Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/K0lCWP0UtIlztZ_GiP7SFRhpADI.roa
File:                     K0lCWP0UtIlztZ_GiP7SFRhpADI.roa (raw, json)
Hash identifier:          FS88rml1gGYL2HwhYqDCZCOiGWIZqy1IvALmHVElOfA=
Subject key identifier:   2B:49:42:58:FD:14:B4:89:73:B5:9F:C6:88:FE:D2:15:18:69:00:32
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB5C65BD9F56908642706CA4242F5
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/K0lCWP0UtIlztZ_GiP7SFRhpADI.roa
Signing time:             Wed 01 Jan 2025 01:48:22 +0000
ROA not before:           Wed 01 Jan 2025 01:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199853
IP address blocks:        185.44.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b5:c6:5b:d9:f5:69:08:64:27:06:ca:42:42:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b494258fd14b48973b59fc688fed21518690032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:bf:31:ef:96:33:0c:65:46:86:e1:b9:f8:ff:
                    26:88:e0:19:10:40:94:e0:c5:07:c6:b9:69:d9:de:
                    ab:21:3d:d6:20:64:5d:2a:c0:7f:a3:e9:5a:48:b4:
                    b0:dd:a6:3a:54:ee:4d:45:a7:c2:83:29:5f:30:a7:
                    0f:23:88:d7:ac:b0:02:7f:1b:d5:5b:f2:5e:bd:e0:
                    2c:ff:42:0d:0e:5e:89:12:68:bf:c3:23:7e:b0:36:
                    71:4d:60:43:01:99:44:f6:25:c2:08:0b:26:c4:2a:
                    6f:83:c5:86:15:4d:6c:a8:dc:39:51:e8:97:29:b7:
                    69:7e:e2:d5:ca:b4:59:4c:ff:98:21:17:a5:69:af:
                    60:63:8f:2f:94:9f:e4:07:b1:cf:b6:f1:c3:a5:97:
                    c2:bc:91:46:0c:76:d2:a0:6b:88:2a:9d:af:02:08:
                    cc:31:18:8f:3d:cb:a8:40:af:fa:28:6d:b2:a5:4a:
                    bc:ed:13:87:7c:aa:b9:63:62:ba:03:dd:3a:86:74:
                    50:54:1f:0b:9a:2a:e1:96:ad:ec:97:da:ab:00:7a:
                    7a:76:32:14:e6:0d:5a:c4:8c:3b:74:88:6a:60:e4:
                    ca:64:b0:0b:64:35:a6:b7:cc:3b:f2:ed:68:c8:13:
                    a2:f3:d4:52:bd:f2:32:31:01:38:c2:01:eb:4f:27:
                    5d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:49:42:58:FD:14:B4:89:73:B5:9F:C6:88:FE:D2:15:18:69:00:32
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/K0lCWP0UtIlztZ_GiP7SFRhpADI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:b0:db:f4:e4:6d:47:1a:f6:28:94:94:7d:2a:15:35:73:f3:
         0b:bc:fa:78:e5:71:32:5f:30:14:fe:6d:96:bb:b2:19:9e:11:
         5a:e3:43:3d:20:aa:31:91:90:b9:2c:0b:f5:c2:af:c9:07:6f:
         a0:1d:bc:91:05:a0:6b:d7:c7:1a:82:cb:cc:bf:3f:bc:78:26:
         8b:1a:dd:21:75:ac:a4:09:7a:9c:43:95:6a:fd:64:33:1b:4e:
         a1:d9:ac:c6:3e:d6:7f:da:1b:d2:69:17:6f:f1:11:0c:86:4a:
         0d:46:bc:8e:3e:a5:5a:59:a1:19:e9:ca:39:c4:dd:62:9e:e9:
         ed:7b:24:00:1c:c7:72:6a:22:5e:09:94:da:20:9e:73:c6:4d:
         43:6a:ce:fe:3e:25:ca:9f:ee:3c:1a:c1:4b:9d:da:b7:c6:37:
         41:64:5d:b1:74:c7:fb:25:14:e0:7e:59:f7:f0:a5:5d:2c:2a:
         0e:a9:33:0e:bb:ae:60:41:30:e1:df:10:39:c8:79:1f:54:ff:
         60:a3:08:2a:da:14:46:8f:81:f1:21:aa:67:ab:1a:0f:56:cd:
         b4:67:6b:a9:a9:8c:fe:8b:79:ce:40:24:f8:de:8e:bf:be:5a:
         26:b4:6b:ea:59:df:43:98:81:d1:f2:28:c0:bc:05:60:78:74:
         55:6d:ca:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjLXGW9n1aQhkJwbKQkL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQ5NDI1OGZkMTRiNDg5NzNiNTlmYzY4OGZlZDIxNTE4NjkwMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL8x75YzDGVGhuG5+P8miOAZEECU
4MUHxrlp2d6rIT3WIGRdKsB/o+laSLSw3aY6VO5NRafCgylfMKcPI4jXrLACfxvV
W/JeveAs/0INDl6JEmi/wyN+sDZxTWBDAZlE9iXCCAsmxCpvg8WGFU1sqNw5UeiX
KbdpfuLVyrRZTP+YIRelaa9gY48vlJ/kB7HPtvHDpZfCvJFGDHbSoGuIKp2vAgjM
MRiPPcuoQK/6KG2ypUq87ROHfKq5Y2K6A906hnRQVB8Lmirhlq3sl9qrAHp6djIU
5g1axIw7dIhqYOTKZLALZDWmt8w78u1oyBOi89RSvfIyMQE4wgHrTydd6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtJQlj9FLSJc7Wfxoj+0hUYaQAyMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvSzBsQ1dQMFV0SWx6dFpfR2lQN1NGUmhwQURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBPsNv05G1HGvYolJR9KhU1c/MLvPp45XEyXzAU/m2W
u7IZnhFa40M9IKoxkZC5LAv1wq/JB2+gHbyRBaBr18cagsvMvz+8eCaLGt0hdayk
CXqcQ5Vq/WQzG06h2azGPtZ/2hvSaRdv8REMhkoNRryOPqVaWaEZ6co5xN1inunt
eyQAHMdyaiJeCZTaIJ5zxk1Das7+PiXKn+48GsFLndq3xjdBZF2xdMf7JRTgfln3
8KVdLCoOqTMOu65gQTDh3xA5yHkfVP9gowgq2hRGj4HxIapnqxoPVs20Z2upqYz+
i3nOQCT43o6/vlomtGvqWd9DmIHR8ijAvAVgeHRVbcrw
-----END CERTIFICATE-----