Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/Ey0Vqi-HSMICIeEnFC0Urc0NUHs.roa
File:                     Ey0Vqi-HSMICIeEnFC0Urc0NUHs.roa (raw, json)
Hash identifier:          fKAZXhgelfKzQ2dTa3P+6ItKGajikTjBVU6CfQQQHZw=
Subject key identifier:   13:2D:15:AA:2F:87:48:C2:02:21:E1:27:14:2D:14:AD:CD:0D:50:7B
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       018CC94E63FAE499AB06A3B4FC78961190F7
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/Ey0Vqi-HSMICIeEnFC0Urc0NUHs.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204639
IP address blocks:        185.44.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:63:fa:e4:99:ab:06:a3:b4:fc:78:96:11:90:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=132d15aa2f8748c20221e127142d14adcd0d507b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:77:7f:14:d4:4f:a5:cc:76:9c:fd:d5:db:ee:
                    a1:8f:85:8a:d7:20:c8:c9:4c:4f:66:31:02:91:42:
                    11:a4:79:16:87:30:6a:66:fb:66:c2:67:32:a6:76:
                    b9:db:6d:a8:cd:30:49:53:1d:70:45:52:e2:70:f7:
                    00:5f:2e:ae:59:b2:ca:b9:35:fa:6f:9d:ab:c2:9a:
                    45:5a:10:1b:e7:fb:b3:38:ff:45:27:f6:06:e3:85:
                    d5:e6:72:3d:4c:c9:19:7e:08:61:d2:81:43:06:d4:
                    73:23:62:b3:b8:07:18:34:cd:26:db:89:61:68:9b:
                    f8:d7:f5:5e:c1:50:c0:e2:e8:01:14:9c:eb:0b:79:
                    fc:a8:55:07:2e:ef:53:83:c2:09:17:bc:23:86:48:
                    b9:02:7b:d5:21:6a:d3:07:b3:8f:f5:0f:5c:7f:59:
                    d8:d8:25:5a:67:f6:b5:e7:ba:22:d0:6c:e6:35:7b:
                    8f:4e:11:f6:55:d0:cd:7b:44:54:8b:3c:69:8b:30:
                    ee:21:40:3f:53:00:d6:39:44:db:43:8c:0f:d0:43:
                    0d:a7:cf:fa:21:7c:e0:4d:8b:40:eb:53:3f:9b:8a:
                    43:f9:78:a9:00:54:c3:05:f0:4b:1d:ce:f1:95:8d:
                    2a:5d:fa:57:a5:2b:d8:f3:b4:0f:b7:fd:f0:1a:66:
                    ee:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:2D:15:AA:2F:87:48:C2:02:21:E1:27:14:2D:14:AD:CD:0D:50:7B
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/Ey0Vqi-HSMICIeEnFC0Urc0NUHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:07:0a:94:39:ef:4e:09:58:5e:8d:7c:67:74:4b:3a:19:3d:
         0d:38:c7:d4:3b:59:2a:de:e4:1f:e8:bf:3e:ba:0c:bc:da:23:
         f6:27:39:df:a7:79:55:15:f9:88:31:5c:68:a3:52:8d:50:11:
         5b:4e:57:d5:75:1d:fb:e8:f0:f0:d1:d4:c7:18:ff:c7:de:a8:
         5f:b3:d9:f2:69:5c:d0:ac:06:e2:a6:e2:56:f1:58:a2:ec:3b:
         fd:f8:e3:6b:3a:3d:3b:a7:49:d4:a3:c4:d2:b1:25:24:dc:41:
         04:ea:d7:10:0d:d7:63:c7:c5:51:b3:a2:58:14:b9:09:a8:42:
         5a:a2:f6:5c:68:06:32:81:58:ce:71:89:e1:af:6d:b4:33:95:
         a3:6b:f4:a7:a7:dc:7a:77:ac:aa:ce:c2:23:ec:a4:9a:54:f1:
         de:43:92:29:9b:78:94:17:ac:25:9b:ae:68:1a:f1:e1:da:b3:
         54:20:16:82:65:04:4d:3e:7c:35:fd:2b:23:41:08:0e:de:5a:
         5c:01:ee:29:b6:68:1a:06:83:1e:41:c6:f0:74:07:9b:2a:f7:
         a1:bc:06:66:0d:7d:c5:ba:0a:8b:3f:f4:45:f1:af:aa:df:98:
         ed:0a:3c:33:f6:82:f4:d5:45:50:db:24:d9:57:01:5a:e6:b6:
         23:0e:61:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmP65JmrBqO0/HiWEZD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzJkMTVhYTJmODc0OGMyMDIyMWUxMjcxNDJkMTRhZGNkMGQ1MDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnd/FNRPpcx2nP3V2+6hj4WK1yDI
yUxPZjECkUIRpHkWhzBqZvtmwmcypna5222ozTBJUx1wRVLicPcAXy6uWbLKuTX6
b52rwppFWhAb5/uzOP9FJ/YG44XV5nI9TMkZfghh0oFDBtRzI2KzuAcYNM0m24lh
aJv41/VewVDA4ugBFJzrC3n8qFUHLu9Tg8IJF7wjhki5AnvVIWrTB7OP9Q9cf1nY
2CVaZ/a157oi0GzmNXuPThH2VdDNe0RUizxpizDuIUA/UwDWOUTbQ4wP0EMNp8/6
IXzgTYtA61M/m4pD+XipAFTDBfBLHc7xlY0qXfpXpSvY87QPt/3wGmbunQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMtFaovh0jCAiHhJxQtFK3NDVB7MB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvRXkwVnFpLUhTTUlDSWVFbkZDMFVyYzBOVUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSx2MA0G
CSqGSIb3DQEBCwUAA4IBAQCjBwqUOe9OCVhejXxndEs6GT0NOMfUO1kq3uQf6L8+
ugy82iP2Jznfp3lVFfmIMVxoo1KNUBFbTlfVdR376PDw0dTHGP/H3qhfs9nyaVzQ
rAbipuJW8Vii7Dv9+ONrOj07p0nUo8TSsSUk3EEE6tcQDddjx8VRs6JYFLkJqEJa
ovZcaAYygVjOcYnhr220M5Wja/Snp9x6d6yqzsIj7KSaVPHeQ5Ipm3iUF6wlm65o
GvHh2rNUIBaCZQRNPnw1/SsjQQgO3lpcAe4ptmgaBoMeQcbwdAebKvehvAZmDX3F
ugqLP/RF8a+q35jtCjwz9oL01UVQ2yTZVwFa5rYjDmGe
-----END CERTIFICATE-----