Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/Ckv9KG2nf9K_EO-UzkYshDbT_Lk.roa
File:                     Ckv9KG2nf9K_EO-UzkYshDbT_Lk.roa (raw, json)
Hash identifier:          SbVSz3drx1Bfl5NS5uyz56wfvS5jbkQj2bpd6kpHHp4=
Subject key identifier:   0A:4B:FD:28:6D:A7:7F:D2:BF:10:EF:94:CE:46:2C:84:36:D3:FC:B9
Certificate issuer:       /CN=a641e7f67823eef52a19fe1dc8e0e6a7f41c9433
Certificate serial:       018CC2DB5FF2BBEFDF0733E787C95AF8B858
Authority key identifier: A6:41:E7:F6:78:23:EE:F5:2A:19:FE:1D:C8:E0:E6:A7:F4:1C:94:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkHn9ngj7vUqGf4dyODmp_QclDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/Ckv9KG2nf9K_EO-UzkYshDbT_Lk.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30873
IP address blocks:        185.80.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/pkHn9ngj7vUqGf4dyODmp_QclDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/pkHn9ngj7vUqGf4dyODmp_QclDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkHn9ngj7vUqGf4dyODmp_QclDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5f:f2:bb:ef:df:07:33:e7:87:c9:5a:f8:b8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a641e7f67823eef52a19fe1dc8e0e6a7f41c9433
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a4bfd286da77fd2bf10ef94ce462c8436d3fcb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5b:d6:a3:52:83:f0:05:e0:8a:fe:43:2e:b4:
                    af:97:fe:b8:5f:9a:3d:65:40:f4:11:b1:38:4a:91:
                    ab:48:f4:96:f1:e8:26:49:bb:82:3d:97:86:b8:e5:
                    11:97:67:dd:ac:59:e6:6f:8c:3a:6e:04:68:08:07:
                    03:65:39:24:0f:b5:5a:c8:ee:21:f9:0c:15:26:c1:
                    c5:63:2c:a9:2a:bd:1f:95:b1:93:5c:65:e0:46:9f:
                    6d:5c:49:b3:6b:bb:5b:7c:32:e7:0b:72:e2:f5:6c:
                    9f:9f:b3:c8:33:71:2f:0a:9b:b4:3a:e6:7d:60:f1:
                    48:66:65:50:27:9b:c5:b3:bf:c6:55:b5:f7:92:08:
                    62:97:67:be:bf:d3:17:bb:a2:5b:08:1f:84:38:0e:
                    49:5d:11:c0:40:2d:80:ca:df:1d:15:73:72:9a:31:
                    db:3a:82:0c:03:69:a0:89:1b:2c:60:c9:b1:59:3c:
                    e2:b4:f1:8d:65:f1:12:35:4e:52:85:72:fb:f6:63:
                    6c:8b:32:db:5c:79:65:af:53:80:c2:e8:7a:d5:e3:
                    2d:11:ce:5e:04:ce:a1:ea:fd:9f:7b:6c:01:ea:31:
                    13:17:db:bf:e7:39:da:38:20:f7:17:18:cd:81:e1:
                    9e:12:c5:f8:22:c8:c7:e0:3d:1a:be:8a:f5:0c:07:
                    6e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4B:FD:28:6D:A7:7F:D2:BF:10:EF:94:CE:46:2C:84:36:D3:FC:B9
            X509v3 Authority Key Identifier:
                keyid:A6:41:E7:F6:78:23:EE:F5:2A:19:FE:1D:C8:E0:E6:A7:F4:1C:94:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkHn9ngj7vUqGf4dyODmp_QclDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/Ckv9KG2nf9K_EO-UzkYshDbT_Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0ac21c-c72b-4719-a085-0788f7921852/1/pkHn9ngj7vUqGf4dyODmp_QclDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:4a:29:86:90:1e:e2:7c:a7:48:8c:8f:39:6c:57:8a:2b:46:
         5a:88:23:f6:b5:8d:81:07:05:92:90:38:fd:7b:1e:7c:99:1e:
         96:30:24:bb:6e:99:90:e1:43:19:9c:10:36:db:9d:f0:b6:87:
         77:83:42:cf:b5:1f:76:38:7e:bd:18:45:0e:be:8f:d0:32:0b:
         53:27:0c:67:5c:bb:ab:46:83:52:f1:c3:16:9f:5c:aa:30:eb:
         01:cd:c6:77:d5:64:a8:12:da:b3:f7:23:74:57:fe:a0:be:b2:
         cc:2e:bf:2c:e1:d6:b9:5d:94:bc:fa:dd:7c:42:dd:6e:bb:1d:
         fc:7f:1f:99:1d:e8:70:e7:0d:e7:c6:2b:b3:71:cd:bc:c8:b4:
         2a:5f:db:f1:4e:e8:13:22:68:eb:7f:0e:10:ef:8d:d3:a0:b8:
         56:f4:36:e2:98:e8:4b:f0:f0:ad:9d:dd:6f:a3:af:70:23:0a:
         77:dd:0f:82:fd:9f:04:79:cd:96:2c:41:be:1a:81:51:58:91:
         48:c1:ac:06:36:03:8a:9a:d2:73:0b:59:20:c6:79:82:b9:f0:
         bb:0c:46:b0:68:fb:e9:14:ff:35:17:e6:09:04:e2:b7:f7:87:
         42:d0:a7:c0:b1:fe:e9:68:1d:2e:b8:a6:ed:30:45:19:b0:39:
         bd:41:19:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21/yu+/fBzPnh8la+LhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NDFlN2Y2NzgyM2VlZjUyYTE5ZmUxZGM4ZTBlNmE3ZjQx
Yzk0MzMwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRiZmQyODZkYTc3ZmQyYmYxMGVmOTRjZTQ2MmM4NDM2ZDNmY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVvWo1KD8AXgiv5DLrSvl/64X5o9
ZUD0EbE4SpGrSPSW8egmSbuCPZeGuOURl2fdrFnmb4w6bgRoCAcDZTkkD7VayO4h
+QwVJsHFYyypKr0flbGTXGXgRp9tXEmza7tbfDLnC3Li9Wyfn7PIM3EvCpu0OuZ9
YPFIZmVQJ5vFs7/GVbX3kghil2e+v9MXu6JbCB+EOA5JXRHAQC2Ayt8dFXNymjHb
OoIMA2mgiRssYMmxWTzitPGNZfESNU5ShXL79mNsizLbXHllr1OAwuh61eMtEc5e
BM6h6v2fe2wB6jETF9u/5znaOCD3FxjNgeGeEsX4IsjH4D0avor1DAduHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApL/Shtp3/SvxDvlM5GLIQ20/y5MB8GA1UdIwQY
MBaAFKZB5/Z4I+71Khn+Hcjg5qf0HJQzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGtIbjluZ2o3dlVxR2Y0ZHlPRG1wX1FjbERNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wYWMyMWMtYzcyYi00NzE5LWEwODUt
MDc4OGY3OTIxODUyLzEvQ2t2OUtHMm5mOUtfRU8tVXprWXNoRGJUX0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wYWMyMWMtYzcyYi00NzE5LWEwODUtMDc4OGY3OTIxODUy
LzEvcGtIbjluZ2o3dlVxR2Y0ZHlPRG1wX1FjbERNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVAsMA0G
CSqGSIb3DQEBCwUAA4IBAQA7SimGkB7ifKdIjI85bFeKK0ZaiCP2tY2BBwWSkDj9
ex58mR6WMCS7bpmQ4UMZnBA2253wtod3g0LPtR92OH69GEUOvo/QMgtTJwxnXLur
RoNS8cMWn1yqMOsBzcZ31WSoEtqz9yN0V/6gvrLMLr8s4da5XZS8+t18Qt1uux38
fx+ZHehw5w3nxiuzcc28yLQqX9vxTugTImjrfw4Q743ToLhW9DbimOhL8PCtnd1v
o69wIwp33Q+C/Z8Eec2WLEG+GoFRWJFIwawGNgOKmtJzC1kgxnmCufC7DEawaPvp
FP81F+YJBOK394dC0KfAsf7paB0uuKbtMEUZsDm9QRlR
-----END CERTIFICATE-----