Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/1-OVd2lrgp3V2rXsCVF3GooeWhcE.roa
File:                     1-OVd2lrgp3V2rXsCVF3GooeWhcE.roa (raw, json)
Hash identifier:          KipoSrKFnoRi0oHmHkcFIq8GeOt3ELUBmEPs2x8pv/4=
Subject key identifier:   F8:E5:5D:DA:5A:E0:A7:75:76:AD:7B:02:54:5D:C6:A2:87:96:85:C1
Certificate issuer:       /CN=300b2f46ba570a1677bfd584c72822ad9d9fe5b0
Certificate serial:       019427B5456A04DE802E77BA47BA363C28D4
Authority key identifier: 30:0B:2F:46:BA:57:0A:16:77:BF:D5:84:C7:28:22:AD:9D:9F:E5:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/1-OVd2lrgp3V2rXsCVF3GooeWhcE.roa
Signing time:             Thu 02 Jan 2025 15:49:38 +0000
ROA not before:           Thu 02 Jan 2025 15:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51269
IP address blocks:        185.140.44.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:45:6a:04:de:80:2e:77:ba:47:ba:36:3c:28:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=300b2f46ba570a1677bfd584c72822ad9d9fe5b0
        Validity
            Not Before: Jan  2 15:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8e55dda5ae0a77576ad7b02545dc6a2879685c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:46:0d:1c:f6:ef:a2:ba:7b:b3:87:4a:ca:4b:
                    cb:50:b4:b9:bb:6e:0c:c2:6e:42:67:35:92:26:34:
                    3b:69:84:a2:2c:9d:8a:47:6a:14:19:9b:40:7c:27:
                    7f:a8:17:5c:9c:75:91:8f:4d:eb:5c:cb:bb:ab:e9:
                    18:d1:db:28:51:82:c3:f7:b0:f7:84:aa:b5:be:18:
                    a8:79:8c:47:39:a8:a9:4e:e1:d0:ef:26:ac:0e:22:
                    08:ec:c1:30:dd:b9:15:8b:05:c3:17:d1:8f:3d:77:
                    af:74:2c:cd:52:2e:8d:b9:a6:a8:83:46:2e:0c:7f:
                    40:25:1d:f2:77:8e:55:6c:38:62:54:a9:a9:62:32:
                    3e:4b:32:07:73:72:dc:ed:80:28:51:9f:10:17:14:
                    fa:f0:a4:67:5e:44:80:0c:da:0e:eb:ce:2b:be:dc:
                    b5:aa:74:71:5b:53:c4:b6:5a:51:bc:b2:c3:fa:6e:
                    fa:91:72:d3:0d:3d:ad:3c:6e:a1:81:d8:ca:ad:7e:
                    1f:a6:90:d8:3d:a8:73:8c:d5:f9:5b:20:d4:cf:68:
                    68:8f:16:2d:62:90:f8:c1:15:06:69:f8:e8:4e:3f:
                    53:92:dc:54:9b:08:ab:b8:05:d6:1c:d7:97:dc:ad:
                    d2:5f:e5:e4:e3:df:8c:f7:f6:21:d5:41:64:3c:35:
                    72:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E5:5D:DA:5A:E0:A7:75:76:AD:7B:02:54:5D:C6:A2:87:96:85:C1
            X509v3 Authority Key Identifier:
                keyid:30:0B:2F:46:BA:57:0A:16:77:BF:D5:84:C7:28:22:AD:9D:9F:E5:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/1-OVd2lrgp3V2rXsCVF3GooeWhcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:04:51:27:10:ab:30:29:25:d9:9c:9a:27:ba:a3:a6:76:99:
         15:16:ab:98:bd:ac:43:4f:3d:57:50:e4:fc:6a:37:e2:b7:38:
         8c:05:c5:0c:14:53:f4:b2:2b:c9:ef:b7:70:da:d7:a6:b3:c5:
         33:6e:8f:d6:09:3a:76:36:e3:0c:4f:9d:00:77:79:e4:db:0d:
         19:2d:45:57:ab:ff:f2:36:08:7c:3e:98:b4:60:91:7e:4d:c1:
         d4:af:4f:84:ba:53:ee:ec:8c:8c:4a:c4:fb:1d:e2:2d:e5:8d:
         42:6b:da:05:aa:56:d9:b5:38:1a:12:23:cd:fb:89:a0:e0:67:
         cb:d9:7f:7e:cc:0c:c0:cb:2e:f9:5a:59:c7:19:86:8b:a4:8d:
         a5:f0:00:30:a4:6a:10:1f:9e:99:03:70:fe:34:9c:7b:1d:32:
         c9:c3:1e:1c:80:26:2f:85:90:e2:56:d9:83:1d:0f:d8:18:2c:
         d3:d9:de:7e:1e:6e:fc:b4:6f:c4:06:0f:0b:f3:1a:07:5b:19:
         d1:8d:36:dc:21:a7:87:b9:f9:c1:fe:5c:ee:0a:c2:eb:ea:4c:
         93:f6:b1:ba:37:92:5e:62:c2:50:47:69:5f:c7:76:f7:6c:c0:
         7a:e5:38:41:5e:8a:f8:6f:af:20:02:f8:07:37:b6:6d:3c:de:
         fb:37:e5:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntUVqBN6ALne6R7o2PCjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMGIyZjQ2YmE1NzBhMTY3N2JmZDU4NGM3MjgyMmFkOWQ5
ZmU1YjAwHhcNMjUwMTAyMTU0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGU1NWRkYTVhZTBhNzc1NzZhZDdiMDI1NDVkYzZhMjg3OTY4NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkYNHPbvorp7s4dKykvLULS5u24M
wm5CZzWSJjQ7aYSiLJ2KR2oUGZtAfCd/qBdcnHWRj03rXMu7q+kY0dsoUYLD97D3
hKq1vhioeYxHOaipTuHQ7yasDiII7MEw3bkViwXDF9GPPXevdCzNUi6Nuaaog0Yu
DH9AJR3yd45VbDhiVKmpYjI+SzIHc3Lc7YAoUZ8QFxT68KRnXkSADNoO684rvty1
qnRxW1PEtlpRvLLD+m76kXLTDT2tPG6hgdjKrX4fppDYPahzjNX5WyDUz2hojxYt
YpD4wRUGafjoTj9TktxUmwiruAXWHNeX3K3SX+Xk49+M9/Yh1UFkPDVyeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjlXdpa4Kd1dq17AlRdxqKHloXBMB8GA1UdIwQY
MBaAFDALL0a6VwoWd7/VhMcoIq2dn+WwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUFzdlJycFhDaFozdjlXRXh5Z2lyWjJmNWJBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iY2I4N2YtMmMxNy00MjA3LTk2MmIt
OTgwNzI5MzZjNTE4LzEvMS1PVmQybHJncDNWMnJYc0NWRjNHb29lV2hjRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWUvYmNiODdmLTJjMTctNDIwNy05NjJiLTk4MDcyOTM2YzUx
OC8xL01Bc3ZScnBYQ2haM3Y5V0V4eWdpcloyZjViQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmMLDAN
BgkqhkiG9w0BAQsFAAOCAQEANARRJxCrMCkl2ZyaJ7qjpnaZFRarmL2sQ089V1Dk
/Go34rc4jAXFDBRT9LIrye+3cNrXprPFM26P1gk6djbjDE+dAHd55NsNGS1FV6v/
8jYIfD6YtGCRfk3B1K9PhLpT7uyMjErE+x3iLeWNQmvaBapW2bU4GhIjzfuJoOBn
y9l/fswMwMsu+VpZxxmGi6SNpfAAMKRqEB+emQNw/jScex0yycMeHIAmL4WQ4lbZ
gx0P2Bgs09nefh5u/LRvxAYPC/MaB1sZ0Y023CGnh7n5wf5c7grC6+pMk/axujeS
XmLCUEdpX8d292zAeuU4QV6K+G+vIAL4Bze2bTze+zfllQ==
-----END CERTIFICATE-----