Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/9cucg5du_6USztDQTmI6gREGVdc.roa
File:                     9cucg5du_6USztDQTmI6gREGVdc.roa (raw, json)
Hash identifier:          2Q9afJNsTFTz0VviWZFXaZIW26EPUrfiQsKyTZzyr90=
Subject key identifier:   F5:CB:9C:83:97:6E:FF:A5:12:CE:D0:D0:4E:62:3A:81:11:06:55:D7
Certificate issuer:       /CN=44f3300bcd844d60752fe5dfb2de299966e9b8f6
Certificate serial:       018CC7275369C7E7646CD42CA122FBD4F0EE
Authority key identifier: 44:F3:30:0B:CD:84:4D:60:75:2F:E5:DF:B2:DE:29:99:66:E9:B8:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPMwC82ETWB1L-Xfst4pmWbpuPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/9cucg5du_6USztDQTmI6gREGVdc.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8447
IP address blocks:        157.247.0.0/16 maxlen: 24
                          192.102.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/RPMwC82ETWB1L-Xfst4pmWbpuPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/RPMwC82ETWB1L-Xfst4pmWbpuPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPMwC82ETWB1L-Xfst4pmWbpuPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:53:69:c7:e7:64:6c:d4:2c:a1:22:fb:d4:f0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f3300bcd844d60752fe5dfb2de299966e9b8f6
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5cb9c83976effa512ced0d04e623a81110655d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2d:9a:29:be:57:2c:83:23:3d:3d:a5:30:41:
                    55:80:7f:1c:5a:a4:79:0c:f7:c5:cd:c6:e6:c1:9d:
                    2a:92:48:9a:53:fe:f8:0d:c7:a7:af:5e:85:5b:e0:
                    75:ba:25:65:04:df:c1:71:37:23:8a:4c:04:dc:d0:
                    dc:d5:8a:0d:df:a8:e6:e2:29:ed:c6:68:9b:e8:85:
                    e3:56:24:3d:b6:96:7a:af:26:c7:f0:45:8d:cd:19:
                    aa:c7:6b:b1:e1:9d:08:a5:eb:30:e1:27:44:77:49:
                    d0:68:e9:a7:1a:e8:d9:1d:f2:23:a4:dc:f6:ba:80:
                    a4:5b:4b:0c:2f:55:96:ef:d2:c0:bf:7f:52:91:f4:
                    ad:aa:57:5c:d0:ac:5c:91:03:a2:3d:eb:21:e8:f5:
                    cc:22:fd:b7:64:93:c1:f5:45:96:3f:9b:cd:9a:22:
                    49:19:88:28:6f:ad:a7:ec:ef:1a:c7:b1:d2:9b:b9:
                    f0:d4:a8:83:45:bb:b4:1e:c3:84:16:d4:7f:59:d2:
                    24:8f:28:d2:79:94:6b:fe:92:8d:80:de:36:cd:cb:
                    a5:28:d2:0a:71:a7:e8:0d:9a:e3:b5:14:5f:6c:42:
                    be:bb:4e:db:d5:e4:2e:04:1d:68:92:71:ee:e3:67:
                    92:cd:fb:7f:21:92:63:2f:37:e4:3b:a2:10:b7:aa:
                    76:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CB:9C:83:97:6E:FF:A5:12:CE:D0:D0:4E:62:3A:81:11:06:55:D7
            X509v3 Authority Key Identifier:
                keyid:44:F3:30:0B:CD:84:4D:60:75:2F:E5:DF:B2:DE:29:99:66:E9:B8:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPMwC82ETWB1L-Xfst4pmWbpuPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/9cucg5du_6USztDQTmI6gREGVdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c48341-b8f0-40e9-9aa3-81484f7a79ba/1/RPMwC82ETWB1L-Xfst4pmWbpuPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.247.0.0/16
                  192.102.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:4b:0e:7f:29:4d:b4:71:fd:07:e5:9f:90:4d:66:7b:a9:48:
         ec:6a:6a:3f:29:bb:11:21:54:e8:cb:7a:61:d7:ca:89:f6:30:
         94:a8:c7:d4:64:5e:64:80:32:7b:a5:65:70:3c:20:4c:90:76:
         ff:27:0d:f8:a3:c2:23:c7:5f:48:2e:94:7c:3a:67:e0:8a:2c:
         62:98:cf:b0:20:fd:5a:a6:d7:58:f0:ac:20:f4:f0:52:7f:26:
         69:df:db:5a:0f:9f:bc:0c:e2:3d:3e:22:a1:d2:74:e6:0b:25:
         be:e3:4d:6d:89:f9:b3:af:09:8a:fa:07:6e:80:5b:52:10:b1:
         06:97:85:4d:3e:48:ef:59:f8:82:a0:e6:17:fb:3e:64:31:55:
         43:a6:79:4c:a5:79:60:74:22:41:65:8f:fb:9d:41:f7:c5:e0:
         94:f5:31:7b:06:d6:02:5b:71:7e:8a:6d:a2:78:93:b8:4f:78:
         7f:c8:3d:32:b1:82:11:36:e1:3d:f6:60:39:44:4d:93:f2:e9:
         90:04:55:59:0a:f0:23:99:ac:eb:68:f2:31:98:ec:e3:15:99:
         3a:59:87:70:3c:b6:39:bc:7f:c6:73:c9:85:48:ad:26:de:37:
         bc:d9:bf:b0:c1:28:4a:8f:7e:25:bd:f0:fc:5d:b0:bd:41:18:
         6b:3a:10:d7
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzHJ1Npx+dkbNQsoSL71PDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZjMzMDBiY2Q4NDRkNjA3NTJmZTVkZmIyZGUyOTk5NjZl
OWI4ZjYwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNiOWM4Mzk3NmVmZmE1MTJjZWQwZDA0ZTYyM2E4MTExMDY1NWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS2aKb5XLIMjPT2lMEFVgH8cWqR5
DPfFzcbmwZ0qkkiaU/74Dcenr16FW+B1uiVlBN/BcTcjikwE3NDc1YoN36jm4int
xmib6IXjViQ9tpZ6rybH8EWNzRmqx2ux4Z0Ipesw4SdEd0nQaOmnGujZHfIjpNz2
uoCkW0sML1WW79LAv39SkfStqldc0KxckQOiPesh6PXMIv23ZJPB9UWWP5vNmiJJ
GYgob62n7O8ax7HSm7nw1KiDRbu0HsOEFtR/WdIkjyjSeZRr/pKNgN42zculKNIK
cafoDZrjtRRfbEK+u07b1eQuBB1oknHu42eSzft/IZJjLzfkO6IQt6p2QwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFPXLnIOXbv+lEs7Q0E5iOoERBlXXMB8GA1UdIwQY
MBaAFETzMAvNhE1gdS/l37LeKZlm6bj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBNd0M4MkVUV0IxTC1YZnN0NHBtV2JwdVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNDgzNDEtYjhmMC00MGU5LTlhYTMt
ODE0ODRmN2E3OWJhLzEvOWN1Y2c1ZHVfNlVTenREUVRtSTZnUkVHVmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNDgzNDEtYjhmMC00MGU5LTlhYTMtODE0ODRmN2E3OWJh
LzEvUlBNd0M4MkVUV0IxTC1YZnN0NHBtV2JwdVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAnfcDBADA
ZhEwDQYJKoZIhvcNAQELBQADggEBADhLDn8pTbRx/Qfln5BNZnupSOxqaj8puxEh
VOjLemHXyon2MJSox9RkXmSAMnulZXA8IEyQdv8nDfijwiPHX0gulHw6Z+CKLGKY
z7Ag/Vqm11jwrCD08FJ/Jmnf21oPn7wM4j0+IqHSdOYLJb7jTW2J+bOvCYr6B26A
W1IQsQaXhU0+SO9Z+IKg5hf7PmQxVUOmeUyleWB0IkFlj/udQffF4JT1MXsG1gJb
cX6KbaJ4k7hPeH/IPTKxghE24T32YDlETZPy6ZAEVVkK8COZrOto8jGY7OMVmTpZ
h3A8tjm8f8ZzyYVIrSbeN7zZv7DBKEqPfiW98PxdsL1BGGs6ENc=
-----END CERTIFICATE-----