Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/KGppzkyUQEhSxv_6lrvH7UK6abY.roa
File:                     KGppzkyUQEhSxv_6lrvH7UK6abY.roa (raw, json)
Hash identifier:          Y5+iH7b4Pavmuq38O8738V2sJ10hyGkbIrw+xnvSOwc=
Subject key identifier:   28:6A:69:CE:4C:94:40:48:52:C6:FF:FA:96:BB:C7:ED:42:BA:69:B6
Certificate issuer:       /CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
Certificate serial:       018CC5DBE64B339322DEA780C6C30AA85256
Authority key identifier: AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/KGppzkyUQEhSxv_6lrvH7UK6abY.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206833
IP address blocks:        185.44.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e6:4b:33:93:22:de:a7:80:c6:c3:0a:a8:52:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=286a69ce4c94404852c6fffa96bbc7ed42ba69b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:39:89:d2:83:52:9b:ea:1f:8d:a6:c2:d1:
                    b4:7e:12:9a:db:ad:96:0a:ff:a6:8b:ff:8e:59:41:
                    69:63:21:00:9f:b9:e7:c4:0e:9c:d6:aa:cf:d8:d7:
                    9e:85:60:2d:cc:ba:62:7a:2a:fd:22:d0:86:82:33:
                    c1:3b:3e:7d:76:b0:f6:4e:d8:d4:f9:3c:f2:1c:a8:
                    b3:30:12:a5:0e:5f:24:09:5d:b2:26:b4:78:bf:29:
                    13:15:58:5d:60:53:8d:af:24:93:db:1f:d7:bd:0c:
                    a1:00:0f:74:dc:42:81:d9:20:eb:66:89:1e:ca:e2:
                    71:93:ac:8b:17:5a:aa:e0:17:20:3c:b0:b6:a2:1a:
                    cf:9b:68:43:e1:69:37:54:01:d4:0d:a7:22:f0:43:
                    bb:64:56:36:86:53:2e:b8:8c:ee:74:39:94:89:f4:
                    cd:6c:6f:dd:c7:75:a8:92:83:57:25:ce:bb:33:59:
                    be:e7:bf:51:62:5f:61:03:33:66:88:ab:4a:64:e5:
                    65:fe:b1:5d:9f:1e:1f:e7:6d:a1:de:18:22:f8:d9:
                    78:34:eb:44:53:e6:a4:c9:82:df:e6:e9:0f:86:f1:
                    b0:5c:fd:19:23:d6:bb:c9:5f:d4:7e:57:a4:ed:cd:
                    8f:e7:a4:70:86:48:ed:ec:fd:30:3b:d6:d4:b8:92:
                    cc:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:6A:69:CE:4C:94:40:48:52:C6:FF:FA:96:BB:C7:ED:42:BA:69:B6
            X509v3 Authority Key Identifier:
                keyid:AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/KGppzkyUQEhSxv_6lrvH7UK6abY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:76:90:d6:d2:2f:63:db:4c:ec:ed:5c:5d:1a:7d:be:6d:87:
         de:2b:2c:62:19:76:c5:8c:6f:35:cd:25:97:81:24:f6:1d:e7:
         4c:ad:79:f5:d6:9f:9a:32:f1:64:a9:49:d0:4c:2d:10:41:bf:
         8a:d0:27:a1:e4:1f:b8:da:fe:ee:19:75:68:f9:b2:fd:70:7b:
         b7:24:0b:b7:30:57:74:ae:95:87:5a:52:ed:06:be:e9:52:20:
         cc:58:08:50:b4:3a:1b:9a:21:96:a9:f7:fb:ff:fe:00:e7:44:
         a6:2a:63:d4:d4:10:1e:28:98:e1:f0:63:57:52:66:0e:74:7f:
         ce:22:75:30:b0:19:ec:59:ef:b0:28:7d:ff:d7:ec:81:2a:98:
         8b:10:b7:ba:f9:4c:10:c4:6f:cf:56:b0:f9:74:d3:77:7d:57:
         62:4a:d3:16:db:a7:7f:2a:3b:f1:5f:b2:0d:07:58:80:e7:3a:
         36:c8:59:af:6b:cb:cd:fd:f0:61:a7:fb:51:28:1e:6d:12:98:
         f3:5d:b7:f7:a1:4f:c1:bc:53:0c:70:03:81:e6:69:dd:20:dc:
         f1:bf:1a:ca:a1:53:51:3d:6a:4b:c7:58:11:26:7d:f9:c8:42:
         44:f8:bb:65:92:d2:45:ef:9e:4c:9e:84:e2:82:38:1a:6e:13:
         55:dc:88:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+ZLM5Mi3qeAxsMKqFJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYWI2MTExZTAwNGMyYTA0NGYxNjhiOGQyODI3M2NmNjc0
NGYzYTgwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZhNjljZTRjOTQ0MDQ4NTJjNmZmZmE5NmJiYzdlZDQyYmE2OWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxg5idKDUpvqH42mwtG0fhKa262W
Cv+mi/+OWUFpYyEAn7nnxA6c1qrP2NeehWAtzLpieir9ItCGgjPBOz59drD2TtjU
+TzyHKizMBKlDl8kCV2yJrR4vykTFVhdYFONryST2x/XvQyhAA903EKB2SDrZoke
yuJxk6yLF1qq4BcgPLC2ohrPm2hD4Wk3VAHUDaci8EO7ZFY2hlMuuIzudDmUifTN
bG/dx3WokoNXJc67M1m+579RYl9hAzNmiKtKZOVl/rFdnx4f522h3hgi+Nl4NOtE
U+akyYLf5ukPhvGwXP0ZI9a7yV/Uflek7c2P56Rwhkjt7P0wO9bUuJLM4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChqac5MlEBIUsb/+pa7x+1Cumm2MB8GA1UdIwQY
MBaAFKqrYRHgBMKgRPFouNKCc89nRPOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXF0aEVlQUV3cUJFOFdpNDBvSnp6MmRFODZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNGFkMGYtMGIzMC00MWZmLWE4ZDkt
ODJlZGVkYTdmZTdhLzEvS0dwcHpreVVRRWhTeHZfNmxydkg3VUs2YWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNGFkMGYtMGIzMC00MWZmLWE4ZDktODJlZGVkYTdmZTdh
LzEvcXF0aEVlQUV3cUJFOFdpNDBvSnp6MmRFODZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSw+MA0G
CSqGSIb3DQEBCwUAA4IBAQAAdpDW0i9j20zs7VxdGn2+bYfeKyxiGXbFjG81zSWX
gST2HedMrXn11p+aMvFkqUnQTC0QQb+K0Ceh5B+42v7uGXVo+bL9cHu3JAu3MFd0
rpWHWlLtBr7pUiDMWAhQtDobmiGWqff7//4A50SmKmPU1BAeKJjh8GNXUmYOdH/O
InUwsBnsWe+wKH3/1+yBKpiLELe6+UwQxG/PVrD5dNN3fVdiStMW26d/KjvxX7IN
B1iA5zo2yFmva8vN/fBhp/tRKB5tEpjzXbf3oU/BvFMMcAOB5mndINzxvxrKoVNR
PWpLx1gRJn35yEJE+LtlktJF755MnoTigjgabhNV3Ijt
-----END CERTIFICATE-----