Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/JcBXutN7qN9r3mV1Q4r1CivK-0I.roa
File:                     JcBXutN7qN9r3mV1Q4r1CivK-0I.roa (raw, json)
Hash identifier:          56Qzq0ZVE593Fff3zcidu2xQUDQjmT3NRGvYNzmnBCU=
Subject key identifier:   25:C0:57:BA:D3:7B:A8:DF:6B:DE:65:75:43:8A:F5:0A:2B:CA:FB:42
Certificate issuer:       /CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
Certificate serial:       018CC26D737140DC39E4824141249D557704
Authority key identifier: 44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/JcBXutN7qN9r3mV1Q4r1CivK-0I.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210374
IP address blocks:        185.83.215.0/24 maxlen: 24
                          2a05:9f04::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:71:40:dc:39:e4:82:41:41:24:9d:55:77:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25c057bad37ba8df6bde6575438af50a2bcafb42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:04:02:2f:87:7d:12:a8:70:4c:3b:0b:49:
                    46:0f:51:24:1e:f6:f4:09:11:33:b8:29:27:81:0f:
                    88:5e:89:72:4b:54:4c:e5:f3:ab:c2:07:b3:97:fe:
                    66:37:51:06:8a:31:87:49:ea:f5:2c:ec:90:6f:8d:
                    de:3c:df:31:89:fb:2a:25:4d:91:66:83:98:bb:14:
                    5b:fe:f1:53:e7:32:ed:7e:bc:d0:ee:53:63:36:a5:
                    d0:c3:85:60:a4:59:73:f1:99:03:09:c6:34:8d:d7:
                    58:2a:30:fc:69:fb:b1:b2:6f:03:f7:19:f9:5e:ec:
                    e7:b7:d5:09:41:d3:33:78:16:a8:5e:d2:55:d6:2b:
                    e0:31:b5:1a:79:d4:79:3e:25:bb:e5:7a:4f:fb:ec:
                    a8:c9:f5:fc:94:64:8c:6d:98:b0:64:f0:57:61:55:
                    8b:b1:5b:fa:e8:3f:4f:19:b8:81:7f:c7:69:03:df:
                    d0:c9:51:aa:2d:2b:7c:da:9c:33:7c:45:28:81:f8:
                    e4:6a:2d:9b:26:7b:8f:66:db:85:b2:92:f4:d7:d3:
                    63:ad:ed:2b:66:01:3d:cb:f5:47:72:82:06:a4:e0:
                    fe:7d:84:7e:9c:02:ea:8b:9f:65:82:17:df:de:61:
                    37:6f:e4:3d:95:35:35:1f:e3:ff:9b:68:82:c6:12:
                    45:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C0:57:BA:D3:7B:A8:DF:6B:DE:65:75:43:8A:F5:0A:2B:CA:FB:42
            X509v3 Authority Key Identifier:
                keyid:44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/JcBXutN7qN9r3mV1Q4r1CivK-0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.215.0/24
                IPv6:
                  2a05:9f04::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:26:bc:12:eb:c3:4c:f2:ca:fe:78:2d:4d:50:cd:11:99:02:
         1f:9f:b0:b8:15:76:b0:e4:00:e4:ce:8d:bc:1a:8d:e5:fb:c1:
         ea:ed:2d:20:be:e4:5f:b5:12:f4:c9:b6:ce:4c:9e:83:92:c8:
         3a:7e:b7:36:25:64:a1:d8:a1:6f:f6:33:8b:94:92:78:1c:23:
         ee:6d:7c:4c:c2:f4:dd:91:e8:2b:98:d6:6d:7d:5b:86:02:3a:
         2e:b4:f0:02:0e:69:35:e6:c7:b9:d4:c8:38:2d:8f:ab:ef:9d:
         64:aa:34:ef:41:81:c2:00:f3:55:af:ea:87:d5:11:c6:1a:de:
         f4:29:69:20:1f:7b:5d:55:d6:09:b8:cf:b8:97:4d:d8:ac:d7:
         20:cf:85:20:e7:77:08:b8:db:89:81:11:5f:76:3a:3d:4e:e0:
         f1:5c:00:8c:48:d2:91:89:3b:42:3f:4a:92:8e:58:84:81:01:
         e6:24:81:a9:cb:5a:d1:13:59:c8:97:ae:74:00:f2:37:26:c6:
         aa:16:37:9c:34:71:02:4a:84:b0:ce:39:3b:53:3b:1c:2f:14:
         8b:e9:02:d6:4f:9f:d1:27:bd:ee:8e:40:a1:0d:73:44:53:b5:
         fe:41:bf:a4:59:dd:23:18:e7:a7:8c:6e:00:b9:de:6a:d7:88:
         80:0d:da:70
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzCbXNxQNw55IJBQSSdVXcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MDA3MTcyZGY5ZmMyZDRhMmRkYmJhOTM0Y2ViYzlmMDI4
NmQzY2EwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWMwNTdiYWQzN2JhOGRmNmJkZTY1NzU0MzhhZjUwYTJiY2FmYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsoEAi+HfRKocEw7C0lGD1EkHvb0
CREzuCkngQ+IXolyS1RM5fOrwgezl/5mN1EGijGHSer1LOyQb43ePN8xifsqJU2R
ZoOYuxRb/vFT5zLtfrzQ7lNjNqXQw4VgpFlz8ZkDCcY0jddYKjD8afuxsm8D9xn5
Xuznt9UJQdMzeBaoXtJV1ivgMbUaedR5PiW75XpP++yoyfX8lGSMbZiwZPBXYVWL
sVv66D9PGbiBf8dpA9/QyVGqLSt82pwzfEUogfjkai2bJnuPZtuFspL019Njre0r
ZgE9y/VHcoIGpOD+fYR+nALqi59lghff3mE3b+Q9lTU1H+P/m2iCxhJFfwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCXAV7rTe6jfa95ldUOK9QoryvtCMB8GA1UdIwQY
MBaAFEQAcXLfn8LUot27qTTOvJ8ChtPKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYt
MDU4NWRlNGQ0ZWU3LzEvSmNCWHV0TjdxTjlyM21WMVE0cjFDaXZLLTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYtMDU4NWRlNGQ0ZWU3
LzEvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuVPXMA4E
AgACMAgDBgAqBZ8EADANBgkqhkiG9w0BAQsFAAOCAQEAAia8EuvDTPLK/ngtTVDN
EZkCH5+wuBV2sOQA5M6NvBqN5fvB6u0tIL7kX7US9Mm2zkyeg5LIOn63NiVkodih
b/Yzi5SSeBwj7m18TML03ZHoK5jWbX1bhgI6LrTwAg5pNebHudTIOC2Pq++dZKo0
70GBwgDzVa/qh9URxhre9ClpIB97XVXWCbjPuJdN2KzXIM+FIOd3CLjbiYERX3Y6
PU7g8VwAjEjSkYk7Qj9Kko5YhIEB5iSBqcta0RNZyJeudADyNybGqhY3nDRxAkqE
sM45O1M7HC8Ui+kC1k+f0Se97o5AoQ1zRFO1/kG/pFndIxjnp4xuALneateIgA3a
cA==
-----END CERTIFICATE-----