Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/fU7SXTXTYsgupxKwiEjFRTTPCB4.roa
File:                     fU7SXTXTYsgupxKwiEjFRTTPCB4.roa (raw, json)
Hash identifier:          p9rKYy99zOb7tyd9f6cbug74X47EkuKPGB5bxz69EZ8=
Subject key identifier:   7D:4E:D2:5D:35:D3:62:C8:2E:A7:12:B0:88:48:C5:45:34:CF:08:1E
Certificate issuer:       /CN=0dc9c1b717156a18a34d9323b67a0a03eda85ac9
Certificate serial:       018CC8012B3FCEBD5A19A0CDDBB7E01E5479
Authority key identifier: 0D:C9:C1:B7:17:15:6A:18:A3:4D:93:23:B6:7A:0A:03:ED:A8:5A:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DcnBtxcVahijTZMjtnoKA-2oWsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/fU7SXTXTYsgupxKwiEjFRTTPCB4.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199849
IP address blocks:        185.44.112.0/24 maxlen: 24
                          185.44.113.0/24 maxlen: 24
                          185.44.114.0/24 maxlen: 24
                          185.44.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/DcnBtxcVahijTZMjtnoKA-2oWsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/DcnBtxcVahijTZMjtnoKA-2oWsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DcnBtxcVahijTZMjtnoKA-2oWsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2b:3f:ce:bd:5a:19:a0:cd:db:b7:e0:1e:54:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dc9c1b717156a18a34d9323b67a0a03eda85ac9
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d4ed25d35d362c82ea712b08848c54534cf081e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7f:84:08:43:fd:2a:c8:7d:1c:2d:0d:a5:b0:
                    9e:77:c4:25:7b:82:c9:75:b6:d5:38:c6:c6:80:ff:
                    b3:3b:de:f6:be:4b:9c:10:93:1d:15:af:96:64:32:
                    1e:3a:dd:88:76:21:2d:36:0e:17:50:ea:98:5a:26:
                    db:38:2b:74:a3:f4:db:14:28:23:dc:53:34:44:bd:
                    42:d2:af:55:7d:9c:d7:58:92:1e:a4:77:ff:a3:f7:
                    82:c2:6b:60:eb:f9:58:af:79:6b:f8:ed:8e:d0:dd:
                    70:8c:15:66:1a:db:24:e5:1d:c8:fb:2f:57:6d:dc:
                    9d:c4:d0:44:b4:19:f3:95:09:d2:52:1b:b7:f3:1a:
                    92:c7:bf:15:6b:4e:c5:1a:6d:8e:4d:0b:5d:d9:7f:
                    55:7e:51:67:92:f7:5a:d4:ce:a8:7a:f2:9f:e2:4b:
                    2c:b1:f4:6c:d0:3d:c1:fb:0b:58:d2:31:f8:87:dd:
                    0a:0d:d9:71:74:96:e7:aa:f2:79:98:33:24:8d:f9:
                    24:95:a2:2b:10:e3:fd:24:30:d8:37:c0:09:e7:72:
                    d9:18:c1:2a:e5:45:14:33:90:a7:78:bb:4e:0e:c9:
                    94:84:9f:8e:f3:e5:b2:fd:29:74:12:72:93:0f:04:
                    b7:8b:68:e4:79:3e:69:2e:57:39:09:52:48:ca:72:
                    6e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:4E:D2:5D:35:D3:62:C8:2E:A7:12:B0:88:48:C5:45:34:CF:08:1E
            X509v3 Authority Key Identifier:
                keyid:0D:C9:C1:B7:17:15:6A:18:A3:4D:93:23:B6:7A:0A:03:ED:A8:5A:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DcnBtxcVahijTZMjtnoKA-2oWsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/fU7SXTXTYsgupxKwiEjFRTTPCB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2cb0dc-f7c0-4b68-9391-ea740ec1d1f6/1/DcnBtxcVahijTZMjtnoKA-2oWsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:13:76:9e:71:c8:73:b4:0c:32:88:b3:bd:fc:81:bc:28:4e:
         8a:6d:4c:25:6c:72:64:50:bd:d7:a5:ed:51:33:ef:24:06:0d:
         8b:e8:cc:44:b0:76:59:11:0a:56:b7:c1:35:12:67:4b:e0:49:
         aa:0e:f4:6a:c1:d8:f7:7c:96:96:ee:01:49:06:ad:7a:d6:22:
         77:60:38:fe:1f:ed:bc:09:c8:95:95:be:95:4a:7f:51:a0:16:
         5f:da:a6:7c:a1:a9:47:dc:aa:37:6f:99:1e:c6:d7:40:a3:b0:
         3f:d0:03:49:e5:d2:1d:d6:9c:5d:c6:49:a2:52:44:5e:a7:04:
         78:78:1e:3f:5c:92:68:79:09:ce:45:c6:3b:99:81:e3:60:47:
         4c:12:5a:27:41:ac:28:66:27:97:5a:d1:52:0e:70:f9:0a:5e:
         90:4b:9b:e9:58:64:b2:4f:e1:86:45:bb:f0:2b:0b:d3:5e:ee:
         a1:f9:04:e8:d2:09:8b:ed:c2:8f:2d:21:2e:65:eb:3b:8d:ef:
         8b:c1:9c:6e:dc:c9:24:71:a2:53:b6:f0:47:8b:d2:80:4f:bd:
         0a:32:67:87:75:ed:a1:61:d2:ba:60:32:9d:82:19:f9:89:af:
         3f:a8:0f:5f:ca:0f:5b:e5:fb:53:cf:0d:c9:b4:95:29:0b:f9:
         44:11:92:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASs/zr1aGaDN27fgHlR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYzljMWI3MTcxNTZhMThhMzRkOTMyM2I2N2EwYTAzZWRh
ODVhYzkwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDRlZDI1ZDM1ZDM2MmM4MmVhNzEyYjA4ODQ4YzU0NTM0Y2YwODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX+ECEP9Ksh9HC0NpbCed8Qle4LJ
dbbVOMbGgP+zO972vkucEJMdFa+WZDIeOt2IdiEtNg4XUOqYWibbOCt0o/TbFCgj
3FM0RL1C0q9VfZzXWJIepHf/o/eCwmtg6/lYr3lr+O2O0N1wjBVmGtsk5R3I+y9X
bdydxNBEtBnzlQnSUhu38xqSx78Va07FGm2OTQtd2X9VflFnkvda1M6oevKf4kss
sfRs0D3B+wtY0jH4h90KDdlxdJbnqvJ5mDMkjfkklaIrEOP9JDDYN8AJ53LZGMEq
5UUUM5CneLtODsmUhJ+O8+Wy/Sl0EnKTDwS3i2jkeT5pLlc5CVJIynJuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1O0l0102LILqcSsIhIxUU0zwgeMB8GA1UdIwQY
MBaAFA3JwbcXFWoYo02TI7Z6CgPtqFrJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGNuQnR4Y1ZhaGlqVFpNanRub0tBLTJvV3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8yY2IwZGMtZjdjMC00YjY4LTkzOTEt
ZWE3NDBlYzFkMWY2LzEvZlU3U1hUWFRZc2d1cHhLd2lFakZSVFRQQ0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8yY2IwZGMtZjdjMC00YjY4LTkzOTEtZWE3NDBlYzFkMWY2
LzEvRGNuQnR4Y1ZhaGlqVFpNanRub0tBLTJvV3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSxwMA0G
CSqGSIb3DQEBCwUAA4IBAQB9E3aecchztAwyiLO9/IG8KE6KbUwlbHJkUL3Xpe1R
M+8kBg2L6MxEsHZZEQpWt8E1EmdL4EmqDvRqwdj3fJaW7gFJBq161iJ3YDj+H+28
CciVlb6VSn9RoBZf2qZ8oalH3Ko3b5kextdAo7A/0ANJ5dId1pxdxkmiUkRepwR4
eB4/XJJoeQnORcY7mYHjYEdMElonQawoZieXWtFSDnD5Cl6QS5vpWGSyT+GGRbvw
KwvTXu6h+QTo0gmL7cKPLSEuZes7je+LwZxu3MkkcaJTtvBHi9KAT70KMmeHde2h
YdK6YDKdghn5ia8/qA9fyg9b5ftTzw3JtJUpC/lEEZLw
-----END CERTIFICATE-----