Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/44z4qwFNBRsWGcmzbEw_GB6RUF8.roa
File:                     44z4qwFNBRsWGcmzbEw_GB6RUF8.roa (raw, json)
Hash identifier:          NcvYYdaZhZzWO81G3XX2OZXmwHHgA0zxsWeCyWcJ28c=
Subject key identifier:   E3:8C:F8:AB:01:4D:05:1B:16:19:C9:B3:6C:4C:3F:18:1E:91:50:5F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8026D487993F2552A5A113D01CFCC4E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/44z4qwFNBRsWGcmzbEw_GB6RUF8.roa
Signing time:             Tue 02 Jan 2024 02:30:51 +0000
ROA not before:           Tue 02 Jan 2024 02:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        185.218.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:6d:48:79:93:f2:55:2a:5a:11:3d:01:cf:cc:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e38cf8ab014d051b1619c9b36c4c3f181e91505f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:86:1c:e3:52:4b:2f:04:2e:c5:ce:9d:67:da:
                    2f:ee:c1:07:8c:18:1a:84:16:86:e8:e4:a0:fd:55:
                    15:5d:9e:1a:f3:5a:5a:12:d0:78:5d:df:23:25:de:
                    c3:c1:09:40:fa:2e:24:e9:33:02:20:d0:d0:4d:b9:
                    7c:cc:be:f8:ec:f2:66:b9:ef:e5:26:2f:35:7b:34:
                    9b:b1:cc:de:f5:44:95:ac:09:46:32:f9:82:c1:30:
                    a5:60:e5:ac:e2:82:b8:db:88:f4:57:55:0e:b5:1c:
                    dc:df:5b:02:ac:58:82:95:9b:90:51:df:2f:9a:f9:
                    3c:cc:9d:ed:dd:57:e2:45:d5:83:b5:7d:10:f0:d6:
                    e5:54:12:91:c0:ac:b1:89:4f:3a:3e:7d:87:99:55:
                    87:8e:40:41:ef:e0:7b:1f:f0:0e:a2:73:bc:f3:47:
                    f9:93:1d:fc:5b:bf:b4:8c:5d:76:92:e6:dc:a0:89:
                    0e:b9:80:ba:f8:f5:3f:13:d4:ff:95:4c:49:35:8c:
                    aa:c4:61:90:2e:c5:9c:53:ac:2f:4a:e9:a4:89:15:
                    4f:bc:31:00:f0:d6:49:84:da:d5:8c:51:35:db:f2:
                    24:15:72:68:50:b6:c9:c8:51:fe:cd:74:81:01:48:
                    13:a4:97:44:f2:85:54:41:e5:f4:76:fa:42:0b:35:
                    77:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:8C:F8:AB:01:4D:05:1B:16:19:C9:B3:6C:4C:3F:18:1E:91:50:5F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/44z4qwFNBRsWGcmzbEw_GB6RUF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:50:64:19:f7:73:2c:30:17:e4:86:23:69:75:03:61:39:6c:
         f2:3e:04:a4:ba:4b:72:14:2b:12:0b:94:97:07:82:1f:03:d7:
         8f:ed:25:c4:cc:be:38:df:67:45:35:3a:90:eb:c3:24:da:00:
         aa:5d:f9:5e:ad:fa:8d:ed:6e:46:59:c9:91:57:7e:fa:b5:a4:
         30:7f:6f:d6:be:a5:bc:fe:bf:76:b5:86:3a:50:1e:61:21:60:
         02:99:1c:58:22:f0:fc:d7:70:9c:10:bb:6d:57:40:ed:cc:65:
         4d:3b:2a:52:b0:8d:00:a3:3d:96:bd:9d:8e:22:84:26:fb:85:
         de:7d:4a:d3:8e:55:17:04:b2:da:04:6e:46:68:04:a3:4f:0f:
         a6:34:2b:79:bd:84:1b:f2:d5:03:6c:c0:55:25:ee:0b:a0:ee:
         cf:cb:a2:5b:80:e2:b7:3c:91:29:ad:be:69:59:3d:3c:e4:cd:
         62:32:3e:26:b4:b2:34:dd:c4:16:f3:16:f8:28:c5:04:5e:ee:
         77:c7:17:ec:ca:20:45:91:cd:dd:a9:95:9c:e0:4d:48:1a:3a:
         d6:7b:19:ff:c7:30:27:99:5a:8c:f0:1b:7a:cc:c8:1b:77:ec:
         b2:0c:3d:17:69:3d:17:d5:00:ab:d7:a0:72:38:30:82:8d:3a:
         89:04:7e:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAm1IeZPyVSpaET0Bz8xOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzhjZjhhYjAxNGQwNTFiMTYxOWM5YjM2YzRjM2YxODFlOTE1MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIYc41JLLwQuxc6dZ9ov7sEHjBga
hBaG6OSg/VUVXZ4a81paEtB4Xd8jJd7DwQlA+i4k6TMCINDQTbl8zL747PJmue/l
Ji81ezSbscze9USVrAlGMvmCwTClYOWs4oK424j0V1UOtRzc31sCrFiClZuQUd8v
mvk8zJ3t3VfiRdWDtX0Q8NblVBKRwKyxiU86Pn2HmVWHjkBB7+B7H/AOonO880f5
kx38W7+0jF12kubcoIkOuYC6+PU/E9T/lUxJNYyqxGGQLsWcU6wvSumkiRVPvDEA
8NZJhNrVjFE12/IkFXJoULbJyFH+zXSBAUgTpJdE8oVUQeX0dvpCCzV3PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOM+KsBTQUbFhnJs2xMPxgekVBfMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNDR6NHF3Rk5CUnNXR2NtemJFd19HQjZSVUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudpkMA0G
CSqGSIb3DQEBCwUAA4IBAQCFUGQZ93MsMBfkhiNpdQNhOWzyPgSkuktyFCsSC5SX
B4IfA9eP7SXEzL4432dFNTqQ68Mk2gCqXflerfqN7W5GWcmRV376taQwf2/WvqW8
/r92tYY6UB5hIWACmRxYIvD813CcELttV0DtzGVNOypSsI0Aoz2WvZ2OIoQm+4Xe
fUrTjlUXBLLaBG5GaASjTw+mNCt5vYQb8tUDbMBVJe4LoO7Py6JbgOK3PJEprb5p
WT085M1iMj4mtLI03cQW8xb4KMUEXu53xxfsyiBFkc3dqZWc4E1IGjrWexn/xzAn
mVqM8Bt6zMgbd+yyDD0XaT0X1QCr16ByODCCjTqJBH6P
-----END CERTIFICATE-----