Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/2ppTdRNJ6ym0BB6B4rGFecjufqY.roa
File:                     2ppTdRNJ6ym0BB6B4rGFecjufqY.roa (raw, json)
Hash identifier:          Jc7/JQ3V4A+G/V43ZoSCeXNNq1RJ52tpxqDUfMBiozc=
Subject key identifier:   DA:9A:53:75:13:49:EB:29:B4:04:1E:81:E2:B1:85:79:C8:EE:7E:A6
Certificate issuer:       /CN=3af1507fda4e704828c7e03caf626456aafc5b1a
Certificate serial:       018CC6B7ABD68ADB97FB7A7EADC143A9ADCB
Authority key identifier: 3A:F1:50:7F:DA:4E:70:48:28:C7:E0:3C:AF:62:64:56:AA:FC:5B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/2ppTdRNJ6ym0BB6B4rGFecjufqY.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199536
IP address blocks:        185.148.100.0/22 maxlen: 22
                          2a0f:57c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ab:d6:8a:db:97:fb:7a:7e:ad:c1:43:a9:ad:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af1507fda4e704828c7e03caf626456aafc5b1a
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da9a53751349eb29b4041e81e2b18579c8ee7ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:58:86:57:af:60:d2:9c:3c:b6:bb:bd:84:d7:
                    c8:ce:23:e5:de:30:54:3c:1e:3d:a4:c3:85:bd:14:
                    14:a6:11:2e:ce:49:4a:62:6c:c0:94:b2:ba:7b:6f:
                    22:73:c4:3d:a4:e8:68:6f:a5:36:2a:4f:cb:c0:c9:
                    d3:68:9d:e0:54:60:92:2c:2f:09:53:bb:99:70:8b:
                    7c:4a:02:32:3a:2f:7b:d5:b7:e6:68:8b:bd:3c:78:
                    4e:0b:aa:30:d6:6f:0a:9e:f9:9a:3c:b7:72:b8:74:
                    03:31:bb:d3:0d:f4:6b:d7:fc:6b:c7:17:ef:dd:6a:
                    f6:5e:97:4a:db:dd:f8:d1:77:3a:40:0f:b2:cd:3a:
                    ca:92:13:bc:28:9f:75:da:de:04:fa:fe:3d:fe:2a:
                    e7:cf:54:2d:ae:b3:b9:20:81:f4:29:98:51:3a:37:
                    ea:bc:09:43:60:15:11:ad:33:d7:28:1e:5e:24:d5:
                    35:69:36:ec:aa:c4:06:ce:c8:96:07:23:ba:b1:9b:
                    85:34:53:19:a1:0d:2c:26:59:95:5e:19:6f:39:64:
                    da:5f:cc:83:43:ca:85:f3:43:e5:1b:cb:a4:91:1b:
                    a8:8f:a0:26:3b:e3:63:03:a2:b8:07:c0:4d:59:42:
                    fa:e9:6b:09:e7:4a:25:30:bc:58:8d:17:a7:d0:6f:
                    56:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:9A:53:75:13:49:EB:29:B4:04:1E:81:E2:B1:85:79:C8:EE:7E:A6
            X509v3 Authority Key Identifier:
                keyid:3A:F1:50:7F:DA:4E:70:48:28:C7:E0:3C:AF:62:64:56:AA:FC:5B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/2ppTdRNJ6ym0BB6B4rGFecjufqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.100.0/22
                IPv6:
                  2a0f:57c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:c0:9b:22:c4:89:77:06:f6:58:9a:f7:e3:6e:f4:f8:40:4b:
         56:8e:a9:84:24:b6:b6:d0:4e:fa:72:3b:68:be:4a:4d:6b:f7:
         8c:59:fd:1c:e9:00:01:95:8f:7f:0b:d8:8f:5e:a0:1f:09:36:
         0b:f5:26:22:42:15:3f:b2:31:c2:d9:67:c9:70:96:b0:21:9a:
         7f:a4:c6:e4:b0:d1:70:32:b1:a7:bc:f4:4b:d3:dc:cf:c5:8f:
         b6:dc:31:c6:81:89:39:a6:81:34:fe:59:4a:c9:80:fb:a4:20:
         49:9a:9d:f9:8b:65:54:7e:08:3c:a5:68:a6:21:5c:3e:9d:a6:
         31:f3:59:2b:dc:03:77:eb:d9:c3:46:a4:97:97:c9:16:74:a5:
         58:4e:eb:46:ae:fd:5f:eb:4e:a3:4b:b8:79:4e:a6:19:a8:c4:
         65:cb:fe:99:28:2f:f2:da:ac:27:b1:cb:e4:24:5f:90:67:e9:
         10:1c:c7:74:88:22:a6:70:0d:be:09:a3:7d:8d:23:b5:5a:48:
         5e:9d:79:2b:36:95:68:15:c9:e3:a4:aa:b8:a6:17:c8:ab:08:
         72:43:37:18:d2:24:3e:6d:1e:66:b7:21:83:42:cd:26:c6:36:
         23:ed:f5:b9:e5:f9:bc:c0:87:be:b1:5b:89:14:7c:46:7e:42:
         b9:50:b6:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6vWituX+3p+rcFDqa3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjE1MDdmZGE0ZTcwNDgyOGM3ZTAzY2FmNjI2NDU2YWFm
YzViMWEwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTlhNTM3NTEzNDllYjI5YjQwNDFlODFlMmIxODU3OWM4ZWU3ZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFiGV69g0pw8tru9hNfIziPl3jBU
PB49pMOFvRQUphEuzklKYmzAlLK6e28ic8Q9pOhob6U2Kk/LwMnTaJ3gVGCSLC8J
U7uZcIt8SgIyOi971bfmaIu9PHhOC6ow1m8KnvmaPLdyuHQDMbvTDfRr1/xrxxfv
3Wr2XpdK29340Xc6QA+yzTrKkhO8KJ912t4E+v49/irnz1QtrrO5IIH0KZhROjfq
vAlDYBURrTPXKB5eJNU1aTbsqsQGzsiWByO6sZuFNFMZoQ0sJlmVXhlvOWTaX8yD
Q8qF80PlG8ukkRuoj6AmO+NjA6K4B8BNWUL66WsJ50olMLxYjRen0G9WGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNqaU3UTSesptAQegeKxhXnI7n6mMB8GA1UdIwQY
MBaAFDrxUH/aTnBIKMfgPK9iZFaq/FsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZGUWY5cE9jRWdveC1BOHIySmtWcXI4V3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85ZjUwZTEtM2VjNC00NmRjLWI0Zjct
ODc0MjM0ZWQxZTVlLzEvMnBwVGRSTko2eW0wQkI2QjRyR0ZlY2p1ZnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85ZjUwZTEtM2VjNC00NmRjLWI0ZjctODc0MjM0ZWQxZTVl
LzEvT3ZGUWY5cE9jRWdveC1BOHIySmtWcXI4V3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZRkMA0E
AgACMAcDBQAqD1fAMA0GCSqGSIb3DQEBCwUAA4IBAQAcwJsixIl3BvZYmvfjbvT4
QEtWjqmEJLa20E76cjtovkpNa/eMWf0c6QABlY9/C9iPXqAfCTYL9SYiQhU/sjHC
2WfJcJawIZp/pMbksNFwMrGnvPRL09zPxY+23DHGgYk5poE0/llKyYD7pCBJmp35
i2VUfgg8pWimIVw+naYx81kr3AN369nDRqSXl8kWdKVYTutGrv1f606jS7h5TqYZ
qMRly/6ZKC/y2qwnscvkJF+QZ+kQHMd0iCKmcA2+CaN9jSO1WkhenXkrNpVoFcnj
pKq4phfIqwhyQzcY0iQ+bR5mtyGDQs0mxjYj7fW55fm8wIe+sVuJFHxGfkK5ULZB
-----END CERTIFICATE-----