Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/tKgmwxS7buNXlOIvK59WgqDEmoQ.roa
File:                     tKgmwxS7buNXlOIvK59WgqDEmoQ.roa (raw, json)
Hash identifier:          CVZHXmtJwGTLMcjy/XTt5OPgPu3H8KI2e61uMvRBkSc=
Subject key identifier:   B4:A8:26:C3:14:BB:6E:E3:57:94:E2:2F:2B:9F:56:82:A0:C4:9A:84
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       018EF0FD73FD46AFCF2EE9B572AE96AA6756
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/tKgmwxS7buNXlOIvK59WgqDEmoQ.roa
Signing time:             Thu 18 Apr 2024 11:35:25 +0000
ROA not before:           Thu 18 Apr 2024 11:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272344
IP address blocks:        185.56.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:fd:73:fd:46:af:cf:2e:e9:b5:72:ae:96:aa:67:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Apr 18 11:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4a826c314bb6ee35794e22f2b9f5682a0c49a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7c:1c:f6:6f:2f:07:4a:18:47:de:a8:44:77:
                    4a:4f:d2:e5:11:6d:26:80:ce:7b:56:65:ac:98:39:
                    97:8e:a9:11:05:18:bd:1b:84:27:9a:0f:d3:21:d2:
                    00:74:99:91:37:b5:e2:56:af:77:87:a0:fd:43:e0:
                    7c:de:d0:b1:76:21:dd:b9:62:e0:b0:23:10:b6:00:
                    3d:8c:18:65:89:b2:9f:7a:cd:2d:33:a7:76:9e:85:
                    4d:11:f5:17:d5:66:16:6e:59:c1:e5:44:4d:6b:fe:
                    3a:75:6e:4c:6d:32:76:10:41:e9:36:9b:01:c3:4f:
                    1c:96:f1:22:de:ee:f9:22:8d:90:74:31:fc:d8:81:
                    44:af:60:fd:5c:1d:f8:12:d3:e7:17:69:9d:aa:28:
                    a8:51:92:4f:15:9b:4d:6c:a3:06:4e:c6:86:bf:35:
                    82:d5:9d:83:5f:7c:c5:21:f6:83:d7:2b:01:ab:10:
                    84:cb:7d:5c:47:e4:f1:e9:dd:cb:eb:16:c5:37:0e:
                    c3:14:a7:c4:9a:ed:60:9e:78:26:1f:ad:45:31:92:
                    fb:0d:2d:3d:1c:6e:0b:71:60:d3:cb:8f:b2:d8:88:
                    42:f4:ab:e0:29:99:6b:4f:ed:2d:f4:b2:53:16:08:
                    5e:63:31:00:be:e4:af:fd:97:d1:cb:07:0b:8e:5b:
                    85:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A8:26:C3:14:BB:6E:E3:57:94:E2:2F:2B:9F:56:82:A0:C4:9A:84
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/tKgmwxS7buNXlOIvK59WgqDEmoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:39:45:ee:49:de:91:ef:ff:55:26:44:71:61:bb:20:b6:aa:
         94:8c:31:fb:77:d0:66:2f:90:cd:18:0f:59:e0:bc:fb:3e:1a:
         ff:16:93:a7:7b:0b:08:ab:49:d3:c8:d4:bc:cb:7d:a7:44:14:
         54:d4:47:f2:58:a3:ae:d6:65:70:3d:2a:89:ad:1f:c3:53:a7:
         98:ae:39:82:ec:47:0c:ad:22:e1:e3:66:9e:b4:6d:ae:f0:0e:
         18:16:05:87:bd:2b:c4:e8:ca:b3:8c:3d:c1:77:53:38:dc:83:
         0b:0f:0b:b6:3a:36:bb:e7:bf:98:b9:53:a7:2e:db:62:c9:df:
         44:95:0c:8b:b6:15:e4:23:c5:8c:93:fb:ad:d6:76:72:d2:40:
         08:7b:f6:ba:d0:b8:40:8c:1a:32:aa:4e:c3:ee:f5:4b:74:fb:
         63:56:b7:4c:04:e9:1a:52:d4:70:bf:9f:2a:9b:20:52:cf:20:
         b2:20:21:21:5e:18:7f:79:37:4e:6f:0c:d8:cf:4c:79:51:46:
         87:93:f8:e7:4f:d8:13:8e:85:4e:94:ec:70:5a:8e:e7:56:84:
         20:55:ed:aa:61:24:de:87:0c:41:61:4c:29:31:78:27:0f:d3:
         2d:49:bf:f4:04:d0:99:a3:bf:65:82:69:05:2f:4e:25:bf:61:
         b6:24:38:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7w/XP9Rq/PLum1cq6WqmdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjQwNDE4MTEzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4MjZjMzE0YmI2ZWUzNTc5NGUyMmYyYjlmNTY4MmEwYzQ5YTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHwc9m8vB0oYR96oRHdKT9LlEW0m
gM57VmWsmDmXjqkRBRi9G4Qnmg/TIdIAdJmRN7XiVq93h6D9Q+B83tCxdiHduWLg
sCMQtgA9jBhlibKfes0tM6d2noVNEfUX1WYWblnB5URNa/46dW5MbTJ2EEHpNpsB
w08clvEi3u75Io2QdDH82IFEr2D9XB34EtPnF2mdqiioUZJPFZtNbKMGTsaGvzWC
1Z2DX3zFIfaD1ysBqxCEy31cR+Tx6d3L6xbFNw7DFKfEmu1gnngmH61FMZL7DS09
HG4LcWDTy4+y2IhC9KvgKZlrT+0t9LJTFgheYzEAvuSv/ZfRywcLjluF0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSoJsMUu27jV5TiLyufVoKgxJqEMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvdEtnbXd4UzdidU5YbE9Jdks1OVdncURFbW9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuThtMA0G
CSqGSIb3DQEBCwUAA4IBAQCuOUXuSd6R7/9VJkRxYbsgtqqUjDH7d9BmL5DNGA9Z
4Lz7Phr/FpOnewsIq0nTyNS8y32nRBRU1EfyWKOu1mVwPSqJrR/DU6eYrjmC7EcM
rSLh42aetG2u8A4YFgWHvSvE6MqzjD3Bd1M43IMLDwu2Oja757+YuVOnLttiyd9E
lQyLthXkI8WMk/ut1nZy0kAIe/a60LhAjBoyqk7D7vVLdPtjVrdMBOkaUtRwv58q
myBSzyCyICEhXhh/eTdObwzYz0x5UUaHk/jnT9gTjoVOlOxwWo7nVoQgVe2qYSTe
hwxBYUwpMXgnD9MtSb/0BNCZo79lgmkFL04lv2G2JDij
-----END CERTIFICATE-----