Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/41Pif-TKczBdJYZUIX5PwT40VHY.roa
File:                     41Pif-TKczBdJYZUIX5PwT40VHY.roa (raw, json)
Hash identifier:          Gha/tM/uot0nP+BbzFnPS4LnvHBFim1hcx5ujKHhQZ4=
Subject key identifier:   E3:53:E2:7F:E4:CA:73:30:5D:25:86:54:21:7E:4F:C1:3E:34:54:76
Certificate issuer:       /CN=ff70868f0c2c218765fa6b53ab9af065ff339f06
Certificate serial:       018CC94E321B2F18135BC43F0042A6BAAB14
Authority key identifier: FF:70:86:8F:0C:2C:21:87:65:FA:6B:53:AB:9A:F0:65:FF:33:9F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_3CGjwwsIYdl-mtTq5rwZf8znwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/41Pif-TKczBdJYZUIX5PwT40VHY.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207872
IP address blocks:        185.213.44.0/24 maxlen: 24
                          178.236.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/_3CGjwwsIYdl-mtTq5rwZf8znwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/_3CGjwwsIYdl-mtTq5rwZf8znwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_3CGjwwsIYdl-mtTq5rwZf8znwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:1b:2f:18:13:5b:c4:3f:00:42:a6:ba:ab:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff70868f0c2c218765fa6b53ab9af065ff339f06
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e353e27fe4ca73305d258654217e4fc13e345476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bc:09:cf:e7:0e:26:37:60:43:b7:4d:73:11:
                    7b:2f:0e:9a:2c:02:81:7a:2f:c2:dc:e6:cc:f2:07:
                    20:35:73:a7:1f:d8:8b:54:72:50:ca:a9:a3:77:ea:
                    13:2f:0b:17:02:f3:b7:96:53:5f:18:02:91:82:97:
                    9e:c7:2a:a1:47:ea:0d:2d:52:11:46:16:86:f3:46:
                    c0:bb:be:71:95:f6:1e:49:83:4d:c8:79:0d:61:7d:
                    e3:05:75:20:39:7f:ec:0d:2c:e9:e7:1c:62:1d:6c:
                    11:62:d9:a4:d7:a9:d7:a3:09:a8:90:81:13:db:55:
                    59:6b:2d:0b:bb:53:24:c3:42:ba:83:4e:f3:4f:dd:
                    2e:0e:67:57:c8:1d:08:ed:f0:3e:b2:21:13:ae:fc:
                    6e:c8:65:cd:89:4f:66:e4:72:ba:7a:63:64:11:25:
                    d7:29:10:95:54:4f:0a:11:af:c4:35:5a:a1:d0:55:
                    d6:c8:78:e8:68:29:c4:b8:7f:b9:01:39:5f:48:83:
                    0c:b7:0d:86:74:66:6e:e0:df:52:da:ae:1d:2e:bd:
                    6f:e7:2b:d6:2a:5f:73:54:1c:04:f7:f3:0a:71:21:
                    a6:4d:cd:60:e7:59:29:e8:eb:af:b1:d8:cb:cf:b0:
                    4f:60:43:da:a0:6a:cf:f7:0e:8c:25:54:da:7a:ab:
                    b5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:53:E2:7F:E4:CA:73:30:5D:25:86:54:21:7E:4F:C1:3E:34:54:76
            X509v3 Authority Key Identifier:
                keyid:FF:70:86:8F:0C:2C:21:87:65:FA:6B:53:AB:9A:F0:65:FF:33:9F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_3CGjwwsIYdl-mtTq5rwZf8znwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/41Pif-TKczBdJYZUIX5PwT40VHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/354b3b-5d76-49d5-a56c-007c4e58527e/1/_3CGjwwsIYdl-mtTq5rwZf8znwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.203.0/24
                  185.213.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:59:b5:9f:ab:54:8b:7e:5f:bb:dd:c8:73:f2:b2:a2:a2:f8:
         64:4e:61:b8:d9:14:72:90:43:df:b4:b0:18:2f:ef:b7:f8:d7:
         f6:79:7d:b9:2c:98:1c:e2:2d:01:67:b0:a5:30:d1:9b:e4:20:
         43:da:91:10:66:fd:53:b1:dc:1c:1a:d3:c8:01:a4:c8:d1:e3:
         e2:a5:cf:4c:bc:8a:f9:e8:f5:2d:64:d1:c1:42:fc:36:48:d3:
         d2:9a:6d:04:a6:67:a9:79:02:de:e2:f5:0f:bb:57:9d:56:1f:
         2c:63:db:51:a4:4e:8f:1e:2d:73:7f:c9:e0:d3:70:31:55:36:
         fe:b1:eb:05:de:41:cd:8b:da:56:3b:56:26:75:e0:93:94:04:
         bc:18:f7:24:d0:6c:24:dc:56:0e:f3:16:a0:91:29:44:de:ae:
         e5:1e:6d:42:fd:cc:3f:d1:94:8c:fb:4e:55:63:e8:ee:4e:a0:
         1d:30:75:17:74:fb:b7:13:4e:02:72:e6:1b:be:0d:c6:2b:ce:
         9a:13:eb:fd:77:c0:1a:ad:76:fd:5c:a1:04:4a:9a:1a:e8:14:
         62:15:af:c1:e9:5b:c2:a8:95:49:41:7f:7e:a8:9e:a9:73:f0:
         7c:59:f3:bc:71:5c:20:3d:57:6d:4d:db:8c:0b:bb:43:c9:a8:
         48:a8:79:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTjIbLxgTW8Q/AEKmuqsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNzA4NjhmMGMyYzIxODc2NWZhNmI1M2FiOWFmMDY1ZmYz
MzlmMDYwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzUzZTI3ZmU0Y2E3MzMwNWQyNTg2NTQyMTdlNGZjMTNlMzQ1NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLwJz+cOJjdgQ7dNcxF7Lw6aLAKB
ei/C3ObM8gcgNXOnH9iLVHJQyqmjd+oTLwsXAvO3llNfGAKRgpeexyqhR+oNLVIR
RhaG80bAu75xlfYeSYNNyHkNYX3jBXUgOX/sDSzp5xxiHWwRYtmk16nXowmokIET
21VZay0Lu1Mkw0K6g07zT90uDmdXyB0I7fA+siETrvxuyGXNiU9m5HK6emNkESXX
KRCVVE8KEa/ENVqh0FXWyHjoaCnEuH+5ATlfSIMMtw2GdGZu4N9S2q4dLr1v5yvW
Kl9zVBwE9/MKcSGmTc1g51kp6OuvsdjLz7BPYEPaoGrP9w6MJVTaequ1zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFONT4n/kynMwXSWGVCF+T8E+NFR2MB8GA1UdIwQY
MBaAFP9who8MLCGHZfprU6ua8GX/M58GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzNDR2p3d3NJWWRsLW10VHE1cndaZjh6bndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zNTRiM2ItNWQ3Ni00OWQ1LWE1NmMt
MDA3YzRlNTg1MjdlLzEvNDFQaWYtVEtjekJkSllaVUlYNVB3VDQwVkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zNTRiM2ItNWQ3Ni00OWQ1LWE1NmMtMDA3YzRlNTg1Mjdl
LzEvXzNDR2p3d3NJWWRsLW10VHE1cndaZjh6bndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsuzLAwQA
udUsMA0GCSqGSIb3DQEBCwUAA4IBAQCqWbWfq1SLfl+73chz8rKiovhkTmG42RRy
kEPftLAYL++3+Nf2eX25LJgc4i0BZ7ClMNGb5CBD2pEQZv1TsdwcGtPIAaTI0ePi
pc9MvIr56PUtZNHBQvw2SNPSmm0EpmepeQLe4vUPu1edVh8sY9tRpE6PHi1zf8ng
03AxVTb+sesF3kHNi9pWO1YmdeCTlAS8GPck0Gwk3FYO8xagkSlE3q7lHm1C/cw/
0ZSM+05VY+juTqAdMHUXdPu3E04CcuYbvg3GK86aE+v9d8AarXb9XKEESpoa6BRi
Fa/B6VvCqJVJQX9+qJ6pc/B8WfO8cVwgPVdtTduMC7tDyahIqHlW
-----END CERTIFICATE-----