Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/2-NPGmV1S-I3jY3_F9QheqQfqG4.roa
File:                     2-NPGmV1S-I3jY3_F9QheqQfqG4.roa (raw, json)
Hash identifier:          fCdExppHXkTvWPzYfpqOvFw8/6EVIc/KVeaYESiOtPI=
Subject key identifier:   DB:E3:4F:1A:65:75:4B:E2:37:8D:8D:FF:17:D4:21:7A:A4:1F:A8:6E
Certificate issuer:       /CN=69eb002f000bd426e4a640c71d6c0201b5050e34
Certificate serial:       018CC8012390200F29985874921FF24C2F8B
Authority key identifier: 69:EB:00:2F:00:0B:D4:26:E4:A6:40:C7:1D:6C:02:01:B5:05:0E:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/2-NPGmV1S-I3jY3_F9QheqQfqG4.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47176
IP address blocks:        185.20.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:23:90:20:0f:29:98:58:74:92:1f:f2:4c:2f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69eb002f000bd426e4a640c71d6c0201b5050e34
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe34f1a65754be2378d8dff17d4217aa41fa86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:56:18:2e:46:2f:69:38:ae:82:b6:12:41:35:
                    8c:1f:ae:65:ed:63:7f:69:00:ee:d4:4f:f4:ad:9b:
                    24:d5:4a:8c:3c:43:7c:90:e5:99:ac:2a:e6:ec:74:
                    e8:5b:4e:80:ce:94:a2:63:84:7d:c6:20:cc:45:bb:
                    15:97:70:73:1b:1e:95:b6:42:74:43:17:f7:59:70:
                    c6:5d:9c:de:de:0f:ef:95:18:cb:b7:b2:54:fd:e2:
                    2f:12:d1:a6:7f:53:2d:b0:01:c0:9f:60:b1:25:30:
                    12:16:0b:e5:cf:1a:35:eb:a3:74:5a:41:be:8e:95:
                    04:98:8c:25:71:93:c3:3a:f7:80:37:69:d6:5d:1c:
                    3b:88:be:c6:58:b3:35:77:5e:a9:a6:50:28:aa:45:
                    b7:50:91:9f:eb:ee:22:79:60:df:20:33:ac:f2:aa:
                    08:86:a7:c4:96:a6:05:08:e1:b4:16:ad:04:cf:a6:
                    d8:49:a9:2f:6a:15:6f:d8:6b:33:af:fa:e7:25:70:
                    f1:81:35:c7:be:ec:3d:50:4a:fa:69:a5:e0:d8:ca:
                    a2:b0:b7:7b:6b:14:af:ee:d4:1f:18:47:af:1e:0d:
                    b2:d0:6b:1e:e3:92:92:54:39:59:3d:4e:f9:e8:d4:
                    de:3a:08:e5:35:d6:b5:e7:36:b5:b9:7c:76:e1:28:
                    09:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E3:4F:1A:65:75:4B:E2:37:8D:8D:FF:17:D4:21:7A:A4:1F:A8:6E
            X509v3 Authority Key Identifier:
                keyid:69:EB:00:2F:00:0B:D4:26:E4:A6:40:C7:1D:6C:02:01:B5:05:0E:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/2-NPGmV1S-I3jY3_F9QheqQfqG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ab:d1:b2:cb:22:6d:28:2b:5b:15:54:3c:e7:78:58:66:bc:
         df:45:e6:36:92:3b:ec:2b:46:f1:43:ab:df:d8:c7:81:10:c7:
         59:1d:5a:33:6e:5f:60:91:4a:4d:3c:ed:ed:b8:48:bc:82:68:
         ba:bd:87:68:76:a1:51:40:41:18:2d:5f:68:0f:e2:e0:b8:96:
         c1:01:3b:a4:88:37:91:5d:38:01:41:4b:0c:dd:e6:c4:ee:e7:
         44:60:2d:b2:53:6a:19:13:8c:5d:0a:5c:9c:43:57:73:38:79:
         3a:59:56:81:6e:6b:cb:4c:da:2f:57:65:57:71:e1:88:6a:dc:
         11:62:e9:33:32:11:00:5f:94:c6:73:cf:d4:7d:25:5c:29:23:
         35:12:59:7e:00:6e:21:40:f3:03:b9:10:95:a3:66:25:77:29:
         b2:74:44:1c:b8:68:71:64:b7:79:6d:5c:b2:c9:39:26:38:07:
         fc:65:aa:37:c1:2c:0e:df:44:d1:4c:f8:13:35:33:e9:0d:2f:
         29:9f:00:0f:c5:28:dc:6e:b7:a5:70:09:63:dc:8d:2c:09:19:
         6b:e5:20:83:48:5f:ca:f6:ef:77:1b:0e:83:c4:6d:c9:25:b8:
         59:35:bf:3f:3a:7b:37:83:da:86:f7:24:fd:07:8c:f4:6d:38:
         a1:4c:55:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASOQIA8pmFh0kh/yTC+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZWIwMDJmMDAwYmQ0MjZlNGE2NDBjNzFkNmMwMjAxYjUw
NTBlMzQwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUzNGYxYTY1NzU0YmUyMzc4ZDhkZmYxN2Q0MjE3YWE0MWZhODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1YYLkYvaTiugrYSQTWMH65l7WN/
aQDu1E/0rZsk1UqMPEN8kOWZrCrm7HToW06AzpSiY4R9xiDMRbsVl3BzGx6VtkJ0
Qxf3WXDGXZze3g/vlRjLt7JU/eIvEtGmf1MtsAHAn2CxJTASFgvlzxo166N0WkG+
jpUEmIwlcZPDOveAN2nWXRw7iL7GWLM1d16pplAoqkW3UJGf6+4ieWDfIDOs8qoI
hqfElqYFCOG0Fq0Ez6bYSakvahVv2Gszr/rnJXDxgTXHvuw9UEr6aaXg2MqisLd7
axSv7tQfGEevHg2y0Gse45KSVDlZPU756NTeOgjlNda15za1uXx24SgJdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvjTxpldUviN42N/xfUIXqkH6huMB8GA1UdIwQY
MBaAFGnrAC8AC9Qm5KZAxx1sAgG1BQ40MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWVzQUx3QUwxQ2JrcGtESEhXd0NBYlVGRGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9kM2U2ODItMzM3MC00MjcxLTk0Mzct
Nzg1NDc1YzIyYzliLzEvMi1OUEdtVjFTLUkzalkzX0Y5UWhlcVFmcUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9kM2U2ODItMzM3MC00MjcxLTk0MzctNzg1NDc1YzIyYzli
LzEvYWVzQUx3QUwxQ2JrcGtESEhXd0NBYlVGRGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRTpMA0G
CSqGSIb3DQEBCwUAA4IBAQB6q9GyyyJtKCtbFVQ853hYZrzfReY2kjvsK0bxQ6vf
2MeBEMdZHVozbl9gkUpNPO3tuEi8gmi6vYdodqFRQEEYLV9oD+LguJbBATukiDeR
XTgBQUsM3ebE7udEYC2yU2oZE4xdClycQ1dzOHk6WVaBbmvLTNovV2VXceGIatwR
YukzMhEAX5TGc8/UfSVcKSM1Ell+AG4hQPMDuRCVo2YldymydEQcuGhxZLd5bVyy
yTkmOAf8Zao3wSwO30TRTPgTNTPpDS8pnwAPxSjcbrelcAlj3I0sCRlr5SCDSF/K
9u93Gw6DxG3JJbhZNb8/Ons3g9qG9yT9B4z0bTihTFWB
-----END CERTIFICATE-----