Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/XPrgk7uHSxc0q_0wARjv857Kro8.roa
File:                     XPrgk7uHSxc0q_0wARjv857Kro8.roa (raw, json)
Hash identifier:          2XoCI/HBNBgf0kU0QWImSHUzQJM9ah3UXxAAd8JCQ6w=
Subject key identifier:   5C:FA:E0:93:BB:87:4B:17:34:AB:FD:30:01:18:EF:F3:9E:CA:AE:8F
Certificate issuer:       /CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
Certificate serial:       018CC4246C1FDA0B324F13F0D024F0B87703
Authority key identifier: 03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/XPrgk7uHSxc0q_0wARjv857Kro8.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57428
IP address blocks:        185.57.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6c:1f:da:0b:32:4f:13:f0:d0:24:f0:b8:77:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=034b0eed2c5a787ad87fb49f04d3fdf3d0f49d4c
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cfae093bb874b1734abfd300118eff39ecaae8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:64:01:52:57:d3:33:2c:07:7f:2c:0d:b6:
                    42:0c:e6:63:5d:90:6c:1a:38:3b:6f:6d:42:9c:0b:
                    64:be:57:9f:9e:5b:b6:a4:7b:81:93:c8:ac:d2:73:
                    2a:85:cd:7e:5f:cb:a4:f4:7c:8f:a9:c7:be:7d:3a:
                    31:73:8f:3f:f4:58:06:5c:a0:69:9e:58:fe:8e:f4:
                    2b:f9:25:f6:a7:c3:9d:9f:bf:ae:ee:73:32:69:07:
                    0f:7f:4c:1d:c1:c7:74:3c:cd:74:e1:74:fb:54:1f:
                    6b:0e:c7:75:27:70:fe:fc:fd:87:89:7c:2b:42:8e:
                    c2:5a:a3:18:7e:22:e2:97:3a:59:2b:9d:0a:3d:19:
                    06:b0:84:0f:05:56:07:3a:e6:1a:6a:48:ee:ef:7c:
                    90:91:40:82:ce:49:ff:0c:0e:57:1a:d8:d0:b9:c9:
                    b5:3b:6e:89:c2:e7:cc:d1:d8:e4:2f:d3:00:5f:1c:
                    41:a5:fa:1a:2d:42:a2:71:d8:ec:41:9c:13:ff:78:
                    0a:a8:fe:12:66:37:ea:fa:1f:55:27:94:89:02:78:
                    40:65:87:6c:26:0a:fd:a6:44:69:b5:f9:d5:02:da:
                    a1:df:fd:4d:f9:ad:71:3c:2d:1e:9f:54:5c:a0:0c:
                    29:ae:8c:94:f9:78:18:80:0a:51:c2:0c:04:0c:31:
                    cc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FA:E0:93:BB:87:4B:17:34:AB:FD:30:01:18:EF:F3:9E:CA:AE:8F
            X509v3 Authority Key Identifier:
                keyid:03:4B:0E:ED:2C:5A:78:7A:D8:7F:B4:9F:04:D3:FD:F3:D0:F4:9D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A0sO7SxaeHrYf7SfBNP989D0nUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/XPrgk7uHSxc0q_0wARjv857Kro8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2d783a-1cbc-40d4-b011-e085275aa364/1/A0sO7SxaeHrYf7SfBNP989D0nUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:b5:34:fa:a9:3b:a3:ae:07:0f:a8:60:be:84:be:0b:88:f2:
         f9:fc:e3:7b:af:c5:69:5e:b8:ab:c1:74:62:52:d9:c0:4d:89:
         67:7b:9f:2c:e8:01:bf:96:06:a1:b9:69:b8:32:10:3c:e1:18:
         34:ac:e9:c5:3e:4f:30:fd:0c:0a:ba:9c:05:16:f5:f2:33:a6:
         59:eb:c6:ed:28:de:25:80:b3:29:84:d9:7a:b6:18:9f:33:75:
         49:3e:84:f6:8d:7d:09:d9:74:2d:ed:19:1f:3e:26:ce:65:99:
         e9:a9:89:d3:fe:bd:77:6d:05:a0:52:ed:da:60:bc:03:39:35:
         eb:2a:de:b9:b5:bd:75:51:47:49:38:9a:c6:8e:4a:ed:a8:5e:
         c8:0f:8c:aa:49:a6:9d:50:b7:c2:4e:a8:c4:e6:a8:99:96:1e:
         40:b7:b9:5b:b9:af:c5:5f:1b:e8:65:81:a2:10:08:fb:34:8c:
         93:72:1b:ef:d8:12:87:5d:12:17:b9:d6:d9:39:72:47:15:8a:
         87:0a:ea:95:b6:51:6e:73:81:3e:86:40:cf:4c:f0:17:6f:67:
         03:2a:b0:7c:dd:f1:ab:7a:b9:1d:b9:38:45:f8:f3:72:f1:b1:
         ab:81:65:00:29:49:86:18:65:ba:13:ef:40:ce:6b:ba:65:ea:
         de:39:2d:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGwf2gsyTxPw0CTwuHcDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNGIwZWVkMmM1YTc4N2FkODdmYjQ5ZjA0ZDNmZGYzZDBm
NDlkNGMwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZhZTA5M2JiODc0YjE3MzRhYmZkMzAwMTE4ZWZmMzllY2FhZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLRkAVJX0zMsB38sDbZCDOZjXZBs
Gjg7b21CnAtkvlefnlu2pHuBk8is0nMqhc1+X8uk9HyPqce+fToxc48/9FgGXKBp
nlj+jvQr+SX2p8Odn7+u7nMyaQcPf0wdwcd0PM104XT7VB9rDsd1J3D+/P2HiXwr
Qo7CWqMYfiLilzpZK50KPRkGsIQPBVYHOuYaakju73yQkUCCzkn/DA5XGtjQucm1
O26JwufM0djkL9MAXxxBpfoaLUKicdjsQZwT/3gKqP4SZjfq+h9VJ5SJAnhAZYds
Jgr9pkRptfnVAtqh3/1N+a1xPC0en1RcoAwproyU+XgYgApRwgwEDDHMJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz64JO7h0sXNKv9MAEY7/Oeyq6PMB8GA1UdIwQY
MBaAFANLDu0sWnh62H+0nwTT/fPQ9J1MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEt
ZTA4NTI3NWFhMzY0LzEvWFByZ2s3dUhTeGMwcV8wd0FSanY4NTdLcm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZDc4M2EtMWNiYy00MGQ0LWIwMTEtZTA4NTI3NWFhMzY0
LzEvQTBzTzdTeGFlSHJZZjdTZkJOUDk4OUQwblV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTksMA0G
CSqGSIb3DQEBCwUAA4IBAQBqtTT6qTujrgcPqGC+hL4LiPL5/ON7r8VpXrirwXRi
UtnATYlne58s6AG/lgahuWm4MhA84Rg0rOnFPk8w/QwKupwFFvXyM6ZZ68btKN4l
gLMphNl6thifM3VJPoT2jX0J2XQt7RkfPibOZZnpqYnT/r13bQWgUu3aYLwDOTXr
Kt65tb11UUdJOJrGjkrtqF7ID4yqSaadULfCTqjE5qiZlh5At7lbua/FXxvoZYGi
EAj7NIyTchvv2BKHXRIXudbZOXJHFYqHCuqVtlFuc4E+hkDPTPAXb2cDKrB83fGr
erkduThF+PNy8bGrgWUAKUmGGGW6E+9Azmu6ZereOS3k
-----END CERTIFICATE-----