Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/2kKgjfyddVwBqBtbcmC591hhds0.roa
File:                     2kKgjfyddVwBqBtbcmC591hhds0.roa (raw, json)
Hash identifier:          J3PsfHURY5KO0r8jrXSygLDWI9PtPmq+khbJ0BwKbpo=
Subject key identifier:   DA:42:A0:8D:FC:9D:75:5C:01:A8:1B:5B:72:60:B9:F7:58:61:76:CD
Certificate issuer:       /CN=69f295a3108f5cf1d326ffe9bf610fbcf18d72df
Certificate serial:       01942521AF5DE53113B44059CEE057B0FF38
Authority key identifier: 69:F2:95:A3:10:8F:5C:F1:D3:26:FF:E9:BF:61:0F:BC:F1:8D:72:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/2kKgjfyddVwBqBtbcmC591hhds0.roa
Signing time:             Thu 02 Jan 2025 03:49:12 +0000
ROA not before:           Thu 02 Jan 2025 03:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40987
IP address blocks:        185.223.44.0/24 maxlen: 24
                          185.223.45.0/24 maxlen: 24
                          185.223.46.0/24 maxlen: 24
                          185.223.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 15:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:af:5d:e5:31:13:b4:40:59:ce:e0:57:b0:ff:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f295a3108f5cf1d326ffe9bf610fbcf18d72df
        Validity
            Not Before: Jan  2 03:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da42a08dfc9d755c01a81b5b7260b9f7586176cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3c:c7:4b:c1:c1:1f:8b:fd:f1:7d:07:d2:19:
                    64:bb:43:c4:77:d3:72:ed:70:4b:1d:58:49:5b:90:
                    ec:d5:b2:25:2f:0b:1d:fa:22:43:df:fc:84:5a:70:
                    2a:78:28:d1:6e:0b:f4:c2:58:2f:8a:42:0a:a0:77:
                    73:0f:7c:17:a2:a6:93:64:16:42:09:d8:f1:3a:77:
                    a6:6c:52:1b:29:cd:aa:eb:3b:12:20:13:8c:94:ff:
                    e4:fd:55:3f:11:00:96:33:4b:a7:38:a8:5a:1b:94:
                    97:d9:de:e5:eb:8c:18:c8:4f:0f:87:f1:90:81:17:
                    b1:50:8d:42:ad:a4:0b:95:a5:80:1e:08:50:de:bc:
                    df:34:18:ab:2c:ea:9b:85:04:7b:70:c2:4a:f9:04:
                    d6:19:bf:09:23:01:54:a9:82:b6:e3:bd:b0:c7:75:
                    0a:71:9d:8c:8f:cc:dd:7c:c5:39:9f:8a:ab:db:e1:
                    53:ed:89:0e:00:75:b9:b2:64:fb:ee:0c:84:ac:26:
                    04:a0:90:62:e9:01:9a:a6:cd:57:14:89:bd:d8:0f:
                    58:e2:b1:c2:b9:30:62:de:7e:61:f8:e3:c9:fe:df:
                    8b:3a:79:bc:4a:c0:5f:35:04:71:03:2f:33:48:d0:
                    ee:84:a3:7c:a1:f3:1a:93:af:26:97:0c:c6:a4:fb:
                    84:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:42:A0:8D:FC:9D:75:5C:01:A8:1B:5B:72:60:B9:F7:58:61:76:CD
            X509v3 Authority Key Identifier:
                keyid:69:F2:95:A3:10:8F:5C:F1:D3:26:FF:E9:BF:61:0F:BC:F1:8D:72:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/2kKgjfyddVwBqBtbcmC591hhds0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:0d:9c:b1:3b:f8:0e:9a:7e:84:8f:6e:e3:38:b3:a4:0f:19:
         d9:0e:c1:b1:8e:54:c6:5e:42:1f:7a:4e:f4:61:a7:a6:91:99:
         63:1a:b0:3f:a0:63:9a:48:2c:9f:28:13:cf:18:11:5f:13:1c:
         8d:d7:3b:27:b2:ac:a9:52:4b:32:b4:31:9c:f5:c6:c8:d8:a6:
         0b:8d:d8:58:34:c8:67:02:b0:e2:76:03:b1:fa:fe:03:b6:e6:
         2f:d4:13:07:c5:f8:fb:b5:82:c7:ba:21:ad:e4:10:07:76:13:
         42:63:93:89:d0:13:38:0c:c3:0a:24:31:ff:15:b1:4b:55:63:
         a6:da:8e:5d:ba:bc:fe:77:9e:bb:63:d9:03:36:1b:de:a5:23:
         be:e4:3d:f2:c7:91:51:34:78:56:4d:6b:5d:99:dd:8c:e4:bd:
         38:e8:87:c9:eb:ed:5e:98:cf:f2:2d:27:7f:61:11:3c:0f:3b:
         16:2d:51:19:90:1a:ba:a5:16:9f:0a:b3:2c:55:44:72:c3:6a:
         67:53:30:6e:35:92:21:2f:74:96:f5:f8:b3:85:b1:fb:93:54:
         16:16:1b:03:0d:74:bf:14:18:4f:52:d9:eb:56:83:c9:7e:97:
         cd:4f:ca:9b:f3:29:a2:10:02:2a:ad:3d:98:b5:79:cb:e3:8d:
         2d:e0:4a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIa9d5TETtEBZzuBXsP84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjI5NWEzMTA4ZjVjZjFkMzI2ZmZlOWJmNjEwZmJjZjE4
ZDcyZGYwHhcNMjUwMTAyMDM0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQyYTA4ZGZjOWQ3NTVjMDFhODFiNWI3MjYwYjlmNzU4NjE3NmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDzHS8HBH4v98X0H0hlku0PEd9Ny
7XBLHVhJW5Ds1bIlLwsd+iJD3/yEWnAqeCjRbgv0wlgvikIKoHdzD3wXoqaTZBZC
CdjxOnembFIbKc2q6zsSIBOMlP/k/VU/EQCWM0unOKhaG5SX2d7l64wYyE8Ph/GQ
gRexUI1CraQLlaWAHghQ3rzfNBirLOqbhQR7cMJK+QTWGb8JIwFUqYK2472wx3UK
cZ2Mj8zdfMU5n4qr2+FT7YkOAHW5smT77gyErCYEoJBi6QGaps1XFIm92A9Y4rHC
uTBi3n5h+OPJ/t+LOnm8SsBfNQRxAy8zSNDuhKN8ofMak68mlwzGpPuESQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpCoI38nXVcAagbW3JgufdYYXbNMB8GA1UdIwQY
MBaAFGnylaMQj1zx0yb/6b9hD7zxjXLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZLVm94Q1BYUEhUSnZfcHYyRVB2UEdOY3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny80MzBjZjctNDQwNy00MjQ3LWIyZGEt
NWExMGQxOWNmMWYzLzEvMmtLZ2pmeWRkVndCcUJ0YmNtQzU5MWhoZHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny80MzBjZjctNDQwNy00MjQ3LWIyZGEtNWExMGQxOWNmMWYz
LzEvYWZLVm94Q1BYUEhUSnZfcHYyRVB2UEdOY3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud8sMA0G
CSqGSIb3DQEBCwUAA4IBAQCdDZyxO/gOmn6Ej27jOLOkDxnZDsGxjlTGXkIfek70
YaemkZljGrA/oGOaSCyfKBPPGBFfExyN1zsnsqypUksytDGc9cbI2KYLjdhYNMhn
ArDidgOx+v4DtuYv1BMHxfj7tYLHuiGt5BAHdhNCY5OJ0BM4DMMKJDH/FbFLVWOm
2o5durz+d567Y9kDNhvepSO+5D3yx5FRNHhWTWtdmd2M5L046IfJ6+1emM/yLSd/
YRE8DzsWLVEZkBq6pRafCrMsVURyw2pnUzBuNZIhL3SW9fizhbH7k1QWFhsDDXS/
FBhPUtnrVoPJfpfNT8qb8ymiEAIqrT2YtXnL440t4Eok
-----END CERTIFICATE-----