Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/2AE8q_UARWA5fWQ5CFL-A_UbbMc.roa
File:                     2AE8q_UARWA5fWQ5CFL-A_UbbMc.roa (raw, json)
Hash identifier:          vpKu+569Iweo48LcKa0qFeZ51JS5FBW9xYcU5uhta9g=
Subject key identifier:   D8:01:3C:AB:F5:00:45:60:39:7D:64:39:08:52:FE:03:F5:1B:6C:C7
Certificate issuer:       /CN=7c45672fc42bdd33e545338a7417e8171a04ee3f
Certificate serial:       018D519ED2A2D75DE76BCD17EBCE57B115F5
Authority key identifier: 7C:45:67:2F:C4:2B:DD:33:E5:45:33:8A:74:17:E8:17:1A:04:EE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/2AE8q_UARWA5fWQ5CFL-A_UbbMc.roa
Signing time:             Sun 28 Jan 2024 19:49:39 +0000
ROA not before:           Sun 28 Jan 2024 19:49:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29695
IP address blocks:        185.131.200.0/24 maxlen: 24
                          185.197.211.0/24 maxlen: 24
                          2a0c:1bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:51:9e:d2:a2:d7:5d:e7:6b:cd:17:eb:ce:57:b1:15:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c45672fc42bdd33e545338a7417e8171a04ee3f
        Validity
            Not Before: Jan 28 19:49:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8013cabf5004560397d64390852fe03f51b6cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6b:dd:c2:4b:de:83:cc:a2:4c:1f:09:d0:0e:
                    fc:ad:a5:bb:20:53:49:20:f6:54:da:14:8d:ca:b4:
                    c8:b2:6f:47:01:ce:4a:7c:50:72:bf:af:c7:79:06:
                    ce:d7:0c:60:92:4b:7e:70:41:5d:1e:b8:27:c4:53:
                    8a:ef:ef:27:07:77:0a:82:f8:54:1b:96:1c:bd:78:
                    0e:5b:84:58:6c:56:0d:a0:3f:66:3f:79:88:f6:14:
                    49:b8:2a:7a:d3:63:4e:b3:08:16:57:0c:9f:f6:3f:
                    36:ea:da:75:0a:0d:e7:82:fd:0a:e6:17:f4:00:38:
                    4a:f9:8d:6c:c9:07:c0:fd:53:04:d8:e2:e7:9d:59:
                    f0:46:2f:eb:09:c3:20:0a:8f:7a:76:ed:0c:5c:da:
                    31:0d:5d:f8:b1:74:b7:5a:2d:cc:89:04:0c:99:45:
                    f5:ed:78:02:21:1b:04:65:06:c9:39:4c:74:1f:a2:
                    41:43:27:fa:d4:f5:3d:c1:f3:67:1f:31:6d:aa:4b:
                    d4:bc:27:17:89:03:28:65:55:eb:70:3f:79:99:63:
                    d3:da:65:ab:3b:9d:7d:e8:4c:39:ff:f7:c8:18:9f:
                    1c:80:6e:8b:37:7c:14:e6:db:61:2f:ff:91:e0:84:
                    01:6e:81:aa:7f:7f:0b:9e:e5:d8:63:bb:b3:5b:92:
                    36:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:01:3C:AB:F5:00:45:60:39:7D:64:39:08:52:FE:03:F5:1B:6C:C7
            X509v3 Authority Key Identifier:
                keyid:7C:45:67:2F:C4:2B:DD:33:E5:45:33:8A:74:17:E8:17:1A:04:EE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/2AE8q_UARWA5fWQ5CFL-A_UbbMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/08af22-ffc9-4c1b-a9d7-94bedb5d0334/1/fEVnL8Qr3TPlRTOKdBfoFxoE7j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.200.0/24
                  185.197.211.0/24
                IPv6:
                  2a0c:1bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:d4:a0:a5:3d:f4:eb:31:d5:f5:db:04:2c:d7:11:f9:bf:43:
         ae:13:17:e1:2b:36:74:42:77:fb:49:52:c5:90:98:e1:07:3b:
         d6:87:66:b4:ef:7b:ad:41:d2:78:af:74:f9:7b:83:68:1a:3f:
         74:9a:c1:74:51:ea:79:d1:f2:e5:0f:4e:08:ab:70:28:b2:89:
         4d:dd:45:2b:3f:1b:a8:da:1c:23:b6:2a:69:a9:7d:91:d3:2c:
         e0:da:ba:cf:98:a7:30:1c:45:3e:32:99:47:d6:a1:33:72:2b:
         df:0b:de:a8:46:2c:0a:8e:e1:01:3d:2d:3f:ed:26:c6:9f:60:
         1f:34:37:77:8a:84:d0:5c:3f:23:33:c6:e1:5b:71:01:a3:ff:
         9f:d4:37:d6:57:ca:3c:55:e2:c4:eb:68:c5:15:16:be:83:2e:
         bc:44:da:f6:f8:a6:e5:11:20:a1:a6:5f:e0:0f:e8:21:61:a6:
         5a:67:a1:96:4d:ed:64:5c:41:77:87:60:8e:9c:fa:7d:11:c5:
         23:2e:9a:81:f0:bc:8b:b1:9c:58:bb:39:b8:a4:65:d4:06:40:
         22:61:6e:60:f6:87:fe:0c:d3:d4:48:76:65:1b:75:19:c4:db:
         ec:81:f4:2e:e6:55:19:83:1e:67:60:eb:cc:31:47:ee:cc:12:
         eb:23:03:f4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY1RntKi113na80X685XsRX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNDU2NzJmYzQyYmRkMzNlNTQ1MzM4YTc0MTdlODE3MWEw
NGVlM2YwHhcNMjQwMTI4MTk0OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAxM2NhYmY1MDA0NTYwMzk3ZDY0MzkwODUyZmUwM2Y1MWI2Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomvdwkveg8yiTB8J0A78raW7IFNJ
IPZU2hSNyrTIsm9HAc5KfFByv6/HeQbO1wxgkkt+cEFdHrgnxFOK7+8nB3cKgvhU
G5YcvXgOW4RYbFYNoD9mP3mI9hRJuCp602NOswgWVwyf9j826tp1Cg3ngv0K5hf0
ADhK+Y1syQfA/VME2OLnnVnwRi/rCcMgCo96du0MXNoxDV34sXS3Wi3MiQQMmUX1
7XgCIRsEZQbJOUx0H6JBQyf61PU9wfNnHzFtqkvUvCcXiQMoZVXrcD95mWPT2mWr
O5196Ew5//fIGJ8cgG6LN3wU5tthL/+R4IQBboGqf38LnuXYY7uzW5I27QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNgBPKv1AEVgOX1kOQhS/gP1G2zHMB8GA1UdIwQY
MBaAFHxFZy/EK90z5UUzinQX6BcaBO4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkVWbkw4UXIzVFBsUlRPS2RCZm9GeG9FN2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wOGFmMjItZmZjOS00YzFiLWE5ZDct
OTRiZWRiNWQwMzM0LzEvMkFFOHFfVUFSV0E1ZldRNUNGTC1BX1ViYk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wOGFmMjItZmZjOS00YzFiLWE5ZDctOTRiZWRiNWQwMzM0
LzEvZkVWbkw4UXIzVFBsUlRPS2RCZm9GeG9FN2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuYPIAwQA
ucXTMA0EAgACMAcDBQMqDBvAMA0GCSqGSIb3DQEBCwUAA4IBAQC61KClPfTrMdX1
2wQs1xH5v0OuExfhKzZ0Qnf7SVLFkJjhBzvWh2a073utQdJ4r3T5e4NoGj90msF0
Uep50fLlD04Iq3AosolN3UUrPxuo2hwjtippqX2R0yzg2rrPmKcwHEU+MplH1qEz
civfC96oRiwKjuEBPS0/7SbGn2AfNDd3ioTQXD8jM8bhW3EBo/+f1DfWV8o8VeLE
62jFFRa+gy68RNr2+KblESChpl/gD+ghYaZaZ6GWTe1kXEF3h2COnPp9EcUjLpqB
8LyLsZxYuzm4pGXUBkAiYW5g9of+DNPUSHZlG3UZxNvsgfQu5lUZgx5nYOvMMUfu
zBLrIwP0
-----END CERTIFICATE-----