Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/leAAH4rGishsnZoufTD0XzRz9UE.roa
File:                     leAAH4rGishsnZoufTD0XzRz9UE.roa (raw, json)
Hash identifier:          XYLINiTCGoUfisGhej9/jS2otE2Loul2nvXuv/CwfdM=
Subject key identifier:   95:E0:00:1F:8A:C6:8A:C8:6C:9D:9A:2E:7D:30:F4:5F:34:73:F5:41
Certificate issuer:       /CN=449b18e3296d795d3a9c959be25c70aaab365200
Certificate serial:       019420D641E19B3B083E402F1C743A7D0C56
Authority key identifier: 44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/leAAH4rGishsnZoufTD0XzRz9UE.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208857
IP address blocks:        185.44.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:41:e1:9b:3b:08:3e:40:2f:1c:74:3a:7d:0c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449b18e3296d795d3a9c959be25c70aaab365200
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95e0001f8ac68ac86c9d9a2e7d30f45f3473f541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:46:90:0b:60:04:af:c1:6d:cb:0d:7a:c3:
                    03:0f:7d:20:ea:9d:8b:a6:83:66:e8:d1:43:d4:4e:
                    3f:44:a7:aa:79:78:c7:28:f3:6e:8d:19:ce:56:54:
                    16:81:46:ce:1e:a9:fb:cb:8a:b8:ea:3e:d0:17:63:
                    bf:5c:46:35:ba:5a:68:56:06:21:8a:c1:ab:67:21:
                    68:5a:2e:04:a5:4e:c1:9e:32:cb:a6:57:66:48:b4:
                    c8:e8:d1:e4:c0:e9:30:02:29:54:14:e7:29:2b:b6:
                    ba:39:80:0b:34:f2:74:ff:cd:0a:2f:66:40:ec:64:
                    61:8a:8c:be:19:58:e7:3a:00:eb:97:51:07:a4:3b:
                    a7:62:7f:20:37:d9:49:66:f6:40:65:8b:c9:60:8b:
                    7d:9e:2a:0f:85:c5:22:ce:33:47:fa:eb:4c:ce:91:
                    fd:9d:e0:fb:e3:76:ef:df:bb:d7:20:04:ff:a5:c4:
                    79:2b:59:75:b7:46:84:b0:1a:43:16:22:9d:0a:a6:
                    23:9b:b0:c6:ee:cf:a5:a0:44:36:06:97:41:ab:68:
                    c5:c1:65:ec:b6:c5:af:66:a7:f1:f3:8d:3d:6a:d9:
                    d8:78:ef:f5:47:f5:80:d9:9b:f9:ee:36:05:15:14:
                    e6:dc:3b:d7:13:0d:b0:6a:23:88:31:1f:8a:63:bb:
                    3b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E0:00:1F:8A:C6:8A:C8:6C:9D:9A:2E:7D:30:F4:5F:34:73:F5:41
            X509v3 Authority Key Identifier:
                keyid:44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/leAAH4rGishsnZoufTD0XzRz9UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:38:6a:95:4b:8f:b5:2d:3a:7a:1d:dc:73:69:8b:f7:e7:f6:
         98:54:05:dc:cd:2a:da:c8:0f:68:97:b7:d2:4a:c5:b1:cc:9c:
         be:51:6d:68:86:1b:88:38:3e:f1:e9:cc:30:49:62:07:10:45:
         fe:2b:54:f3:31:1e:fd:b6:1c:e0:b6:e4:76:98:73:05:66:97:
         41:7f:d9:9c:31:67:6b:11:d3:af:21:10:12:33:86:be:68:f2:
         22:51:8e:82:eb:01:00:7f:71:6e:d6:c3:e0:65:45:f3:43:0e:
         b8:57:33:0e:32:07:6a:a1:11:e4:b6:8f:86:13:2a:4a:3d:c8:
         a8:c2:ef:5d:de:f5:be:fe:4a:45:33:b1:53:e0:cc:79:c7:45:
         69:65:0b:71:7c:39:d4:3c:cf:ad:78:97:ac:32:f5:ca:15:c2:
         32:b2:e4:64:a3:fa:dd:72:15:02:cc:6f:cc:31:0d:57:1e:28:
         4a:c4:56:73:ca:16:25:63:0b:cb:6d:dc:eb:e4:9f:d7:00:10:
         74:8f:16:e9:19:f1:c2:51:91:75:05:0f:0f:bd:17:94:22:f1:
         ca:64:dc:26:13:03:cf:d4:9b:a3:ba:97:2f:a9:12:85:c4:28:
         3d:4a:3f:fa:33:3b:77:79:b5:d4:e6:12:cd:99:f4:e2:1d:a6:
         c5:81:39:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kHhmzsIPkAvHHQ6fQxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWIxOGUzMjk2ZDc5NWQzYTljOTU5YmUyNWM3MGFhYWIz
NjUyMDAwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUwMDAxZjhhYzY4YWM4NmM5ZDlhMmU3ZDMwZjQ1ZjM0NzNmNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua9GkAtgBK/BbcsNesMDD30g6p2L
poNm6NFD1E4/RKeqeXjHKPNujRnOVlQWgUbOHqn7y4q46j7QF2O/XEY1ulpoVgYh
isGrZyFoWi4EpU7BnjLLpldmSLTI6NHkwOkwAilUFOcpK7a6OYALNPJ0/80KL2ZA
7GRhioy+GVjnOgDrl1EHpDunYn8gN9lJZvZAZYvJYIt9nioPhcUizjNH+utMzpH9
neD743bv37vXIAT/pcR5K1l1t0aEsBpDFiKdCqYjm7DG7s+loEQ2BpdBq2jFwWXs
tsWvZqfx8409atnYeO/1R/WA2Zv57jYFFRTm3DvXEw2waiOIMR+KY7s7UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXgAB+KxorIbJ2aLn0w9F80c/VBMB8GA1UdIwQY
MBaAFESbGOMpbXldOpyVm+JccKqrNlIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQt
NjVhODk5YTYwMzY2LzEvbGVBQUg0ckdpc2hzblpvdWZURDBYelJ6OVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQtNjVhODk5YTYwMzY2
LzEvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSzQMA0G
CSqGSIb3DQEBCwUAA4IBAQCVOGqVS4+1LTp6HdxzaYv35/aYVAXczSrayA9ol7fS
SsWxzJy+UW1ohhuIOD7x6cwwSWIHEEX+K1TzMR79thzgtuR2mHMFZpdBf9mcMWdr
EdOvIRASM4a+aPIiUY6C6wEAf3Fu1sPgZUXzQw64VzMOMgdqoRHkto+GEypKPcio
wu9d3vW+/kpFM7FT4Mx5x0VpZQtxfDnUPM+teJesMvXKFcIysuRko/rdchUCzG/M
MQ1XHihKxFZzyhYlYwvLbdzr5J/XABB0jxbpGfHCUZF1BQ8PvReUIvHKZNwmEwPP
1JujupcvqRKFxCg9Sj/6Mzt3ebXU5hLNmfTiHabFgTnv
-----END CERTIFICATE-----