Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/R44nBFcBJ3uGmIsLDFkC0AUfx44.roa
File:                     R44nBFcBJ3uGmIsLDFkC0AUfx44.roa (raw, json)
Hash identifier:          pHIi6jCduyn/btXWJY3yfa/a/yejTwmGLhx+JDLfk+g=
Subject key identifier:   47:8E:27:04:57:01:27:7B:86:98:8B:0B:0C:59:02:D0:05:1F:C7:8E
Certificate issuer:       /CN=ed850483cce1337b1c6c2fddea9c5dbb4a7e191a
Certificate serial:       018CC7950250EED8FA15DD9DB6394315C50A
Authority key identifier: ED:85:04:83:CC:E1:33:7B:1C:6C:2F:DD:EA:9C:5D:BB:4A:7E:19:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YUEg8zhM3scbC_d6pxdu0p-GRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/R44nBFcBJ3uGmIsLDFkC0AUfx44.roa
Signing time:             Tue 02 Jan 2024 00:31:20 +0000
ROA not before:           Tue 02 Jan 2024 00:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        185.73.120.0/22 maxlen: 24
                          2a05:41c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/7YUEg8zhM3scbC_d6pxdu0p-GRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/7YUEg8zhM3scbC_d6pxdu0p-GRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YUEg8zhM3scbC_d6pxdu0p-GRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:02:50:ee:d8:fa:15:dd:9d:b6:39:43:15:c5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed850483cce1337b1c6c2fddea9c5dbb4a7e191a
        Validity
            Not Before: Jan  2 00:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=478e27045701277b86988b0b0c5902d0051fc78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ed:7f:b3:21:36:0e:b2:79:db:eb:27:15:87:
                    05:22:c1:92:83:17:79:4a:6d:a1:a9:63:10:e4:9c:
                    a6:ec:26:a8:b1:07:c9:9f:ed:dc:4b:a3:da:05:de:
                    b2:16:9e:98:e6:5d:3a:6f:bb:29:14:a8:1f:5a:61:
                    f3:ed:11:5b:19:4a:da:37:1f:29:22:0c:a0:2a:6b:
                    27:58:48:a1:28:bd:56:30:27:b8:e9:ed:f1:ce:ce:
                    ef:ed:e2:37:ce:e5:fd:62:1c:27:a3:de:4c:62:82:
                    03:b1:61:69:3b:d6:47:9a:f5:01:3b:81:00:40:50:
                    b3:a9:1e:07:65:e6:9f:15:de:bc:3d:a4:32:e1:2a:
                    cb:6c:63:72:27:4f:90:52:e6:bd:85:ec:0f:f3:4d:
                    08:df:b6:4a:8e:dc:bb:d0:ac:9c:0e:ff:69:8d:43:
                    44:76:99:82:4c:f2:45:cf:01:b6:20:b3:c4:ae:df:
                    52:25:8d:74:11:c8:f3:f5:1e:ac:9e:c9:64:d9:96:
                    e1:78:4c:4f:f8:c9:bf:de:cb:2a:d8:ea:30:c1:5c:
                    5c:04:70:a1:2b:02:e9:73:ad:f0:be:fc:3c:1d:b3:
                    56:67:be:95:64:75:ab:60:26:46:b3:9a:0b:80:70:
                    25:bb:77:42:82:26:04:6e:b7:23:39:91:7c:f1:89:
                    5e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:8E:27:04:57:01:27:7B:86:98:8B:0B:0C:59:02:D0:05:1F:C7:8E
            X509v3 Authority Key Identifier:
                keyid:ED:85:04:83:CC:E1:33:7B:1C:6C:2F:DD:EA:9C:5D:BB:4A:7E:19:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YUEg8zhM3scbC_d6pxdu0p-GRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/R44nBFcBJ3uGmIsLDFkC0AUfx44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/57ffc5-584f-4bfa-ab85-b9153b3320c1/1/7YUEg8zhM3scbC_d6pxdu0p-GRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.120.0/22
                IPv6:
                  2a05:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:6d:3f:87:99:fb:b7:b7:db:a6:ce:5d:65:bb:21:46:dc:ac:
         b9:29:8e:09:b0:01:37:b5:65:a3:67:7b:73:f7:52:eb:4f:21:
         18:b8:c1:0a:5e:c7:6c:17:10:b9:74:53:ae:9a:7d:b3:5b:f5:
         05:1e:42:ee:12:86:03:0e:0d:ec:cc:38:00:b5:ad:01:68:6e:
         1a:36:70:75:f7:4d:3d:2c:84:8c:02:50:b7:47:be:21:32:13:
         96:6f:28:9e:b5:19:4d:3a:08:42:78:57:de:e1:6e:09:41:65:
         e7:c1:d4:14:44:a6:1e:7f:60:4f:4a:39:af:b1:75:f1:fa:e6:
         49:c0:b9:ac:72:35:8d:0f:e5:1a:e7:5e:84:f3:e6:1e:0d:7e:
         ee:07:93:36:47:cd:83:3d:be:0d:97:e3:b9:4f:e9:4e:a6:2d:
         30:59:be:c6:45:a7:a2:78:71:0c:57:32:cd:38:2a:8d:42:c7:
         88:84:9e:26:cf:7d:49:6b:5f:06:1f:90:c3:94:2a:f2:82:00:
         2e:f1:3d:4b:16:25:64:2e:6c:cc:74:32:47:f4:db:08:a1:62:
         dc:74:7b:0f:83:82:9c:03:e7:0a:18:fb:7d:6a:0b:52:ad:a4:
         39:0e:80:f6:1e:eb:20:6f:4e:8f:cb:1f:7b:f2:c7:6d:13:e9:
         3e:78:13:2d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlQJQ7tj6Fd2dtjlDFcUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODUwNDgzY2NlMTMzN2IxYzZjMmZkZGVhOWM1ZGJiNGE3
ZTE5MWEwHhcNMjQwMTAyMDAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzhlMjcwNDU3MDEyNzdiODY5ODhiMGIwYzU5MDJkMDA1MWZjNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu1/syE2DrJ52+snFYcFIsGSgxd5
Sm2hqWMQ5Jym7CaosQfJn+3cS6PaBd6yFp6Y5l06b7spFKgfWmHz7RFbGUraNx8p
IgygKmsnWEihKL1WMCe46e3xzs7v7eI3zuX9Yhwno95MYoIDsWFpO9ZHmvUBO4EA
QFCzqR4HZeafFd68PaQy4SrLbGNyJ0+QUua9hewP800I37ZKjty70KycDv9pjUNE
dpmCTPJFzwG2ILPErt9SJY10Ecjz9R6snslk2ZbheExP+Mm/3ssq2OowwVxcBHCh
KwLpc63wvvw8HbNWZ76VZHWrYCZGs5oLgHAlu3dCgiYEbrcjOZF88YlerQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEeOJwRXASd7hpiLCwxZAtAFH8eOMB8GA1UdIwQY
MBaAFO2FBIPM4TN7HGwv3eqcXbtKfhkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lVRWc4emhNM3NjYkNfZDZweGR1MHAtR1JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny81N2ZmYzUtNTg0Zi00YmZhLWFiODUt
YjkxNTNiMzMyMGMxLzEvUjQ0bkJGY0JKM3VHbUlzTERGa0MwQVVmeDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny81N2ZmYzUtNTg0Zi00YmZhLWFiODUtYjkxNTNiMzMyMGMx
LzEvN1lVRWc4emhNM3NjYkNfZDZweGR1MHAtR1JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUl4MA0E
AgACMAcDBQMqBUHAMA0GCSqGSIb3DQEBCwUAA4IBAQCmbT+Hmfu3t9umzl1luyFG
3Ky5KY4JsAE3tWWjZ3tz91LrTyEYuMEKXsdsFxC5dFOumn2zW/UFHkLuEoYDDg3s
zDgAta0BaG4aNnB19009LISMAlC3R74hMhOWbyietRlNOghCeFfe4W4JQWXnwdQU
RKYef2BPSjmvsXXx+uZJwLmscjWND+Ua516E8+YeDX7uB5M2R82DPb4Nl+O5T+lO
pi0wWb7GRaeieHEMVzLNOCqNQseIhJ4mz31Ja18GH5DDlCryggAu8T1LFiVkLmzM
dDJH9NsIoWLcdHsPg4KcA+cKGPt9agtSraQ5DoD2Husgb06Pyx978sdtE+k+eBMt
-----END CERTIFICATE-----