Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/dfGDhTybQsH4sTIcO35YvqNkJJ0.roa
File:                     dfGDhTybQsH4sTIcO35YvqNkJJ0.roa (raw, json)
Hash identifier:          +ARLTHHIpJyptXGgwx5B0Y4b+xNqAYTsX7tAZjWQXe0=
Subject key identifier:   75:F1:83:85:3C:9B:42:C1:F8:B1:32:1C:3B:7E:58:BE:A3:64:24:9D
Certificate issuer:       /CN=f48b3f0c6a87c045bdcffabd900db8892be702e1
Certificate serial:       018CC6B78615C326633F6DB0472CF0F00221
Authority key identifier: F4:8B:3F:0C:6A:87:C0:45:BD:CF:FA:BD:90:0D:B8:89:2B:E7:02:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Is_DGqHwEW9z_q9kA24iSvnAuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/dfGDhTybQsH4sTIcO35YvqNkJJ0.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8481
IP address blocks:        185.54.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/9Is_DGqHwEW9z_q9kA24iSvnAuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/9Is_DGqHwEW9z_q9kA24iSvnAuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Is_DGqHwEW9z_q9kA24iSvnAuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:86:15:c3:26:63:3f:6d:b0:47:2c:f0:f0:02:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f48b3f0c6a87c045bdcffabd900db8892be702e1
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75f183853c9b42c1f8b1321c3b7e58bea364249d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:75:62:0f:a7:da:ad:a1:fa:76:7e:18:8b:17:
                    9b:42:7c:ec:64:df:87:4e:a9:a2:5e:d1:3e:75:7a:
                    cc:d6:85:04:0e:21:9e:03:4e:53:c5:55:e6:8a:d7:
                    6d:97:12:be:5a:59:b8:9c:11:8d:7d:09:fa:17:9d:
                    85:f4:34:9b:cb:b4:cb:c5:11:ff:d1:90:f5:53:a9:
                    1c:da:93:ba:dd:e2:37:6c:10:12:6c:8e:94:f5:83:
                    03:fc:7f:5b:a2:f4:d3:43:51:ab:56:e5:c0:0d:eb:
                    93:8c:fc:70:d3:69:a8:01:d6:bc:a5:57:8f:b7:4c:
                    a3:25:3f:72:30:97:4b:60:f9:60:ed:37:03:8e:28:
                    a2:40:7e:e8:da:c2:9a:7d:c6:23:2a:2f:57:33:79:
                    53:8a:a4:aa:8b:d7:3c:d8:b7:87:c1:a1:d1:bc:5e:
                    9a:6c:e9:63:9c:98:4b:b1:2a:dd:00:00:9a:31:16:
                    a6:e3:88:6a:48:4a:3a:53:d3:35:9a:3d:83:40:d3:
                    98:d4:5d:7b:c5:32:76:19:de:b3:a1:0c:0e:00:04:
                    48:36:51:6c:5f:76:25:ad:8e:57:51:4e:de:cd:81:
                    31:ac:aa:d9:e2:73:a9:9b:88:56:5f:62:3f:5e:e2:
                    05:df:25:09:36:4d:d9:4e:da:03:84:0e:68:05:14:
                    7c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F1:83:85:3C:9B:42:C1:F8:B1:32:1C:3B:7E:58:BE:A3:64:24:9D
            X509v3 Authority Key Identifier:
                keyid:F4:8B:3F:0C:6A:87:C0:45:BD:CF:FA:BD:90:0D:B8:89:2B:E7:02:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Is_DGqHwEW9z_q9kA24iSvnAuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/dfGDhTybQsH4sTIcO35YvqNkJJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/9Is_DGqHwEW9z_q9kA24iSvnAuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:e2:d7:03:54:88:1a:76:fc:ce:d2:61:59:c8:c6:a8:21:e4:
         a1:fb:9c:c8:0b:ca:07:ac:70:09:e0:d2:c6:88:a7:a0:75:bd:
         81:16:36:66:6b:8d:10:aa:85:d2:3f:b3:bf:77:80:6d:77:f7:
         2e:60:41:30:be:d8:62:f8:dd:de:4f:4d:93:a5:dd:1c:db:e0:
         eb:e8:cc:ba:2b:08:58:88:47:ed:fe:61:59:b3:d4:25:a4:63:
         cf:73:31:7a:d9:b4:e5:f6:c2:23:ed:cd:aa:86:e0:63:0e:31:
         05:69:27:21:9a:b1:c4:ca:e2:95:15:59:b5:28:24:89:0e:af:
         23:c4:1c:5d:ed:46:cf:c1:6a:18:9c:ef:0f:81:0e:1e:01:18:
         71:f8:ca:cb:f4:66:ee:8a:7b:4f:a9:ea:d3:73:a0:18:59:d0:
         07:c1:6a:6d:0a:02:c2:ec:19:08:27:80:a0:d1:8a:ba:ab:e1:
         4f:da:e0:53:4d:b8:0a:cd:c0:df:77:de:cf:73:b6:a2:8e:86:
         a0:ff:e9:03:56:f7:36:44:41:94:f6:ac:98:e7:6c:d4:56:cf:
         61:4b:94:45:16:b2:2d:06:83:e2:83:7a:df:38:98:1c:6a:ec:
         1c:cc:57:fa:27:2b:46:f2:a1:63:a1:b4:18:c1:58:c9:7b:61:
         26:37:17:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4YVwyZjP22wRyzw8AIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OGIzZjBjNmE4N2MwNDViZGNmZmFiZDkwMGRiODg5MmJl
NzAyZTEwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWYxODM4NTNjOWI0MmMxZjhiMTMyMWMzYjdlNThiZWEzNjQyNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynViD6faraH6dn4YixebQnzsZN+H
TqmiXtE+dXrM1oUEDiGeA05TxVXmitdtlxK+Wlm4nBGNfQn6F52F9DSby7TLxRH/
0ZD1U6kc2pO63eI3bBASbI6U9YMD/H9bovTTQ1GrVuXADeuTjPxw02moAda8pVeP
t0yjJT9yMJdLYPlg7TcDjiiiQH7o2sKafcYjKi9XM3lTiqSqi9c82LeHwaHRvF6a
bOljnJhLsSrdAACaMRam44hqSEo6U9M1mj2DQNOY1F17xTJ2Gd6zoQwOAARINlFs
X3YlrY5XUU7ezYExrKrZ4nOpm4hWX2I/XuIF3yUJNk3ZTtoDhA5oBRR8PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXxg4U8m0LB+LEyHDt+WL6jZCSdMB8GA1UdIwQY
MBaAFPSLPwxqh8BFvc/6vZANuIkr5wLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUlzX0RHcUh3RVc5el9xOWtBMjRpU3ZuQXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yZTI3NDctYWQ3NC00ZDMxLTkyNTYt
ZDM1ZWRiOWZkZDIxLzEvZGZHRGhUeWJRc0g0c1RJY08zNVl2cU5rSkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yZTI3NDctYWQ3NC00ZDMxLTkyNTYtZDM1ZWRiOWZkZDIx
LzEvOUlzX0RHcUh3RVc5el9xOWtBMjRpU3ZuQXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTa8MA0G
CSqGSIb3DQEBCwUAA4IBAQBF4tcDVIgadvzO0mFZyMaoIeSh+5zIC8oHrHAJ4NLG
iKegdb2BFjZma40QqoXSP7O/d4Btd/cuYEEwvthi+N3eT02Tpd0c2+Dr6My6KwhY
iEft/mFZs9QlpGPPczF62bTl9sIj7c2qhuBjDjEFaSchmrHEyuKVFVm1KCSJDq8j
xBxd7UbPwWoYnO8PgQ4eARhx+MrL9GbuintPqerTc6AYWdAHwWptCgLC7BkIJ4Cg
0Yq6q+FP2uBTTbgKzcDfd97Pc7aijoag/+kDVvc2REGU9qyY52zUVs9hS5RFFrIt
BoPig3rfOJgcauwczFf6JytG8qFjobQYwVjJe2EmNxd/
-----END CERTIFICATE-----