Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/DERKl7Uj5te0OHgglTER-FWfA-s.roa
File:                     DERKl7Uj5te0OHgglTER-FWfA-s.roa (raw, json)
Hash identifier:          cuTtyIeIzoarm0DZ5qkrV3t6rH6hyR6yw0xnPOGo7Rc=
Subject key identifier:   0C:44:4A:97:B5:23:E6:D7:B4:38:78:20:95:31:11:F8:55:9F:03:EB
Certificate issuer:       /CN=467350d5975a272a88bfb8810af45981cd55935a
Certificate serial:       018CC726B4933214D3BF23828C78989B1CD4
Authority key identifier: 46:73:50:D5:97:5A:27:2A:88:BF:B8:81:0A:F4:59:81:CD:55:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/DERKl7Uj5te0OHgglTER-FWfA-s.roa
Signing time:             Mon 01 Jan 2024 22:30:51 +0000
ROA not before:           Mon 01 Jan 2024 22:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12590
IP address blocks:        185.118.222.0/24 maxlen: 24
                          185.118.221.0/24 maxlen: 24
                          185.118.220.0/24 maxlen: 24
                          185.118.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:b4:93:32:14:d3:bf:23:82:8c:78:98:9b:1c:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=467350d5975a272a88bfb8810af45981cd55935a
        Validity
            Not Before: Jan  1 22:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c444a97b523e6d7b4387820953111f8559f03eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f3:ae:91:18:1d:f6:67:ea:04:41:7c:89:5f:
                    93:3d:d3:e9:d1:c6:7c:ec:29:27:50:22:55:50:02:
                    dd:35:b4:12:fe:ee:ac:b0:e8:c2:b4:08:65:9c:4c:
                    ea:88:e4:92:25:b4:a9:6f:f4:3e:dd:88:96:72:28:
                    69:71:aa:68:fc:8c:fe:b5:3b:8f:05:b6:b1:35:64:
                    2c:59:bd:83:82:b2:26:90:80:ee:6d:ef:40:54:38:
                    79:37:f7:19:30:ed:5f:4e:d3:49:bc:86:bd:c6:bb:
                    1e:79:77:c2:13:6b:0b:c7:05:90:27:15:32:13:73:
                    9e:e4:29:78:e7:40:07:c7:36:5f:ba:32:e8:9d:b6:
                    3a:84:46:36:da:de:9f:fa:a7:74:6f:7b:8e:39:7e:
                    99:31:8c:89:18:e6:c8:b0:2a:cd:6c:4a:a6:00:06:
                    55:37:78:47:14:b5:49:ab:f1:ec:d1:c0:31:7c:f3:
                    c1:75:8c:b9:dd:67:ac:dc:70:3e:bd:21:08:12:3a:
                    3f:da:87:42:07:75:1c:8a:f9:6a:e4:2b:85:fa:92:
                    58:7d:aa:ab:fe:f2:b2:54:a2:07:b1:ce:bf:5c:c2:
                    fb:a8:d1:c3:a5:13:d2:61:a9:eb:fa:4c:2f:9e:cd:
                    f5:d4:24:16:2f:d6:89:76:c4:0f:14:7e:1b:1c:1c:
                    5d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:44:4A:97:B5:23:E6:D7:B4:38:78:20:95:31:11:F8:55:9F:03:EB
            X509v3 Authority Key Identifier:
                keyid:46:73:50:D5:97:5A:27:2A:88:BF:B8:81:0A:F4:59:81:CD:55:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/DERKl7Uj5te0OHgglTER-FWfA-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c57b75-10a7-4723-94ea-e857477a7008/1/RnNQ1ZdaJyqIv7iBCvRZgc1Vk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:d9:8c:04:d7:c2:3f:78:18:e4:dd:88:9a:19:6d:ff:c3:da:
         2f:5a:97:ad:94:15:07:0d:74:a8:2f:36:d4:e1:80:23:5a:8b:
         5d:f1:71:a3:55:0c:94:3d:15:25:c0:5b:95:32:fd:90:ed:c1:
         5f:d8:a4:93:1e:06:d5:ed:0a:b2:94:3a:07:9e:42:9e:6c:eb:
         d5:49:5d:aa:d0:51:54:4d:2a:6a:59:ef:75:88:9c:fe:68:a1:
         91:70:a8:1c:09:ca:09:16:fb:fb:77:27:51:df:c8:be:f3:3e:
         97:5d:36:7e:51:6a:78:52:10:33:e9:8c:c9:60:54:2b:14:bb:
         33:28:4b:7a:bf:78:8e:73:0c:36:58:b0:e6:e7:cd:9c:f7:fe:
         39:05:95:b7:26:0c:1a:4b:70:82:e9:16:43:9c:0a:68:69:39:
         5a:1f:f3:1d:e6:6a:c8:d0:98:58:d5:66:e1:cd:0c:34:f3:3a:
         a7:a7:1e:37:bd:f7:49:90:c8:03:5f:a8:ab:e9:f2:95:38:1b:
         29:37:8d:30:09:8e:e4:d6:ba:93:86:b8:ea:95:d2:ca:eb:3e:
         6a:82:39:bb:e7:95:86:58:ed:ce:cb:3b:81:41:37:ae:ab:0f:
         5d:1a:41:a0:99:7d:39:c4:ac:e3:7d:2f:7f:3d:a5:28:bf:10:
         cd:a6:c6:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJrSTMhTTvyOCjHiYmxzUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NzM1MGQ1OTc1YTI3MmE4OGJmYjg4MTBhZjQ1OTgxY2Q1
NTkzNWEwHhcNMjQwMTAxMjIzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ0NGE5N2I1MjNlNmQ3YjQzODc4MjA5NTMxMTFmODU1OWYwM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPOukRgd9mfqBEF8iV+TPdPp0cZ8
7CknUCJVUALdNbQS/u6ssOjCtAhlnEzqiOSSJbSpb/Q+3YiWcihpcapo/Iz+tTuP
BbaxNWQsWb2DgrImkIDube9AVDh5N/cZMO1fTtNJvIa9xrseeXfCE2sLxwWQJxUy
E3Oe5Cl450AHxzZfujLonbY6hEY22t6f+qd0b3uOOX6ZMYyJGObIsCrNbEqmAAZV
N3hHFLVJq/Hs0cAxfPPBdYy53Wes3HA+vSEIEjo/2odCB3Ucivlq5CuF+pJYfaqr
/vKyVKIHsc6/XML7qNHDpRPSYanr+kwvns311CQWL9aJdsQPFH4bHBxdGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxESpe1I+bXtDh4IJUxEfhVnwPrMB8GA1UdIwQY
MBaAFEZzUNWXWicqiL+4gQr0WYHNVZNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm5OUTFaZGFKeXFJdjdpQkN2UlpnYzFWazFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9jNTdiNzUtMTBhNy00NzIzLTk0ZWEt
ZTg1NzQ3N2E3MDA4LzEvREVSS2w3VWo1dGUwT0hnZ2xURVItRldmQS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9jNTdiNzUtMTBhNy00NzIzLTk0ZWEtZTg1NzQ3N2E3MDA4
LzEvUm5OUTFaZGFKeXFJdjdpQkN2UlpnYzFWazFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBy2YwE18I/eBjk3YiaGW3/w9ovWpetlBUHDXSoLzbU
4YAjWotd8XGjVQyUPRUlwFuVMv2Q7cFf2KSTHgbV7QqylDoHnkKebOvVSV2q0FFU
TSpqWe91iJz+aKGRcKgcCcoJFvv7dydR38i+8z6XXTZ+UWp4UhAz6YzJYFQrFLsz
KEt6v3iOcww2WLDm582c9/45BZW3JgwaS3CC6RZDnApoaTlaH/Md5mrI0JhY1Wbh
zQw08zqnpx43vfdJkMgDX6ir6fKVOBspN40wCY7k1rqThrjqldLK6z5qgjm755WG
WO3OyzuBQTeuqw9dGkGgmX05xKzjfS9/PaUovxDNpsYt
-----END CERTIFICATE-----