Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/2L8hVVHoKFZw4Yx_D09pPqSfAts.roa
File:                     2L8hVVHoKFZw4Yx_D09pPqSfAts.roa (raw, json)
Hash identifier:          JXU5vI5lUU/SvohRBy8hBIpXka1bkgIZNiffvKaBJto=
Subject key identifier:   D8:BF:21:55:51:E8:28:56:70:E1:8C:7F:0F:4F:69:3E:A4:9F:02:DB
Certificate issuer:       /CN=ec4af6fdc16d68ae26aa0eab5623e6be217036c1
Certificate serial:       018CC6B91243C5820F29D0522B54D7C7E2E2
Authority key identifier: EC:4A:F6:FD:C1:6D:68:AE:26:AA:0E:AB:56:23:E6:BE:21:70:36:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Er2_cFtaK4mqg6rViPmviFwNsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/2L8hVVHoKFZw4Yx_D09pPqSfAts.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43955
IP address blocks:        92.119.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/7Er2_cFtaK4mqg6rViPmviFwNsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/7Er2_cFtaK4mqg6rViPmviFwNsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Er2_cFtaK4mqg6rViPmviFwNsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:12:43:c5:82:0f:29:d0:52:2b:54:d7:c7:e2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4af6fdc16d68ae26aa0eab5623e6be217036c1
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8bf215551e8285670e18c7f0f4f693ea49f02db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:75:d3:b5:cd:da:da:22:91:8e:d3:90:24:
                    83:5c:5a:7e:81:ac:c7:dc:96:a9:e5:fb:64:d3:99:
                    52:91:b7:2f:13:c0:d9:86:4b:b8:02:d3:e9:fe:25:
                    32:49:51:56:a6:75:05:df:8f:fe:4e:39:10:da:f0:
                    1c:a9:69:4a:73:3c:22:e4:c6:02:9a:72:4b:67:d5:
                    1a:ac:29:30:9c:a8:f1:08:db:96:f3:5b:b5:61:f4:
                    40:37:69:2d:0f:3c:41:da:c0:b0:28:4e:71:fc:3b:
                    49:c5:8e:93:3f:8f:11:88:29:be:28:a1:52:42:3f:
                    cd:bc:b7:1b:a9:f8:fc:66:cc:7e:60:82:ab:5c:a6:
                    5e:7e:29:79:bc:38:11:96:b9:60:14:c6:99:4b:57:
                    04:55:d6:6d:92:9d:b7:80:b2:89:20:67:5e:6c:2f:
                    98:9b:08:06:69:d8:bc:06:cf:a1:57:b9:54:ce:36:
                    06:38:53:47:cd:09:ec:43:2c:6b:6f:97:42:21:06:
                    9b:57:63:ed:82:36:a5:8e:50:d8:27:62:a3:9b:1d:
                    4b:c0:42:94:5a:54:8f:7d:60:62:0f:d4:73:d6:bc:
                    db:4a:f3:29:ea:91:64:e4:50:e1:85:3d:e0:56:75:
                    a2:10:cb:14:a8:c0:97:90:b8:82:28:1a:f7:18:a2:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:BF:21:55:51:E8:28:56:70:E1:8C:7F:0F:4F:69:3E:A4:9F:02:DB
            X509v3 Authority Key Identifier:
                keyid:EC:4A:F6:FD:C1:6D:68:AE:26:AA:0E:AB:56:23:E6:BE:21:70:36:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Er2_cFtaK4mqg6rViPmviFwNsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/2L8hVVHoKFZw4Yx_D09pPqSfAts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/7dc85c-b0a1-48d9-9870-3825bf33e4ec/1/7Er2_cFtaK4mqg6rViPmviFwNsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:f4:b8:dd:d6:60:a4:1f:2d:69:89:b6:6c:61:bc:8f:a3:79:
         07:e3:42:0a:04:0d:12:ef:29:a7:99:f8:24:61:26:d1:17:24:
         19:15:53:ac:59:f7:58:98:2c:f8:bc:eb:4a:b7:3b:01:98:c3:
         43:13:04:b7:5f:41:9d:5c:b0:99:1b:e1:50:73:ea:67:0c:7f:
         a6:26:fc:71:2b:0a:c8:5d:ef:ee:1c:4d:92:ee:98:88:7e:d2:
         91:d3:ac:01:e7:c0:10:bc:a8:ea:9e:ff:c9:e7:09:a4:35:64:
         33:95:49:4e:00:55:ff:ea:dc:75:40:cb:f8:76:61:b6:80:d8:
         70:1d:98:81:af:49:bf:cf:70:b3:ef:c1:f6:dd:93:9f:e4:33:
         8a:ea:19:6e:29:6a:b5:68:84:5f:df:72:74:c7:2d:08:71:92:
         3e:2a:97:08:61:d4:ec:fd:a4:9a:c0:df:f0:5e:d9:9f:bb:aa:
         f2:d5:34:14:c4:30:d4:aa:4e:7b:a7:93:10:f1:59:19:9d:93:
         9c:9e:fc:8d:9a:93:4e:c7:97:fc:2b:1b:3f:5f:a9:16:28:9b:
         f0:06:34:3f:38:46:af:e5:e5:fe:7c:ed:a5:3d:39:ae:6d:41:
         37:fb:73:65:b8:f3:81:2b:cc:29:d0:1e:36:ac:27:f8:36:08:
         2b:16:40:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRJDxYIPKdBSK1TXx+LiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGFmNmZkYzE2ZDY4YWUyNmFhMGVhYjU2MjNlNmJlMjE3
MDM2YzEwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGJmMjE1NTUxZTgyODU2NzBlMThjN2YwZjRmNjkzZWE0OWYwMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBR107XN2toikY7TkCSDXFp+gazH
3Jap5ftk05lSkbcvE8DZhku4AtPp/iUySVFWpnUF34/+TjkQ2vAcqWlKczwi5MYC
mnJLZ9UarCkwnKjxCNuW81u1YfRAN2ktDzxB2sCwKE5x/DtJxY6TP48RiCm+KKFS
Qj/NvLcbqfj8Zsx+YIKrXKZefil5vDgRlrlgFMaZS1cEVdZtkp23gLKJIGdebC+Y
mwgGadi8Bs+hV7lUzjYGOFNHzQnsQyxrb5dCIQabV2PtgjaljlDYJ2Kjmx1LwEKU
WlSPfWBiD9Rz1rzbSvMp6pFk5FDhhT3gVnWiEMsUqMCXkLiCKBr3GKLcoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNi/IVVR6ChWcOGMfw9PaT6knwLbMB8GA1UdIwQY
MBaAFOxK9v3BbWiuJqoOq1Yj5r4hcDbBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0VyMl9jRnRhSzRtcWc2clZpUG12aUZ3TnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC83ZGM4NWMtYjBhMS00OGQ5LTk4NzAt
MzgyNWJmMzNlNGVjLzEvMkw4aFZWSG9LRlp3NFl4X0QwOXBQcVNmQXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC83ZGM4NWMtYjBhMS00OGQ5LTk4NzAtMzgyNWJmMzNlNGVj
LzEvN0VyMl9jRnRhSzRtcWc2clZpUG12aUZ3TnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHc6MA0G
CSqGSIb3DQEBCwUAA4IBAQBz9Ljd1mCkHy1pibZsYbyPo3kH40IKBA0S7ymnmfgk
YSbRFyQZFVOsWfdYmCz4vOtKtzsBmMNDEwS3X0GdXLCZG+FQc+pnDH+mJvxxKwrI
Xe/uHE2S7piIftKR06wB58AQvKjqnv/J5wmkNWQzlUlOAFX/6tx1QMv4dmG2gNhw
HZiBr0m/z3Cz78H23ZOf5DOK6hluKWq1aIRf33J0xy0IcZI+KpcIYdTs/aSawN/w
Xtmfu6ry1TQUxDDUqk57p5MQ8VkZnZOcnvyNmpNOx5f8Kxs/X6kWKJvwBjQ/OEav
5eX+fO2lPTmubUE3+3NluPOBK8wp0B42rCf4NggrFkAI
-----END CERTIFICATE-----