Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TOXEwMgPIZ3nZApYaDZhoXO5uK0.roa
File:                     TOXEwMgPIZ3nZApYaDZhoXO5uK0.roa (raw, json)
Hash identifier:          04y9jyCkY5lBbFiyIipk3b6tQX+m3INXBU+Cg9JQYvE=
Subject key identifier:   4C:E5:C4:C0:C8:0F:21:9D:E7:64:0A:58:68:36:61:A1:73:B9:B8:AD
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       018CC6B919604225430FD739CBFCD0695B86
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TOXEwMgPIZ3nZApYaDZhoXO5uK0.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142111
IP address blocks:        2.59.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:19:60:42:25:43:0f:d7:39:cb:fc:d0:69:5b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ce5c4c0c80f219de7640a58683661a173b9b8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:37:04:fa:6d:ab:7b:5a:dc:d1:2b:b7:23:eb:
                    0c:bf:60:ff:ad:45:da:e0:44:f3:97:65:b7:4f:a3:
                    f7:1b:2f:c3:ee:17:37:64:63:77:4b:b6:17:bc:0e:
                    da:be:ad:71:7f:5c:c8:13:dd:c7:7c:d3:11:97:3e:
                    69:86:46:1e:4b:1a:c2:5f:9d:39:4a:21:bc:3c:84:
                    b2:e5:06:8f:03:dc:c1:e7:71:71:c2:c8:18:19:97:
                    64:e0:25:b7:06:b7:40:14:92:e9:f8:02:c8:b6:79:
                    ff:96:4a:80:98:9e:ed:8e:87:76:98:f0:a9:96:95:
                    df:6b:23:c6:ec:5a:4e:41:10:dc:e0:e9:da:d0:39:
                    ff:92:cd:80:29:1f:cf:8d:2c:da:77:6b:b4:bb:0d:
                    d1:b1:be:53:4c:a5:c4:e5:f7:a7:f9:5c:79:a5:d4:
                    9f:a4:16:20:5b:e1:5e:ad:d6:da:b0:32:65:69:be:
                    0a:08:ea:fa:ca:b8:e0:d9:58:81:74:c5:67:22:b2:
                    84:6f:e8:d0:cd:e9:df:4f:b8:82:aa:3a:35:56:ff:
                    b2:ee:7e:f8:ae:35:de:ee:83:18:38:0e:02:fe:53:
                    a1:96:20:0d:0e:38:cc:d3:fe:1e:3f:f2:22:32:9e:
                    7e:09:40:70:81:75:b4:5d:89:70:d0:d9:97:da:f6:
                    28:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E5:C4:C0:C8:0F:21:9D:E7:64:0A:58:68:36:61:A1:73:B9:B8:AD
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TOXEwMgPIZ3nZApYaDZhoXO5uK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c3:cf:52:f0:6a:2e:8b:fc:96:4a:c7:ac:03:99:63:60:59:
         3a:54:aa:37:e3:08:b5:22:47:54:19:be:a3:19:32:9e:9d:49:
         7b:f3:2e:c8:a9:bd:7a:ef:0d:77:48:b5:6e:2b:31:4a:a3:4c:
         01:0c:01:a9:4e:75:8f:48:b2:56:81:50:71:52:51:a6:a1:5d:
         a6:ef:dd:04:08:4d:44:b1:df:82:c0:37:aa:33:90:27:12:e0:
         9d:97:21:08:67:46:cc:28:93:13:c3:0f:eb:a8:5e:9a:ce:65:
         7a:04:c7:a1:f5:04:ea:0b:21:3f:97:df:bb:a8:97:05:5f:df:
         18:ba:ef:ac:d9:dc:84:97:ae:5b:d0:4d:63:87:f3:09:41:2c:
         20:ab:0b:68:b7:f1:a1:f2:f6:78:86:e2:21:3c:1b:63:fa:02:
         ef:c5:35:d9:91:33:b4:a3:33:a9:3d:5a:65:a7:8e:23:a1:30:
         54:5b:0a:23:17:e3:fc:20:18:4b:4d:f4:97:0f:6f:af:7f:31:
         28:2c:b9:0e:b4:9f:e5:75:79:be:13:3f:74:67:47:60:67:69:
         e1:38:c8:ba:ae:b0:d0:7f:72:bf:86:4b:b3:31:eb:36:cf:68:
         b1:79:50:57:69:a3:ef:34:dd:bf:3b:d9:a1:34:86:f5:1f:2b:
         0a:db:18:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRlgQiVDD9c5y/zQaVuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U1YzRjMGM4MGYyMTlkZTc2NDBhNTg2ODM2NjFhMTczYjliOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTcE+m2re1rc0Su3I+sMv2D/rUXa
4ETzl2W3T6P3Gy/D7hc3ZGN3S7YXvA7avq1xf1zIE93HfNMRlz5phkYeSxrCX505
SiG8PISy5QaPA9zB53FxwsgYGZdk4CW3BrdAFJLp+ALItnn/lkqAmJ7tjod2mPCp
lpXfayPG7FpOQRDc4Ona0Dn/ks2AKR/PjSzad2u0uw3Rsb5TTKXE5fen+Vx5pdSf
pBYgW+FerdbasDJlab4KCOr6yrjg2ViBdMVnIrKEb+jQzenfT7iCqjo1Vv+y7n74
rjXe7oMYOA4C/lOhliANDjjM0/4eP/IiMp5+CUBwgXW0XYlw0NmX2vYoBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzlxMDIDyGd52QKWGg2YaFzubitMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvVE9YRXdNZ1BJWjNuWkFwWWFEWmhvWE81dUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAju2MA0G
CSqGSIb3DQEBCwUAA4IBAQAXw89S8Goui/yWSsesA5ljYFk6VKo34wi1IkdUGb6j
GTKenUl78y7Iqb167w13SLVuKzFKo0wBDAGpTnWPSLJWgVBxUlGmoV2m790ECE1E
sd+CwDeqM5AnEuCdlyEIZ0bMKJMTww/rqF6azmV6BMeh9QTqCyE/l9+7qJcFX98Y
uu+s2dyEl65b0E1jh/MJQSwgqwtot/Gh8vZ4huIhPBtj+gLvxTXZkTO0ozOpPVpl
p44joTBUWwojF+P8IBhLTfSXD2+vfzEoLLkOtJ/ldXm+Ez90Z0dgZ2nhOMi6rrDQ
f3K/hkuzMes2z2ixeVBXaaPvNN2/O9mhNIb1HysK2xhs
-----END CERTIFICATE-----