Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/TlZcvj_d5q_mrTojuLzKNMqldQQ.roa
File:                     TlZcvj_d5q_mrTojuLzKNMqldQQ.roa (raw, json)
Hash identifier:          MS7xBKZjm+Sxc3v9/VpTWTPG5ePi4sexGFAsLO08+Rs=
Subject key identifier:   4E:56:5C:BE:3F:DD:E6:AF:E6:AD:3A:23:B8:BC:CA:34:CA:A5:75:04
Certificate issuer:       /CN=ee2c487b6b6bdda22179072d92a8f01e8e736634
Certificate serial:       018CC9BC92D614DCC811713C6ADBC06F2A39
Authority key identifier: EE:2C:48:7B:6B:6B:DD:A2:21:79:07:2D:92:A8:F0:1E:8E:73:66:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/TlZcvj_d5q_mrTojuLzKNMqldQQ.roa
Signing time:             Tue 02 Jan 2024 10:33:47 +0000
ROA not before:           Tue 02 Jan 2024 10:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57376
IP address blocks:        185.232.0.0/22 maxlen: 24
                          149.232.252.0/22 maxlen: 24
                          2a0c:9700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:92:d6:14:dc:c8:11:71:3c:6a:db:c0:6f:2a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee2c487b6b6bdda22179072d92a8f01e8e736634
        Validity
            Not Before: Jan  2 10:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e565cbe3fdde6afe6ad3a23b8bcca34caa57504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2a:0e:48:af:46:0a:4e:0a:2d:60:4a:fd:0f:
                    e3:a0:32:0f:57:df:21:b5:20:b1:bc:24:0d:b6:55:
                    e2:41:fd:d8:e0:f1:3b:6d:d7:2c:f4:57:f0:13:eb:
                    8b:8d:2d:e1:35:43:6c:05:2c:af:24:90:f4:54:23:
                    89:dc:5f:e5:b5:e2:1b:c5:f5:74:ec:ac:fc:90:48:
                    7b:85:3d:ad:b4:24:ef:60:59:c4:3e:6a:db:d3:f1:
                    58:3b:91:c7:ee:59:eb:48:a1:da:ef:95:2e:0a:2e:
                    80:f7:0a:cc:f4:4b:39:74:6a:19:33:13:f9:b1:df:
                    1b:77:86:7d:52:63:26:fd:ed:7b:77:39:5c:c6:f1:
                    05:a8:1c:d4:e1:61:4f:e0:e1:84:fb:45:e1:15:52:
                    2b:5d:ba:a4:41:c3:9b:e6:c1:74:ab:67:b3:6c:e8:
                    e8:71:51:c6:88:81:0d:6c:59:43:00:d1:90:31:08:
                    38:ce:a3:62:9e:fe:ca:b4:0d:69:0b:73:7a:e4:bd:
                    db:c0:41:1a:eb:f6:4b:c6:d3:93:83:28:cf:07:74:
                    a1:53:2c:5b:0d:8a:5d:69:36:57:fd:c9:5c:08:85:
                    07:22:33:df:5e:77:36:98:9c:fd:aa:17:af:84:07:
                    0a:84:95:55:fe:ca:89:25:8c:01:e9:14:14:df:62:
                    db:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:56:5C:BE:3F:DD:E6:AF:E6:AD:3A:23:B8:BC:CA:34:CA:A5:75:04
            X509v3 Authority Key Identifier:
                keyid:EE:2C:48:7B:6B:6B:DD:A2:21:79:07:2D:92:A8:F0:1E:8E:73:66:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/TlZcvj_d5q_mrTojuLzKNMqldQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.252.0/22
                  185.232.0.0/22
                IPv6:
                  2a0c:9700::/29

    Signature Algorithm: sha256WithRSAEncryption
         df:eb:c2:88:51:c3:88:96:6d:5e:44:b8:6c:d2:32:74:95:9d:
         5d:18:ae:c8:b6:69:02:69:3d:ce:92:5b:d0:97:f2:47:49:59:
         8a:e3:51:6c:37:1d:c5:bf:e2:88:ce:35:54:5d:bd:d7:58:04:
         9d:b7:42:f6:f1:01:15:f8:c5:ed:e1:87:a8:d9:0a:07:5f:0e:
         71:2a:67:cf:1b:00:5b:1a:97:c2:a0:6e:ae:9a:1b:2c:5c:63:
         d8:a0:df:8f:d3:89:11:f9:75:f2:f6:0e:2d:e9:fb:e2:94:59:
         e6:4f:ca:57:a7:5c:0a:f9:84:c7:85:4e:0f:a6:60:b1:98:33:
         8c:6c:fb:9f:44:a5:ae:92:70:19:c3:74:d2:3c:43:18:7e:79:
         4d:68:6f:09:50:c7:12:70:d4:5b:8c:26:c8:66:13:6e:2f:76:
         2e:c4:f9:6f:85:92:80:9f:6c:78:c1:6b:15:2d:69:8a:1a:2b:
         43:d6:19:f0:86:94:20:67:76:24:75:e5:cb:ec:e0:d9:5a:6d:
         f3:1d:51:79:d7:ef:e3:b9:10:f4:11:79:6a:39:39:bb:5f:7d:
         81:b4:86:e3:e7:7e:56:85:e0:72:0c:2b:ef:a8:cd:0f:64:91:
         75:8a:82:7f:eb:23:b1:03:7e:4d:19:39:f6:24:a5:de:76:3b:
         05:04:7c:ee
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvJLWFNzIEXE8atvAbyo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMmM0ODdiNmI2YmRkYTIyMTc5MDcyZDkyYThmMDFlOGU3
MzY2MzQwHhcNMjQwMTAyMTAzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU2NWNiZTNmZGRlNmFmZTZhZDNhMjNiOGJjY2EzNGNhYTU3NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyoOSK9GCk4KLWBK/Q/joDIPV98h
tSCxvCQNtlXiQf3Y4PE7bdcs9FfwE+uLjS3hNUNsBSyvJJD0VCOJ3F/lteIbxfV0
7Kz8kEh7hT2ttCTvYFnEPmrb0/FYO5HH7lnrSKHa75UuCi6A9wrM9Es5dGoZMxP5
sd8bd4Z9UmMm/e17dzlcxvEFqBzU4WFP4OGE+0XhFVIrXbqkQcOb5sF0q2ezbOjo
cVHGiIENbFlDANGQMQg4zqNinv7KtA1pC3N65L3bwEEa6/ZLxtOTgyjPB3ShUyxb
DYpdaTZX/clcCIUHIjPfXnc2mJz9qhevhAcKhJVV/sqJJYwB6RQU32LbRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE5WXL4/3eav5q06I7i8yjTKpXUEMB8GA1UdIwQY
MBaAFO4sSHtra92iIXkHLZKo8B6Oc2Y0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2l4SWUydHIzYUloZVFjdGtxandIbzV6WmpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zZmYwMjctMzNkNC00MTlkLWFhNmIt
NGI5ODNmMWI4NGEyLzEvVGxaY3ZqX2Q1cV9tclRvanVMektOTXFsZFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zZmYwMjctMzNkNC00MTlkLWFhNmItNGI5ODNmMWI4NGEy
LzEvN2l4SWUydHIzYUloZVFjdGtxandIbzV6WmpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQClej8AwQC
uegAMA0EAgACMAcDBQMqDJcAMA0GCSqGSIb3DQEBCwUAA4IBAQDf68KIUcOIlm1e
RLhs0jJ0lZ1dGK7ItmkCaT3OklvQl/JHSVmK41FsNx3Fv+KIzjVUXb3XWASdt0L2
8QEV+MXt4Yeo2QoHXw5xKmfPGwBbGpfCoG6umhssXGPYoN+P04kR+XXy9g4t6fvi
lFnmT8pXp1wK+YTHhU4PpmCxmDOMbPufRKWuknAZw3TSPEMYfnlNaG8JUMcScNRb
jCbIZhNuL3YuxPlvhZKAn2x4wWsVLWmKGitD1hnwhpQgZ3YkdeXL7ODZWm3zHVF5
1+/juRD0EXlqOTm7X32BtIbj535WheByDCvvqM0PZJF1ioJ/6yOxA35NGTn2JKXe
djsFBHzu
-----END CERTIFICATE-----