Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/mybAcjA1IOsv9FS5BeIQlTdrb6Y.roa
File:                     mybAcjA1IOsv9FS5BeIQlTdrb6Y.roa (raw, json)
Hash identifier:          cuSzvE8noZ1y1XGt0lazVFMRb16ORJnHcFqksCjAQJU=
Subject key identifier:   9B:26:C0:72:30:35:20:EB:2F:F4:54:B9:05:E2:10:95:37:6B:6F:A6
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       018CC56EAD0F9AEFFCB068D4998A6C98BD9C
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/mybAcjA1IOsv9FS5BeIQlTdrb6Y.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203218
IP address blocks:        185.44.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ad:0f:9a:ef:fc:b0:68:d4:99:8a:6c:98:bd:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b26c072303520eb2ff454b905e21095376b6fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2e:6d:9a:1e:e6:0b:d9:fa:87:48:ad:b9:91:
                    36:56:35:f4:67:6d:8a:52:c3:64:9f:66:87:50:6a:
                    58:6e:ac:38:f6:80:fd:ee:da:40:d8:13:d2:f3:9b:
                    d1:bd:81:eb:dc:7c:84:b4:69:2a:51:1b:4b:21:55:
                    87:21:47:0d:35:e3:40:25:47:14:85:87:e1:df:90:
                    5e:52:42:3f:ea:a9:23:9d:3d:f5:6c:68:cc:6e:57:
                    b8:a0:b5:6c:bd:76:71:9a:ce:88:fc:b5:25:69:13:
                    5c:c4:e6:6f:33:9a:04:f2:c5:6a:01:6f:e0:04:7b:
                    c8:46:12:40:94:da:5e:5b:0c:93:f8:1a:60:67:70:
                    f9:04:35:0f:23:b5:cd:d0:fc:8e:e4:b7:cc:94:6f:
                    ba:bb:c8:9d:07:48:ff:b9:06:30:27:c0:a2:e2:d4:
                    9e:e7:e0:aa:ed:1f:3f:73:08:c9:4b:8d:03:23:1c:
                    8a:20:70:8c:1e:17:63:8a:ba:c2:65:2e:96:04:e7:
                    01:eb:56:75:15:f4:56:cf:22:72:e5:e4:f6:06:6c:
                    75:bf:70:e3:be:53:cf:f9:a3:bc:c7:03:bb:4b:98:
                    4d:19:d7:7f:bc:a0:1a:61:66:88:61:fc:74:37:6c:
                    eb:f5:0b:b1:bf:aa:ab:02:c3:85:3c:5e:cc:eb:61:
                    86:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:26:C0:72:30:35:20:EB:2F:F4:54:B9:05:E2:10:95:37:6B:6F:A6
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/mybAcjA1IOsv9FS5BeIQlTdrb6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:82:d0:4e:67:7a:91:9b:9f:6b:e1:3e:6f:92:ff:6f:13:17:
         bb:cc:fc:3a:37:ab:5d:78:93:9d:11:6c:ed:2d:26:95:15:05:
         54:12:9b:09:ba:00:4d:ed:d3:45:da:97:5a:11:81:4e:e8:57:
         bc:e7:75:ee:b9:2d:fa:ee:61:aa:eb:7f:bf:90:24:0b:2e:ea:
         d3:b6:bd:bf:60:25:aa:e3:0c:b2:ca:58:8f:0e:c1:62:0d:b6:
         8a:01:63:8b:5a:34:87:97:6a:3e:2d:59:06:39:93:3b:9d:5c:
         5e:e2:05:15:73:78:68:4b:d2:17:95:60:c2:b0:89:2e:e9:30:
         5c:b5:b9:68:4e:60:e2:0f:de:9e:4d:0f:01:a2:0b:2d:d7:b4:
         4d:c0:a8:69:a4:6a:2e:fa:c0:4f:59:d9:35:ca:35:29:25:c7:
         c7:5d:03:ba:7f:26:1e:45:b2:b5:51:ac:7d:4f:d1:17:40:83:
         96:9a:ce:2b:b0:66:a5:9b:2a:0d:23:53:74:61:36:31:57:d7:
         3e:0a:28:f2:f0:61:e0:d0:6a:fa:bf:b3:91:4d:12:54:ea:ea:
         2d:3d:e6:97:a8:32:4a:e4:cc:62:3a:c3:60:28:78:eb:2f:72:
         d5:b6:af:3b:6f:49:49:d3:c3:03:d3:0f:fc:2a:6d:c9:86:b8:
         71:55:8e:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbq0Pmu/8sGjUmYpsmL2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjI2YzA3MjMwMzUyMGViMmZmNDU0YjkwNWUyMTA5NTM3NmI2ZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAni5tmh7mC9n6h0ituZE2VjX0Z22K
UsNkn2aHUGpYbqw49oD97tpA2BPS85vRvYHr3HyEtGkqURtLIVWHIUcNNeNAJUcU
hYfh35BeUkI/6qkjnT31bGjMble4oLVsvXZxms6I/LUlaRNcxOZvM5oE8sVqAW/g
BHvIRhJAlNpeWwyT+BpgZ3D5BDUPI7XN0PyO5LfMlG+6u8idB0j/uQYwJ8Ci4tSe
5+Cq7R8/cwjJS40DIxyKIHCMHhdjirrCZS6WBOcB61Z1FfRWzyJy5eT2Bmx1v3Dj
vlPP+aO8xwO7S5hNGdd/vKAaYWaIYfx0N2zr9Quxv6qrAsOFPF7M62GGSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsmwHIwNSDrL/RUuQXiEJU3a2+mMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvbXliQWNqQTFJT3N2OUZTNUJlSVFsVGRyYjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSxQMA0G
CSqGSIb3DQEBCwUAA4IBAQCrgtBOZ3qRm59r4T5vkv9vExe7zPw6N6tdeJOdEWzt
LSaVFQVUEpsJugBN7dNF2pdaEYFO6Fe853XuuS367mGq63+/kCQLLurTtr2/YCWq
4wyyyliPDsFiDbaKAWOLWjSHl2o+LVkGOZM7nVxe4gUVc3hoS9IXlWDCsIku6TBc
tbloTmDiD96eTQ8Bogst17RNwKhppGou+sBPWdk1yjUpJcfHXQO6fyYeRbK1Uax9
T9EXQIOWms4rsGalmyoNI1N0YTYxV9c+Cijy8GHg0Gr6v7ORTRJU6uotPeaXqDJK
5MxiOsNgKHjrL3LVtq87b0lJ08MD0w/8Km3JhrhxVY5x
-----END CERTIFICATE-----