Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/2W2-1G7kA0SeTe5m9enBg9hwdMU.roa
File:                     2W2-1G7kA0SeTe5m9enBg9hwdMU.roa (raw, json)
Hash identifier:          MnT+/5dUfRe7NgpJMpC9+rQUU//ojsY2U1zHVAsivck=
Subject key identifier:   D9:6D:BE:D4:6E:E4:03:44:9E:4D:EE:66:F5:E9:C1:83:D8:70:74:C5
Certificate issuer:       /CN=b84785791e07646f5cc58b15e86434cb9c24149d
Certificate serial:       018CC80163354CC74917F57CDB57F1FF103F
Authority key identifier: B8:47:85:79:1E:07:64:6F:5C:C5:8B:15:E8:64:34:CB:9C:24:14:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/2W2-1G7kA0SeTe5m9enBg9hwdMU.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62137
IP address blocks:        185.44.36.0/24 maxlen: 24
                          185.44.37.0/24 maxlen: 24
                          185.44.38.0/24 maxlen: 24
                          185.44.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:63:35:4c:c7:49:17:f5:7c:db:57:f1:ff:10:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b84785791e07646f5cc58b15e86434cb9c24149d
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d96dbed46ee403449e4dee66f5e9c183d87074c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7f:43:91:d4:11:54:5d:81:4e:bb:5e:06:6b:
                    49:b6:b2:8a:66:01:a1:42:a2:78:c7:fb:32:d4:78:
                    6d:b9:b6:e0:f7:fc:ce:60:a0:96:a3:a5:f8:38:aa:
                    1d:94:18:af:6b:49:71:df:92:9c:14:52:b0:07:09:
                    a2:a6:9e:12:86:03:24:f6:69:e9:50:a3:57:a7:e4:
                    b8:6a:cd:5a:60:a8:74:dc:97:71:59:5c:51:c8:67:
                    b4:c6:24:6c:b0:68:c4:8c:f0:04:30:e8:df:77:54:
                    0b:0a:db:96:94:aa:80:f1:71:91:bb:fc:69:ef:82:
                    35:f2:cd:b3:40:7f:95:2b:0e:67:84:c8:3f:07:44:
                    98:81:cd:b5:58:2a:78:d4:a1:99:32:70:6e:c7:68:
                    98:c6:5b:43:a0:ae:26:a6:f3:82:e1:45:da:20:fb:
                    cf:a1:50:91:80:5e:e0:81:65:0a:e3:ba:81:ca:24:
                    a0:22:35:7e:fe:bc:fe:1b:b4:5e:5b:04:4f:ad:00:
                    08:c2:1e:74:19:b1:0e:74:3f:9e:13:8a:d0:6c:ae:
                    e9:de:30:c2:a4:69:c8:1c:48:17:9e:3a:1f:0e:e2:
                    bf:29:db:25:9b:6b:4e:70:83:4f:e6:e9:24:bf:ed:
                    44:5a:94:45:38:9d:83:af:ea:92:73:1b:8b:c9:ec:
                    98:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6D:BE:D4:6E:E4:03:44:9E:4D:EE:66:F5:E9:C1:83:D8:70:74:C5
            X509v3 Authority Key Identifier:
                keyid:B8:47:85:79:1E:07:64:6F:5C:C5:8B:15:E8:64:34:CB:9C:24:14:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/2W2-1G7kA0SeTe5m9enBg9hwdMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/df8105-18ee-4172-b6bb-0dc33acc1dba/1/uEeFeR4HZG9cxYsV6GQ0y5wkFJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:fe:87:30:01:7f:5d:5a:09:75:57:9c:9c:8a:84:bf:0c:ef:
         67:ad:cb:25:4a:4b:cb:dd:03:2e:ac:e6:42:7a:b8:a4:1e:57:
         8d:82:79:e0:46:77:79:ff:46:64:2e:ac:0a:5c:17:31:c2:c7:
         a7:15:25:8e:6d:6d:56:84:2c:d1:45:a0:de:73:2f:e3:bb:88:
         da:17:a8:c7:87:5e:70:f9:7e:fc:94:ed:2f:26:62:11:bd:43:
         af:5a:cb:ea:3f:76:af:a4:73:92:1d:bc:59:14:2a:9a:bb:68:
         cb:25:8a:c6:6c:70:36:f2:b4:c8:51:93:72:c1:ca:26:03:6b:
         d6:67:62:44:ab:16:f0:5c:0f:2f:69:33:07:3d:b7:02:bf:6b:
         af:84:de:fe:d4:71:85:ff:1d:f9:a6:5f:50:95:70:ca:2d:e6:
         72:71:95:05:69:1e:59:b5:d6:01:ed:e5:fc:f4:33:7d:a8:15:
         5b:fc:ab:c8:ae:e4:64:86:e6:f0:24:e3:0c:0b:4c:98:af:1c:
         1a:2b:56:88:7d:7b:01:f8:b0:92:f1:03:00:24:9a:01:d3:bc:
         a6:ab:f9:1e:c8:a5:82:76:5b:f1:1b:7c:70:ac:0d:10:a1:5e:
         c9:80:29:e7:04:87:ed:88:71:49:a2:21:e7:ff:d2:3c:3e:f2:
         01:8e:95:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWM1TMdJF/V821fx/xA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NDc4NTc5MWUwNzY0NmY1Y2M1OGIxNWU4NjQzNGNiOWMy
NDE0OWQwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZkYmVkNDZlZTQwMzQ0OWU0ZGVlNjZmNWU5YzE4M2Q4NzA3NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArH9DkdQRVF2BTrteBmtJtrKKZgGh
QqJ4x/sy1Hhtubbg9/zOYKCWo6X4OKodlBiva0lx35KcFFKwBwmipp4ShgMk9mnp
UKNXp+S4as1aYKh03JdxWVxRyGe0xiRssGjEjPAEMOjfd1QLCtuWlKqA8XGRu/xp
74I18s2zQH+VKw5nhMg/B0SYgc21WCp41KGZMnBux2iYxltDoK4mpvOC4UXaIPvP
oVCRgF7ggWUK47qByiSgIjV+/rz+G7ReWwRPrQAIwh50GbEOdD+eE4rQbK7p3jDC
pGnIHEgXnjofDuK/Kdslm2tOcINP5ukkv+1EWpRFOJ2Dr+qScxuLyeyYqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNltvtRu5ANEnk3uZvXpwYPYcHTFMB8GA1UdIwQY
MBaAFLhHhXkeB2RvXMWLFehkNMucJBSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUVlRmVSNEhaRzljeFlzVjZHUTB5NXdrRkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kZjgxMDUtMThlZS00MTcyLWI2YmIt
MGRjMzNhY2MxZGJhLzEvMlcyLTFHN2tBMFNlVGU1bTllbkJnOWh3ZE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kZjgxMDUtMThlZS00MTcyLWI2YmItMGRjMzNhY2MxZGJh
LzEvdUVlRmVSNEhaRzljeFlzVjZHUTB5NXdrRkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSwkMA0G
CSqGSIb3DQEBCwUAA4IBAQAT/ocwAX9dWgl1V5ycioS/DO9nrcslSkvL3QMurOZC
erikHleNgnngRnd5/0ZkLqwKXBcxwsenFSWObW1WhCzRRaDecy/ju4jaF6jHh15w
+X78lO0vJmIRvUOvWsvqP3avpHOSHbxZFCqau2jLJYrGbHA28rTIUZNywcomA2vW
Z2JEqxbwXA8vaTMHPbcCv2uvhN7+1HGF/x35pl9QlXDKLeZycZUFaR5ZtdYB7eX8
9DN9qBVb/KvIruRkhubwJOMMC0yYrxwaK1aIfXsB+LCS8QMAJJoB07ymq/keyKWC
dlvxG3xwrA0QoV7JgCnnBIftiHFJoiHn/9I8PvIBjpWG
-----END CERTIFICATE-----