Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/TGK-y5pn75ezz81k2D5A8MYlv9c.roa
File:                     TGK-y5pn75ezz81k2D5A8MYlv9c.roa (raw, json)
Hash identifier:          k4+Jc05sDycolT25+KcoQBL9JGiTsNi7DkvV1yfgk4Y=
Subject key identifier:   4C:62:BE:CB:9A:67:EF:97:B3:CF:CD:64:D8:3E:40:F0:C6:25:BF:D7
Certificate issuer:       /CN=e180ebbbca0f890de353891421a83dd5b653d940
Certificate serial:       018D6930B581E3089524446D6C1E771957D7
Authority key identifier: E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/TGK-y5pn75ezz81k2D5A8MYlv9c.roa
Signing time:             Fri 02 Feb 2024 09:40:16 +0000
ROA not before:           Fri 02 Feb 2024 09:40:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57186
IP address blocks:        185.182.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 21:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:30:b5:81:e3:08:95:24:44:6d:6c:1e:77:19:57:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e180ebbbca0f890de353891421a83dd5b653d940
        Validity
            Not Before: Feb  2 09:40:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c62becb9a67ef97b3cfcd64d83e40f0c625bfd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d8:0b:5c:d1:7b:3e:c0:b2:5c:ad:66:37:9f:
                    8b:8a:96:d0:d3:e8:46:d7:9c:53:14:de:79:f9:3b:
                    5f:2c:f3:41:cb:39:1c:53:f4:4d:a5:06:fe:a4:87:
                    4a:e5:ce:88:a4:ec:19:85:44:90:c5:33:c2:36:b4:
                    05:1f:82:9d:59:0b:b7:cf:07:84:f4:c1:14:f8:57:
                    21:7c:34:fd:80:b5:e9:b9:5a:74:71:63:e4:b7:76:
                    af:bf:f4:7e:52:7f:7c:17:64:33:61:67:35:32:d7:
                    eb:f6:00:cd:22:3c:dc:88:21:5e:f2:3f:4c:67:0d:
                    e6:7d:89:3f:dc:1b:45:ca:ed:6f:a6:0a:b7:3f:cb:
                    8d:f4:e4:91:a5:17:f8:34:64:5d:33:3d:97:37:43:
                    da:3e:50:09:dc:90:f9:ca:89:5a:eb:fc:1f:f3:86:
                    a4:5c:9b:37:e8:1f:87:ab:4f:41:cf:d3:f9:05:7a:
                    53:82:e7:5f:cf:0f:8e:ab:70:b7:db:75:01:7a:08:
                    bc:51:bc:93:a6:7e:76:c9:a0:56:b6:ea:27:96:3b:
                    3e:a6:20:2e:d9:3a:35:36:34:47:5b:47:2f:2f:d2:
                    9d:d9:c0:57:f9:34:ec:c3:de:28:1b:f7:73:96:a7:
                    74:82:39:a4:0d:b3:e0:b7:21:4d:0b:e6:11:41:46:
                    02:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:62:BE:CB:9A:67:EF:97:B3:CF:CD:64:D8:3E:40:F0:C6:25:BF:D7
            X509v3 Authority Key Identifier:
                keyid:E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/TGK-y5pn75ezz81k2D5A8MYlv9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:67:86:2d:28:e5:76:fb:66:e2:fb:98:7e:c5:9a:6b:83:6e:
         42:d8:06:4d:f5:de:4f:25:21:f0:fc:e0:77:e1:62:ee:2e:ff:
         c3:05:d2:c4:68:b1:4f:33:e3:83:51:ad:28:42:e0:fb:4a:d3:
         f2:e1:38:f6:d9:7b:0c:2e:93:f5:67:d1:fb:ad:43:ec:cc:7b:
         3a:b2:37:fc:1f:31:84:91:4c:bc:fc:74:a5:16:10:7a:21:7a:
         e2:0d:b8:6f:fd:08:bc:28:84:e7:b1:0d:7f:31:99:a1:83:16:
         89:56:bc:af:c8:0f:96:00:22:45:f9:ef:4e:87:43:51:4c:87:
         d1:aa:a9:e1:68:0b:87:de:d4:1f:f0:0a:df:0a:ef:c2:53:10:
         d9:38:66:f5:71:94:5d:22:99:e1:6b:92:25:db:7b:c5:cf:45:
         45:f8:bb:0a:8a:1e:c2:20:dd:d7:ae:17:fb:d2:fe:26:d2:34:
         15:95:4a:06:be:51:a5:ab:3d:11:dc:92:d7:9b:0a:eb:ed:af:
         2c:81:10:0d:e3:5d:f1:5f:8f:48:e3:46:4b:9d:3c:f1:20:62:
         9e:28:35:cf:50:f8:84:3d:4a:e4:b2:b1:d7:0d:b6:9c:92:d0:
         a2:5a:e8:a9:c9:15:f9:34:39:92:c7:84:dc:93:aa:47:4b:22:
         cc:54:31:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pMLWB4wiVJERtbB53GVfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODBlYmJiY2EwZjg5MGRlMzUzODkxNDIxYTgzZGQ1YjY1
M2Q5NDAwHhcNMjQwMjAyMDk0MDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzYyYmVjYjlhNjdlZjk3YjNjZmNkNjRkODNlNDBmMGM2MjViZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNgLXNF7PsCyXK1mN5+LipbQ0+hG
15xTFN55+TtfLPNByzkcU/RNpQb+pIdK5c6IpOwZhUSQxTPCNrQFH4KdWQu3zweE
9MEU+FchfDT9gLXpuVp0cWPkt3avv/R+Un98F2QzYWc1Mtfr9gDNIjzciCFe8j9M
Zw3mfYk/3BtFyu1vpgq3P8uN9OSRpRf4NGRdMz2XN0PaPlAJ3JD5yola6/wf84ak
XJs36B+Hq09Bz9P5BXpTgudfzw+Oq3C323UBegi8UbyTpn52yaBWtuonljs+piAu
2To1NjRHW0cvL9Kd2cBX+TTsw94oG/dzlqd0gjmkDbPgtyFNC+YRQUYCYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExivsuaZ++Xs8/NZNg+QPDGJb/XMB8GA1UdIwQY
MBaAFOGA67vKD4kN41OJFCGoPdW2U9lAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEt
MDU1NTY5NTljNDU1LzEvVEdLLXk1cG43NWV6ejgxazJENUE4TVlsdjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEtMDU1NTY5NTljNDU1
LzEvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubZsMA0G
CSqGSIb3DQEBCwUAA4IBAQBuZ4YtKOV2+2bi+5h+xZprg25C2AZN9d5PJSHw/OB3
4WLuLv/DBdLEaLFPM+ODUa0oQuD7StPy4Tj22XsMLpP1Z9H7rUPszHs6sjf8HzGE
kUy8/HSlFhB6IXriDbhv/Qi8KITnsQ1/MZmhgxaJVryvyA+WACJF+e9Oh0NRTIfR
qqnhaAuH3tQf8ArfCu/CUxDZOGb1cZRdIpnha5Il23vFz0VF+LsKih7CIN3Xrhf7
0v4m0jQVlUoGvlGlqz0R3JLXmwrr7a8sgRAN413xX49I40ZLnTzxIGKeKDXPUPiE
PUrksrHXDbacktCiWuipyRX5NDmSx4Tck6pHSyLMVDHf
-----END CERTIFICATE-----