Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/x8cVD2HrSsr6fGlXKp5MKcVAmew.roa
File:                     x8cVD2HrSsr6fGlXKp5MKcVAmew.roa (raw, json)
Hash identifier:          Gv3Z9vbUtpNsVey4SBxbQNfUX7sW5hY/zDSygXM0OCc=
Subject key identifier:   C7:C7:15:0F:61:EB:4A:CA:FA:7C:69:57:2A:9E:4C:29:C5:40:99:EC
Certificate issuer:       /CN=3db8a2adddb002850854996a94b72b87f4a7b30f
Certificate serial:       018CC4250002D41ED4EEEB40157768150F8D
Authority key identifier: 3D:B8:A2:AD:DD:B0:02:85:08:54:99:6A:94:B7:2B:87:F4:A7:B3:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pbiird2wAoUIVJlqlLcrh_Snsw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/x8cVD2HrSsr6fGlXKp5MKcVAmew.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24892
IP address blocks:        185.107.49.0/24 maxlen: 24
                          185.107.50.0/24 maxlen: 24
                          185.107.48.0/24 maxlen: 24
                          185.107.51.0/24 maxlen: 24
                          185.107.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/Pbiird2wAoUIVJlqlLcrh_Snsw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/Pbiird2wAoUIVJlqlLcrh_Snsw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pbiird2wAoUIVJlqlLcrh_Snsw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:00:02:d4:1e:d4:ee:eb:40:15:77:68:15:0f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3db8a2adddb002850854996a94b72b87f4a7b30f
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7c7150f61eb4acafa7c69572a9e4c29c54099ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:91:11:2b:4a:89:ff:7e:9f:a2:1c:f3:5f:40:
                    2a:fb:e3:6d:82:4a:ca:36:06:62:a9:79:cf:17:fd:
                    45:93:d8:ca:35:73:79:d4:e9:5b:ef:21:a8:50:f8:
                    6e:80:4a:4f:bb:25:c4:39:cc:5d:e9:8b:b1:b7:5b:
                    ed:db:00:68:76:a4:9c:e7:4a:4f:21:e3:81:5f:d0:
                    6c:13:0e:88:dd:5b:53:8f:3f:e7:11:4a:45:5c:a3:
                    44:e8:56:92:00:71:96:a7:58:74:ee:5d:2b:f3:99:
                    d8:94:0a:87:0c:ec:6a:58:a8:69:85:02:ae:0d:7f:
                    43:40:98:50:10:74:df:b4:36:3a:21:6e:d1:db:2e:
                    b1:0c:63:8c:4f:31:03:2e:e0:df:20:fd:95:ee:26:
                    90:0c:c2:86:61:c3:03:ea:e2:5f:a3:5a:68:f6:2e:
                    f9:64:28:11:2a:67:ac:30:e7:c2:36:6e:1b:2d:5e:
                    95:5c:7d:d7:0b:c9:11:96:89:45:35:90:a4:1e:e7:
                    c0:bc:47:5a:b9:81:02:d2:1c:9e:64:6f:0e:5f:43:
                    89:9f:77:bd:39:24:20:a2:ad:7b:09:9d:f9:25:25:
                    ac:40:6b:c9:08:94:33:f8:aa:4b:a3:5b:ee:c9:80:
                    3a:d2:47:03:2b:dd:76:ba:8a:94:a0:3f:91:12:5a:
                    68:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C7:15:0F:61:EB:4A:CA:FA:7C:69:57:2A:9E:4C:29:C5:40:99:EC
            X509v3 Authority Key Identifier:
                keyid:3D:B8:A2:AD:DD:B0:02:85:08:54:99:6A:94:B7:2B:87:F4:A7:B3:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pbiird2wAoUIVJlqlLcrh_Snsw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/x8cVD2HrSsr6fGlXKp5MKcVAmew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2d43c2-3b2e-4f2e-a6ad-a0a72a733c02/1/Pbiird2wAoUIVJlqlLcrh_Snsw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:ba:78:03:13:f3:1b:96:a4:93:9c:3d:94:13:4a:f6:31:26:
         6e:d8:5e:9a:be:ea:56:96:2f:46:15:56:20:80:39:28:4c:46:
         df:05:c0:fd:3e:ad:f8:0f:db:0e:1e:c9:33:a8:cb:7c:b0:fd:
         4c:ca:de:cd:97:ce:7d:3c:26:fa:e4:63:aa:74:fa:a4:22:e8:
         24:b6:79:e5:03:82:a9:ae:02:e4:28:e8:28:e6:84:cc:56:41:
         45:f7:dd:38:34:e2:44:ba:7b:5e:0e:0b:1e:bf:c7:4d:48:bd:
         c0:d6:8e:6a:4c:48:5e:ee:ef:5f:08:e6:7c:88:f0:59:94:0c:
         dc:c3:f1:b5:56:af:1e:d9:d2:b4:83:8b:ed:2d:fe:2a:db:a8:
         d9:c7:f1:78:6c:46:f3:32:49:d8:d0:31:2f:08:93:0d:28:da:
         a4:2e:02:23:c0:70:bf:a6:ba:bb:90:02:98:7f:3d:6a:54:8f:
         0e:78:91:5d:92:27:93:90:91:5b:44:fa:51:77:5c:8e:91:50:
         d8:9d:fe:5e:81:1b:17:b4:b8:da:2a:29:fe:27:a6:de:d5:3a:
         e8:e1:c7:55:12:76:52:81:e5:2f:d4:5f:71:c9:81:19:f5:c0:
         c9:cc:f1:ac:ce:0d:17:d8:1e:54:12:b2:e4:77:40:42:10:1c:
         1b:45:bf:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQAC1B7U7utAFXdoFQ+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYjhhMmFkZGRiMDAyODUwODU0OTk2YTk0YjcyYjg3ZjRh
N2IzMGYwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2M3MTUwZjYxZWI0YWNhZmE3YzY5NTcyYTllNGMyOWM1NDA5OWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZERK0qJ/36fohzzX0Aq++NtgkrK
NgZiqXnPF/1Fk9jKNXN51Olb7yGoUPhugEpPuyXEOcxd6Yuxt1vt2wBodqSc50pP
IeOBX9BsEw6I3VtTjz/nEUpFXKNE6FaSAHGWp1h07l0r85nYlAqHDOxqWKhphQKu
DX9DQJhQEHTftDY6IW7R2y6xDGOMTzEDLuDfIP2V7iaQDMKGYcMD6uJfo1po9i75
ZCgRKmesMOfCNm4bLV6VXH3XC8kRlolFNZCkHufAvEdauYEC0hyeZG8OX0OJn3e9
OSQgoq17CZ35JSWsQGvJCJQz+KpLo1vuyYA60kcDK912uoqUoD+RElponwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfHFQ9h60rK+nxpVyqeTCnFQJnsMB8GA1UdIwQY
MBaAFD24oq3dsAKFCFSZapS3K4f0p7MPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGJpaXJkMndBb1VJVkpscWxMY3JoX1Nuc3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yZDQzYzItM2IyZS00ZjJlLWE2YWQt
YTBhNzJhNzMzYzAyLzEveDhjVkQySHJTc3I2ZkdsWEtwNU1LY1ZBbWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yZDQzYzItM2IyZS00ZjJlLWE2YWQtYTBhNzJhNzMzYzAy
LzEvUGJpaXJkMndBb1VJVkpscWxMY3JoX1Nuc3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWswMA0G
CSqGSIb3DQEBCwUAA4IBAQBMungDE/MblqSTnD2UE0r2MSZu2F6avupWli9GFVYg
gDkoTEbfBcD9Pq34D9sOHskzqMt8sP1Myt7Nl859PCb65GOqdPqkIugktnnlA4Kp
rgLkKOgo5oTMVkFF9904NOJEunteDgsev8dNSL3A1o5qTEhe7u9fCOZ8iPBZlAzc
w/G1Vq8e2dK0g4vtLf4q26jZx/F4bEbzMknY0DEvCJMNKNqkLgIjwHC/prq7kAKY
fz1qVI8OeJFdkieTkJFbRPpRd1yOkVDYnf5egRsXtLjaKin+J6be1Tro4cdVEnZS
geUv1F9xyYEZ9cDJzPGszg0X2B5UErLkd0BCEBwbRb9c
-----END CERTIFICATE-----