Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/2WhceVJ-1wKt4iYT9MvwcmwkGNE.roa
File:                     2WhceVJ-1wKt4iYT9MvwcmwkGNE.roa (raw, json)
Hash identifier:          oxpye8OsKv8shkhbFy3+ICSxMJL7kBJlTT0ZEf+DEn4=
Subject key identifier:   D9:68:5C:79:52:7E:D7:02:AD:E2:26:13:F4:CB:F0:72:6C:24:18:D1
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       018CC7940D8F41DAA256EB52E3BC0D3A6A4C
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/2WhceVJ-1wKt4iYT9MvwcmwkGNE.roa
Signing time:             Tue 02 Jan 2024 00:30:17 +0000
ROA not before:           Tue 02 Jan 2024 00:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.189.244.0/23 maxlen: 24
                          185.189.246.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 00:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0d:8f:41:da:a2:56:eb:52:e3:bc:0d:3a:6a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Jan  2 00:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9685c79527ed702ade22613f4cbf0726c2418d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:94:8a:84:5b:af:4c:68:1a:38:42:47:73:eb:
                    87:a2:b8:1e:3c:4c:ec:ab:39:9e:a3:29:2b:96:9d:
                    fa:d1:1e:2e:a4:9b:5a:81:10:20:61:63:be:da:11:
                    f3:1d:a2:c6:c9:5b:7a:d1:07:65:db:f7:e2:6d:0a:
                    69:b1:dd:48:cf:9e:f2:f5:33:3e:2f:d5:cb:68:27:
                    14:6f:1b:e3:dc:81:bf:c0:45:8f:37:25:d4:f2:7e:
                    f9:11:52:f1:bc:41:eb:16:f2:46:8a:8c:43:bf:37:
                    22:66:15:f4:70:9e:13:f1:89:c4:1c:ec:66:34:25:
                    86:50:6c:ba:2e:10:a1:17:c8:d5:fd:be:19:66:e8:
                    eb:c1:4a:3f:b8:76:b7:80:db:b3:60:fe:05:47:3d:
                    ee:b2:c1:0b:ab:76:df:31:68:1c:4f:17:ab:1c:87:
                    1f:d4:98:25:bc:d4:8f:0b:40:ef:1f:ae:75:74:07:
                    39:6b:fa:a8:a0:8f:d5:c6:29:9e:37:55:d2:27:0b:
                    66:7c:70:ab:c2:89:05:e3:31:d7:ab:39:ea:e9:ed:
                    b3:0d:31:7c:ae:90:2f:06:08:52:b8:31:5c:54:1d:
                    19:24:95:6b:ed:5f:80:34:a1:d6:c6:60:8b:60:89:
                    69:f6:c6:7a:ca:1a:e0:31:3e:a5:b6:2b:7a:b4:96:
                    b4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:68:5C:79:52:7E:D7:02:AD:E2:26:13:F4:CB:F0:72:6C:24:18:D1
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/2WhceVJ-1wKt4iYT9MvwcmwkGNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:58:e7:ed:ae:b6:ee:e3:af:4d:5b:fc:67:c5:02:92:e0:cf:
         d5:b4:56:f7:5c:cc:f4:83:be:f6:67:1f:ab:51:c3:a4:61:e0:
         26:59:c2:6f:3c:12:55:fa:20:83:da:d5:c1:f8:c4:50:ae:46:
         f8:73:d0:8c:3a:bc:8f:b5:a1:02:97:c7:f9:fe:4f:a9:2c:ac:
         51:4f:04:98:5a:f9:ea:fd:1c:db:c4:89:7c:6a:42:e9:c7:cf:
         23:35:94:83:64:0d:1c:52:20:38:e3:4e:2a:6d:b7:ea:19:6c:
         b8:d7:d9:f6:12:e8:72:af:e1:6a:ba:ef:ab:01:f4:7d:0f:3e:
         eb:be:7a:70:15:94:d6:eb:87:b2:63:a9:6b:fb:da:6d:e2:d5:
         84:f2:fd:68:a1:ed:fb:1b:95:67:03:05:a6:f1:d1:db:9a:94:
         e4:94:7f:b6:60:ec:df:ee:2b:c5:cc:fd:ff:67:50:9d:08:b0:
         83:79:bb:df:21:0a:50:5b:8c:ad:6c:84:42:0e:b9:d6:69:62:
         24:b6:d0:92:e1:b8:03:45:7e:9b:a9:8a:ae:dc:cf:53:9a:a9:
         87:5d:5a:80:0a:2e:56:61:55:ac:69:38:4f:f1:4c:49:88:cd:
         11:fa:0c:08:e3:19:8b:31:1f:68:64:a8:ab:6a:34:2a:18:58:
         70:59:ec:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlA2PQdqiVutS47wNOmpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjQwMTAyMDAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY4NWM3OTUyN2VkNzAyYWRlMjI2MTNmNGNiZjA3MjZjMjQxOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpSKhFuvTGgaOEJHc+uHorgePEzs
qzmeoykrlp360R4upJtagRAgYWO+2hHzHaLGyVt60Qdl2/fibQppsd1Iz57y9TM+
L9XLaCcUbxvj3IG/wEWPNyXU8n75EVLxvEHrFvJGioxDvzciZhX0cJ4T8YnEHOxm
NCWGUGy6LhChF8jV/b4ZZujrwUo/uHa3gNuzYP4FRz3ussELq3bfMWgcTxerHIcf
1JglvNSPC0DvH651dAc5a/qooI/VximeN1XSJwtmfHCrwokF4zHXqznq6e2zDTF8
rpAvBghSuDFcVB0ZJJVr7V+ANKHWxmCLYIlp9sZ6yhrgMT6ltit6tJa0DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNloXHlSftcCreImE/TL8HJsJBjRMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvMldoY2VWSi0xd0t0NGlZVDlNdndjbXdrR05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub30MA0G
CSqGSIb3DQEBCwUAA4IBAQB9WOftrrbu469NW/xnxQKS4M/VtFb3XMz0g772Zx+r
UcOkYeAmWcJvPBJV+iCD2tXB+MRQrkb4c9CMOryPtaECl8f5/k+pLKxRTwSYWvnq
/RzbxIl8akLpx88jNZSDZA0cUiA4404qbbfqGWy419n2Euhyr+Fquu+rAfR9Dz7r
vnpwFZTW64eyY6lr+9pt4tWE8v1ooe37G5VnAwWm8dHbmpTklH+2YOzf7ivFzP3/
Z1CdCLCDebvfIQpQW4ytbIRCDrnWaWIkttCS4bgDRX6bqYqu3M9TmqmHXVqACi5W
YVWsaThP8UxJiM0R+gwI4xmLMR9oZKirajQqGFhwWext
-----END CERTIFICATE-----