Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/9V2BKnKBMK0VJ7PFnAdXsUMYNqo.roa
File:                     9V2BKnKBMK0VJ7PFnAdXsUMYNqo.roa (raw, json)
Hash identifier:          0FjCfTTIm1iCsgiAhyU8h37USdk2WAUxdtXx4UpG5E0=
Subject key identifier:   F5:5D:81:2A:72:81:30:AD:15:27:B3:C5:9C:07:57:B1:43:18:36:AA
Certificate issuer:       /CN=d8ba20120ec6dc80fd351a533d2c85ca0d983299
Certificate serial:       018CC8706845F71CB99132A94CC7A9F28C20
Authority key identifier: D8:BA:20:12:0E:C6:DC:80:FD:35:1A:53:3D:2C:85:CA:0D:98:32:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2LogEg7G3ID9NRpTPSyFyg2YMpk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/9V2BKnKBMK0VJ7PFnAdXsUMYNqo.roa
Signing time:             Tue 02 Jan 2024 04:30:59 +0000
ROA not before:           Tue 02 Jan 2024 04:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44210
IP address blocks:        185.79.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/2LogEg7G3ID9NRpTPSyFyg2YMpk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/2LogEg7G3ID9NRpTPSyFyg2YMpk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2LogEg7G3ID9NRpTPSyFyg2YMpk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:68:45:f7:1c:b9:91:32:a9:4c:c7:a9:f2:8c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8ba20120ec6dc80fd351a533d2c85ca0d983299
        Validity
            Not Before: Jan  2 04:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f55d812a728130ad1527b3c59c0757b1431836aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ab:9e:96:47:f8:20:4b:b4:34:32:99:35:04:
                    9d:bb:aa:b3:72:7d:99:07:43:82:53:be:35:7a:22:
                    5a:23:d3:e8:d8:fa:1c:09:b1:15:51:c0:d8:bc:6d:
                    f7:d0:49:ef:d4:9d:5f:17:0a:9f:d3:23:58:7b:78:
                    9f:1f:b0:62:50:e9:24:d6:ac:fc:47:1f:f6:0d:37:
                    52:59:82:f8:b3:75:14:3f:a8:53:55:75:03:cf:0e:
                    a2:28:df:d6:7d:49:e4:6f:43:99:e8:69:3d:6f:d4:
                    6b:9b:98:7e:65:be:35:9c:a0:4e:ab:a3:7c:61:2e:
                    be:c1:74:c0:c2:3b:b5:ac:56:08:90:10:f5:9d:29:
                    c1:4b:d6:3f:9d:64:a8:e9:27:d0:e9:50:96:30:0c:
                    70:c9:64:c9:e3:48:b6:96:3b:a2:32:63:52:f7:e4:
                    30:84:4e:4d:81:ca:c1:0f:0c:d9:64:75:5f:0b:0c:
                    54:d3:e3:9f:bf:3f:ff:94:1c:1a:32:94:1f:ef:86:
                    98:99:a9:cb:0f:fa:75:3f:e7:e5:4e:f6:2d:ce:93:
                    34:13:2b:d1:e5:aa:4b:20:c3:2c:2a:68:80:3b:9e:
                    c4:87:e3:63:bb:9c:93:53:4a:64:b3:76:d3:3e:77:
                    cf:4f:71:e0:88:b5:e2:32:e2:75:cc:25:f8:09:c4:
                    c5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5D:81:2A:72:81:30:AD:15:27:B3:C5:9C:07:57:B1:43:18:36:AA
            X509v3 Authority Key Identifier:
                keyid:D8:BA:20:12:0E:C6:DC:80:FD:35:1A:53:3D:2C:85:CA:0D:98:32:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2LogEg7G3ID9NRpTPSyFyg2YMpk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/9V2BKnKBMK0VJ7PFnAdXsUMYNqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7fac44-610f-485c-ae11-18ea1d5fef2d/1/2LogEg7G3ID9NRpTPSyFyg2YMpk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:4f:af:8f:f4:d9:41:6d:ee:4d:d7:e0:f0:bc:a7:c0:18:b1:
         60:34:0e:0f:43:af:d0:6c:15:43:97:3d:03:13:4c:9c:b5:e1:
         09:94:e1:ac:31:ee:0e:0c:b9:f6:97:af:63:73:55:7f:8e:35:
         39:a0:ed:32:bd:82:9f:df:e8:92:aa:57:78:40:bb:1e:89:f1:
         32:47:21:36:61:01:d0:1e:6b:29:13:34:f2:e3:c2:64:17:4a:
         a8:f7:5e:f9:71:b4:5c:ba:e0:61:2e:20:4f:f6:80:75:76:03:
         aa:d3:e6:2b:f3:9b:0d:3b:9b:b1:dd:b2:96:e3:92:5b:b5:5f:
         dd:c6:d7:bf:48:23:f1:a6:be:f3:78:65:cc:3b:5a:bf:69:8e:
         44:58:63:84:02:55:48:cc:ff:eb:e7:a4:6b:8b:3d:1e:ad:25:
         44:1d:b5:98:71:b5:f3:b2:36:8c:de:ea:27:20:b1:95:3a:1d:
         c2:cd:47:fc:22:fe:a4:ab:ac:cf:44:53:30:02:21:08:22:e8:
         b8:f7:66:b1:46:da:3a:d9:05:63:a3:1f:14:0e:ee:80:28:24:
         f2:b4:f3:a9:c8:6d:ed:43:1f:5e:9c:52:19:12:e5:29:97:f2:
         0e:6c:72:c6:2d:29:c0:ff:79:59:7c:54:3f:ef:30:a1:89:2e:
         cd:95:1b:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcGhF9xy5kTKpTMep8owgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YmEyMDEyMGVjNmRjODBmZDM1MWE1MzNkMmM4NWNhMGQ5
ODMyOTkwHhcNMjQwMTAyMDQzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTVkODEyYTcyODEzMGFkMTUyN2IzYzU5YzA3NTdiMTQzMTgzNmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgquelkf4IEu0NDKZNQSdu6qzcn2Z
B0OCU741eiJaI9Po2PocCbEVUcDYvG330Env1J1fFwqf0yNYe3ifH7BiUOkk1qz8
Rx/2DTdSWYL4s3UUP6hTVXUDzw6iKN/WfUnkb0OZ6Gk9b9Rrm5h+Zb41nKBOq6N8
YS6+wXTAwju1rFYIkBD1nSnBS9Y/nWSo6SfQ6VCWMAxwyWTJ40i2ljuiMmNS9+Qw
hE5NgcrBDwzZZHVfCwxU0+Ofvz//lBwaMpQf74aYmanLD/p1P+flTvYtzpM0EyvR
5apLIMMsKmiAO57Eh+Nju5yTU0pks3bTPnfPT3HgiLXiMuJ1zCX4CcTFRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVdgSpygTCtFSezxZwHV7FDGDaqMB8GA1UdIwQY
MBaAFNi6IBIOxtyA/TUaUz0shcoNmDKZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkxvZ0VnN0czSUQ5TlJwVFBTeUZ5ZzJZTXBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83ZmFjNDQtNjEwZi00ODVjLWFlMTEt
MThlYTFkNWZlZjJkLzEvOVYyQktuS0JNSzBWSjdQRm5BZFhzVU1ZTnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy83ZmFjNDQtNjEwZi00ODVjLWFlMTEtMThlYTFkNWZlZjJk
LzEvMkxvZ0VnN0czSUQ5TlJwVFBTeUZ5ZzJZTXBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU8QMA0G
CSqGSIb3DQEBCwUAA4IBAQAdT6+P9NlBbe5N1+DwvKfAGLFgNA4PQ6/QbBVDlz0D
E0ycteEJlOGsMe4ODLn2l69jc1V/jjU5oO0yvYKf3+iSqld4QLseifEyRyE2YQHQ
HmspEzTy48JkF0qo9175cbRcuuBhLiBP9oB1dgOq0+Yr85sNO5ux3bKW45JbtV/d
xte/SCPxpr7zeGXMO1q/aY5EWGOEAlVIzP/r56Rriz0erSVEHbWYcbXzsjaM3uon
ILGVOh3CzUf8Iv6kq6zPRFMwAiEIIui492axRto62QVjox8UDu6AKCTytPOpyG3t
Qx9enFIZEuUpl/IObHLGLSnA/3lZfFQ/7zChiS7NlRtJ
-----END CERTIFICATE-----