Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/7uPFV3783NU46zbuyCKVpQnoF-s.roa
File:                     7uPFV3783NU46zbuyCKVpQnoF-s.roa (raw, json)
Hash identifier:          xD9EDQEz/XB5HKNkOqI1IPE0fQOZ4s8YAcsLO+TT7Uk=
Subject key identifier:   EE:E3:C5:57:7E:FC:DC:D5:38:EB:36:EE:C8:22:95:A5:09:E8:17:EB
Certificate issuer:       /CN=44a7e5a33d9c5a965d9fbfdeecdc871af0a5d4f8
Certificate serial:       018CC50053A3FE4429D7D0B887B06B8ECB66
Authority key identifier: 44:A7:E5:A3:3D:9C:5A:96:5D:9F:BF:DE:EC:DC:87:1A:F0:A5:D4:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RKfloz2cWpZdn7_e7NyHGvCl1Pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/7uPFV3783NU46zbuyCKVpQnoF-s.roa
Signing time:             Mon 01 Jan 2024 12:29:42 +0000
ROA not before:           Mon 01 Jan 2024 12:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25473
IP address blocks:        82.196.160.0/19 maxlen: 19
                          2a01:e8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/RKfloz2cWpZdn7_e7NyHGvCl1Pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/RKfloz2cWpZdn7_e7NyHGvCl1Pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RKfloz2cWpZdn7_e7NyHGvCl1Pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:53:a3:fe:44:29:d7:d0:b8:87:b0:6b:8e:cb:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44a7e5a33d9c5a965d9fbfdeecdc871af0a5d4f8
        Validity
            Not Before: Jan  1 12:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eee3c5577efcdcd538eb36eec82295a509e817eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4e:e1:c0:08:29:63:8b:1e:92:9c:aa:70:54:
                    b2:51:f9:55:ea:d7:29:2a:df:8a:06:ce:2d:f8:f4:
                    39:84:e4:be:69:74:5b:f0:e3:e7:ad:13:d6:40:c4:
                    7e:7e:37:56:79:76:f9:2a:e1:a9:b2:0d:cb:49:83:
                    52:e3:d5:78:8a:7a:13:c1:36:7d:08:41:e8:51:0b:
                    0e:8b:98:66:48:fb:a9:c8:6a:6c:73:fb:1a:9c:25:
                    cf:08:b9:e1:7b:04:7b:12:9c:95:d2:64:ea:17:e5:
                    0b:33:ad:c1:4c:27:3d:53:63:e5:ec:7e:bd:52:12:
                    eb:dc:68:c3:df:4d:16:f7:30:97:bf:30:74:06:b1:
                    53:77:10:73:ef:9d:70:20:2d:dc:2b:c4:e6:1a:a6:
                    93:90:09:db:10:c5:92:3b:67:79:d1:ed:92:83:93:
                    25:59:1c:6e:88:4f:18:5e:3a:1b:3c:f8:e9:8a:60:
                    3a:29:c2:82:60:87:55:55:7e:a9:d4:23:13:03:65:
                    cd:44:7d:04:4e:fd:c3:e7:73:83:a4:a2:bb:4e:5e:
                    f8:83:53:5b:6a:4f:99:21:13:0c:12:72:44:80:5a:
                    fd:ed:d9:d0:a4:f3:f2:77:8b:68:c9:a5:f1:a9:fb:
                    77:8a:8e:b0:ac:34:c6:f5:b5:9f:53:45:4a:7a:5f:
                    33:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:E3:C5:57:7E:FC:DC:D5:38:EB:36:EE:C8:22:95:A5:09:E8:17:EB
            X509v3 Authority Key Identifier:
                keyid:44:A7:E5:A3:3D:9C:5A:96:5D:9F:BF:DE:EC:DC:87:1A:F0:A5:D4:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RKfloz2cWpZdn7_e7NyHGvCl1Pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/7uPFV3783NU46zbuyCKVpQnoF-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0d8088-ea93-4abb-8996-21cf56cbce12/1/RKfloz2cWpZdn7_e7NyHGvCl1Pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.196.160.0/19
                IPv6:
                  2a01:e8::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:1b:2b:5d:3a:20:6a:3b:23:6f:a4:a1:96:c0:ac:6d:d2:4f:
         b6:db:99:29:b7:8d:15:19:81:83:be:61:a4:39:46:bc:9f:a6:
         4a:dd:a7:bf:6f:ff:22:30:ce:b9:14:20:45:92:6d:22:d0:71:
         f8:15:4a:49:0e:ff:90:56:51:d2:68:37:a9:76:36:32:79:ac:
         53:fd:1d:6f:25:57:e5:d0:e8:71:39:6d:91:94:4f:08:5e:98:
         41:15:8b:2e:66:5f:5e:4e:98:b9:32:a0:3e:e9:58:04:b3:2e:
         1e:30:0b:cc:4c:b6:93:9f:8d:a2:23:7e:83:dd:16:23:85:b7:
         a7:d6:6d:bc:84:c8:ba:14:00:6c:cb:b9:82:13:c4:8c:15:e1:
         be:21:be:a6:ad:e9:d7:ee:b4:31:78:dc:38:7b:ea:0f:1c:d8:
         62:ca:86:bc:32:da:b0:f7:db:44:f8:51:d3:03:d9:c6:6f:d1:
         e9:61:7c:8a:21:b2:1b:84:87:4e:f4:07:44:7d:69:72:33:3e:
         44:89:a6:2d:f4:5f:0a:fb:2e:a9:a0:07:47:e7:84:af:b3:82:
         f6:1e:6a:3b:0c:bb:2a:49:90:7a:25:a9:d2:13:6b:5f:d4:bd:
         21:6c:fb:eb:eb:f1:5b:dd:dd:b1:78:32:32:01:a2:d2:e5:3a:
         e2:99:8a:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAFOj/kQp19C4h7BrjstmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YTdlNWEzM2Q5YzVhOTY1ZDlmYmZkZWVjZGM4NzFhZjBh
NWQ0ZjgwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWUzYzU1NzdlZmNkY2Q1MzhlYjM2ZWVjODIyOTVhNTA5ZTgxN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnE7hwAgpY4sekpyqcFSyUflV6tcp
Kt+KBs4t+PQ5hOS+aXRb8OPnrRPWQMR+fjdWeXb5KuGpsg3LSYNS49V4inoTwTZ9
CEHoUQsOi5hmSPupyGpsc/sanCXPCLnhewR7EpyV0mTqF+ULM63BTCc9U2Pl7H69
UhLr3GjD300W9zCXvzB0BrFTdxBz751wIC3cK8TmGqaTkAnbEMWSO2d50e2Sg5Ml
WRxuiE8YXjobPPjpimA6KcKCYIdVVX6p1CMTA2XNRH0ETv3D53ODpKK7Tl74g1Nb
ak+ZIRMMEnJEgFr97dnQpPPyd4toyaXxqft3io6wrDTG9bWfU0VKel8zkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO7jxVd+/NzVOOs27sgilaUJ6BfrMB8GA1UdIwQY
MBaAFESn5aM9nFqWXZ+/3uzchxrwpdT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUktmbG96MmNXcFpkbjdfZTdOeUhHdkNsMVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wZDgwODgtZWE5My00YWJiLTg5OTYt
MjFjZjU2Y2JjZTEyLzEvN3VQRlYzNzgzTlU0NnpidXlDS1ZwUW5vRi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wZDgwODgtZWE5My00YWJiLTg5OTYtMjFjZjU2Y2JjZTEy
LzEvUktmbG96MmNXcFpkbjdfZTdOeUhHdkNsMVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUsSgMA0E
AgACMAcDBQAqAQDoMA0GCSqGSIb3DQEBCwUAA4IBAQC2GytdOiBqOyNvpKGWwKxt
0k+225kpt40VGYGDvmGkOUa8n6ZK3ae/b/8iMM65FCBFkm0i0HH4FUpJDv+QVlHS
aDepdjYyeaxT/R1vJVfl0OhxOW2RlE8IXphBFYsuZl9eTpi5MqA+6VgEsy4eMAvM
TLaTn42iI36D3RYjhben1m28hMi6FABsy7mCE8SMFeG+Ib6mrenX7rQxeNw4e+oP
HNhiyoa8Mtqw99tE+FHTA9nGb9HpYXyKIbIbhIdO9AdEfWlyMz5EiaYt9F8K+y6p
oAdH54Svs4L2Hmo7DLsqSZB6JanSE2tf1L0hbPvr6/Fb3d2xeDIyAaLS5TrimYqE
-----END CERTIFICATE-----