Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/S2mxySA6r4cR5OHli7BmUPghwQg.roa
File:                     S2mxySA6r4cR5OHli7BmUPghwQg.roa (raw, json)
Hash identifier:          QvjRJXZoqzZDgy3Tu5o0jmgXlMUVpJd96nsgV0QtykA=
Subject key identifier:   4B:69:B1:C9:20:3A:AF:87:11:E4:E1:E5:8B:B0:66:50:F8:21:C1:08
Certificate issuer:       /CN=7d7cb2978bb54eb557cae3ffb35e46ac4d5c22bf
Certificate serial:       018CC6B92E0B00EE1BF4A0A70C26975FE795
Authority key identifier: 7D:7C:B2:97:8B:B5:4E:B5:57:CA:E3:FF:B3:5E:46:AC:4D:5C:22:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fXyyl4u1TrVXyuP_s15GrE1cIr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/S2mxySA6r4cR5OHli7BmUPghwQg.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51938
IP address blocks:        185.54.96.0/22 maxlen: 22
                          185.54.98.0/24 maxlen: 24
                          185.54.96.0/24 maxlen: 24
                          185.54.97.0/24 maxlen: 24
                          185.54.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/fXyyl4u1TrVXyuP_s15GrE1cIr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/fXyyl4u1TrVXyuP_s15GrE1cIr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fXyyl4u1TrVXyuP_s15GrE1cIr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2e:0b:00:ee:1b:f4:a0:a7:0c:26:97:5f:e7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d7cb2978bb54eb557cae3ffb35e46ac4d5c22bf
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b69b1c9203aaf8711e4e1e58bb06650f821c108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:64:af:7a:ce:bc:e6:6f:4e:af:cd:4e:53:a9:
                    3f:4f:90:d7:64:a9:db:10:d6:9a:8a:61:65:88:f7:
                    99:fe:b7:00:b4:c3:03:f1:86:13:34:2e:3d:3c:07:
                    48:9b:a3:97:ea:bf:e7:22:a0:58:ea:50:28:ec:30:
                    81:83:f8:04:4f:15:96:28:25:9e:f6:93:75:b6:cf:
                    da:c0:7e:da:13:58:e8:8a:b2:74:8d:42:47:f3:0a:
                    2f:26:ab:fb:6f:53:e9:7f:97:f2:3b:c5:7f:37:94:
                    7d:e7:80:79:a9:ad:d5:4d:d0:14:c1:a2:5d:18:89:
                    77:5c:0f:b8:ec:44:00:78:d0:8b:fd:e8:93:92:5a:
                    69:85:e3:7d:f6:5b:24:4c:c5:41:aa:6a:a3:f3:3f:
                    a2:48:0e:2e:db:7f:bc:f7:04:93:1e:e8:55:a4:8c:
                    d8:df:14:2d:0a:84:e2:3a:0a:6d:2d:4e:bb:2a:1e:
                    86:ac:89:a0:23:d9:57:6c:55:d3:d1:e0:5c:0e:80:
                    7f:7f:84:bf:96:30:14:a7:5c:69:d3:b2:79:af:77:
                    73:7d:01:87:b1:8c:ea:6d:f4:ad:e3:97:76:b3:fe:
                    6b:f3:6a:b8:96:44:2f:f2:57:bb:21:a5:73:ad:cf:
                    61:49:e7:cb:b2:73:f6:9b:ef:10:8e:dc:c2:6f:95:
                    5d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:69:B1:C9:20:3A:AF:87:11:E4:E1:E5:8B:B0:66:50:F8:21:C1:08
            X509v3 Authority Key Identifier:
                keyid:7D:7C:B2:97:8B:B5:4E:B5:57:CA:E3:FF:B3:5E:46:AC:4D:5C:22:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXyyl4u1TrVXyuP_s15GrE1cIr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/S2mxySA6r4cR5OHli7BmUPghwQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6cea37-d270-4d1c-a937-24c3d9e25401/1/fXyyl4u1TrVXyuP_s15GrE1cIr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:13:89:cc:99:43:9d:4d:b9:43:01:d7:37:f9:5e:35:2b:fd:
         0c:c2:c6:8a:3e:74:e2:62:7f:f9:17:9c:18:e4:99:f8:98:eb:
         02:59:33:fe:9d:6c:97:1d:52:a8:e0:83:0d:f2:7d:27:75:33:
         ca:f1:84:1d:48:3f:69:b0:d2:d6:6a:de:25:08:f8:58:b7:b3:
         c2:9a:e1:a5:00:20:e6:6f:03:76:17:17:da:19:08:16:5a:c5:
         08:d8:da:f6:ba:8d:63:81:77:d4:7a:3c:40:21:0d:09:a6:77:
         3f:67:9a:fa:47:d6:fb:07:82:f2:ca:60:f8:04:fa:38:ca:99:
         e8:6e:73:60:17:7b:9c:83:35:ec:5d:bc:00:6c:8e:ff:5c:55:
         77:7e:60:04:a7:fd:22:b3:c6:91:a9:0d:83:a8:d2:72:58:88:
         da:c5:29:98:d2:0a:2e:ac:d1:ca:a6:d3:6b:39:b8:7d:a0:3d:
         9d:b7:cf:17:b4:71:5a:55:bc:d5:4d:91:b8:49:62:dc:20:d5:
         8e:77:2f:fb:9f:c0:64:d6:ca:01:d5:e7:31:46:78:d3:0d:c1:
         3e:1d:f0:6d:e2:13:9c:98:61:3f:d4:63:5f:7c:30:82:b2:33:
         41:7b:cc:1c:e9:b1:c6:ff:4d:1b:00:7c:5d:9c:6d:92:52:3f:
         ab:77:d1:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS4LAO4b9KCnDCaXX+eVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkN2NiMjk3OGJiNTRlYjU1N2NhZTNmZmIzNWU0NmFjNGQ1
YzIyYmYwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY5YjFjOTIwM2FhZjg3MTFlNGUxZTU4YmIwNjY1MGY4MjFjMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2Sves685m9Or81OU6k/T5DXZKnb
ENaaimFliPeZ/rcAtMMD8YYTNC49PAdIm6OX6r/nIqBY6lAo7DCBg/gETxWWKCWe
9pN1ts/awH7aE1joirJ0jUJH8wovJqv7b1Ppf5fyO8V/N5R954B5qa3VTdAUwaJd
GIl3XA+47EQAeNCL/eiTklppheN99lskTMVBqmqj8z+iSA4u23+89wSTHuhVpIzY
3xQtCoTiOgptLU67Kh6GrImgI9lXbFXT0eBcDoB/f4S/ljAUp1xp07J5r3dzfQGH
sYzqbfSt45d2s/5r82q4lkQv8le7IaVzrc9hSefLsnP2m+8QjtzCb5VdewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtpsckgOq+HEeTh5YuwZlD4IcEIMB8GA1UdIwQY
MBaAFH18speLtU61V8rj/7NeRqxNXCK/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlh5eWw0dTFUclZYeXVQX3MxNUdyRTFjSXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy82Y2VhMzctZDI3MC00ZDFjLWE5Mzct
MjRjM2Q5ZTI1NDAxLzEvUzJteHlTQTZyNGNSNU9IbGk3Qm1VUGdod1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy82Y2VhMzctZDI3MC00ZDFjLWE5MzctMjRjM2Q5ZTI1NDAx
LzEvZlh5eWw0dTFUclZYeXVQX3MxNUdyRTFjSXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTZgMA0G
CSqGSIb3DQEBCwUAA4IBAQAOE4nMmUOdTblDAdc3+V41K/0MwsaKPnTiYn/5F5wY
5Jn4mOsCWTP+nWyXHVKo4IMN8n0ndTPK8YQdSD9psNLWat4lCPhYt7PCmuGlACDm
bwN2FxfaGQgWWsUI2Nr2uo1jgXfUejxAIQ0Jpnc/Z5r6R9b7B4LyymD4BPo4ypno
bnNgF3ucgzXsXbwAbI7/XFV3fmAEp/0is8aRqQ2DqNJyWIjaxSmY0gourNHKptNr
Obh9oD2dt88XtHFaVbzVTZG4SWLcINWOdy/7n8Bk1soB1ecxRnjTDcE+HfBt4hOc
mGE/1GNffDCCsjNBe8wc6bHG/00bAHxdnG2SUj+rd9F1
-----END CERTIFICATE-----