Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/0ZPiH2L1KLca8WM_8lovuDN7haw.roa
File:                     0ZPiH2L1KLca8WM_8lovuDN7haw.roa (raw, json)
Hash identifier:          C+32Smd/zvoeS3HFaoFnPBNbXx9mdiDVdzUztcL+U0M=
Subject key identifier:   D1:93:E2:1F:62:F5:28:B7:1A:F1:63:3F:F2:5A:2F:B8:33:7B:85:AC
Certificate issuer:       /CN=44ceb61e71a619f2314e9d9846ec67bc88a1244c
Certificate serial:       018CCA2A8A963784848AC03218CBD31826F7
Authority key identifier: 44:CE:B6:1E:71:A6:19:F2:31:4E:9D:98:46:EC:67:BC:88:A1:24:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/0ZPiH2L1KLca8WM_8lovuDN7haw.roa
Signing time:             Tue 02 Jan 2024 12:33:54 +0000
ROA not before:           Tue 02 Jan 2024 12:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204577
IP address blocks:        185.54.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8a:96:37:84:84:8a:c0:32:18:cb:d3:18:26:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44ceb61e71a619f2314e9d9846ec67bc88a1244c
        Validity
            Not Before: Jan  2 12:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d193e21f62f528b71af1633ff25a2fb8337b85ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:58:b4:4e:48:f1:4e:45:a4:78:59:f6:d3:da:
                    78:b1:d8:96:cb:2d:d5:f1:ae:92:4e:69:aa:ba:9f:
                    87:64:33:cb:a3:dc:b6:3b:f9:00:91:05:4d:51:68:
                    94:d7:79:6e:a4:2f:47:c9:f6:fb:f2:52:7b:5b:de:
                    78:b9:ba:df:4e:6b:bf:d4:59:6c:75:8f:8b:bb:9f:
                    f4:06:59:54:22:c1:97:59:96:e9:6a:d4:c2:fe:83:
                    d6:18:5b:e5:9a:09:70:d8:81:51:b7:5f:19:74:91:
                    13:8b:62:d1:b5:c9:57:54:3f:af:4b:66:30:89:34:
                    dc:0b:56:24:80:25:80:ab:5d:dc:ae:63:1c:d3:b4:
                    10:99:7f:ba:78:b3:12:f1:6b:8b:4f:2c:fb:c2:53:
                    23:21:94:8a:68:a6:e7:c3:fd:2e:42:84:ec:c3:e0:
                    ff:2a:de:b4:12:61:a0:d0:3e:1d:eb:dd:ed:7f:72:
                    3e:06:eb:37:4d:ac:9b:12:6e:e6:8f:f4:5c:7c:67:
                    9b:6d:51:55:14:a7:16:dd:96:18:8e:7d:07:d6:78:
                    01:4d:d5:87:63:32:d5:21:d5:9b:aa:06:31:f9:00:
                    8e:98:93:57:7a:8f:4b:c2:5a:16:5a:b0:eb:80:65:
                    9b:ce:81:28:45:79:2c:27:91:b6:ff:f8:e7:2e:d6:
                    99:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:93:E2:1F:62:F5:28:B7:1A:F1:63:3F:F2:5A:2F:B8:33:7B:85:AC
            X509v3 Authority Key Identifier:
                keyid:44:CE:B6:1E:71:A6:19:F2:31:4E:9D:98:46:EC:67:BC:88:A1:24:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/0ZPiH2L1KLca8WM_8lovuDN7haw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:8e:34:66:12:47:df:4e:9a:c0:b0:75:f0:05:ca:b4:8c:83:
         1f:dc:31:be:31:63:e3:85:1f:dd:23:f2:e8:96:f7:ff:4a:fe:
         4d:1b:ff:22:fe:2f:92:c6:02:1d:1d:8f:ba:60:de:90:86:1d:
         3a:d8:79:78:3c:1e:49:4b:3d:ad:f3:db:da:2d:84:f3:0d:79:
         3d:7a:42:a2:bd:91:da:79:c6:fc:03:1d:84:04:15:78:55:f9:
         58:af:a1:f0:6f:fe:63:bb:fb:9c:47:f3:fb:7c:c6:9e:aa:7d:
         fe:81:72:ea:8c:4a:5a:7d:b7:dc:cf:09:55:64:7b:e8:c3:72:
         35:01:39:3c:26:e8:b5:8a:5c:95:b2:6a:5b:54:73:5e:29:ca:
         11:f2:7c:0e:db:1e:e3:bb:6e:b0:84:42:ca:6d:9d:4c:01:32:
         21:5e:bc:d6:fd:0a:73:9e:60:34:6d:d3:38:28:bf:a9:07:b3:
         dd:54:3f:b7:a1:f1:8c:84:6d:fd:b1:e1:02:1e:41:bf:39:ee:
         fa:67:78:ba:5c:a9:db:0a:5d:70:cd:6e:c2:04:4f:c0:fd:d6:
         b8:ec:71:eb:27:24:38:d2:4f:8c:9b:c7:92:24:ca:4b:fa:a3:
         df:e8:9d:0c:ec:ac:aa:36:af:4d:52:0a:3b:51:29:8c:8f:ad:
         87:f4:8b:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoqWN4SEisAyGMvTGCb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Y2ViNjFlNzFhNjE5ZjIzMTRlOWQ5ODQ2ZWM2N2JjODhh
MTI0NGMwHhcNMjQwMTAyMTIzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTkzZTIxZjYyZjUyOGI3MWFmMTYzM2ZmMjVhMmZiODMzN2I4NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fi0TkjxTkWkeFn209p4sdiWyy3V
8a6STmmqup+HZDPLo9y2O/kAkQVNUWiU13lupC9Hyfb78lJ7W954ubrfTmu/1Fls
dY+Lu5/0BllUIsGXWZbpatTC/oPWGFvlmglw2IFRt18ZdJETi2LRtclXVD+vS2Yw
iTTcC1YkgCWAq13crmMc07QQmX+6eLMS8WuLTyz7wlMjIZSKaKbnw/0uQoTsw+D/
Kt60EmGg0D4d693tf3I+Bus3TaybEm7mj/RcfGebbVFVFKcW3ZYYjn0H1ngBTdWH
YzLVIdWbqgYx+QCOmJNXeo9LwloWWrDrgGWbzoEoRXksJ5G2//jnLtaZnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGT4h9i9Si3GvFjP/JaL7gze4WsMB8GA1UdIwQY
MBaAFETOth5xphnyMU6dmEbsZ7yIoSRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk02MkhuR21HZkl4VHAyWVJ1eG52SWloSkV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wN2VhYzctNGQ1Mi00NmQ5LWJhNDQt
ODk0NTg2MGQ1MjM4LzEvMFpQaUgyTDFLTGNhOFdNXzhsb3Z1RE43aGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wN2VhYzctNGQ1Mi00NmQ5LWJhNDQtODk0NTg2MGQ1MjM4
LzEvUk02MkhuR21HZkl4VHAyWVJ1eG52SWloSkV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTbSMA0G
CSqGSIb3DQEBCwUAA4IBAQAPjjRmEkffTprAsHXwBcq0jIMf3DG+MWPjhR/dI/Lo
lvf/Sv5NG/8i/i+SxgIdHY+6YN6Qhh062Hl4PB5JSz2t89vaLYTzDXk9ekKivZHa
ecb8Ax2EBBV4VflYr6Hwb/5ju/ucR/P7fMaeqn3+gXLqjEpafbfczwlVZHvow3I1
ATk8Jui1ilyVsmpbVHNeKcoR8nwO2x7ju26whELKbZ1MATIhXrzW/QpznmA0bdM4
KL+pB7PdVD+3ofGMhG39seECHkG/Oe76Z3i6XKnbCl1wzW7CBE/A/da47HHrJyQ4
0k+Mm8eSJMpL+qPf6J0M7KyqNq9NUgo7USmMj62H9Iux
-----END CERTIFICATE-----