Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/hs44kTsCSKJHF4M4m6a7yybk2BU.roa
File:                     hs44kTsCSKJHF4M4m6a7yybk2BU.roa (raw, json)
Hash identifier:          sJmLUUiHtQ2muOzZ9TuqLt9boiXoy5M0LFt8+5jZEwc=
Subject key identifier:   86:CE:38:91:3B:02:48:A2:47:17:83:38:9B:A6:BB:CB:26:E4:D8:15
Certificate issuer:       /CN=dead4c89f7aed8681d0202d22479d86e1462f889
Certificate serial:       019425FC59C78D7CF4BC3589B15DC8C7854B
Authority key identifier: DE:AD:4C:89:F7:AE:D8:68:1D:02:02:D2:24:79:D8:6E:14:62:F8:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/hs44kTsCSKJHF4M4m6a7yybk2BU.roa
Signing time:             Thu 02 Jan 2025 07:48:02 +0000
ROA not before:           Thu 02 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25459
IP address blocks:        185.44.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:59:c7:8d:7c:f4:bc:35:89:b1:5d:c8:c7:85:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dead4c89f7aed8681d0202d22479d86e1462f889
        Validity
            Not Before: Jan  2 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86ce38913b0248a2471783389ba6bbcb26e4d815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bb:06:93:8d:f1:6c:57:ef:99:e7:97:fd:e1:
                    7f:58:3c:e6:3b:bc:d4:12:a0:15:66:61:d8:bf:d2:
                    b4:b7:22:b5:c3:af:9d:e0:ba:a6:09:40:6d:b2:58:
                    74:a2:1d:a3:90:8e:ab:23:a0:25:5b:0d:5a:67:55:
                    15:96:c3:03:a1:9d:f2:54:8c:fc:15:8a:66:df:f0:
                    85:ef:f1:f8:9b:c5:40:48:7c:65:9d:88:9b:12:e2:
                    de:4b:e5:ce:c7:8e:ac:e6:2d:83:5f:56:49:fa:56:
                    f9:18:09:5a:df:12:39:69:07:8e:06:13:cc:51:1f:
                    77:4e:c1:92:48:27:11:04:7e:65:df:2c:2b:45:11:
                    e7:58:95:67:5d:8a:ce:3f:c9:b0:86:ce:f8:f4:38:
                    19:25:b1:e1:5e:01:6b:50:ad:6f:e7:f5:cf:4d:68:
                    3e:49:41:46:1c:1b:b7:35:90:d6:1e:dd:d0:5a:d1:
                    c0:07:d6:27:4b:ee:3d:a2:69:c9:14:ca:83:45:ad:
                    5d:15:18:c9:ac:d6:9a:ea:8a:2c:b9:b9:3b:52:ec:
                    38:5c:47:e4:a4:c9:58:17:f3:e8:16:de:ae:e3:83:
                    d1:06:b1:f0:98:2e:7c:33:5f:b4:f2:44:c0:f8:59:
                    d7:96:2a:c9:da:b2:25:94:62:31:e2:a5:32:43:52:
                    fa:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CE:38:91:3B:02:48:A2:47:17:83:38:9B:A6:BB:CB:26:E4:D8:15
            X509v3 Authority Key Identifier:
                keyid:DE:AD:4C:89:F7:AE:D8:68:1D:02:02:D2:24:79:D8:6E:14:62:F8:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/hs44kTsCSKJHF4M4m6a7yybk2BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/cea65f-eca1-4f80-874e-5bcfce5ca2c7/1/3q1Mifeu2GgdAgLSJHnYbhRi-Ik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:63:e0:25:04:94:e7:95:33:99:4d:80:c3:cd:54:79:ad:bf:
         00:f4:7c:43:9c:2a:2b:d5:ee:1c:c1:42:10:29:a9:25:e0:4e:
         36:ea:79:80:24:d6:1c:0d:7f:61:2b:46:94:59:4d:8f:0d:e3:
         23:ef:e6:dd:92:e1:fb:c5:f6:6c:9b:16:eb:73:25:41:ae:04:
         30:5a:08:ac:0a:8b:de:bb:e3:9b:7a:33:39:f2:03:84:76:43:
         de:03:fc:a0:c1:cc:e5:a9:44:5e:00:cb:3b:bf:92:15:e7:fb:
         fe:d7:db:9e:60:da:43:b5:91:0b:6a:ec:06:24:6a:25:a7:c3:
         b2:f1:23:c5:82:eb:55:d4:41:42:96:2f:1c:18:73:5e:59:b0:
         88:19:67:6d:f1:ae:d0:43:36:1f:df:90:f6:4b:51:a6:59:12:
         d8:75:4b:d3:fc:7d:f3:92:34:ae:4b:96:0a:77:f7:8f:fa:6f:
         9c:97:05:a5:bf:04:95:f9:1a:3b:5b:b1:5c:a8:92:25:72:11:
         f9:f6:0d:1c:44:7f:85:d5:c5:3b:a6:26:ac:f3:75:26:b8:ed:
         32:bb:8a:a5:6e:27:e3:ec:c1:53:a5:e1:08:44:08:c3:bd:03:
         05:3a:98:e5:81:49:0c:92:12:cf:16:e6:f0:df:cd:75:b9:65:
         ad:91:79:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/FnHjXz0vDWJsV3Ix4VLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYWQ0Yzg5ZjdhZWQ4NjgxZDAyMDJkMjI0NzlkODZlMTQ2
MmY4ODkwHhcNMjUwMTAyMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNlMzg5MTNiMDI0OGEyNDcxNzgzMzg5YmE2YmJjYjI2ZTRkODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37sGk43xbFfvmeeX/eF/WDzmO7zU
EqAVZmHYv9K0tyK1w6+d4LqmCUBtslh0oh2jkI6rI6AlWw1aZ1UVlsMDoZ3yVIz8
FYpm3/CF7/H4m8VASHxlnYibEuLeS+XOx46s5i2DX1ZJ+lb5GAla3xI5aQeOBhPM
UR93TsGSSCcRBH5l3ywrRRHnWJVnXYrOP8mwhs749DgZJbHhXgFrUK1v5/XPTWg+
SUFGHBu3NZDWHt3QWtHAB9YnS+49omnJFMqDRa1dFRjJrNaa6oosubk7Uuw4XEfk
pMlYF/PoFt6u44PRBrHwmC58M1+08kTA+FnXlirJ2rIllGIx4qUyQ1L6JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbOOJE7AkiiRxeDOJumu8sm5NgVMB8GA1UdIwQY
MBaAFN6tTIn3rthoHQIC0iR52G4UYviJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3ExTWlmZXUyR2dkQWdMU0pIblliaFJpLUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9jZWE2NWYtZWNhMS00ZjgwLTg3NGUt
NWJjZmNlNWNhMmM3LzEvaHM0NGtUc0NTS0pIRjRNNG02YTd5eWJrMkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9jZWE2NWYtZWNhMS00ZjgwLTg3NGUtNWJjZmNlNWNhMmM3
LzEvM3ExTWlmZXUyR2dkQWdMU0pIblliaFJpLUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSyoMA0G
CSqGSIb3DQEBCwUAA4IBAQAyY+AlBJTnlTOZTYDDzVR5rb8A9HxDnCor1e4cwUIQ
Kakl4E426nmAJNYcDX9hK0aUWU2PDeMj7+bdkuH7xfZsmxbrcyVBrgQwWgisCove
u+ObejM58gOEdkPeA/ygwczlqUReAMs7v5IV5/v+19ueYNpDtZELauwGJGolp8Oy
8SPFgutV1EFCli8cGHNeWbCIGWdt8a7QQzYf35D2S1GmWRLYdUvT/H3zkjSuS5YK
d/eP+m+clwWlvwSV+Ro7W7FcqJIlchH59g0cRH+F1cU7pias83UmuO0yu4qlbifj
7MFTpeEIRAjDvQMFOpjlgUkMkhLPFubw3811uWWtkXkX
-----END CERTIFICATE-----