Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/2a46BL9nRkw5iR_pr53mHEuMQ3c.roa
File:                     2a46BL9nRkw5iR_pr53mHEuMQ3c.roa (raw, json)
Hash identifier:          fE387Uby1b8bt/adKJETG+6hnvurhwh+Wy+8TXbD6xM=
Subject key identifier:   D9:AE:3A:04:BF:67:46:4C:39:89:1F:E9:AF:9D:E6:1C:4B:8C:43:77
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       018CC4930BF34DB762E868F8C4A77027AC7D
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/2a46BL9nRkw5iR_pr53mHEuMQ3c.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43002
IP address blocks:        62.93.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0b:f3:4d:b7:62:e8:68:f8:c4:a7:70:27:ac:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9ae3a04bf67464c39891fe9af9de61c4b8c4377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:05:9a:23:53:a2:b7:d1:1e:46:8f:09:3a:3c:
                    38:4e:7f:23:b0:17:99:01:f7:e1:f4:6b:76:b3:a0:
                    f2:9d:61:8a:9c:36:43:f7:8d:6f:cb:c6:00:46:75:
                    dc:21:8c:9d:24:bd:e7:0a:97:ab:9b:97:66:e7:72:
                    25:17:ce:5a:43:dc:dd:de:d3:0a:fa:20:a3:aa:c4:
                    2a:a0:47:79:d3:92:c3:0f:b0:04:7f:4c:0b:b7:c4:
                    6f:60:d7:5b:11:fb:b0:d8:04:f3:43:08:6c:65:d8:
                    39:6a:f6:fc:74:e1:9e:3b:a3:80:c5:15:c2:0e:dc:
                    68:78:f2:31:96:79:96:35:bd:43:5b:74:6e:3e:ae:
                    67:f5:55:c3:50:e3:7f:c4:e2:33:b6:f2:15:0d:e2:
                    97:e4:63:55:da:d0:86:90:29:53:a3:a4:3d:b6:f0:
                    50:66:ed:90:11:81:7a:52:90:9c:61:e1:91:44:a5:
                    72:cc:b7:61:c9:0f:a4:10:24:d4:be:52:c2:fe:54:
                    95:3c:77:2b:cf:49:5c:cf:4f:06:0d:3a:f3:17:fe:
                    84:17:b0:f8:6f:73:6c:af:b2:b9:07:ef:94:01:b3:
                    62:a7:f2:fd:15:bb:1d:d3:c2:9b:53:1a:25:d7:8f:
                    a0:38:02:e9:05:6c:75:9f:dd:cf:73:df:4d:aa:16:
                    0e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:AE:3A:04:BF:67:46:4C:39:89:1F:E9:AF:9D:E6:1C:4B:8C:43:77
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/2a46BL9nRkw5iR_pr53mHEuMQ3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:ac:d8:22:8d:97:a4:ef:42:77:2f:cd:f9:18:df:e2:51:95:
         44:50:c1:cf:51:df:63:9d:72:cd:f2:93:89:19:89:72:d2:0b:
         30:ef:b8:77:34:2a:52:be:7c:1d:84:c9:67:97:6e:e9:cc:b2:
         e9:26:30:8d:9b:a2:b2:a3:0d:f0:eb:b5:d8:1d:4f:00:86:7f:
         be:e6:73:3c:fc:45:20:c9:71:97:ca:d9:97:84:6e:5e:38:07:
         0d:6b:8e:49:c4:3a:9f:b2:fc:31:7c:be:c0:ec:22:79:3d:9f:
         4d:6c:01:db:60:94:6a:6e:96:98:c4:51:fa:9b:b8:a0:73:2d:
         8c:d5:1e:2f:0c:d1:87:9d:91:b2:71:e9:5d:f8:25:68:82:01:
         c8:88:7f:5c:6c:ea:41:bf:58:4d:29:6f:85:fa:b4:f9:7a:bb:
         d1:45:f6:3f:21:26:a3:aa:49:32:bd:d3:ba:a1:f9:6c:0b:8b:
         d0:b5:34:b6:4a:14:63:33:3f:16:ab:d3:65:d9:77:dc:bd:7b:
         de:47:3d:d1:47:e6:5b:c4:47:fd:44:32:e8:9e:28:b6:ad:88:
         dd:09:e4:75:57:25:e7:15:61:cb:b7:ec:93:61:3b:af:eb:9c:
         fa:42:f1:22:02:c2:27:e6:e2:25:14:a2:6a:20:c2:3e:88:d6:
         09:47:9a:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwvzTbdi6Gj4xKdwJ6x9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWFlM2EwNGJmNjc0NjRjMzk4OTFmZTlhZjlkZTYxYzRiOGM0Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwWaI1Oit9EeRo8JOjw4Tn8jsBeZ
Affh9Gt2s6DynWGKnDZD941vy8YARnXcIYydJL3nCperm5dm53IlF85aQ9zd3tMK
+iCjqsQqoEd505LDD7AEf0wLt8RvYNdbEfuw2ATzQwhsZdg5avb8dOGeO6OAxRXC
DtxoePIxlnmWNb1DW3RuPq5n9VXDUON/xOIztvIVDeKX5GNV2tCGkClTo6Q9tvBQ
Zu2QEYF6UpCcYeGRRKVyzLdhyQ+kECTUvlLC/lSVPHcrz0lcz08GDTrzF/6EF7D4
b3Nsr7K5B++UAbNip/L9Fbsd08KbUxol14+gOALpBWx1n93Pc99NqhYO+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmuOgS/Z0ZMOYkf6a+d5hxLjEN3MB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvMmE0NkJMOW5Sa3c1aVJfcHI1M21IRXVNUTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCPl10MA0G
CSqGSIb3DQEBCwUAA4IBAQCRrNgijZek70J3L835GN/iUZVEUMHPUd9jnXLN8pOJ
GYly0gsw77h3NCpSvnwdhMlnl27pzLLpJjCNm6Kyow3w67XYHU8Ahn++5nM8/EUg
yXGXytmXhG5eOAcNa45JxDqfsvwxfL7A7CJ5PZ9NbAHbYJRqbpaYxFH6m7igcy2M
1R4vDNGHnZGyceld+CVoggHIiH9cbOpBv1hNKW+F+rT5ervRRfY/ISajqkkyvdO6
oflsC4vQtTS2ShRjMz8Wq9Nl2XfcvXveRz3RR+ZbxEf9RDLonii2rYjdCeR1VyXn
FWHLt+yTYTuv65z6QvEiAsIn5uIlFKJqIMI+iNYJR5pt
-----END CERTIFICATE-----