Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/In7rLnISMOG6zDg8Tw3L7xnnNZk.roa
File:                     In7rLnISMOG6zDg8Tw3L7xnnNZk.roa (raw, json)
Hash identifier:          6ERjF6s+MI3mdMg4UgVe0qrNBf2TbBxwJUma98PIg+4=
Subject key identifier:   22:7E:EB:2E:72:12:30:E1:BA:CC:38:3C:4F:0D:CB:EF:19:E7:35:99
Certificate issuer:       /CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
Certificate serial:       018CCA2A1F51D9A1AEA337EB7EA8815B652B
Authority key identifier: 64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/In7rLnISMOG6zDg8Tw3L7xnnNZk.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31167
IP address blocks:        185.244.18.0/24 maxlen: 24
                          185.244.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:51:d9:a1:ae:a3:37:eb:7e:a8:81:5b:65:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=227eeb2e721230e1bacc383c4f0dcbef19e73599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:dd:5f:55:1f:46:f0:cb:f9:a5:63:c4:24:68:
                    a5:dc:b3:14:13:2d:87:ec:57:7c:4c:ba:d3:76:ab:
                    49:d6:21:51:e1:e4:b5:f3:7f:19:8e:e0:ea:17:8b:
                    af:f2:81:a4:02:e0:07:a2:cf:6d:2f:a7:51:26:a5:
                    dd:82:8e:1d:3b:10:f4:be:32:f5:b9:82:e4:b6:7d:
                    a1:5a:1b:93:77:5c:e2:28:76:91:79:2c:ea:78:0c:
                    d6:bc:9e:c8:e5:dc:61:10:92:7f:82:d6:ac:86:67:
                    f2:66:86:9c:1c:81:25:9d:2f:fa:09:ae:46:46:68:
                    58:ec:5d:a2:d1:c9:12:09:07:de:a2:e5:b4:bf:63:
                    cc:f8:90:8b:3b:84:69:c7:7e:a8:16:3c:40:6d:b8:
                    ed:85:75:98:7c:4d:4e:40:12:6b:75:ce:25:30:e7:
                    18:49:01:c6:7e:da:a1:98:6d:e3:05:ff:3f:85:92:
                    99:4f:aa:1e:bd:92:94:42:d3:e2:c2:d9:c2:c4:f2:
                    f2:7b:49:b7:fd:e6:d6:42:ef:86:54:55:35:97:75:
                    95:41:75:27:7c:b9:52:8e:76:04:30:f7:d2:8e:90:
                    26:9c:d0:7d:1a:12:b2:b8:84:04:e9:68:00:0e:8c:
                    52:88:2e:de:32:10:aa:30:03:23:92:9f:1d:70:82:
                    4b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7E:EB:2E:72:12:30:E1:BA:CC:38:3C:4F:0D:CB:EF:19:E7:35:99
            X509v3 Authority Key Identifier:
                keyid:64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/In7rLnISMOG6zDg8Tw3L7xnnNZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:aa:40:4b:14:ed:12:87:56:15:88:4f:9f:67:e3:e4:b8:05:
         c7:f9:af:6c:7f:c0:a8:21:7c:2d:03:ad:c1:69:02:db:b0:9d:
         a2:27:9e:1d:2b:a9:c7:4f:44:5d:37:2e:9d:02:d7:5d:07:9d:
         ed:93:d8:9f:9f:2c:50:b5:91:d6:95:61:f8:cf:d3:57:92:12:
         70:66:5b:46:7e:53:01:b8:88:94:8b:1c:97:ce:98:56:c9:c4:
         74:42:67:28:9c:a0:ab:84:0a:36:88:e8:43:97:f8:ad:d3:c5:
         46:c1:a6:53:28:c5:e7:fb:ab:f3:37:1d:20:b8:60:26:27:dd:
         44:2c:c2:12:e6:cc:42:94:6b:27:91:df:a4:21:5a:41:16:34:
         c3:91:91:cb:30:fc:52:d1:80:af:58:76:26:c4:19:15:fd:a8:
         30:15:d1:08:fd:1a:10:88:8c:a8:90:64:62:f9:9e:f2:36:2d:
         75:42:86:ca:3c:8e:d7:90:75:67:5b:8a:71:85:3e:99:f2:5c:
         76:18:9e:7a:50:43:7b:73:73:57:23:f8:94:b7:33:d1:f5:75:
         6a:ac:85:c7:7f:72:44:44:4c:cd:3a:6c:a3:9a:b9:b8:e4:0a:
         59:dd:a6:65:0d:92:7e:c2:12:e5:2e:b3:46:37:c8:ab:c9:2d:
         21:af:e1:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh9R2aGuozfrfqiBW2UrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNkYmFlODRiMjZhODQ4NGIxMGMwMGViZmRmYmNiNDk5
MGMxNTcwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdlZWIyZTcyMTIzMGUxYmFjYzM4M2M0ZjBkY2JlZjE5ZTczNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj91fVR9G8Mv5pWPEJGil3LMUEy2H
7Fd8TLrTdqtJ1iFR4eS1838ZjuDqF4uv8oGkAuAHos9tL6dRJqXdgo4dOxD0vjL1
uYLktn2hWhuTd1ziKHaReSzqeAzWvJ7I5dxhEJJ/gtashmfyZoacHIElnS/6Ca5G
RmhY7F2i0ckSCQfeouW0v2PM+JCLO4Rpx36oFjxAbbjthXWYfE1OQBJrdc4lMOcY
SQHGftqhmG3jBf8/hZKZT6oevZKUQtPiwtnCxPLye0m3/ebWQu+GVFU1l3WVQXUn
fLlSjnYEMPfSjpAmnNB9GhKyuIQE6WgADoxSiC7eMhCqMAMjkp8dcIJLAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ+6y5yEjDhusw4PE8Ny+8Z5zWZMB8GA1UdIwQY
MBaAFGRM266EsmqEhLEMAOv9+8tJkMFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYt
ZTAzNGY2NWU3ZjYwLzEvSW43ckxuSVNNT0c2ekRnOFR3M0w3eG5uTlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYtZTAzNGY2NWU3ZjYw
LzEvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufQSMA0G
CSqGSIb3DQEBCwUAA4IBAQCoqkBLFO0Sh1YViE+fZ+PkuAXH+a9sf8CoIXwtA63B
aQLbsJ2iJ54dK6nHT0RdNy6dAtddB53tk9ifnyxQtZHWlWH4z9NXkhJwZltGflMB
uIiUixyXzphWycR0QmconKCrhAo2iOhDl/it08VGwaZTKMXn+6vzNx0guGAmJ91E
LMIS5sxClGsnkd+kIVpBFjTDkZHLMPxS0YCvWHYmxBkV/agwFdEI/RoQiIyokGRi
+Z7yNi11QobKPI7XkHVnW4pxhT6Z8lx2GJ56UEN7c3NXI/iUtzPR9XVqrIXHf3JE
REzNOmyjmrm45ApZ3aZlDZJ+whLlLrNGN8iryS0hr+Eb
-----END CERTIFICATE-----