Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/1tJnv9oo7XEhhL0K2yt76Ly0ntQ.roa
File:                     1tJnv9oo7XEhhL0K2yt76Ly0ntQ.roa (raw, json)
Hash identifier:          MTyBtsnXIlMwAMNNv7RPbFFlVfB+TJlXbeY51XvA6OQ=
Subject key identifier:   D6:D2:67:BF:DA:28:ED:71:21:84:BD:0A:DB:2B:7B:E8:BC:B4:9E:D4
Certificate issuer:       /CN=2dd3ae23cb46ee9c21950efcb60defa094ba5548
Certificate serial:       018CC492BB236BF8D967B3AB0FEE1A9F08C0
Authority key identifier: 2D:D3:AE:23:CB:46:EE:9C:21:95:0E:FC:B6:0D:EF:A0:94:BA:55:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/1tJnv9oo7XEhhL0K2yt76Ly0ntQ.roa
Signing time:             Mon 01 Jan 2024 10:29:59 +0000
ROA not before:           Mon 01 Jan 2024 10:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204099
IP address blocks:        185.222.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:bb:23:6b:f8:d9:67:b3:ab:0f:ee:1a:9f:08:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dd3ae23cb46ee9c21950efcb60defa094ba5548
        Validity
            Not Before: Jan  1 10:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d267bfda28ed712184bd0adb2b7be8bcb49ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a7:00:2f:0f:b6:14:70:81:13:1e:52:6d:70:
                    69:20:1b:ab:de:65:eb:22:78:d2:29:4d:14:55:fb:
                    93:cf:31:78:5a:f3:6c:e0:26:49:a3:8a:9c:48:eb:
                    c1:58:6a:1a:c9:62:1a:e7:b1:f8:94:06:80:1c:41:
                    16:1e:24:03:a8:7e:c1:3f:ed:98:de:fe:c3:55:a7:
                    c2:8e:ab:f0:cc:05:fa:ab:99:4c:36:fb:50:2a:a9:
                    0d:b6:86:a0:39:11:f4:dc:a8:32:fc:ba:cb:73:40:
                    cc:28:7a:1e:56:d6:64:bc:a8:a9:ae:f9:4d:c0:37:
                    44:bc:4b:6b:cf:06:f2:d9:c6:8a:03:44:2b:cd:29:
                    f1:55:b1:a9:9a:43:70:6f:5e:10:4a:5a:09:8a:1a:
                    2e:40:42:52:3a:68:5b:9d:fc:b6:2d:a4:ef:4a:c1:
                    6f:5a:db:87:44:d8:f4:d2:fd:38:cc:c4:47:b5:13:
                    c6:8f:0a:55:e6:69:4c:8c:7a:25:a4:a0:40:2a:0e:
                    eb:34:6c:d5:ff:8b:9b:1c:57:02:5e:ff:2e:24:2e:
                    35:41:2e:92:72:2b:51:3e:c2:cf:1a:58:5f:73:39:
                    be:25:5e:f0:c4:a5:15:99:15:38:3f:a9:df:b4:30:
                    07:21:25:73:a3:2e:b7:4d:3e:57:50:b9:ec:84:21:
                    23:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D2:67:BF:DA:28:ED:71:21:84:BD:0A:DB:2B:7B:E8:BC:B4:9E:D4
            X509v3 Authority Key Identifier:
                keyid:2D:D3:AE:23:CB:46:EE:9C:21:95:0E:FC:B6:0D:EF:A0:94:BA:55:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/1tJnv9oo7XEhhL0K2yt76Ly0ntQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:16:30:b5:e1:aa:35:a2:7e:d0:b9:48:39:74:28:f1:63:5c:
         aa:e6:db:35:c2:ea:f6:5b:50:1a:8a:8e:9b:9e:2b:eb:f0:d4:
         df:4e:ab:3c:37:74:f2:25:c8:28:0c:66:89:cd:71:76:2f:53:
         8e:a7:c7:9c:a5:7c:03:17:ce:37:7e:a7:17:10:77:c3:1f:76:
         6a:e1:b9:77:7b:8f:ff:39:33:e7:6c:e7:a6:a3:91:50:6c:39:
         ac:4b:a2:2c:30:cc:09:a7:0d:2e:c6:49:b1:db:7c:23:7f:3d:
         ab:86:55:5f:80:03:99:82:4a:a8:fc:cb:51:68:b8:f3:78:e4:
         29:df:ea:38:e7:39:6b:08:2b:c4:aa:16:dd:e5:e7:b4:ca:3c:
         e9:71:6b:3c:a4:c4:25:fc:c2:13:1f:af:46:21:55:2e:b8:f1:
         65:7c:0e:16:40:e2:3c:16:e9:c8:21:55:1b:dd:06:09:dc:c0:
         da:02:ab:2f:9f:f3:9f:09:67:fb:5a:85:ad:b1:12:91:14:8a:
         f5:37:c7:d4:7b:8e:42:79:35:eb:6c:65:08:d8:8e:c7:c7:98:
         96:1c:5a:7f:42:49:92:7c:1b:2e:31:e0:b4:cd:ce:4b:6e:c3:
         b7:74:6d:e2:af:5c:56:64:91:e6:44:04:96:85:c4:c1:96:b8:
         53:1b:f4:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkrsja/jZZ7OrD+4anwjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZDNhZTIzY2I0NmVlOWMyMTk1MGVmY2I2MGRlZmEwOTRi
YTU1NDgwHhcNMjQwMTAxMTAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQyNjdiZmRhMjhlZDcxMjE4NGJkMGFkYjJiN2JlOGJjYjQ5ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2acALw+2FHCBEx5SbXBpIBur3mXr
InjSKU0UVfuTzzF4WvNs4CZJo4qcSOvBWGoayWIa57H4lAaAHEEWHiQDqH7BP+2Y
3v7DVafCjqvwzAX6q5lMNvtQKqkNtoagORH03Kgy/LrLc0DMKHoeVtZkvKiprvlN
wDdEvEtrzwby2caKA0QrzSnxVbGpmkNwb14QSloJihouQEJSOmhbnfy2LaTvSsFv
WtuHRNj00v04zMRHtRPGjwpV5mlMjHolpKBAKg7rNGzV/4ubHFcCXv8uJC41QS6S
citRPsLPGlhfczm+JV7wxKUVmRU4P6nftDAHISVzoy63TT5XULnshCEjeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbSZ7/aKO1xIYS9Ctsre+i8tJ7UMB8GA1UdIwQY
MBaAFC3TriPLRu6cIZUO/LYN76CUulVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRPdUk4dEc3cHdobFE3OHRnM3ZvSlM2VlVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMTlkNjEtNTYwYS00NGZkLWFhMjUt
NDk2NzFhY2RmNDg2LzEvMXRKbnY5b283WEVoaEwwSzJ5dDc2THkwbnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMTlkNjEtNTYwYS00NGZkLWFhMjUtNDk2NzFhY2RmNDg2
LzEvTGRPdUk4dEc3cHdobFE3OHRnM3ZvSlM2VlVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud4sMA0G
CSqGSIb3DQEBCwUAA4IBAQBDFjC14ao1on7QuUg5dCjxY1yq5ts1wur2W1Aaio6b
nivr8NTfTqs8N3TyJcgoDGaJzXF2L1OOp8ecpXwDF843fqcXEHfDH3Zq4bl3e4//
OTPnbOemo5FQbDmsS6IsMMwJpw0uxkmx23wjfz2rhlVfgAOZgkqo/MtRaLjzeOQp
3+o45zlrCCvEqhbd5ee0yjzpcWs8pMQl/MITH69GIVUuuPFlfA4WQOI8FunIIVUb
3QYJ3MDaAqsvn/OfCWf7WoWtsRKRFIr1N8fUe45CeTXrbGUI2I7Hx5iWHFp/QkmS
fBsuMeC0zc5LbsO3dG3ir1xWZJHmRASWhcTBlrhTG/Q8
-----END CERTIFICATE-----