Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/gE2C1EfDuVwxxJDKotTRnz-Yq4w.roa
File:                     gE2C1EfDuVwxxJDKotTRnz-Yq4w.roa (raw, json)
Hash identifier:          pwL0fRQakGirIxsJOmpHF82vAfTBBCME2LVYmBIAzQA=
Subject key identifier:   80:4D:82:D4:47:C3:B9:5C:31:C4:90:CA:A2:D4:D1:9F:3F:98:AB:8C
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       0194221F8C79443270FB37A0782CCC61C776
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/gE2C1EfDuVwxxJDKotTRnz-Yq4w.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39421
IP address blocks:        185.44.80.0/23 maxlen: 23
                          185.44.80.0/24 maxlen: 24
                          185.44.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:79:44:32:70:fb:37:a0:78:2c:cc:61:c7:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=804d82d447c3b95c31c490caa2d4d19f3f98ab8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fe:54:e0:8b:f8:8b:06:c3:73:3e:5c:f4:71:
                    0c:eb:9d:c9:dc:26:12:9a:77:e2:7e:28:d1:6b:0c:
                    08:45:be:2e:e1:bf:5a:db:4e:e1:f2:89:67:4d:15:
                    30:54:94:c8:be:5b:eb:90:25:06:6d:97:e4:35:48:
                    d7:a6:1a:3a:85:1c:35:b4:28:26:5a:73:46:b9:8d:
                    77:3f:ad:a0:5b:8a:90:79:cf:99:8e:57:22:4c:83:
                    1c:10:72:54:f2:f5:5a:f9:07:09:80:24:ab:c8:08:
                    f8:89:29:4f:0c:0c:de:7d:01:6e:2a:3e:c9:32:0f:
                    6e:33:b3:b9:6d:ae:b8:62:90:71:0f:d0:35:36:91:
                    04:78:a2:61:79:63:68:50:f7:c7:4a:51:6c:14:79:
                    07:2f:6f:0c:1d:f5:b3:98:bb:a6:ef:cb:90:8b:78:
                    5b:0b:0a:1a:67:bc:b1:6d:c2:8a:54:03:a9:fd:60:
                    af:b2:d8:07:d4:45:d3:98:b5:df:eb:65:0b:f9:c8:
                    e7:ee:ca:f1:58:51:dc:26:8c:5e:9e:7b:5b:ad:66:
                    29:2e:37:49:61:ca:ec:29:8d:69:27:78:02:f7:1d:
                    54:ba:5a:2d:92:85:ee:da:3b:c7:be:89:90:eb:46:
                    23:7a:51:f3:32:bb:26:0e:e5:e7:00:2d:b0:b1:a8:
                    62:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4D:82:D4:47:C3:B9:5C:31:C4:90:CA:A2:D4:D1:9F:3F:98:AB:8C
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/gE2C1EfDuVwxxJDKotTRnz-Yq4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:e7:a0:26:09:e6:2c:13:2e:dc:ab:e2:1f:77:06:de:d8:fd:
         69:5b:be:68:ed:8e:55:73:6a:31:83:cc:10:a3:32:37:f5:2e:
         50:dc:0b:7b:1d:8a:c5:e6:de:18:be:be:21:c8:18:89:49:ac:
         b3:b7:d7:96:fe:a3:ad:49:c7:fc:f0:1b:ba:64:ed:4f:0d:4c:
         dc:80:cf:c8:86:cb:7b:a2:a1:ef:b0:c4:4b:b8:94:f8:dc:a0:
         36:80:7b:95:f6:e8:44:c3:64:2d:3c:f1:ba:34:19:f9:7f:e9:
         1f:a2:c9:f9:62:14:e4:9c:98:67:bb:c4:0b:7d:2a:85:9c:72:
         8d:34:3a:56:db:ca:26:4d:d9:b2:5b:e1:f0:5c:ab:3c:1d:f8:
         e0:8c:c2:7e:a4:93:89:b3:e1:fb:f5:44:50:3a:87:69:53:0a:
         db:de:74:fe:f9:8e:0f:13:77:c7:3a:a9:ee:01:e2:f6:ff:12:
         ac:dc:b4:90:99:f5:73:a0:a4:3e:73:31:61:27:f7:57:54:22:
         a1:32:e8:d8:de:dd:dd:ab:db:fe:92:ca:fe:06:22:52:bf:e5:
         2b:58:9f:6a:2c:e9:c8:aa:40:c3:55:4c:22:66:9a:bd:78:9c:
         46:d3:65:1b:98:1a:e7:ef:21:c0:49:5a:6e:0f:da:e6:6b:5f:
         7b:c1:6b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4x5RDJw+zegeCzMYcd2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDRkODJkNDQ3YzNiOTVjMzFjNDkwY2FhMmQ0ZDE5ZjNmOThhYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0P5U4Iv4iwbDcz5c9HEM653J3CYS
mnfifijRawwIRb4u4b9a207h8olnTRUwVJTIvlvrkCUGbZfkNUjXpho6hRw1tCgm
WnNGuY13P62gW4qQec+ZjlciTIMcEHJU8vVa+QcJgCSryAj4iSlPDAzefQFuKj7J
Mg9uM7O5ba64YpBxD9A1NpEEeKJheWNoUPfHSlFsFHkHL28MHfWzmLum78uQi3hb
CwoaZ7yxbcKKVAOp/WCvstgH1EXTmLXf62UL+cjn7srxWFHcJoxenntbrWYpLjdJ
YcrsKY1pJ3gC9x1UulotkoXu2jvHvomQ60YjelHzMrsmDuXnAC2wsahigQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBNgtRHw7lcMcSQyqLU0Z8/mKuMMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvZ0UyQzFFZkR1Vnd4eEpES290VFJuei1ZcTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSxQMA0G
CSqGSIb3DQEBCwUAA4IBAQBR56AmCeYsEy7cq+Ifdwbe2P1pW75o7Y5Vc2oxg8wQ
ozI39S5Q3At7HYrF5t4Yvr4hyBiJSayzt9eW/qOtScf88Bu6ZO1PDUzcgM/Ihst7
oqHvsMRLuJT43KA2gHuV9uhEw2QtPPG6NBn5f+kfosn5YhTknJhnu8QLfSqFnHKN
NDpW28omTdmyW+HwXKs8HfjgjMJ+pJOJs+H79URQOodpUwrb3nT++Y4PE3fHOqnu
AeL2/xKs3LSQmfVzoKQ+czFhJ/dXVCKhMujY3t3dq9v+ksr+BiJSv+UrWJ9qLOnI
qkDDVUwiZpq9eJxG02UbmBrn7yHASVpuD9rma197wWsi
-----END CERTIFICATE-----