Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/KqS4XusWPM8n30L8p9_eEIEUpl8.roa
File:                     KqS4XusWPM8n30L8p9_eEIEUpl8.roa (raw, json)
Hash identifier:          bVTr0qovzSz4Xvs/17Hv25wbCLoHk/dzfxrtbzh4qFI=
Subject key identifier:   2A:A4:B8:5E:EB:16:3C:CF:27:DF:42:FC:A7:DF:DE:10:81:14:A6:5F
Certificate issuer:       /CN=7701ee4c1a226f9f62429f35756a78980a5b457a
Certificate serial:       018E50F210B9A1F5116E2423DF4C32B9D7AD
Authority key identifier: 77:01:EE:4C:1A:22:6F:9F:62:42:9F:35:75:6A:78:98:0A:5B:45:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dwHuTBoib59iQp81dWp4mApbRXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/KqS4XusWPM8n30L8p9_eEIEUpl8.roa
Signing time:             Mon 18 Mar 2024 09:43:45 +0000
ROA not before:           Mon 18 Mar 2024 09:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.244.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/dwHuTBoib59iQp81dWp4mApbRXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/dwHuTBoib59iQp81dWp4mApbRXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dwHuTBoib59iQp81dWp4mApbRXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:f2:10:b9:a1:f5:11:6e:24:23:df:4c:32:b9:d7:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7701ee4c1a226f9f62429f35756a78980a5b457a
        Validity
            Not Before: Mar 18 09:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa4b85eeb163ccf27df42fca7dfde108114a65f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f1:b0:64:c1:8e:73:47:aa:c3:87:16:ef:46:
                    c4:2f:18:e7:f2:e0:81:7c:4b:67:f5:07:56:35:f9:
                    4b:84:93:04:93:21:17:70:19:f0:be:81:17:2e:6b:
                    db:94:0a:1d:2a:87:a3:4f:c2:1d:dc:58:e3:fa:d1:
                    73:4f:2e:bf:2f:13:e7:d9:6f:dc:27:5e:80:bf:e3:
                    cb:8f:cf:be:fa:c7:8e:cd:76:dd:0b:a0:33:f2:dd:
                    a3:5f:86:6a:b4:b9:7d:3f:3d:18:7a:24:b3:78:4b:
                    f7:78:1e:3f:ae:b0:59:50:e0:73:e9:25:ac:da:45:
                    84:c8:05:56:63:68:a9:fe:30:00:f2:c3:dd:f6:ab:
                    cf:8d:98:51:b2:a7:12:56:2a:30:ae:2b:31:0b:d6:
                    2f:03:fd:c3:6e:da:b1:5b:c6:1d:fd:b0:d5:c3:90:
                    6a:05:26:b4:c1:c3:c3:54:76:78:10:ed:a3:a4:c4:
                    54:a4:d8:1b:9f:5b:0e:81:d6:90:30:c1:57:af:39:
                    b4:9d:e6:a1:a8:b2:32:63:bc:b6:47:4c:16:1e:ba:
                    87:d5:30:bf:25:03:9b:e5:23:53:2a:03:b4:0b:79:
                    39:dd:7d:37:22:28:34:fd:a6:38:14:0b:9f:f3:26:
                    18:07:0c:11:20:5b:78:40:48:4a:22:04:9d:c5:8b:
                    6d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A4:B8:5E:EB:16:3C:CF:27:DF:42:FC:A7:DF:DE:10:81:14:A6:5F
            X509v3 Authority Key Identifier:
                keyid:77:01:EE:4C:1A:22:6F:9F:62:42:9F:35:75:6A:78:98:0A:5B:45:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dwHuTBoib59iQp81dWp4mApbRXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/KqS4XusWPM8n30L8p9_eEIEUpl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b72999-0952-4576-b118-21e739563683/1/dwHuTBoib59iQp81dWp4mApbRXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:b4:b4:8b:b1:b5:33:03:61:aa:77:18:51:66:48:dd:09:03:
         c5:8f:aa:a7:67:90:aa:b8:26:bd:d8:f2:8d:fd:ed:8f:2a:34:
         33:9d:f2:35:75:0e:ff:ac:99:af:c2:6a:f7:3b:e8:44:97:c6:
         d1:2a:b5:a7:1a:bd:c1:4d:9c:ac:4b:dc:5d:5b:e1:d3:b1:bd:
         06:c7:4a:22:a9:f4:47:ba:b9:5e:02:49:4a:f5:3a:77:74:bf:
         a0:e0:af:8f:cd:fd:74:bb:2f:9a:71:2f:29:ce:66:69:47:c6:
         84:b6:49:9b:30:3f:11:3b:44:be:bb:eb:7a:c0:3b:2a:4a:ae:
         ed:13:8b:fa:61:5b:b7:dc:b4:97:ab:7d:af:03:be:35:28:81:
         ce:44:23:bb:48:70:8b:0d:0a:c0:c5:01:62:c4:81:51:91:6b:
         af:15:65:cf:e5:f5:d9:0d:f1:f5:5a:5b:65:7b:35:79:36:a9:
         0e:81:54:2d:8e:a9:83:ad:d3:61:18:a7:90:62:e2:80:9c:37:
         ee:26:c7:14:59:bd:6a:23:3d:82:8d:ea:5b:63:43:a8:88:ff:
         08:6a:2a:90:a0:a1:c0:e9:6b:08:31:82:65:cf:0b:11:60:71:
         e3:60:d6:2f:7d:29:9f:04:5c:8a:7a:87:7c:45:db:63:fb:f7:
         fc:f0:6f:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Q8hC5ofURbiQj30wyudetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MDFlZTRjMWEyMjZmOWY2MjQyOWYzNTc1NmE3ODk4MGE1
YjQ1N2EwHhcNMjQwMzE4MDk0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWE0Yjg1ZWViMTYzY2NmMjdkZjQyZmNhN2RmZGUxMDgxMTRhNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvGwZMGOc0eqw4cW70bELxjn8uCB
fEtn9QdWNflLhJMEkyEXcBnwvoEXLmvblAodKoejT8Id3Fjj+tFzTy6/LxPn2W/c
J16Av+PLj8+++seOzXbdC6Az8t2jX4ZqtLl9Pz0YeiSzeEv3eB4/rrBZUOBz6SWs
2kWEyAVWY2ip/jAA8sPd9qvPjZhRsqcSViowrisxC9YvA/3DbtqxW8Yd/bDVw5Bq
BSa0wcPDVHZ4EO2jpMRUpNgbn1sOgdaQMMFXrzm0neahqLIyY7y2R0wWHrqH1TC/
JQOb5SNTKgO0C3k53X03Iig0/aY4FAuf8yYYBwwRIFt4QEhKIgSdxYttKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqkuF7rFjzPJ99C/Kff3hCBFKZfMB8GA1UdIwQY
MBaAFHcB7kwaIm+fYkKfNXVqeJgKW0V6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHdIdVRCb2liNTlpUXA4MWRXcDRtQXBiUlhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9iNzI5OTktMDk1Mi00NTc2LWIxMTgt
MjFlNzM5NTYzNjgzLzEvS3FTNFh1c1dQTThuMzBMOHA5X2VFSUVVcGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9iNzI5OTktMDk1Mi00NTc2LWIxMTgtMjFlNzM5NTYzNjgz
LzEvZHdIdVRCb2liNTlpUXA4MWRXcDRtQXBiUlhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufTGMA0G
CSqGSIb3DQEBCwUAA4IBAQCwtLSLsbUzA2GqdxhRZkjdCQPFj6qnZ5CquCa92PKN
/e2PKjQznfI1dQ7/rJmvwmr3O+hEl8bRKrWnGr3BTZysS9xdW+HTsb0Gx0oiqfRH
urleAklK9Tp3dL+g4K+Pzf10uy+acS8pzmZpR8aEtkmbMD8RO0S+u+t6wDsqSq7t
E4v6YVu33LSXq32vA741KIHORCO7SHCLDQrAxQFixIFRkWuvFWXP5fXZDfH1Wltl
ezV5NqkOgVQtjqmDrdNhGKeQYuKAnDfuJscUWb1qIz2CjepbY0OoiP8IaiqQoKHA
6WsIMYJlzwsRYHHjYNYvfSmfBFyKeod8Rdtj+/f88G9H
-----END CERTIFICATE-----