Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/fd6iDZuVXW8FYriumU_UacsN2WE.roa
File:                     fd6iDZuVXW8FYriumU_UacsN2WE.roa (raw, json)
Hash identifier:          yzIgTL4lzoBopSMbJYgVjjE1VaKS+Y57P3a7GsBTCkU=
Subject key identifier:   7D:DE:A2:0D:9B:95:5D:6F:05:62:B8:AE:99:4F:D4:69:CB:0D:D9:61
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0195FBB09C01A33D194B213549BFDA76A4F1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/fd6iDZuVXW8FYriumU_UacsN2WE.roa
Signing time:             Thu 03 Apr 2025 12:46:50 +0000
ROA not before:           Thu 03 Apr 2025 12:46:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58289
IP address blocks:        185.92.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:b0:9c:01:a3:3d:19:4b:21:35:49:bf:da:76:a4:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Apr  3 12:46:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ddea20d9b955d6f0562b8ae994fd469cb0dd961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:80:f7:2d:6d:02:a1:78:68:8c:4b:17:f2:2c:
                    9a:5f:c8:5c:15:65:2d:34:38:91:cf:94:52:e5:37:
                    c1:02:ed:94:49:5f:d2:78:7f:33:a8:8d:79:b1:1e:
                    2d:cc:a8:fc:98:fb:6c:94:3d:95:20:8b:6c:c1:8d:
                    4d:a2:a1:87:60:33:7a:a8:81:0c:d5:d1:0b:e7:c0:
                    93:c5:84:99:af:af:3d:39:37:c5:2e:03:2a:79:02:
                    92:e4:0a:6c:97:03:ba:18:81:dc:5b:66:26:8b:1d:
                    5a:d2:26:5f:5c:48:bf:69:6c:e1:b1:32:f4:7d:10:
                    65:47:78:ae:8d:92:5d:6d:74:3b:35:c1:76:15:cd:
                    6b:3a:67:d0:d0:6b:59:28:a7:fb:6a:d9:c8:bf:57:
                    50:5e:d0:a0:c4:b9:10:e3:69:1c:40:f0:24:eb:86:
                    aa:09:8c:9f:42:51:3a:24:4c:75:6e:a6:dd:a3:7c:
                    9c:ed:9c:56:e2:e7:54:0e:4a:bb:f1:d8:c9:82:ac:
                    d4:d9:9e:29:00:cd:c2:fa:e8:11:1f:1d:ae:ec:70:
                    a8:47:be:bc:71:25:72:86:7b:84:52:e2:0c:cc:11:
                    25:a4:57:b4:ee:5b:46:ef:67:b7:9d:40:6b:dc:ba:
                    c3:b8:04:fb:6f:10:57:6d:23:13:13:75:c4:c9:6f:
                    50:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DE:A2:0D:9B:95:5D:6F:05:62:B8:AE:99:4F:D4:69:CB:0D:D9:61
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/fd6iDZuVXW8FYriumU_UacsN2WE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:65:b5:47:7e:7e:87:55:a6:d6:76:9d:83:65:fd:63:74:53:
         01:e2:46:8d:be:61:38:4c:3c:ff:8c:03:b8:de:d9:94:13:ac:
         f4:70:d7:e4:00:7a:0c:45:7e:07:6b:3f:58:a2:83:00:37:d2:
         d9:43:84:6e:ff:b8:15:55:d4:7e:4b:4c:7f:4c:ce:0c:7a:47:
         46:dd:c6:b9:ae:b5:db:23:3b:c3:b8:fd:57:e9:9d:fd:87:e8:
         cb:11:06:bc:94:46:76:b5:d2:03:32:f9:21:68:a4:22:af:8b:
         e9:55:93:46:ac:41:ce:8e:38:47:12:02:b8:46:8e:5a:8c:b1:
         29:42:99:89:4c:64:3f:b7:9c:b9:73:21:2d:15:67:4d:21:64:
         85:43:ee:c4:3e:d7:78:fd:35:bc:c4:02:d5:ef:80:29:63:08:
         11:9e:d9:72:3a:49:23:8a:57:f5:32:5a:0c:d7:7b:24:ad:31:
         d5:fd:01:41:5f:89:03:d2:2c:95:3e:6c:23:d2:4c:0d:84:c9:
         26:74:dc:5e:ff:03:cb:a5:6c:c8:4f:79:2e:16:e5:7d:a3:85:
         80:0e:be:53:1f:f8:bd:4f:39:82:37:a9:e4:d9:48:fb:16:53:
         1a:46:87:49:fc:24:66:56:a9:47:d8:6b:dd:87:47:bd:3d:77:
         02:5a:64:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX7sJwBoz0ZSyE1Sb/adqTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNDAzMTI0NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRlYTIwZDliOTU1ZDZmMDU2MmI4YWU5OTRmZDQ2OWNiMGRkOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiID3LW0CoXhojEsX8iyaX8hcFWUt
NDiRz5RS5TfBAu2USV/SeH8zqI15sR4tzKj8mPtslD2VIItswY1NoqGHYDN6qIEM
1dEL58CTxYSZr689OTfFLgMqeQKS5ApslwO6GIHcW2Ymix1a0iZfXEi/aWzhsTL0
fRBlR3iujZJdbXQ7NcF2Fc1rOmfQ0GtZKKf7atnIv1dQXtCgxLkQ42kcQPAk64aq
CYyfQlE6JEx1bqbdo3yc7ZxW4udUDkq78djJgqzU2Z4pAM3C+ugRHx2u7HCoR768
cSVyhnuEUuIMzBElpFe07ltG72e3nUBr3LrDuAT7bxBXbSMTE3XEyW9QiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3eog2blV1vBWK4rplP1GnLDdlhMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvZmQ2aURadVZYVzhGWXJpdW1VX1VhY3NOMldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwsMA0G
CSqGSIb3DQEBCwUAA4IBAQC6ZbVHfn6HVabWdp2DZf1jdFMB4kaNvmE4TDz/jAO4
3tmUE6z0cNfkAHoMRX4Haz9YooMAN9LZQ4Ru/7gVVdR+S0x/TM4MekdG3ca5rrXb
IzvDuP1X6Z39h+jLEQa8lEZ2tdIDMvkhaKQir4vpVZNGrEHOjjhHEgK4Ro5ajLEp
QpmJTGQ/t5y5cyEtFWdNIWSFQ+7EPtd4/TW8xALV74ApYwgRntlyOkkjilf1MloM
13skrTHV/QFBX4kD0iyVPmwj0kwNhMkmdNxe/wPLpWzIT3kuFuV9o4WADr5TH/i9
TzmCN6nk2Uj7FlMaRodJ/CRmVqlH2Gvdh0e9PXcCWmSO
-----END CERTIFICATE-----