Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/fq44sJ-yDKII-inn7F_SCdD7J50.roa
File:                     fq44sJ-yDKII-inn7F_SCdD7J50.roa (raw, json)
Hash identifier:          egft+tGahzOEKuItQwgce2CC9qRH/wMRfbVytAX5axQ=
Subject key identifier:   7E:AE:38:B0:9F:B2:0C:A2:08:FA:29:E7:EC:5F:D2:09:D0:FB:27:9D
Certificate issuer:       /CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
Certificate serial:       018CC49238D30F768E5CAB480C2ECD0EFE4B
Authority key identifier: 1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/fq44sJ-yDKII-inn7F_SCdD7J50.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207827
IP address blocks:        185.180.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:38:d3:0f:76:8e:5c:ab:48:0c:2e:cd:0e:fe:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eae38b09fb20ca208fa29e7ec5fd209d0fb279d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:56:b0:7e:a6:bf:c9:c6:8e:fa:ea:30:da:e0:
                    97:a6:fc:9e:5d:47:b1:00:39:9a:9b:df:d1:f1:07:
                    4a:f4:17:23:35:d3:7f:0d:0a:5d:9f:85:4e:92:74:
                    44:4f:aa:ef:96:7c:48:2e:bf:a3:8a:03:d4:c1:d9:
                    65:66:d5:ad:2d:dc:ed:86:3f:d8:87:d2:88:96:71:
                    e7:d8:07:42:13:0d:20:cf:c6:24:a6:2c:74:84:4d:
                    fb:01:f3:78:00:ab:07:a3:eb:5e:b2:14:4e:88:e0:
                    67:93:68:cc:5d:5d:76:a0:f8:85:69:61:a2:9c:3e:
                    19:35:85:35:7b:e6:85:fa:08:00:5e:34:97:f9:58:
                    cf:65:c6:c6:f9:8c:27:5a:ad:88:9a:e5:40:6e:d5:
                    f6:3f:42:bc:b7:8e:9a:e1:fa:1c:2f:41:44:c6:04:
                    01:85:ae:70:ca:88:5c:d4:5e:07:78:3b:f7:a5:90:
                    a5:d5:38:f9:af:b7:5b:88:02:55:05:b9:b4:6d:d2:
                    6d:62:b6:0c:19:2e:93:05:6d:be:09:ae:73:d5:c4:
                    b8:21:a6:e6:8d:20:bd:42:c9:62:66:a1:46:f9:56:
                    a9:40:4d:e5:3c:aa:74:17:65:0c:1c:5c:66:4b:90:
                    55:e9:c6:42:51:60:ab:6b:7f:fc:f9:5f:19:7c:0d:
                    b0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AE:38:B0:9F:B2:0C:A2:08:FA:29:E7:EC:5F:D2:09:D0:FB:27:9D
            X509v3 Authority Key Identifier:
                keyid:1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/fq44sJ-yDKII-inn7F_SCdD7J50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:d1:c6:34:ce:12:f7:6c:c6:98:ee:74:63:42:8d:88:59:e8:
         4d:14:7e:93:57:91:57:5e:17:1e:ee:bc:f0:fb:40:e7:4b:fc:
         d4:f2:98:0b:69:3a:15:41:c4:82:f0:b0:08:6e:3e:d4:d3:fd:
         37:38:b1:62:e2:3f:57:cb:75:30:89:9d:e7:30:78:42:57:8c:
         4d:ae:23:51:2b:41:c2:1d:c5:a5:f4:0b:73:5c:34:67:31:14:
         7a:a6:67:6f:42:c8:db:d5:41:d0:4a:3e:c0:39:23:e2:2c:45:
         d8:8e:4a:62:43:0c:ed:a2:49:4b:7f:ff:a2:a2:81:83:99:ff:
         e9:55:bf:51:47:72:ab:ff:4f:5a:01:d7:25:11:72:63:ae:d3:
         66:5a:8d:4e:85:d5:9d:a5:e0:d8:9e:72:0a:4a:5e:73:e3:5b:
         22:88:70:60:df:e3:80:87:f0:02:61:40:28:c4:86:86:06:36:
         94:79:eb:10:20:90:6c:fe:e1:6f:00:0b:ac:b1:f0:7d:81:31:
         2e:df:53:a8:4d:33:6d:34:5a:0b:d5:ea:31:5f:9e:9e:f3:ca:
         e4:a9:1f:4e:33:61:9c:67:00:06:1e:e0:26:3c:20:6a:0d:bc:
         d6:5b:a0:b8:ab:fa:16:7d:ff:ab:c4:71:26:f9:07:54:2b:09:
         b8:ba:ed:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjjTD3aOXKtIDC7NDv5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZTVlZmJmNjU4OTcxNjBkNTVhNTJkYzNhMjJjMDE3ODc2
Y2QwNmMwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFlMzhiMDlmYjIwY2EyMDhmYTI5ZTdlYzVmZDIwOWQwZmIyNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlawfqa/ycaO+uow2uCXpvyeXUex
ADmam9/R8QdK9BcjNdN/DQpdn4VOknRET6rvlnxILr+jigPUwdllZtWtLdzthj/Y
h9KIlnHn2AdCEw0gz8Ykpix0hE37AfN4AKsHo+teshROiOBnk2jMXV12oPiFaWGi
nD4ZNYU1e+aF+ggAXjSX+VjPZcbG+YwnWq2ImuVAbtX2P0K8t46a4focL0FExgQB
ha5wyohc1F4HeDv3pZCl1Tj5r7dbiAJVBbm0bdJtYrYMGS6TBW2+Ca5z1cS4Iabm
jSC9QsliZqFG+VapQE3lPKp0F2UMHFxmS5BV6cZCUWCra3/8+V8ZfA2wrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6uOLCfsgyiCPop5+xf0gnQ+yedMB8GA1UdIwQY
MBaAFB7l779liXFg1VpS3DoiwBeHbNBsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUt
N2MwZGI3YmFlMTM1LzEvZnE0NHNKLXlES0lJLWlubjdGX1NDZEQ3SjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUtN2MwZGI3YmFlMTM1
LzEvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubSuMA0G
CSqGSIb3DQEBCwUAA4IBAQBa0cY0zhL3bMaY7nRjQo2IWehNFH6TV5FXXhce7rzw
+0DnS/zU8pgLaToVQcSC8LAIbj7U0/03OLFi4j9Xy3UwiZ3nMHhCV4xNriNRK0HC
HcWl9AtzXDRnMRR6pmdvQsjb1UHQSj7AOSPiLEXYjkpiQwztoklLf/+iooGDmf/p
Vb9RR3Kr/09aAdclEXJjrtNmWo1OhdWdpeDYnnIKSl5z41siiHBg3+OAh/ACYUAo
xIaGBjaUeesQIJBs/uFvAAussfB9gTEu31OoTTNtNFoL1eoxX56e88rkqR9OM2Gc
ZwAGHuAmPCBqDbzWW6C4q/oWff+rxHEm+QdUKwm4uu1N
-----END CERTIFICATE-----