Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/PyUxaWOGMjNI4CPYCq0P2TXHufo.roa
File:                     PyUxaWOGMjNI4CPYCq0P2TXHufo.roa (raw, json)
Hash identifier:          HUecMyXCqgcAuQNF7OoOABKoVC3GFnpISGe142ET5rs=
Subject key identifier:   3F:25:31:69:63:86:32:33:48:E0:23:D8:0A:AD:0F:D9:35:C7:B9:FA
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018CC348B40A9DCBEEB94C032A04418691F8
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/PyUxaWOGMjNI4CPYCq0P2TXHufo.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        185.92.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b4:0a:9d:cb:ee:b9:4c:03:2a:04:41:86:91:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f2531696386323348e023d80aad0fd935c7b9fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7b:51:15:d3:f7:54:7c:fa:88:c1:33:be:11:
                    0e:94:01:e9:3d:80:aa:6e:bf:7c:9b:76:96:86:76:
                    e1:62:d5:38:b0:7c:46:43:6a:82:80:45:14:85:e9:
                    fb:8a:28:ee:39:cc:9d:7f:f4:18:1f:9c:a2:46:27:
                    0b:c1:34:b2:95:ac:1b:9f:40:d8:ca:f7:26:cb:f0:
                    d3:6f:80:f4:f1:43:cb:88:72:17:3c:da:93:da:24:
                    48:59:70:16:bd:5b:56:70:56:17:f3:66:a9:3b:05:
                    ff:ca:aa:30:8c:0b:8a:6d:f5:3c:29:8c:45:f5:a4:
                    43:be:50:b2:4b:7b:22:00:19:65:59:8b:07:ee:ce:
                    77:9f:eb:67:1c:68:1e:5b:3a:48:a2:9b:ab:a5:4b:
                    7d:b3:d9:c6:fc:0d:3c:5a:dc:dc:12:29:bb:cb:7a:
                    c6:cb:f1:60:3f:df:4b:25:66:c8:43:fe:3b:6b:94:
                    aa:b7:c4:1c:c3:60:fc:54:6b:a8:ef:99:b0:6a:02:
                    b1:f2:a7:1e:91:55:bf:21:c6:26:b1:24:f1:38:dc:
                    0b:40:ec:41:26:69:c0:a8:bd:52:a9:8a:38:a1:02:
                    e5:59:0f:9f:35:9a:e0:4a:07:e0:62:01:72:4d:e3:
                    a0:0b:ed:45:eb:b4:4b:47:99:e1:37:ff:32:98:4e:
                    84:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:25:31:69:63:86:32:33:48:E0:23:D8:0A:AD:0F:D9:35:C7:B9:FA
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/PyUxaWOGMjNI4CPYCq0P2TXHufo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7a:ec:0b:f3:e5:67:e6:77:7d:f5:1b:68:a4:3d:27:0e:49:
         1b:04:36:02:16:75:f8:6a:bc:3c:59:07:67:8c:b0:c4:f1:25:
         9f:d2:ae:64:8c:54:32:2a:d1:54:38:fa:b8:64:b9:4c:20:c7:
         6e:db:3d:c2:5a:16:66:e9:6a:7f:bb:66:bf:db:f8:dc:81:98:
         4b:b5:93:7f:05:b0:ef:90:77:2e:a7:e7:70:44:e4:3a:53:ee:
         11:22:e0:67:21:ba:db:90:07:63:6f:e9:22:83:86:60:6b:63:
         47:b1:e1:b3:ba:60:18:11:8e:1b:20:2c:d0:37:e8:be:84:c5:
         59:39:86:bb:e3:80:c8:56:37:b5:56:03:4f:9c:b2:e7:34:7b:
         04:a7:80:29:17:5a:d5:01:23:66:60:b5:f1:90:63:15:28:6b:
         80:5f:4c:d0:03:c7:cd:f4:42:e4:fc:7f:cd:c1:8a:c3:28:a6:
         cc:e8:1a:b7:1d:6f:36:3f:02:e8:ab:67:40:ce:ad:bb:3b:02:
         a3:eb:4c:8e:c2:f8:14:27:dc:a9:ac:c9:af:2b:c8:05:7c:02:
         f2:98:e5:30:e7:2c:f3:d0:d7:93:9f:ad:3a:18:9d:9f:d2:67:
         51:eb:b8:f3:c0:bc:48:8a:03:28:b7:14:fe:ea:11:d7:e2:0f:
         7f:37:c4:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLQKncvuuUwDKgRBhpH4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI1MzE2OTYzODYzMjMzNDhlMDIzZDgwYWFkMGZkOTM1YzdiOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXtRFdP3VHz6iMEzvhEOlAHpPYCq
br98m3aWhnbhYtU4sHxGQ2qCgEUUhen7iijuOcydf/QYH5yiRicLwTSylawbn0DY
yvcmy/DTb4D08UPLiHIXPNqT2iRIWXAWvVtWcFYX82apOwX/yqowjAuKbfU8KYxF
9aRDvlCyS3siABllWYsH7s53n+tnHGgeWzpIopurpUt9s9nG/A08WtzcEim7y3rG
y/FgP99LJWbIQ/47a5Sqt8Qcw2D8VGuo75mwagKx8qcekVW/IcYmsSTxONwLQOxB
JmnAqL1SqYo4oQLlWQ+fNZrgSgfgYgFyTeOgC+1F67RLR5nhN/8ymE6EGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8lMWljhjIzSOAj2AqtD9k1x7n6MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvUHlVeGFXT0dNak5JNENQWUNxMFAyVFhIdWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwsMA0G
CSqGSIb3DQEBCwUAA4IBAQCDeuwL8+Vn5nd99RtopD0nDkkbBDYCFnX4arw8WQdn
jLDE8SWf0q5kjFQyKtFUOPq4ZLlMIMdu2z3CWhZm6Wp/u2a/2/jcgZhLtZN/BbDv
kHcup+dwROQ6U+4RIuBnIbrbkAdjb+kig4Zga2NHseGzumAYEY4bICzQN+i+hMVZ
OYa744DIVje1VgNPnLLnNHsEp4ApF1rVASNmYLXxkGMVKGuAX0zQA8fN9ELk/H/N
wYrDKKbM6Bq3HW82PwLoq2dAzq27OwKj60yOwvgUJ9yprMmvK8gFfALymOUw5yzz
0NeTn606GJ2f0mdR67jzwLxIigMotxT+6hHX4g9/N8SA
-----END CERTIFICATE-----