Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/DkCgqG244-xdfGSiZiRL_6jjMU4.roa
File:                     DkCgqG244-xdfGSiZiRL_6jjMU4.roa (raw, json)
Hash identifier:          LYv1Ix1K/vm79oDEZ0SXpTqFtZHiYhhxeZ+EeZAbK6I=
Subject key identifier:   0E:40:A0:A8:6D:B8:E3:EC:5D:7C:64:A2:66:24:4B:FF:A8:E3:31:4E
Certificate issuer:       /CN=c2d2ac1d7c9eccf5658b88f16f613d7b3e8e8c72
Certificate serial:       019424B25CDF7D12210F0B830B5EDAECB5BB
Authority key identifier: C2:D2:AC:1D:7C:9E:CC:F5:65:8B:88:F1:6F:61:3D:7B:3E:8E:8C:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtKsHXyezPVli4jxb2E9ez6OjHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/DkCgqG244-xdfGSiZiRL_6jjMU4.roa
Signing time:             Thu 02 Jan 2025 01:47:35 +0000
ROA not before:           Thu 02 Jan 2025 01:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211804
IP address blocks:        185.250.240.0/24 maxlen: 24
                          185.250.241.0/24 maxlen: 24
                          185.250.242.0/24 maxlen: 24
                          185.250.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/wtKsHXyezPVli4jxb2E9ez6OjHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/wtKsHXyezPVli4jxb2E9ez6OjHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtKsHXyezPVli4jxb2E9ez6OjHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:5c:df:7d:12:21:0f:0b:83:0b:5e:da:ec:b5:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d2ac1d7c9eccf5658b88f16f613d7b3e8e8c72
        Validity
            Not Before: Jan  2 01:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e40a0a86db8e3ec5d7c64a266244bffa8e3314e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8a:fd:84:d5:81:3b:af:d9:89:55:9b:9e:af:
                    9f:41:a1:a2:1b:95:92:a5:64:50:ca:bf:6a:dd:93:
                    2d:d1:ee:0c:a7:d6:88:19:6e:bd:fb:07:f8:99:ab:
                    a2:d0:81:88:92:23:11:3c:10:b0:7b:8e:33:51:b3:
                    5f:e9:4d:08:8c:5d:2c:c0:91:aa:79:6b:c9:e8:8c:
                    6d:d7:de:04:38:5a:fd:26:4a:15:d3:9f:ed:42:b6:
                    d1:17:be:b3:cb:8b:1f:f3:93:5e:b8:5d:f9:b2:10:
                    71:b6:d8:e0:67:a5:54:b9:59:2a:ef:5d:8b:2e:df:
                    43:10:54:ac:50:70:d7:3a:f8:c1:39:f3:44:c3:da:
                    ba:b5:74:a5:c3:b1:95:22:a0:0f:09:f3:8f:04:20:
                    01:3a:3e:6a:fb:dd:b3:65:3f:11:34:02:e4:14:15:
                    cb:34:4a:9f:f6:b3:7f:0f:29:47:27:39:6f:79:ae:
                    90:0a:09:51:69:ed:8b:df:c9:4c:3c:5e:3d:c1:e3:
                    5e:3b:89:60:15:90:4a:8a:08:0c:3f:e1:97:98:5d:
                    25:a3:d9:32:8c:a8:5f:4c:1d:e3:43:bb:6b:30:8a:
                    aa:4b:e5:93:4a:b5:12:db:23:82:60:43:df:33:f7:
                    74:6d:d6:10:f3:a7:ea:3f:e2:53:16:0a:f1:d7:c2:
                    62:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:40:A0:A8:6D:B8:E3:EC:5D:7C:64:A2:66:24:4B:FF:A8:E3:31:4E
            X509v3 Authority Key Identifier:
                keyid:C2:D2:AC:1D:7C:9E:CC:F5:65:8B:88:F1:6F:61:3D:7B:3E:8E:8C:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtKsHXyezPVli4jxb2E9ez6OjHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/DkCgqG244-xdfGSiZiRL_6jjMU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8b1bc2-5926-4ace-b16f-197fe8365643/1/wtKsHXyezPVli4jxb2E9ez6OjHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:10:2c:97:81:53:6b:7a:8d:e9:5a:fd:18:7c:99:f9:35:d4:
         75:56:9e:12:73:51:9a:5e:5b:1a:52:cb:ba:12:f8:d5:ad:4b:
         63:0b:c5:81:5b:f5:ea:dc:60:30:ea:b9:35:e2:e7:3b:01:9b:
         07:be:8a:13:e9:6c:0c:6a:ce:2c:15:96:ad:f4:c7:14:d0:0a:
         70:28:4e:fe:30:36:e6:80:8c:a5:88:74:eb:71:6c:7c:f3:f7:
         6a:ce:97:f6:08:2e:51:27:9d:cc:04:03:e8:fc:0e:a9:7d:0c:
         b1:a3:18:0c:7b:09:7a:23:a7:31:9c:35:eb:21:7a:e3:43:9c:
         6b:d4:89:a5:3f:77:e1:23:93:4d:cc:42:9c:a7:f4:97:18:fb:
         08:81:78:58:57:98:ec:6c:cf:3f:97:fe:86:1c:62:a4:4a:2e:
         2c:bc:ec:6f:dc:4a:9f:6b:d4:80:b0:9b:be:a9:f6:c5:8e:db:
         a9:3b:5d:f0:76:97:a0:f7:63:f4:4a:7d:0d:a5:ff:6c:55:55:
         11:c5:fb:94:1e:39:76:16:c8:08:cc:74:e0:eb:b8:8d:17:83:
         4d:a0:e8:e8:87:37:54:32:41:83:61:cd:68:3f:53:81:b7:16:
         14:09:98:20:26:34:da:15:54:30:b3:54:2f:39:1c:93:b6:8c:
         86:df:75:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkslzffRIhDwuDC17a7LW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDJhYzFkN2M5ZWNjZjU2NThiODhmMTZmNjEzZDdiM2U4
ZThjNzIwHhcNMjUwMTAyMDE0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQwYTBhODZkYjhlM2VjNWQ3YzY0YTI2NjI0NGJmZmE4ZTMzMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIr9hNWBO6/ZiVWbnq+fQaGiG5WS
pWRQyr9q3ZMt0e4Mp9aIGW69+wf4maui0IGIkiMRPBCwe44zUbNf6U0IjF0swJGq
eWvJ6Ixt194EOFr9JkoV05/tQrbRF76zy4sf85NeuF35shBxttjgZ6VUuVkq712L
Lt9DEFSsUHDXOvjBOfNEw9q6tXSlw7GVIqAPCfOPBCABOj5q+92zZT8RNALkFBXL
NEqf9rN/DylHJzlvea6QCglRae2L38lMPF49weNeO4lgFZBKiggMP+GXmF0lo9ky
jKhfTB3jQ7trMIqqS+WTSrUS2yOCYEPfM/d0bdYQ86fqP+JTFgrx18JiFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5AoKhtuOPsXXxkomYkS/+o4zFOMB8GA1UdIwQY
MBaAFMLSrB18nsz1ZYuI8W9hPXs+joxyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RLc0hYeWV6UFZsaTRqeGIyRTllejZPakhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84YjFiYzItNTkyNi00YWNlLWIxNmYt
MTk3ZmU4MzY1NjQzLzEvRGtDZ3FHMjQ0LXhkZkdTaVppUkxfNmpqTVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84YjFiYzItNTkyNi00YWNlLWIxNmYtMTk3ZmU4MzY1NjQz
LzEvd3RLc0hYeWV6UFZsaTRqeGIyRTllejZPakhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufrwMA0G
CSqGSIb3DQEBCwUAA4IBAQA2ECyXgVNreo3pWv0YfJn5NdR1Vp4Sc1GaXlsaUsu6
EvjVrUtjC8WBW/Xq3GAw6rk14uc7AZsHvooT6WwMas4sFZat9McU0ApwKE7+MDbm
gIyliHTrcWx88/dqzpf2CC5RJ53MBAPo/A6pfQyxoxgMewl6I6cxnDXrIXrjQ5xr
1ImlP3fhI5NNzEKcp/SXGPsIgXhYV5jsbM8/l/6GHGKkSi4svOxv3Eqfa9SAsJu+
qfbFjtupO13wdpeg92P0Sn0Npf9sVVURxfuUHjl2FsgIzHTg67iNF4NNoOjohzdU
MkGDYc1oP1OBtxYUCZggJjTaFVQws1QvORyTtoyG33Vd
-----END CERTIFICATE-----