLzEvdFVNWFRUby1sWVJRdHc1NlhpNzE2ckhlMDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lNjMxYmYtZGU5NS00Y2ZmLWIwZGQtNWNiMmQ3MjU4YjBk
LzEvcEkybElKdld6NURHMzIxLWJXT21PVlc2MUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuai8MA0G
CSqGSIb3DQEBCwUAA4IBAQByKeKmLy8gUOTNEUcuhKL7RcUMkefkKORiTzr4v9r0
Q9Qo75klvxXqi2CPzl9np96jf6Glm0CoXcCizurZXxfM8mmhBjLT3FsLwzeA67xg
XOXhCxmJvkAh/oCA20ybvvE7BBXm3EsJKjQcdTKtaUoAMMhbuF1ZH0Mpu+3VfGfa
sRkS6fp1mtbTn5/R8Qlx9/RzbKuWMX+CL8OmCnqmh4GSF8GlRWK0Q6VT1tXx/xTK
vzkKBw+I9cODarDlMqzM0mS+VAUk8rTBh6IuOryeFdDjnotoXJp+++i6xL/mh/cC
PLQEasjErJI5hPMPfs6i/0IUukL/Vxo6zeYIUpTbU5fH
-----END CERTIFICATE-----