Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/fd67Vsjp6XNOJisFuQyLM0au6ng.roa
File:                     fd67Vsjp6XNOJisFuQyLM0au6ng.roa (raw, json)
Hash identifier:          UMRLaQUHwDED/fq3AAJcwdFHgJDMVv+Z4YjIcVYli8o=
Subject key identifier:   7D:DE:BB:56:C8:E9:E9:73:4E:26:2B:05:B9:0C:8B:33:46:AE:EA:78
Certificate issuer:       /CN=44434fd98c11d8d72df380ca83edf79fcc00859f
Certificate serial:       018CCA2A560E4A1ACA9054785B83D2549523
Authority key identifier: 44:43:4F:D9:8C:11:D8:D7:2D:F3:80:CA:83:ED:F7:9F:CC:00:85:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RENP2YwR2Nct84DKg-33n8wAhZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/fd67Vsjp6XNOJisFuQyLM0au6ng.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        185.75.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/RENP2YwR2Nct84DKg-33n8wAhZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/RENP2YwR2Nct84DKg-33n8wAhZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RENP2YwR2Nct84DKg-33n8wAhZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:56:0e:4a:1a:ca:90:54:78:5b:83:d2:54:95:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44434fd98c11d8d72df380ca83edf79fcc00859f
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ddebb56c8e9e9734e262b05b90c8b3346aeea78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1d:84:8c:00:13:54:5b:8c:10:a8:f2:cb:2e:
                    c6:f8:f3:26:d5:58:a6:ec:4c:0f:a1:b4:5d:f8:9e:
                    e2:36:c4:f3:c3:c5:eb:b3:47:e0:7e:65:84:d1:c9:
                    44:f6:e2:4f:8e:64:f7:2b:f2:e2:7a:05:3c:47:d3:
                    f2:71:1b:35:49:e5:ff:53:98:cb:66:de:68:dd:47:
                    75:87:ed:c0:91:ad:f5:35:98:51:a2:dc:92:c7:66:
                    9f:9c:a5:04:6e:d0:21:94:73:f8:b7:94:8a:36:13:
                    e5:e1:52:af:93:91:0c:2f:25:2c:07:14:5d:31:ff:
                    1b:c3:4a:cf:f4:d5:ee:18:51:a7:c0:4b:83:ab:d2:
                    51:fc:57:52:57:49:a5:de:6b:08:5d:0c:ef:49:3c:
                    95:f1:03:79:73:cb:0d:df:97:ad:06:71:69:99:95:
                    d0:73:12:b6:a0:d2:47:31:61:12:36:e3:82:c9:8f:
                    0a:2f:d3:5f:b1:9d:11:06:e9:73:ed:6f:e7:51:c4:
                    8a:da:21:f0:df:5b:77:b2:30:e3:d1:26:69:d9:78:
                    34:df:48:f4:42:6e:83:02:10:5f:f5:29:68:1c:4d:
                    bc:81:2b:5d:7a:d2:1f:3c:5d:ac:9d:a6:8b:ca:e8:
                    bb:ef:fd:45:bc:c6:6a:60:af:d7:9c:fc:4b:56:b2:
                    66:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DE:BB:56:C8:E9:E9:73:4E:26:2B:05:B9:0C:8B:33:46:AE:EA:78
            X509v3 Authority Key Identifier:
                keyid:44:43:4F:D9:8C:11:D8:D7:2D:F3:80:CA:83:ED:F7:9F:CC:00:85:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RENP2YwR2Nct84DKg-33n8wAhZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/fd67Vsjp6XNOJisFuQyLM0au6ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/cf520c-2893-42bf-a80f-237bb30d7305/1/RENP2YwR2Nct84DKg-33n8wAhZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c6:32:f3:18:ea:2e:60:f6:0a:40:32:3c:42:32:28:65:67:
         a9:56:d7:e3:81:bd:1e:8c:3b:10:a5:64:ba:13:07:e1:7e:1d:
         07:e2:4a:ee:63:18:38:b9:79:23:81:c6:d6:46:ff:4a:aa:43:
         41:6f:4b:2a:7d:37:3c:6e:76:b7:1f:b6:2b:cf:78:69:ea:a6:
         59:4b:4c:6a:d0:91:fb:f6:6e:88:c8:3d:d6:43:ff:0c:87:f5:
         0f:31:d9:4a:18:65:28:e1:4e:09:7a:63:31:b0:87:4b:7a:b8:
         6e:e6:20:67:68:12:23:3c:a1:30:0a:1c:b4:3c:26:e0:27:38:
         54:2a:78:d0:6a:a1:47:0f:74:30:cd:cf:fe:30:63:ed:51:f9:
         47:bd:64:72:b9:69:cb:51:dd:a5:63:35:f9:6a:c0:c0:2e:f4:
         a0:ea:b3:1d:b2:84:45:be:db:77:96:45:98:65:1b:96:81:a3:
         74:72:35:53:ff:4f:8a:6f:94:d5:ac:0e:17:74:74:6d:3e:14:
         44:8b:38:95:4f:a6:32:16:50:ae:2f:79:00:74:db:99:4d:d7:
         db:ae:10:35:49:1e:ed:b2:97:eb:87:a1:a1:18:8e:5b:91:02:
         e0:41:4a:02:bb:4e:ff:b1:d0:53:8c:a1:f5:b6:42:9c:08:d2:
         8d:e2:bc:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlYOShrKkFR4W4PSVJUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDM0ZmQ5OGMxMWQ4ZDcyZGYzODBjYTgzZWRmNzlmY2Mw
MDg1OWYwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRlYmI1NmM4ZTllOTczNGUyNjJiMDViOTBjOGIzMzQ2YWVlYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh2EjAATVFuMEKjyyy7G+PMm1Vim
7EwPobRd+J7iNsTzw8Xrs0fgfmWE0clE9uJPjmT3K/LiegU8R9PycRs1SeX/U5jL
Zt5o3Ud1h+3Aka31NZhRotySx2afnKUEbtAhlHP4t5SKNhPl4VKvk5EMLyUsBxRd
Mf8bw0rP9NXuGFGnwEuDq9JR/FdSV0ml3msIXQzvSTyV8QN5c8sN35etBnFpmZXQ
cxK2oNJHMWESNuOCyY8KL9NfsZ0RBulz7W/nUcSK2iHw31t3sjDj0SZp2Xg030j0
Qm6DAhBf9SloHE28gStdetIfPF2snaaLyui77/1FvMZqYK/XnPxLVrJmSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3eu1bI6elzTiYrBbkMizNGrup4MB8GA1UdIwQY
MBaAFERDT9mMEdjXLfOAyoPt95/MAIWfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVOUDJZd1IyTmN0ODRES2ctMzNuOHdBaFo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jZjUyMGMtMjg5My00MmJmLWE4MGYt
MjM3YmIzMGQ3MzA1LzEvZmQ2N1ZzanA2WE5PSmlzRnVReUxNMGF1Nm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jZjUyMGMtMjg5My00MmJmLWE4MGYtMjM3YmIzMGQ3MzA1
LzEvUkVOUDJZd1IyTmN0ODRES2ctMzNuOHdBaFo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUv2MA0G
CSqGSIb3DQEBCwUAA4IBAQAixjLzGOouYPYKQDI8QjIoZWepVtfjgb0ejDsQpWS6
Ewfhfh0H4kruYxg4uXkjgcbWRv9KqkNBb0sqfTc8bna3H7Yrz3hp6qZZS0xq0JH7
9m6IyD3WQ/8Mh/UPMdlKGGUo4U4JemMxsIdLerhu5iBnaBIjPKEwChy0PCbgJzhU
KnjQaqFHD3Qwzc/+MGPtUflHvWRyuWnLUd2lYzX5asDALvSg6rMdsoRFvtt3lkWY
ZRuWgaN0cjVT/0+Kb5TVrA4XdHRtPhREiziVT6YyFlCuL3kAdNuZTdfbrhA1SR7t
spfrh6GhGI5bkQLgQUoCu07/sdBTjKH1tkKcCNKN4ryU
-----END CERTIFICATE-----