Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/RE7BaNwDFBQibq66dggVliVLXSo.roa
File:                     RE7BaNwDFBQibq66dggVliVLXSo.roa (raw, json)
Hash identifier:          2TfLrozkW0wcGiGdvHXM0I0blxEp2fGLpUjeQfZQAPI=
Subject key identifier:   44:4E:C1:68:DC:03:14:14:22:6E:AE:BA:76:08:15:96:25:4B:5D:2A
Certificate issuer:       /CN=dd47ed588ba9069457a2a898fc7a0cb977d1f81e
Certificate serial:       018CC3492B2BABF4D1FAC4127DA3F6BCA1C6
Authority key identifier: DD:47:ED:58:8B:A9:06:94:57:A2:A8:98:FC:7A:0C:B9:77:D1:F8:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3UftWIupBpRXoqiY_HoMuXfR-B4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/RE7BaNwDFBQibq66dggVliVLXSo.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208598
IP address blocks:        194.156.108.0/24 maxlen: 24
                          194.156.108.0/22 maxlen: 22
                          194.156.110.0/23 maxlen: 24
                          194.156.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/3UftWIupBpRXoqiY_HoMuXfR-B4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/3UftWIupBpRXoqiY_HoMuXfR-B4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3UftWIupBpRXoqiY_HoMuXfR-B4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2b:2b:ab:f4:d1:fa:c4:12:7d:a3:f6:bc:a1:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd47ed588ba9069457a2a898fc7a0cb977d1f81e
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=444ec168dc031414226eaeba76081596254b5d2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a5:13:cb:08:1f:f2:62:09:af:af:e0:de:3d:
                    35:78:b5:83:bd:7f:5f:bc:5c:a0:10:e9:e6:89:89:
                    be:d9:18:67:ba:fb:44:83:d9:35:ad:f5:2d:7b:f9:
                    db:ce:23:65:5b:73:a1:80:cb:f8:e5:17:6f:2d:80:
                    e6:31:e5:21:71:d7:52:25:4c:65:b9:f4:c8:bf:d6:
                    b0:45:8c:f5:07:20:4e:3c:99:08:15:17:da:45:92:
                    6a:b2:a1:d6:ce:5e:0a:a4:17:eb:ae:56:68:fa:a7:
                    78:e1:15:14:de:22:89:24:31:f3:66:6d:13:4e:ba:
                    ad:e7:94:de:64:9e:df:a5:d7:ea:b0:04:11:6d:82:
                    9c:19:da:90:98:72:cc:61:e2:ea:b2:ed:54:f8:3e:
                    cc:89:bd:c6:93:92:0d:13:e2:a3:a6:01:1c:5e:6a:
                    49:f2:db:59:40:2f:bf:04:41:24:40:d0:68:0e:1b:
                    4c:94:b9:45:bf:b8:1f:c9:e0:be:3b:6e:94:18:c7:
                    6c:da:c9:8d:fd:37:31:f7:6a:cf:f7:9a:bf:18:2c:
                    19:ba:84:73:bb:a5:55:03:ba:49:52:c2:d3:b6:a4:
                    e6:cc:9f:5f:77:dc:2c:30:f0:88:05:3f:b5:54:a4:
                    a2:e9:d7:a9:38:39:bb:65:26:ff:0a:33:54:d2:62:
                    1c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4E:C1:68:DC:03:14:14:22:6E:AE:BA:76:08:15:96:25:4B:5D:2A
            X509v3 Authority Key Identifier:
                keyid:DD:47:ED:58:8B:A9:06:94:57:A2:A8:98:FC:7A:0C:B9:77:D1:F8:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3UftWIupBpRXoqiY_HoMuXfR-B4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/RE7BaNwDFBQibq66dggVliVLXSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4581b7-35bc-4bc8-85b3-f4596e7767a8/1/3UftWIupBpRXoqiY_HoMuXfR-B4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:fb:fa:f3:c3:63:5a:e4:c2:07:1a:f1:78:a1:c4:a8:fe:98:
         52:58:d8:6d:b8:2d:58:e2:54:c0:54:81:cf:28:66:ec:17:1f:
         3f:a9:69:de:de:8f:f1:b1:53:49:69:b6:7d:8b:b3:d4:00:63:
         aa:0c:ba:fe:cc:d5:0a:72:ae:38:84:61:d4:2d:eb:c0:3a:76:
         48:04:30:dc:bd:08:82:ec:29:8b:fa:c5:bd:da:bd:e1:35:c9:
         c4:5f:c8:9f:9f:ab:03:f2:62:b7:48:cd:61:d2:e9:ff:94:f5:
         46:16:56:8c:69:d9:47:61:ba:2c:26:b2:84:c5:3c:a5:94:1f:
         b1:c2:c2:56:ae:d0:84:ae:51:fa:07:ef:26:fd:3b:f3:80:5e:
         44:71:30:87:cc:28:1f:39:07:4b:ae:6c:85:ea:82:24:dc:3f:
         33:0c:cd:6c:6c:2e:2d:86:96:07:02:6e:ee:2e:d9:ce:5a:5e:
         d2:80:24:d7:ad:52:07:7d:fc:4f:92:f8:ee:07:fc:4e:92:c3:
         59:9e:dc:76:2f:b9:d4:bc:55:29:ef:33:71:4e:d5:25:c4:66:
         c3:72:85:2d:54:0c:5e:d6:24:ef:96:1a:d3:85:81:8c:de:51:
         04:b2:4f:5c:43:8c:68:de:40:b2:18:46:5e:fa:db:c5:01:40:
         f9:0f:2e:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSsrq/TR+sQSfaP2vKHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNDdlZDU4OGJhOTA2OTQ1N2EyYTg5OGZjN2EwY2I5Nzdk
MWY4MWUwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDRlYzE2OGRjMDMxNDE0MjI2ZWFlYmE3NjA4MTU5NjI1NGI1ZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaUTywgf8mIJr6/g3j01eLWDvX9f
vFygEOnmiYm+2RhnuvtEg9k1rfUte/nbziNlW3OhgMv45RdvLYDmMeUhcddSJUxl
ufTIv9awRYz1ByBOPJkIFRfaRZJqsqHWzl4KpBfrrlZo+qd44RUU3iKJJDHzZm0T
Trqt55TeZJ7fpdfqsAQRbYKcGdqQmHLMYeLqsu1U+D7Mib3Gk5INE+KjpgEcXmpJ
8ttZQC+/BEEkQNBoDhtMlLlFv7gfyeC+O26UGMds2smN/Tcx92rP95q/GCwZuoRz
u6VVA7pJUsLTtqTmzJ9fd9wsMPCIBT+1VKSi6depODm7ZSb/CjNU0mIcuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEROwWjcAxQUIm6uunYIFZYlS10qMB8GA1UdIwQY
MBaAFN1H7ViLqQaUV6KomPx6DLl30fgeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1VmdFdJdXBCcFJYb3FpWV9Ib011WGZSLUI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny80NTgxYjctMzViYy00YmM4LTg1YjMt
ZjQ1OTZlNzc2N2E4LzEvUkU3QmFOd0RGQlFpYnE2NmRnZ1ZsaVZMWFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny80NTgxYjctMzViYy00YmM4LTg1YjMtZjQ1OTZlNzc2N2E4
LzEvM1VmdFdJdXBCcFJYb3FpWV9Ib011WGZSLUI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpxsMA0G
CSqGSIb3DQEBCwUAA4IBAQDB+/rzw2Na5MIHGvF4ocSo/phSWNhtuC1Y4lTAVIHP
KGbsFx8/qWne3o/xsVNJabZ9i7PUAGOqDLr+zNUKcq44hGHULevAOnZIBDDcvQiC
7CmL+sW92r3hNcnEX8ifn6sD8mK3SM1h0un/lPVGFlaMadlHYbosJrKExTyllB+x
wsJWrtCErlH6B+8m/TvzgF5EcTCHzCgfOQdLrmyF6oIk3D8zDM1sbC4thpYHAm7u
LtnOWl7SgCTXrVIHffxPkvjuB/xOksNZntx2L7nUvFUp7zNxTtUlxGbDcoUtVAxe
1iTvlhrThYGM3lEEsk9cQ4xo3kCyGEZe+tvFAUD5Dy4U
-----END CERTIFICATE-----