Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/2gfaX-TtZ8RBLV6HMB0j2mDpOPs.roa
File:                     2gfaX-TtZ8RBLV6HMB0j2mDpOPs.roa (raw, json)
Hash identifier:          eJBEGg56iKPR1WkuHk5oV/dOGDuwQUiZ9yNlN1nM39c=
Subject key identifier:   DA:07:DA:5F:E4:ED:67:C4:41:2D:5E:87:30:1D:23:DA:60:E9:38:FB
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2A9E9D87C5EFE09A2EA0510284F885
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/2gfaX-TtZ8RBLV6HMB0j2mDpOPs.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200505
IP address blocks:        185.126.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9e:9d:87:c5:ef:e0:9a:2e:a0:51:02:84:f8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da07da5fe4ed67c4412d5e87301d23da60e938fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:64:01:63:95:d7:0a:13:2a:04:55:28:d5:06:
                    2e:f0:64:73:30:03:d1:25:cc:3d:7d:e6:91:7e:5e:
                    d6:38:cc:ff:4f:bd:0a:05:a5:d6:6e:e2:2e:fe:b4:
                    77:e9:fa:b2:4a:21:e4:42:9e:ce:08:71:5b:00:1b:
                    55:f3:ff:57:7a:75:5c:96:32:d0:9d:2d:bd:b6:59:
                    75:f9:67:ec:e8:e2:72:61:13:1e:c7:3c:e3:dc:9a:
                    e1:d3:80:87:ab:15:68:8c:db:12:22:46:20:d0:1b:
                    17:d4:2e:a2:9c:8f:9b:17:90:4b:17:80:a7:4b:0c:
                    8f:c7:34:9f:96:63:4a:ce:96:b7:33:16:ff:ee:73:
                    47:a2:68:fe:6e:6b:8b:19:c0:15:11:84:49:d6:c6:
                    35:79:27:70:97:a3:36:52:fb:a4:79:0a:bb:93:da:
                    28:1b:64:e8:f9:b4:bd:61:a2:f8:eb:18:eb:17:c1:
                    88:18:5e:98:e8:8f:40:4f:cf:58:c6:ce:fe:d7:bf:
                    0a:d7:20:76:0f:68:7e:5a:5f:a0:b2:ee:ce:88:4b:
                    9e:a6:d3:d5:31:3a:82:23:7b:db:36:fd:70:c3:35:
                    34:9e:25:9f:d2:b5:35:10:94:ba:ab:38:32:92:4f:
                    23:30:c1:b2:6a:ae:0e:9a:46:7a:42:4d:24:b6:be:
                    19:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:07:DA:5F:E4:ED:67:C4:41:2D:5E:87:30:1D:23:DA:60:E9:38:FB
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/2gfaX-TtZ8RBLV6HMB0j2mDpOPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:95:11:38:99:d9:b6:0b:a5:2b:98:62:13:51:1f:00:cd:30:
         b2:17:3b:d0:a1:63:7f:38:09:6d:c7:26:05:1e:ab:47:d8:a5:
         e6:15:4b:93:f1:92:f0:32:8e:cf:1e:85:bf:a7:45:e8:3b:e4:
         ea:52:0e:a7:80:84:60:36:fe:d9:69:c1:23:b3:aa:5c:76:0a:
         dc:45:bf:aa:d5:c6:bc:c0:54:df:da:f8:f2:a4:3c:68:23:b4:
         6d:34:b9:30:fa:66:d4:cf:1c:6b:7d:4f:e8:0b:6f:e5:61:4d:
         a6:b5:6e:5e:89:68:22:94:38:35:9b:e8:de:e5:ff:ae:d0:38:
         14:f7:c8:50:9b:2e:aa:3e:f1:3b:9f:a7:f6:c1:34:4f:32:21:
         2b:c2:9e:57:21:a1:bc:4e:e2:fb:d1:84:b7:76:d2:1d:ee:af:
         f7:15:36:78:b7:55:b5:31:ef:94:c8:38:c8:59:8f:26:be:94:
         34:a2:05:1a:64:a5:a7:58:7c:be:a2:2b:9e:fd:4b:e5:3d:02:
         ea:48:69:db:1a:53:93:3c:06:a5:18:4d:9b:a9:2e:80:fd:65:
         0d:6e:d5:f9:81:58:74:bb:89:04:41:b7:e8:6f:62:21:35:1c:
         ed:93:99:d2:5d:77:ad:b5:e1:f4:47:4f:a6:6e:29:23:3e:b2:
         79:4b:8f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKp6dh8Xv4JouoFEChPiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA3ZGE1ZmU0ZWQ2N2M0NDEyZDVlODczMDFkMjNkYTYwZTkzOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWQBY5XXChMqBFUo1QYu8GRzMAPR
Jcw9feaRfl7WOMz/T70KBaXWbuIu/rR36fqySiHkQp7OCHFbABtV8/9XenVcljLQ
nS29tll1+Wfs6OJyYRMexzzj3Jrh04CHqxVojNsSIkYg0BsX1C6inI+bF5BLF4Cn
SwyPxzSflmNKzpa3Mxb/7nNHomj+bmuLGcAVEYRJ1sY1eSdwl6M2UvukeQq7k9oo
G2To+bS9YaL46xjrF8GIGF6Y6I9AT89Yxs7+178K1yB2D2h+Wl+gsu7OiEueptPV
MTqCI3vbNv1wwzU0niWf0rU1EJS6qzgykk8jMMGyaq4OmkZ6Qk0ktr4ZLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoH2l/k7WfEQS1ehzAdI9pg6Tj7MB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvMmdmYVgtVHRaOFJCTFY2SE1CMGoybURwT1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX5eMA0G
CSqGSIb3DQEBCwUAA4IBAQCFlRE4mdm2C6UrmGITUR8AzTCyFzvQoWN/OAltxyYF
HqtH2KXmFUuT8ZLwMo7PHoW/p0XoO+TqUg6ngIRgNv7ZacEjs6pcdgrcRb+q1ca8
wFTf2vjypDxoI7RtNLkw+mbUzxxrfU/oC2/lYU2mtW5eiWgilDg1m+je5f+u0DgU
98hQmy6qPvE7n6f2wTRPMiErwp5XIaG8TuL70YS3dtId7q/3FTZ4t1W1Me+UyDjI
WY8mvpQ0ogUaZKWnWHy+oiue/UvlPQLqSGnbGlOTPAalGE2bqS6A/WUNbtX5gVh0
u4kEQbfob2IhNRztk5nSXXetteH0R0+mbikjPrJ5S49X
-----END CERTIFICATE-----