Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/dba9pmNXHgwYKDT82ZWlLeSsahU.roa
File:                     dba9pmNXHgwYKDT82ZWlLeSsahU.roa (raw, json)
Hash identifier:          Pw/Ffyy+Ld5QeAcEoH/JIBZB0WSsLAhe2MW2OdDoXwI=
Subject key identifier:   75:B6:BD:A6:63:57:1E:0C:18:28:34:FC:D9:95:A5:2D:E4:AC:6A:15
Certificate issuer:       /CN=f061a5fa37e5cd1015085263ec029e1aff7938d7
Certificate serial:       018D826D929B3494C1D20B3A39972F70ACCC
Authority key identifier: F0:61:A5:FA:37:E5:CD:10:15:08:52:63:EC:02:9E:1A:FF:79:38:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8GGl-jflzRAVCFJj7AKeGv95ONc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/dba9pmNXHgwYKDT82ZWlLeSsahU.roa
Signing time:             Wed 07 Feb 2024 07:17:15 +0000
ROA not before:           Wed 07 Feb 2024 07:17:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206291
IP address blocks:        185.188.44.0/22 maxlen: 22
                          2a0b:b780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/8GGl-jflzRAVCFJj7AKeGv95ONc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/8GGl-jflzRAVCFJj7AKeGv95ONc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8GGl-jflzRAVCFJj7AKeGv95ONc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:82:6d:92:9b:34:94:c1:d2:0b:3a:39:97:2f:70:ac:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f061a5fa37e5cd1015085263ec029e1aff7938d7
        Validity
            Not Before: Feb  7 07:17:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75b6bda663571e0c182834fcd995a52de4ac6a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:cc:da:23:3d:10:05:be:e7:f0:cb:7c:3c:
                    28:46:88:bd:ff:67:21:29:60:08:82:20:27:5a:7e:
                    d1:ac:0a:01:27:d0:c2:ff:f5:a2:87:6b:04:65:ff:
                    56:7e:41:28:db:69:b3:ee:6a:fb:c0:b6:da:1a:06:
                    6f:02:59:cc:7b:35:89:c8:34:45:f7:1d:94:6b:fa:
                    ae:19:0a:f3:b2:9c:54:33:0e:75:59:25:c8:99:91:
                    ce:a1:58:8c:1b:2a:7d:ad:19:9b:ca:aa:af:18:55:
                    e3:c9:31:01:93:13:9d:53:5a:ac:db:4f:e2:b3:f4:
                    2d:e3:79:d3:be:0d:11:6b:4a:37:f2:f0:b0:7c:53:
                    60:27:b3:b1:fd:7d:b4:08:3e:30:d1:29:54:e1:ec:
                    41:9f:11:ad:3b:ef:2c:3d:e5:12:24:6c:97:0f:69:
                    db:05:d1:dc:3a:0e:4b:23:8d:87:99:0c:02:1e:0b:
                    c7:74:3b:c4:e3:1c:fe:f4:5a:d5:99:62:a2:a8:66:
                    10:05:1f:b8:00:68:94:21:42:a1:f3:72:10:3c:82:
                    f1:32:23:4e:fd:6b:8f:e4:b2:21:d2:99:28:96:96:
                    f1:9d:6c:fb:60:e8:d0:ca:bc:83:f6:70:39:b0:65:
                    b8:c6:3e:f0:cb:a8:08:96:c7:20:d6:79:c7:7f:f9:
                    db:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B6:BD:A6:63:57:1E:0C:18:28:34:FC:D9:95:A5:2D:E4:AC:6A:15
            X509v3 Authority Key Identifier:
                keyid:F0:61:A5:FA:37:E5:CD:10:15:08:52:63:EC:02:9E:1A:FF:79:38:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8GGl-jflzRAVCFJj7AKeGv95ONc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/dba9pmNXHgwYKDT82ZWlLeSsahU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c79095-8c2b-42a3-946f-18b128c8b486/1/8GGl-jflzRAVCFJj7AKeGv95ONc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.44.0/22
                IPv6:
                  2a0b:b780::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:2c:9f:26:b2:c4:bc:b4:b1:25:eb:aa:1a:6f:a9:46:ec:60:
         60:7d:9d:54:8b:13:50:82:bd:13:46:04:3a:43:35:6a:a9:8a:
         19:9d:4a:f3:46:e1:8c:2f:7f:8b:26:e6:85:80:16:b9:ca:31:
         e6:ab:56:24:4c:be:b3:27:0d:b6:92:12:65:51:16:a3:7f:d1:
         aa:85:37:5d:d0:9c:3c:bf:a1:e7:04:8b:cc:1b:c6:8a:41:0e:
         c5:f0:bf:75:b4:d7:b0:cf:74:40:1a:ec:7d:ed:ce:ed:23:fe:
         90:44:34:52:3b:12:c2:19:d7:b8:ea:ae:62:37:52:c3:b4:c1:
         f8:e4:aa:71:ba:47:33:26:26:d7:7f:4e:4c:14:4f:d9:ab:bc:
         ae:01:02:e9:56:e6:f7:b8:3e:1e:3d:51:de:86:68:eb:f8:15:
         25:a3:2a:a3:a5:e9:e8:2f:7d:de:49:6c:60:30:a5:7b:1c:d2:
         9b:c9:b2:14:7f:0d:a6:31:1e:45:dd:cc:87:3a:b0:bd:29:ec:
         01:03:7c:6b:10:cb:db:69:0a:46:8f:12:dd:21:e9:81:73:01:
         10:80:2b:49:9a:69:f4:0a:5a:be:e0:a5:4c:25:d1:df:9d:85:
         ca:ad:94:7e:fd:be:49:e6:9a:b0:11:ce:68:14:d4:24:d6:4f:
         7a:0b:12:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2CbZKbNJTB0gs6OZcvcKzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNjFhNWZhMzdlNWNkMTAxNTA4NTI2M2VjMDI5ZTFhZmY3
OTM4ZDcwHhcNMjQwMjA3MDcxNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWI2YmRhNjYzNTcxZTBjMTgyODM0ZmNkOTk1YTUyZGU0YWM2YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEPM2iM9EAW+5/DLfDwoRoi9/2ch
KWAIgiAnWn7RrAoBJ9DC//Wih2sEZf9WfkEo22mz7mr7wLbaGgZvAlnMezWJyDRF
9x2Ua/quGQrzspxUMw51WSXImZHOoViMGyp9rRmbyqqvGFXjyTEBkxOdU1qs20/i
s/Qt43nTvg0Ra0o38vCwfFNgJ7Ox/X20CD4w0SlU4exBnxGtO+8sPeUSJGyXD2nb
BdHcOg5LI42HmQwCHgvHdDvE4xz+9FrVmWKiqGYQBR+4AGiUIUKh83IQPILxMiNO
/WuP5LIh0pkolpbxnWz7YOjQyryD9nA5sGW4xj7wy6gIlscg1nnHf/nbUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHW2vaZjVx4MGCg0/NmVpS3krGoVMB8GA1UdIwQY
MBaAFPBhpfo35c0QFQhSY+wCnhr/eTjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEdHbC1qZmx6UkFWQ0ZKajdBS2VHdjk1T05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9jNzkwOTUtOGMyYi00MmEzLTk0NmYt
MThiMTI4YzhiNDg2LzEvZGJhOXBtTlhIZ3dZS0RUODJaV2xMZVNzYWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9jNzkwOTUtOGMyYi00MmEzLTk0NmYtMThiMTI4YzhiNDg2
LzEvOEdHbC1qZmx6UkFWQ0ZKajdBS2VHdjk1T05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubwsMA0E
AgACMAcDBQMqC7eAMA0GCSqGSIb3DQEBCwUAA4IBAQAILJ8mssS8tLEl66oab6lG
7GBgfZ1UixNQgr0TRgQ6QzVqqYoZnUrzRuGML3+LJuaFgBa5yjHmq1YkTL6zJw22
khJlURajf9GqhTdd0Jw8v6HnBIvMG8aKQQ7F8L91tNewz3RAGux97c7tI/6QRDRS
OxLCGde46q5iN1LDtMH45KpxukczJibXf05MFE/Zq7yuAQLpVub3uD4ePVHehmjr
+BUloyqjpenoL33eSWxgMKV7HNKbybIUfw2mMR5F3cyHOrC9KewBA3xrEMvbaQpG
jxLdIemBcwEQgCtJmmn0Clq+4KVMJdHfnYXKrZR+/b5J5pqwEc5oFNQk1k96CxLm
-----END CERTIFICATE-----