Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/RCP3CQ4Atdcj7tz1cQsKRWGjb5s.roa
File:                     RCP3CQ4Atdcj7tz1cQsKRWGjb5s.roa (raw, json)
Hash identifier:          ZMbnG6WAJulEbDCYCFhapmpKFNzKRHsCmnQthZtA1uA=
Subject key identifier:   44:23:F7:09:0E:00:B5:D7:23:EE:DC:F5:71:0B:0A:45:61:A3:6F:9B
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       018CC8701D2F86E43C2FC3B6034ADBECA3A6
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/RCP3CQ4Atdcj7tz1cQsKRWGjb5s.roa
Signing time:             Tue 02 Jan 2024 04:30:39 +0000
ROA not before:           Tue 02 Jan 2024 04:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202140
IP address blocks:        185.249.143.0/24 maxlen: 24
                          185.249.140.0/24 maxlen: 24
                          185.249.140.0/22 maxlen: 22
                          185.249.141.0/24 maxlen: 24
                          185.249.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:1d:2f:86:e4:3c:2f:c3:b6:03:4a:db:ec:a3:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: Jan  2 04:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4423f7090e00b5d723eedcf5710b0a4561a36f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:be:84:b7:7a:d3:e8:a2:23:e6:a0:00:5a:eb:
                    fe:ec:d7:ba:42:bc:9c:f7:d8:1e:1c:6c:71:f7:06:
                    31:53:25:85:fd:48:42:65:c9:3f:db:40:a2:74:70:
                    f0:0d:9f:d1:5f:ef:c3:f0:93:c5:9e:99:1b:42:c8:
                    ff:3d:66:5f:c6:63:72:a8:89:58:bb:50:6d:e7:c9:
                    5e:e7:e0:f4:e8:16:76:cd:b1:cf:b2:96:30:24:f5:
                    be:ff:0f:50:6e:2b:42:1f:13:b2:79:1d:cc:70:8d:
                    78:68:15:42:51:c2:67:5f:f8:b2:58:a6:72:4d:8a:
                    3b:bc:6a:c7:76:a2:e3:b7:67:a3:5a:92:10:b5:4a:
                    ba:82:11:10:54:4f:97:8e:45:22:34:0f:2b:00:0e:
                    c4:2c:79:70:5a:a6:b6:ae:57:e1:20:bd:32:b8:a3:
                    c7:cb:22:93:43:e9:11:75:25:84:6e:0d:24:b1:4c:
                    d4:e1:c2:61:65:8e:67:6e:54:f1:bd:db:6b:c2:2e:
                    8c:9e:85:95:64:a0:23:18:34:1d:42:60:69:5f:4f:
                    c4:29:ca:59:98:8b:9c:ea:21:13:f3:3e:a8:17:48:
                    e0:c4:fa:51:e9:c1:98:09:82:b7:1b:18:bb:cb:6f:
                    20:48:40:f7:2c:e6:b0:be:19:ee:5c:cd:91:cc:87:
                    ab:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:23:F7:09:0E:00:B5:D7:23:EE:DC:F5:71:0B:0A:45:61:A3:6F:9B
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/RCP3CQ4Atdcj7tz1cQsKRWGjb5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:73:9f:3e:ca:81:21:a1:74:88:02:9f:22:78:8a:4e:fe:6b:
         08:9e:b8:0c:b3:ec:55:62:c2:51:c2:0a:a2:a8:56:eb:37:87:
         65:78:7b:47:06:e8:60:2a:68:26:38:41:21:9f:76:80:fb:c5:
         c4:22:8d:88:2b:cd:d7:15:86:5d:65:c4:a7:b5:94:5a:fb:fd:
         e6:4c:45:42:61:1b:b1:b4:ff:6f:4c:78:ca:46:a4:d3:09:8e:
         7b:d0:13:e4:56:d9:48:14:04:1f:79:a1:bc:68:78:12:cd:2b:
         23:b0:a4:ee:71:4c:86:bf:02:c0:e7:96:ea:46:aa:35:00:e6:
         33:f7:2a:14:db:18:db:29:6a:c8:29:36:11:05:0e:a1:c5:08:
         07:d2:fb:3d:99:34:26:f6:4d:5f:53:43:ba:3b:15:7b:ff:5c:
         15:6c:bd:74:32:a3:91:9c:3e:a6:60:9b:60:df:71:ef:88:c6:
         ad:dd:4f:19:58:6c:5d:2c:78:ef:3e:82:54:1b:46:5c:f9:e0:
         8e:e4:c6:ba:f4:c6:ac:af:7c:cf:d6:ef:b4:3e:27:f0:ce:06:
         1b:a0:84:e4:59:23:34:61:25:4a:98:6a:9a:69:1d:83:ad:90:
         7b:2e:bc:11:fb:3c:79:d5:bd:6e:26:89:0d:dc:b0:3e:71:9a:
         19:fa:eb:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcB0vhuQ8L8O2A0rb7KOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjQwMTAyMDQzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDIzZjcwOTBlMDBiNWQ3MjNlZWRjZjU3MTBiMGE0NTYxYTM2ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8b6Et3rT6KIj5qAAWuv+7Ne6Qryc
99geHGxx9wYxUyWF/UhCZck/20CidHDwDZ/RX+/D8JPFnpkbQsj/PWZfxmNyqIlY
u1Bt58le5+D06BZ2zbHPspYwJPW+/w9QbitCHxOyeR3McI14aBVCUcJnX/iyWKZy
TYo7vGrHdqLjt2ejWpIQtUq6ghEQVE+XjkUiNA8rAA7ELHlwWqa2rlfhIL0yuKPH
yyKTQ+kRdSWEbg0ksUzU4cJhZY5nblTxvdtrwi6MnoWVZKAjGDQdQmBpX0/EKcpZ
mIuc6iET8z6oF0jgxPpR6cGYCYK3Gxi7y28gSED3LOawvhnuXM2RzIerOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQj9wkOALXXI+7c9XELCkVho2+bMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvUkNQM0NRNEF0ZGNqN3R6MWNRc0tSV0dqYjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmMMA0G
CSqGSIb3DQEBCwUAA4IBAQCvc58+yoEhoXSIAp8ieIpO/msInrgMs+xVYsJRwgqi
qFbrN4dleHtHBuhgKmgmOEEhn3aA+8XEIo2IK83XFYZdZcSntZRa+/3mTEVCYRux
tP9vTHjKRqTTCY570BPkVtlIFAQfeaG8aHgSzSsjsKTucUyGvwLA55bqRqo1AOYz
9yoU2xjbKWrIKTYRBQ6hxQgH0vs9mTQm9k1fU0O6OxV7/1wVbL10MqORnD6mYJtg
33HviMat3U8ZWGxdLHjvPoJUG0Zc+eCO5Ma69Masr3zP1u+0PifwzgYboITkWSM0
YSVKmGqaaR2DrZB7LrwR+zx51b1uJokN3LA+cZoZ+utM
-----END CERTIFICATE-----