Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/44EVRtG6dghdl7XBVx84mQP51eQ.roa
File:                     44EVRtG6dghdl7XBVx84mQP51eQ.roa (raw, json)
Hash identifier:          CYm7Nx6WYhUusymE5kduLJLg1OYqLb24QE+xTjFb2mY=
Subject key identifier:   E3:81:15:46:D1:BA:76:08:5D:97:B5:C1:57:1F:38:99:03:F9:D5:E4
Certificate issuer:       /CN=e871726c4c103e0eb42c2f0e8b5da8733fa7efed
Certificate serial:       018CCA2BEA9C8A574ABBFBFC25E9EB4685BC
Authority key identifier: E8:71:72:6C:4C:10:3E:0E:B4:2C:2F:0E:8B:5D:A8:73:3F:A7:EF:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HFybEwQPg60LC8Oi12ocz-n7-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/44EVRtG6dghdl7XBVx84mQP51eQ.roa
Signing time:             Tue 02 Jan 2024 12:35:24 +0000
ROA not before:           Tue 02 Jan 2024 12:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41617
IP address blocks:        195.138.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/6HFybEwQPg60LC8Oi12ocz-n7-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/6HFybEwQPg60LC8Oi12ocz-n7-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HFybEwQPg60LC8Oi12ocz-n7-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ea:9c:8a:57:4a:bb:fb:fc:25:e9:eb:46:85:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e871726c4c103e0eb42c2f0e8b5da8733fa7efed
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3811546d1ba76085d97b5c1571f389903f9d5e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b7:0d:7a:37:3a:96:50:14:12:63:68:ec:73:
                    71:6f:5a:b6:c1:36:e6:fc:a3:71:8b:d3:6e:d4:ec:
                    48:a3:6a:a3:e2:8e:cf:65:5a:e9:e0:55:43:cd:f8:
                    c3:ac:cf:e7:cd:fc:34:b4:43:2b:63:e9:10:6e:d4:
                    c0:98:0f:dd:d5:0a:c7:88:b5:ed:b1:f2:00:f3:3f:
                    f3:7c:3b:04:2b:a9:33:e5:f6:92:af:6b:b6:36:d9:
                    57:2c:72:bb:cf:13:d1:40:97:d0:b3:ba:e1:11:02:
                    e5:30:48:a1:85:a9:8d:08:42:f9:40:27:5c:0d:e6:
                    7a:57:d3:62:69:88:44:f5:4d:8d:79:14:ce:60:fd:
                    b1:c1:c1:28:23:85:aa:73:c1:56:11:f4:a6:32:4a:
                    c9:06:54:1c:c5:91:b7:88:94:f0:1f:30:48:21:0f:
                    69:56:4a:72:8b:e7:0e:05:84:45:76:26:d7:43:17:
                    33:67:6c:9c:f5:d4:f3:c8:c1:26:0c:8b:ba:38:d0:
                    3d:2e:b5:c2:8d:fa:bc:d4:cd:d1:b6:e8:fc:4c:64:
                    5b:95:34:a0:1c:40:3c:36:34:eb:db:ea:e0:c6:52:
                    38:b1:77:fb:e6:77:d1:7a:2a:4c:9b:f4:c4:aa:f1:
                    5d:8e:b8:3b:ff:c2:1f:59:33:bc:9a:58:69:70:5e:
                    c3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:81:15:46:D1:BA:76:08:5D:97:B5:C1:57:1F:38:99:03:F9:D5:E4
            X509v3 Authority Key Identifier:
                keyid:E8:71:72:6C:4C:10:3E:0E:B4:2C:2F:0E:8B:5D:A8:73:3F:A7:EF:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HFybEwQPg60LC8Oi12ocz-n7-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/44EVRtG6dghdl7XBVx84mQP51eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/cd5c81-d205-40dc-a85b-f744fdc83cf5/1/6HFybEwQPg60LC8Oi12ocz-n7-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:23:25:f6:07:43:83:ac:4c:08:85:50:20:af:04:1d:67:21:
         19:a7:f0:e4:a9:ef:39:f3:23:7d:7e:d4:96:4c:bb:12:64:5e:
         e9:85:f1:df:3f:e2:ae:2c:2f:34:97:3d:7c:58:70:93:e0:9a:
         45:a3:31:78:6b:92:3d:4a:cc:b1:99:35:f3:0b:c3:31:e8:80:
         69:a6:bd:fe:03:19:9a:d4:fa:3e:e0:f3:54:a2:56:40:fa:20:
         20:81:b0:2f:4d:18:b6:82:66:b6:da:ff:d8:b3:92:ce:5b:59:
         37:54:86:ac:43:2c:db:11:0d:dc:c5:94:68:80:cb:e3:d7:d4:
         b1:2b:43:0b:c4:8b:1f:ca:49:f7:83:b8:7d:68:20:e8:bc:40:
         30:9b:ed:14:63:35:68:d3:fc:9d:15:b6:fd:47:b4:90:70:a9:
         f4:e5:b6:cd:87:79:71:de:e3:50:83:95:25:88:67:c7:4b:76:
         80:d0:1f:95:bc:16:6d:f8:1a:f4:c0:ad:d6:1d:c7:f3:c4:ae:
         67:29:0b:53:0a:8d:cf:30:23:92:dc:e6:b8:85:71:ec:38:e1:
         df:8d:18:16:e3:d1:28:ae:3c:fc:1a:f9:1a:ce:52:55:03:55:
         20:96:5f:38:64:3f:cb:ba:32:47:dc:41:c2:30:cd:41:9c:55:
         9f:59:fa:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+qcildKu/v8JenrRoW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzE3MjZjNGMxMDNlMGViNDJjMmYwZThiNWRhODczM2Zh
N2VmZWQwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzgxMTU0NmQxYmE3NjA4NWQ5N2I1YzE1NzFmMzg5OTAzZjlkNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrcNejc6llAUEmNo7HNxb1q2wTbm
/KNxi9Nu1OxIo2qj4o7PZVrp4FVDzfjDrM/nzfw0tEMrY+kQbtTAmA/d1QrHiLXt
sfIA8z/zfDsEK6kz5faSr2u2NtlXLHK7zxPRQJfQs7rhEQLlMEihhamNCEL5QCdc
DeZ6V9NiaYhE9U2NeRTOYP2xwcEoI4Wqc8FWEfSmMkrJBlQcxZG3iJTwHzBIIQ9p
Vkpyi+cOBYRFdibXQxczZ2yc9dTzyMEmDIu6ONA9LrXCjfq81M3Rtuj8TGRblTSg
HEA8NjTr2+rgxlI4sXf75nfReipMm/TEqvFdjrg7/8IfWTO8mlhpcF7D9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOBFUbRunYIXZe1wVcfOJkD+dXkMB8GA1UdIwQY
MBaAFOhxcmxMED4OtCwvDotdqHM/p+/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhGeWJFd1FQZzYwTEM4T2kxMm9jei1uNy0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jZDVjODEtZDIwNS00MGRjLWE4NWIt
Zjc0NGZkYzgzY2Y1LzEvNDRFVlJ0RzZkZ2hkbDdYQlZ4ODRtUVA1MWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jZDVjODEtZDIwNS00MGRjLWE4NWItZjc0NGZkYzgzY2Y1
LzEvNkhGeWJFd1FQZzYwTEM4T2kxMm9jei1uNy0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4rSMA0G
CSqGSIb3DQEBCwUAA4IBAQBlIyX2B0ODrEwIhVAgrwQdZyEZp/Dkqe858yN9ftSW
TLsSZF7phfHfP+KuLC80lz18WHCT4JpFozF4a5I9SsyxmTXzC8Mx6IBppr3+Axma
1Po+4PNUolZA+iAggbAvTRi2gma22v/Ys5LOW1k3VIasQyzbEQ3cxZRogMvj19Sx
K0MLxIsfykn3g7h9aCDovEAwm+0UYzVo0/ydFbb9R7SQcKn05bbNh3lx3uNQg5Ul
iGfHS3aA0B+VvBZt+Br0wK3WHcfzxK5nKQtTCo3PMCOS3Oa4hXHsOOHfjRgW49Eo
rjz8GvkazlJVA1Ugll84ZD/LujJH3EHCMM1BnFWfWfrK
-----END CERTIFICATE-----