Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/buTN79lM3bru4-udF4t8hJ5I0bo.roa
File:                     buTN79lM3bru4-udF4t8hJ5I0bo.roa (raw, json)
Hash identifier:          88JuiTRNbnT8uBQ4VAuuWNRFlIhiqkRcYJfY9ddIrhw=
Subject key identifier:   6E:E4:CD:EF:D9:4C:DD:BA:EE:E3:EB:9D:17:8B:7C:84:9E:48:D1:BA
Certificate issuer:       /CN=0f0d94ee63c70a733663bbc4b5b576de607e19ed
Certificate serial:       018CC49390EC7823D2B9EBC4DEBB9298636B
Authority key identifier: 0F:0D:94:EE:63:C7:0A:73:36:63:BB:C4:B5:B5:76:DE:60:7E:19:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/buTN79lM3bru4-udF4t8hJ5I0bo.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202661
IP address blocks:        185.197.40.0/22 maxlen: 22
                          2a0e:d1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:ec:78:23:d2:b9:eb:c4:de:bb:92:98:63:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f0d94ee63c70a733663bbc4b5b576de607e19ed
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ee4cdefd94cddbaeee3eb9d178b7c849e48d1ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:04:04:74:5e:43:d9:97:23:e3:8c:f9:0e:9d:
                    a9:f3:6d:29:c8:ea:ec:51:09:fc:71:bc:51:c9:51:
                    67:fc:77:e5:1d:49:fe:a4:ef:e4:6e:06:e8:5e:a3:
                    f2:34:77:77:b4:b0:25:e3:81:47:f5:33:4f:01:89:
                    28:0b:7a:75:a7:5e:02:d7:88:dc:af:e0:e2:8c:9a:
                    a7:38:56:40:dd:66:a4:19:e8:a2:4b:7a:2f:84:b2:
                    98:f3:48:62:12:00:0c:5a:35:c3:d8:67:f3:40:91:
                    ec:50:fa:74:be:8a:86:6e:93:01:4a:8d:9c:b8:84:
                    4e:36:53:9f:bb:18:47:19:a6:41:0f:88:ec:23:f8:
                    2d:f4:30:11:69:45:78:99:1f:e1:23:cf:c3:0d:f4:
                    a2:f0:ca:b7:2a:bc:3e:0b:e7:1e:0c:e6:af:6e:34:
                    c4:53:f9:e8:78:cc:bd:fa:df:3e:d3:cb:e9:e3:d7:
                    c0:47:4c:13:7b:5f:88:d8:53:a6:4c:11:f3:c9:5e:
                    f4:54:e8:61:24:0d:d2:d9:b5:21:e8:12:46:b7:d2:
                    b6:f9:0f:33:d1:db:aa:e6:7f:8c:bd:1b:14:47:80:
                    61:db:f7:20:b6:d0:bc:ea:79:6e:4a:4c:00:2d:f4:
                    be:73:26:fc:e9:db:fb:e3:3e:c9:3d:8e:18:58:62:
                    fd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E4:CD:EF:D9:4C:DD:BA:EE:E3:EB:9D:17:8B:7C:84:9E:48:D1:BA
            X509v3 Authority Key Identifier:
                keyid:0F:0D:94:EE:63:C7:0A:73:36:63:BB:C4:B5:B5:76:DE:60:7E:19:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/buTN79lM3bru4-udF4t8hJ5I0bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.40.0/22
                IPv6:
                  2a0e:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c4:55:4b:6e:bc:96:ee:89:e0:ac:3e:70:97:33:3e:a0:48:a4:
         bb:2d:da:81:56:58:b0:a2:9a:0e:5c:be:b0:be:0a:34:66:d3:
         96:80:fe:f7:5a:f6:17:0d:63:b3:b8:97:3d:44:41:69:36:18:
         e3:ae:d3:c8:5c:05:5e:4b:69:62:b5:1e:71:6f:f8:39:8a:c2:
         2a:f6:46:73:c5:d8:0a:8d:75:fd:03:3b:ea:65:f7:1d:06:72:
         76:8c:6f:a1:55:30:69:c0:56:9d:c9:9f:f0:c6:b8:82:bd:3d:
         52:a1:ba:07:e6:be:69:9c:99:34:e1:43:06:60:d6:29:ca:e1:
         03:f0:12:e4:83:dc:cb:75:cf:92:52:c2:3a:00:d0:5b:9a:79:
         f0:b0:4c:72:4e:e3:80:56:7f:51:ac:ab:2c:82:27:53:40:84:
         15:d2:af:5f:b2:e6:40:d4:3a:92:da:43:7e:1c:58:75:c2:e2:
         99:da:ba:9b:3e:21:21:74:b6:08:b3:2c:cd:95:79:bb:07:bc:
         be:1f:70:53:82:1a:e9:9e:f5:ba:e9:77:27:9b:ed:4d:c0:24:
         31:31:a2:be:ed:29:a3:6e:57:a8:53:59:6b:ab:c8:35:25:3f:
         4d:69:15:cd:0c:80:f1:e0:33:e7:c2:58:b2:91:b3:43:e4:be:
         69:8f:ac:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk5DseCPSuevE3ruSmGNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMGQ5NGVlNjNjNzBhNzMzNjYzYmJjNGI1YjU3NmRlNjA3
ZTE5ZWQwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWU0Y2RlZmQ5NGNkZGJhZWVlM2ViOWQxNzhiN2M4NDllNDhkMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQQEdF5D2Zcj44z5Dp2p820pyOrs
UQn8cbxRyVFn/HflHUn+pO/kbgboXqPyNHd3tLAl44FH9TNPAYkoC3p1p14C14jc
r+DijJqnOFZA3WakGeiiS3ovhLKY80hiEgAMWjXD2GfzQJHsUPp0voqGbpMBSo2c
uIRONlOfuxhHGaZBD4jsI/gt9DARaUV4mR/hI8/DDfSi8Mq3Krw+C+ceDOavbjTE
U/noeMy9+t8+08vp49fAR0wTe1+I2FOmTBHzyV70VOhhJA3S2bUh6BJGt9K2+Q8z
0duq5n+MvRsUR4Bh2/cgttC86nluSkwALfS+cyb86dv74z7JPY4YWGL9IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG7kze/ZTN267uPrnReLfISeSNG6MB8GA1UdIwQY
MBaAFA8NlO5jxwpzNmO7xLW1dt5gfhntMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHcyVTdtUEhDbk0yWTd2RXRiVjIzbUItR2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80MzllZjYtNmUzOS00NGU4LThjOWIt
OTJkNDE4ZThkOWE1LzEvYnVUTjc5bE0zYnJ1NC11ZEY0dDhoSjVJMGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80MzllZjYtNmUzOS00NGU4LThjOWItOTJkNDE4ZThkOWE1
LzEvRHcyVTdtUEhDbk0yWTd2RXRiVjIzbUItR2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucUoMA0E
AgACMAcDBQAqDtHAMA0GCSqGSIb3DQEBCwUAA4IBAQDEVUtuvJbuieCsPnCXMz6g
SKS7LdqBVliwopoOXL6wvgo0ZtOWgP73WvYXDWOzuJc9REFpNhjjrtPIXAVeS2li
tR5xb/g5isIq9kZzxdgKjXX9AzvqZfcdBnJ2jG+hVTBpwFadyZ/wxriCvT1SoboH
5r5pnJk04UMGYNYpyuED8BLkg9zLdc+SUsI6ANBbmnnwsExyTuOAVn9RrKssgidT
QIQV0q9fsuZA1DqS2kN+HFh1wuKZ2rqbPiEhdLYIsyzNlXm7B7y+H3BTghrpnvW6
6Xcnm+1NwCQxMaK+7SmjbleoU1lrq8g1JT9NaRXNDIDx4DPnwliykbND5L5pj6xS
-----END CERTIFICATE-----