Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/cIE8lMTbNu1bhJcpWrZDdc22vfY.roa
File:                     cIE8lMTbNu1bhJcpWrZDdc22vfY.roa (raw, json)
Hash identifier:          zuWTNcIwXuW+77yiio+1Ufll8K4cJkipphpOFPGBvzQ=
Subject key identifier:   70:81:3C:94:C4:DB:36:ED:5B:84:97:29:5A:B6:43:75:CD:B6:BD:F6
Certificate issuer:       /CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
Certificate serial:       018CC801D63EE09901B7C8AA39340AC19DCC
Authority key identifier: 2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/cIE8lMTbNu1bhJcpWrZDdc22vfY.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        185.240.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d6:3e:e0:99:01:b7:c8:aa:39:34:0a:c1:9d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70813c94c4db36ed5b8497295ab64375cdb6bdf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6a:fe:32:e7:60:ba:0a:3c:54:f4:a1:44:5a:
                    0f:0c:11:70:81:9d:c2:a8:77:05:15:04:4b:af:1f:
                    d8:11:d8:40:2a:ab:f5:31:ef:5c:9f:1e:02:8e:c3:
                    d2:55:8a:65:e9:d4:cb:27:0f:9f:be:14:14:c3:d9:
                    ae:67:cb:30:8c:53:93:9a:d4:f4:77:39:58:e7:a0:
                    70:4b:76:7b:f6:c2:53:6b:e6:58:7d:3c:67:dd:30:
                    fd:d7:e4:02:a1:39:d4:67:e1:e2:40:31:de:e1:36:
                    55:73:ed:60:e2:07:32:27:88:66:52:f3:4c:1a:5d:
                    ab:3d:83:e7:ac:73:21:12:36:f0:ae:38:0a:50:ba:
                    ad:50:7e:3c:90:57:c0:87:aa:48:f5:32:3e:31:02:
                    aa:d3:43:4c:c5:b5:44:64:2b:0e:38:0a:16:64:80:
                    02:8c:dd:41:90:5d:98:bc:52:da:9e:99:d9:e6:53:
                    39:a0:a4:21:02:82:80:f9:3e:35:7d:90:d5:29:3d:
                    0c:49:b3:06:4d:5f:c9:d3:7d:4e:83:a0:a5:aa:27:
                    ed:82:02:d5:11:a2:ab:c4:a4:74:e6:3d:a0:50:76:
                    26:b0:86:75:c6:50:b2:4e:b2:86:a2:66:da:1e:71:
                    26:b0:07:8f:cd:e5:fa:be:e5:ee:96:20:da:05:9b:
                    f9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:81:3C:94:C4:DB:36:ED:5B:84:97:29:5A:B6:43:75:CD:B6:BD:F6
            X509v3 Authority Key Identifier:
                keyid:2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/cIE8lMTbNu1bhJcpWrZDdc22vfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:4a:0b:b7:80:83:8f:15:ee:d9:32:3c:9a:00:b1:3e:89:f0:
         ae:44:95:76:8b:d1:d7:b7:cb:81:77:24:ad:3b:77:27:bf:33:
         be:17:26:99:69:bf:29:ba:5f:69:9c:14:e4:25:62:e3:cf:18:
         50:c1:6c:cb:4b:2d:f9:cd:98:e5:84:ed:45:44:52:1c:15:8e:
         13:b5:26:0f:78:eb:ef:14:67:13:9f:62:6b:79:84:eb:59:b9:
         a8:af:f6:4e:c3:3a:43:47:34:e3:0e:c1:8c:44:31:f5:1e:e3:
         e7:e1:26:6e:bf:56:51:48:0c:9e:de:cb:d5:35:60:7f:53:ad:
         c9:1a:c7:94:23:89:f0:d2:f5:45:a6:78:30:ec:cf:83:96:af:
         eb:2e:31:22:16:5f:72:04:98:eb:9e:9b:b2:f1:c5:95:96:60:
         e8:d3:72:3a:8b:64:a2:ec:6d:94:d7:8f:06:13:a8:4c:98:58:
         21:ea:82:2e:a2:2f:48:df:e0:93:0e:79:fd:c9:39:83:d0:a4:
         56:58:c5:4c:46:66:9d:5e:1f:4b:92:8c:d8:13:8d:a9:a6:b1:
         b4:ad:f5:fe:4a:06:31:03:3e:78:f8:d5:e4:b4:a7:a5:f7:9a:
         d0:80:c1:ae:7c:69:b3:19:e2:82:f2:64:06:dd:f1:c0:ec:78:
         d4:0d:67:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdY+4JkBt8iqOTQKwZ3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYmRiODlmYjQxMThmZmE1NWZhZmRiZjQ1ZTE5MjgyYmUw
ZTdhY2YwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDgxM2M5NGM0ZGIzNmVkNWI4NDk3Mjk1YWI2NDM3NWNkYjZiZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmr+Mudgugo8VPShRFoPDBFwgZ3C
qHcFFQRLrx/YEdhAKqv1Me9cnx4CjsPSVYpl6dTLJw+fvhQUw9muZ8swjFOTmtT0
dzlY56BwS3Z79sJTa+ZYfTxn3TD91+QCoTnUZ+HiQDHe4TZVc+1g4gcyJ4hmUvNM
Gl2rPYPnrHMhEjbwrjgKULqtUH48kFfAh6pI9TI+MQKq00NMxbVEZCsOOAoWZIAC
jN1BkF2YvFLanpnZ5lM5oKQhAoKA+T41fZDVKT0MSbMGTV/J031Og6ClqiftggLV
EaKrxKR05j2gUHYmsIZ1xlCyTrKGombaHnEmsAePzeX6vuXuliDaBZv5AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCBPJTE2zbtW4SXKVq2Q3XNtr32MB8GA1UdIwQY
MBaAFC29uJ+0EY/6Vfr9v0XhkoK+DnrPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMt
N2NjNzk5MTczMDBhLzEvY0lFOGxNVGJOdTFiaEpjcFdyWkRkYzIydmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMtN2NjNzk5MTczMDBh
LzEvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufCsMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSgu3gIOPFe7ZMjyaALE+ifCuRJV2i9HXt8uBdySt
O3cnvzO+FyaZab8pul9pnBTkJWLjzxhQwWzLSy35zZjlhO1FRFIcFY4TtSYPeOvv
FGcTn2JreYTrWbmor/ZOwzpDRzTjDsGMRDH1HuPn4SZuv1ZRSAye3svVNWB/U63J
GseUI4nw0vVFpngw7M+Dlq/rLjEiFl9yBJjrnpuy8cWVlmDo03I6i2Si7G2U148G
E6hMmFgh6oIuoi9I3+CTDnn9yTmD0KRWWMVMRmadXh9LkozYE42pprG0rfX+SgYx
Az54+NXktKel95rQgMGufGmzGeKC8mQG3fHA7HjUDWe1
-----END CERTIFICATE-----