Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/ANP5D7KQ4pxV8i-E7qN5eeWVISQ.roa
File:                     ANP5D7KQ4pxV8i-E7qN5eeWVISQ.roa (raw, json)
Hash identifier:          ZJ540l5E8eqUePxDM8ap4Vsk7F2dE6O8scfq39C2MP4=
Subject key identifier:   00:D3:F9:0F:B2:90:E2:9C:55:F2:2F:84:EE:A3:79:79:E5:95:21:24
Certificate issuer:       /CN=7bc09998ce39cfdca66ecfd8dd3ac38644d3c8a6
Certificate serial:       018CCA2B90FDABE207C570BA5AD057D05F8C
Authority key identifier: 7B:C0:99:98:CE:39:CF:DC:A6:6E:CF:D8:DD:3A:C3:86:44:D3:C8:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e8CZmM45z9ymbs_Y3TrDhkTTyKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/ANP5D7KQ4pxV8i-E7qN5eeWVISQ.roa
Signing time:             Tue 02 Jan 2024 12:35:01 +0000
ROA not before:           Tue 02 Jan 2024 12:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50599
IP address blocks:        185.200.44.0/22 maxlen: 22
                          2a0a:aac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/e8CZmM45z9ymbs_Y3TrDhkTTyKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/e8CZmM45z9ymbs_Y3TrDhkTTyKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e8CZmM45z9ymbs_Y3TrDhkTTyKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:90:fd:ab:e2:07:c5:70:ba:5a:d0:57:d0:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bc09998ce39cfdca66ecfd8dd3ac38644d3c8a6
        Validity
            Not Before: Jan  2 12:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00d3f90fb290e29c55f22f84eea37979e5952124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:95:b7:23:6e:21:97:4e:4d:f8:b6:17:b3:14:
                    59:c8:66:c4:c5:51:0d:ff:ab:fb:7c:32:6f:90:fb:
                    2f:50:c0:b9:09:e3:f3:4a:a6:bb:1b:08:5e:87:60:
                    1a:c7:64:3c:20:71:4f:84:4e:7b:88:56:c5:7a:0d:
                    73:0d:f4:48:1a:4e:0b:03:fb:70:53:00:eb:9f:e0:
                    15:e5:96:bc:38:63:29:6e:4f:a6:95:1f:e9:f0:2e:
                    1e:d0:b3:de:55:e9:ac:55:a3:ba:3b:dd:30:7c:d7:
                    c5:61:6f:5b:d5:8b:61:8c:94:2a:db:fa:cf:87:a5:
                    ad:3b:65:8e:ca:09:91:ed:ac:3c:58:65:62:50:be:
                    4a:d2:0d:34:0a:f0:e1:50:ed:9e:44:d4:b6:a8:73:
                    30:83:3c:99:38:87:f2:c4:f5:2f:72:58:fe:50:c4:
                    1f:df:46:c6:7c:5b:34:db:ea:e9:05:30:7f:40:52:
                    cf:ea:f6:c8:7b:6a:22:d2:d3:08:64:0c:3d:2f:a3:
                    d6:6b:d6:d1:1e:38:65:4d:4a:d4:09:d8:a5:12:54:
                    0a:3c:64:3c:8f:29:c7:0d:0a:c4:ef:ae:e6:1d:b7:
                    c9:a9:aa:30:d8:71:a9:1e:ed:96:ab:92:15:04:ac:
                    06:fc:30:bc:01:51:d8:1a:cd:fc:2e:f1:89:bb:48:
                    55:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D3:F9:0F:B2:90:E2:9C:55:F2:2F:84:EE:A3:79:79:E5:95:21:24
            X509v3 Authority Key Identifier:
                keyid:7B:C0:99:98:CE:39:CF:DC:A6:6E:CF:D8:DD:3A:C3:86:44:D3:C8:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8CZmM45z9ymbs_Y3TrDhkTTyKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/ANP5D7KQ4pxV8i-E7qN5eeWVISQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/ed65e5-f81f-4d9d-8403-22d6cd1e1a8a/1/e8CZmM45z9ymbs_Y3TrDhkTTyKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.44.0/22
                IPv6:
                  2a0a:aac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:92:1a:96:48:7e:4d:48:d2:e3:19:b1:91:93:91:80:47:e1:
         50:8d:78:a5:cc:9a:0a:69:41:0b:da:ab:31:98:91:1a:af:80:
         cf:25:10:af:dc:4b:98:bf:b2:37:00:57:a7:3d:7e:14:67:e7:
         bc:98:cd:7f:e5:9c:65:15:9d:f9:27:71:93:8e:a4:90:0e:bb:
         5f:7d:ab:e8:bb:86:fb:6d:b6:ce:3d:34:30:ec:d0:de:6d:70:
         21:70:2a:ea:51:d2:d0:70:a1:50:0b:85:e2:47:67:31:eb:b1:
         13:bf:fd:a1:0b:99:7e:e0:a3:a1:37:27:a2:36:3c:0e:85:52:
         6b:82:f7:95:1c:72:e8:8a:a3:f7:17:01:a4:eb:0a:01:df:cd:
         94:b7:ce:db:0b:16:f7:70:eb:10:5e:14:ff:34:ca:6f:06:76:
         14:db:80:16:7c:96:cd:20:41:ea:3b:4f:61:b5:3f:79:31:c9:
         2d:33:2b:26:7c:98:59:cf:2e:12:1d:ee:5c:22:d1:13:3a:c4:
         77:c6:a0:c2:ee:77:6d:d8:14:ec:e2:49:b5:29:aa:38:da:a3:
         d6:8b:0b:4b:05:ca:5c:18:85:7f:c0:4e:b2:f5:a0:c0:c1:af:
         b7:f9:df:e4:6e:e5:f1:d5:60:86:17:5d:7b:68:d6:a9:bf:57:
         e7:09:40:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK5D9q+IHxXC6WtBX0F+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYzA5OTk4Y2UzOWNmZGNhNjZlY2ZkOGRkM2FjMzg2NDRk
M2M4YTYwHhcNMjQwMTAyMTIzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQzZjkwZmIyOTBlMjljNTVmMjJmODRlZWEzNzk3OWU1OTUyMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpW3I24hl05N+LYXsxRZyGbExVEN
/6v7fDJvkPsvUMC5CePzSqa7Gwheh2Aax2Q8IHFPhE57iFbFeg1zDfRIGk4LA/tw
UwDrn+AV5Za8OGMpbk+mlR/p8C4e0LPeVemsVaO6O90wfNfFYW9b1YthjJQq2/rP
h6WtO2WOygmR7aw8WGViUL5K0g00CvDhUO2eRNS2qHMwgzyZOIfyxPUvclj+UMQf
30bGfFs02+rpBTB/QFLP6vbIe2oi0tMIZAw9L6PWa9bRHjhlTUrUCdilElQKPGQ8
jynHDQrE767mHbfJqaow2HGpHu2Wq5IVBKwG/DC8AVHYGs38LvGJu0hVuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFADT+Q+ykOKcVfIvhO6jeXnllSEkMB8GA1UdIwQY
MBaAFHvAmZjOOc/cpm7P2N06w4ZE08imMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZThDWm1NNDV6OXltYnNfWTNUckRoa1RUeUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lZDY1ZTUtZjgxZi00ZDlkLTg0MDMt
MjJkNmNkMWUxYThhLzEvQU5QNUQ3S1E0cHhWOGktRTdxTjVlZVdWSVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lZDY1ZTUtZjgxZi00ZDlkLTg0MDMtMjJkNmNkMWUxYThh
LzEvZThDWm1NNDV6OXltYnNfWTNUckRoa1RUeUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucgsMA0E
AgACMAcDBQMqCqrAMA0GCSqGSIb3DQEBCwUAA4IBAQBUkhqWSH5NSNLjGbGRk5GA
R+FQjXilzJoKaUEL2qsxmJEar4DPJRCv3EuYv7I3AFenPX4UZ+e8mM1/5ZxlFZ35
J3GTjqSQDrtffavou4b7bbbOPTQw7NDebXAhcCrqUdLQcKFQC4XiR2cx67ETv/2h
C5l+4KOhNyeiNjwOhVJrgveVHHLoiqP3FwGk6woB382Ut87bCxb3cOsQXhT/NMpv
BnYU24AWfJbNIEHqO09htT95McktMysmfJhZzy4SHe5cItETOsR3xqDC7ndt2BTs
4km1Kao42qPWiwtLBcpcGIV/wE6y9aDAwa+3+d/kbuXx1WCGF117aNapv1fnCUDq
-----END CERTIFICATE-----