Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/2EB3S2UwJnkON7osqsPM0jaYtUY.roa
File:                     2EB3S2UwJnkON7osqsPM0jaYtUY.roa (raw, json)
Hash identifier:          J3C/eVoIt0b1nOUwNH27BivAd8Wkd1BejZEaqiCgDAY=
Subject key identifier:   D8:40:77:4B:65:30:26:79:0E:37:BA:2C:AA:C3:CC:D2:36:98:B5:46
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       018CC5DCEDA0C1AA6FBC8EFFD666EECBF948
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/2EB3S2UwJnkON7osqsPM0jaYtUY.roa
Signing time:             Mon 01 Jan 2024 16:30:39 +0000
ROA not before:           Mon 01 Jan 2024 16:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43140
IP address blocks:        46.236.204.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ed:a0:c1:aa:6f:bc:8e:ff:d6:66:ee:cb:f9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  1 16:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d840774b653026790e37ba2caac3ccd23698b546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:56:b3:77:19:08:a2:e6:e7:d6:7a:73:f4:3f:
                    80:08:27:11:84:e3:c5:b6:48:60:75:39:ea:a0:3d:
                    e5:c0:8b:bb:76:6c:77:13:46:34:03:af:1c:c3:3d:
                    4b:c2:53:d9:ba:0c:8d:1b:c7:1c:bf:27:86:7d:79:
                    b0:05:b2:7f:be:51:a8:cf:30:be:53:5b:2f:2e:4a:
                    1b:b0:6f:98:2b:d8:2b:a6:62:69:d5:d1:68:ba:fe:
                    a5:8d:65:3f:62:39:47:04:ca:f2:ca:dd:f6:3a:b0:
                    f1:89:42:ba:aa:26:f5:24:d1:f0:5f:e0:b6:34:ed:
                    7e:cb:2d:11:3d:f4:66:a9:4d:c9:44:fd:c4:47:e8:
                    5f:05:09:d4:56:ec:f6:11:ee:f4:97:cf:ca:85:7c:
                    9f:57:62:e1:70:7c:c7:43:88:f2:6e:9d:81:e9:6d:
                    d0:af:74:d5:d0:0f:34:e5:f6:ca:32:6e:28:e9:ef:
                    8e:4b:f5:6f:48:12:15:d4:a8:98:0a:37:d6:1a:b3:
                    af:ba:17:9c:d1:69:f0:db:82:32:09:8b:a4:93:c7:
                    0b:44:1c:05:70:86:e0:22:a9:d1:65:c2:fe:ec:59:
                    d6:aa:f8:fe:14:f6:fd:ce:b2:f9:a0:e7:00:09:cb:
                    12:8e:1a:18:8e:e5:c4:76:e5:2c:40:fb:f3:e4:c5:
                    77:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:40:77:4B:65:30:26:79:0E:37:BA:2C:AA:C3:CC:D2:36:98:B5:46
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/2EB3S2UwJnkON7osqsPM0jaYtUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:55:61:44:df:f3:cd:f6:0f:b3:9f:f5:e0:19:7f:e1:96:d8:
         be:24:9a:ea:81:ee:c3:e9:51:00:90:92:53:55:14:a5:55:3c:
         1f:9c:19:0e:86:fc:72:c8:32:3e:2c:35:e9:bb:33:bb:dd:49:
         bf:ae:84:02:40:af:c0:fd:f7:e6:d4:6a:b2:11:c1:4a:f3:fd:
         92:87:29:57:86:67:44:1f:a6:df:61:8d:53:01:60:c8:16:68:
         47:04:00:c3:67:84:ad:4f:7d:58:0a:ac:36:21:ec:d8:1f:ec:
         7a:8f:9a:63:ed:5e:a1:07:4f:51:c2:c5:9e:c8:0f:2b:d7:6d:
         34:bd:a9:df:79:96:96:f1:34:be:a4:d5:bf:0c:f7:90:e8:08:
         c1:7c:9c:57:3b:54:1e:cb:e3:48:d9:4e:1c:7f:f3:64:15:27:
         19:b9:45:32:6f:8f:37:86:64:d5:07:46:6f:f4:09:27:bf:4e:
         ac:45:e4:d4:d5:de:6c:f7:f7:b2:95:c4:8d:9d:b2:92:8e:a6:
         94:95:d8:11:0d:4e:99:6d:43:ed:4a:ed:07:38:59:bc:ee:4a:
         5d:16:ec:92:0e:47:f8:2e:d7:50:17:65:ee:75:df:37:85:4a:
         79:52:4b:0f:4c:f5:cf:08:49:49:4d:17:31:0a:25:dc:97:8c:
         fd:68:89:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3O2gwapvvI7/1mbuy/lIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjQwMTAxMTYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQwNzc0YjY1MzAyNjc5MGUzN2JhMmNhYWMzY2NkMjM2OThiNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFazdxkIoubn1npz9D+ACCcRhOPF
tkhgdTnqoD3lwIu7dmx3E0Y0A68cwz1LwlPZugyNG8ccvyeGfXmwBbJ/vlGozzC+
U1svLkobsG+YK9grpmJp1dFouv6ljWU/YjlHBMryyt32OrDxiUK6qib1JNHwX+C2
NO1+yy0RPfRmqU3JRP3ER+hfBQnUVuz2Ee70l8/KhXyfV2LhcHzHQ4jybp2B6W3Q
r3TV0A805fbKMm4o6e+OS/VvSBIV1KiYCjfWGrOvuhec0Wnw24IyCYukk8cLRBwF
cIbgIqnRZcL+7FnWqvj+FPb9zrL5oOcACcsSjhoYjuXEduUsQPvz5MV3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhAd0tlMCZ5Dje6LKrDzNI2mLVGMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvMkVCM1MyVXdKbmtPTjdvc3FzUE0wamFZdFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLuzMMA0G
CSqGSIb3DQEBCwUAA4IBAQBqVWFE3/PN9g+zn/XgGX/hlti+JJrqge7D6VEAkJJT
VRSlVTwfnBkOhvxyyDI+LDXpuzO73Um/roQCQK/A/ffm1GqyEcFK8/2ShylXhmdE
H6bfYY1TAWDIFmhHBADDZ4StT31YCqw2IezYH+x6j5pj7V6hB09RwsWeyA8r1200
vanfeZaW8TS+pNW/DPeQ6AjBfJxXO1Qey+NI2U4cf/NkFScZuUUyb483hmTVB0Zv
9Aknv06sReTU1d5s9/eylcSNnbKSjqaUldgRDU6ZbUPtSu0HOFm87kpdFuySDkf4
LtdQF2Xudd83hUp5UksPTPXPCElJTRcxCiXcl4z9aImb
-----END CERTIFICATE-----