Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/l9gxncVlmnY8PVougVsH0WDqj8k.roa
File:                     l9gxncVlmnY8PVougVsH0WDqj8k.roa (raw, json)
Hash identifier:          z7IWGyDIolsh5DFVxbhsBI8iTKWJoVKuc4Tfv8Ki+nI=
Subject key identifier:   97:D8:31:9D:C5:65:9A:76:3C:3D:5A:2E:81:5B:07:D1:60:EA:8F:C9
Certificate issuer:       /CN=300b2f46ba570a1677bfd584c72822ad9d9fe5b0
Certificate serial:       018CC348CF00124B4CC7C5BD616DC1DE701A
Authority key identifier: 30:0B:2F:46:BA:57:0A:16:77:BF:D5:84:C7:28:22:AD:9D:9F:E5:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/l9gxncVlmnY8PVougVsH0WDqj8k.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51269
IP address blocks:        185.140.44.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 11:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cf:00:12:4b:4c:c7:c5:bd:61:6d:c1:de:70:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=300b2f46ba570a1677bfd584c72822ad9d9fe5b0
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d8319dc5659a763c3d5a2e815b07d160ea8fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3f:31:4d:3d:7c:bc:74:87:e9:a4:0b:17:11:
                    1b:87:6a:9e:e9:94:32:4a:8d:8b:d1:7e:6a:3f:41:
                    37:cb:a7:6d:90:35:83:a5:69:05:96:2b:54:7a:44:
                    f9:aa:85:47:29:9a:fa:b1:ea:de:43:2a:e1:6d:0d:
                    6a:68:e5:bd:79:81:1d:15:58:59:88:f6:dd:d2:0e:
                    8f:2c:20:e5:25:08:38:c5:ff:1a:34:28:b8:bb:b0:
                    d7:1b:aa:b7:4e:3b:f4:06:bc:2b:e2:7f:24:b4:1e:
                    32:b9:0f:54:20:cf:18:77:ae:93:d8:d3:85:af:58:
                    31:a8:74:d7:49:35:d4:04:61:00:ac:f9:82:e2:32:
                    fe:c9:ec:86:7f:1c:34:f7:b1:e6:06:f5:6a:d3:ad:
                    04:93:85:c3:9d:83:c2:51:0c:80:0c:d2:ab:02:24:
                    ec:a9:86:cc:9c:d9:8f:a2:49:31:b9:a1:5b:96:55:
                    d5:3c:4d:25:c9:f6:89:80:17:76:da:53:e8:27:92:
                    71:5b:0e:1a:07:30:0a:54:65:e6:57:80:a6:f4:40:
                    2d:61:85:45:e7:28:32:0e:d8:98:68:0c:69:48:e6:
                    dc:86:dc:37:88:84:38:2b:bf:b9:14:a4:17:15:35:
                    63:f2:b1:fd:49:8b:1b:ab:00:30:73:27:d6:d7:30:
                    9f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D8:31:9D:C5:65:9A:76:3C:3D:5A:2E:81:5B:07:D1:60:EA:8F:C9
            X509v3 Authority Key Identifier:
                keyid:30:0B:2F:46:BA:57:0A:16:77:BF:D5:84:C7:28:22:AD:9D:9F:E5:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MAsvRrpXChZ3v9WExygirZ2f5bA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/l9gxncVlmnY8PVougVsH0WDqj8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bcb87f-2c17-4207-962b-98072936c518/1/MAsvRrpXChZ3v9WExygirZ2f5bA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:dd:db:64:b2:6e:a1:d6:02:29:51:2c:9c:ca:9b:8f:24:0e:
         66:f6:c6:30:f5:29:cb:b4:50:59:06:04:f5:3f:14:3c:e5:de:
         69:50:da:d8:f4:70:a5:62:56:34:e4:c8:00:57:57:6e:e1:9f:
         93:69:6f:23:c9:7d:d7:88:5a:1b:4d:ef:46:6a:fb:05:04:86:
         5d:4e:f6:6d:73:3e:d9:a2:99:3b:78:1b:00:3c:b2:fb:8c:4a:
         78:d5:4f:e0:c4:26:3b:f0:25:8a:3a:3a:7a:6a:96:24:8d:0b:
         12:b4:1d:67:8a:0f:ae:e4:c0:16:fd:52:2a:5d:da:87:ad:b1:
         2c:66:9e:10:cb:c2:76:f1:b8:26:43:a3:57:fb:5f:48:fe:24:
         71:58:9b:35:e4:b9:1a:c5:a0:2f:83:f5:80:97:b3:94:c3:16:
         70:3b:aa:de:e3:12:23:2d:a2:1c:b9:d9:74:ad:ab:7a:61:00:
         06:cc:3c:2e:8b:22:65:ad:79:19:d2:8a:a1:12:75:b7:c8:c7:
         a6:0c:f8:f1:b5:8c:17:82:a0:9a:45:fb:24:fc:ad:fd:79:a2:
         50:7e:42:c0:c5:59:62:a3:b0:c2:13:47:6e:f1:ee:6c:f7:ed:
         cd:d8:2c:ef:5a:39:14:6e:0a:f0:5a:36:ad:d3:0b:82:10:d0:
         88:5d:d5:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSM8AEktMx8W9YW3B3nAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMGIyZjQ2YmE1NzBhMTY3N2JmZDU4NGM3MjgyMmFkOWQ5
ZmU1YjAwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Q4MzE5ZGM1NjU5YTc2M2MzZDVhMmU4MTViMDdkMTYwZWE4ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD8xTT18vHSH6aQLFxEbh2qe6ZQy
So2L0X5qP0E3y6dtkDWDpWkFlitUekT5qoVHKZr6sereQyrhbQ1qaOW9eYEdFVhZ
iPbd0g6PLCDlJQg4xf8aNCi4u7DXG6q3Tjv0Brwr4n8ktB4yuQ9UIM8Yd66T2NOF
r1gxqHTXSTXUBGEArPmC4jL+yeyGfxw097HmBvVq060Ek4XDnYPCUQyADNKrAiTs
qYbMnNmPokkxuaFbllXVPE0lyfaJgBd22lPoJ5JxWw4aBzAKVGXmV4Cm9EAtYYVF
5ygyDtiYaAxpSObchtw3iIQ4K7+5FKQXFTVj8rH9SYsbqwAwcyfW1zCfYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfYMZ3FZZp2PD1aLoFbB9Fg6o/JMB8GA1UdIwQY
MBaAFDALL0a6VwoWd7/VhMcoIq2dn+WwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUFzdlJycFhDaFozdjlXRXh5Z2lyWjJmNWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iY2I4N2YtMmMxNy00MjA3LTk2MmIt
OTgwNzI5MzZjNTE4LzEvbDlneG5jVmxtblk4UFZvdWdWc0gwV0RxajhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iY2I4N2YtMmMxNy00MjA3LTk2MmItOTgwNzI5MzZjNTE4
LzEvTUFzdlJycFhDaFozdjlXRXh5Z2lyWjJmNWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYwsMA0G
CSqGSIb3DQEBCwUAA4IBAQAl3dtksm6h1gIpUSycypuPJA5m9sYw9SnLtFBZBgT1
PxQ85d5pUNrY9HClYlY05MgAV1du4Z+TaW8jyX3XiFobTe9GavsFBIZdTvZtcz7Z
opk7eBsAPLL7jEp41U/gxCY78CWKOjp6apYkjQsStB1nig+u5MAW/VIqXdqHrbEs
Zp4Qy8J28bgmQ6NX+19I/iRxWJs15LkaxaAvg/WAl7OUwxZwO6re4xIjLaIcudl0
rat6YQAGzDwuiyJlrXkZ0oqhEnW3yMemDPjxtYwXgqCaRfsk/K39eaJQfkLAxVli
o7DCE0du8e5s9+3N2CzvWjkUbgrwWjat0wuCENCIXdWh
-----END CERTIFICATE-----