Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/edbCavwVm9Gkf98mRsbeIyfwK20.roa
File:                     edbCavwVm9Gkf98mRsbeIyfwK20.roa (raw, json)
Hash identifier:          GxzIRdfFg1QqK46F7yOBgcGhTVkErq0MgVa9HmsH46o=
Subject key identifier:   79:D6:C2:6A:FC:15:9B:D1:A4:7F:DF:26:46:C6:DE:23:27:F0:2B:6D
Certificate issuer:       /CN=46ebddae6a7acee83a322a0e743a6759d85365f2
Certificate serial:       018DEF043A92FAF32E58387ADC8280B5391A
Authority key identifier: 46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/edbCavwVm9Gkf98mRsbeIyfwK20.roa
Signing time:             Wed 28 Feb 2024 09:20:48 +0000
ROA not before:           Wed 28 Feb 2024 09:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212346
IP address blocks:        185.217.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:04:3a:92:fa:f3:2e:58:38:7a:dc:82:80:b5:39:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ebddae6a7acee83a322a0e743a6759d85365f2
        Validity
            Not Before: Feb 28 09:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79d6c26afc159bd1a47fdf2646c6de2327f02b6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:89:b6:30:27:cd:7d:5e:4b:80:ca:05:e2:b0:
                    5d:37:a1:f0:90:0e:97:5b:12:8f:af:63:3b:77:b4:
                    05:75:59:3f:53:97:c2:ef:cd:68:88:5b:a9:74:be:
                    1f:de:46:f2:e9:cc:ac:9b:4f:14:59:6a:a9:b4:46:
                    a9:05:ad:44:16:95:d4:58:36:9a:b0:65:d0:98:07:
                    11:77:a2:6b:2e:6a:a9:d6:ad:0c:c6:5c:d1:c7:56:
                    7f:56:88:d3:0b:60:3e:cc:21:ce:ac:69:44:e0:39:
                    f7:96:e0:f6:77:6f:da:a8:d4:b2:ea:b1:2f:7e:28:
                    7a:85:d8:a5:67:2c:39:24:2e:e6:2d:12:7b:e6:d5:
                    55:ae:64:3d:4b:4a:85:41:45:aa:3e:4b:a5:cc:70:
                    49:6c:0c:a4:29:f3:69:af:4f:7d:85:76:2a:9e:03:
                    92:6f:f9:35:46:33:98:ac:80:0b:e1:2c:94:e5:3d:
                    ad:4f:44:5a:f4:1f:1f:c1:0b:b2:20:f8:5b:44:46:
                    6b:5c:20:f1:ae:d5:98:ad:16:7a:3b:00:ac:4d:c0:
                    51:9c:69:15:17:37:08:cd:20:ad:08:e6:2c:f9:aa:
                    1e:f6:3a:14:3b:f3:c5:90:6d:e3:3f:3a:e2:f5:79:
                    c7:0e:ef:33:1b:1b:c7:c4:1f:c3:85:9d:6a:30:40:
                    81:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:D6:C2:6A:FC:15:9B:D1:A4:7F:DF:26:46:C6:DE:23:27:F0:2B:6D
            X509v3 Authority Key Identifier:
                keyid:46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/edbCavwVm9Gkf98mRsbeIyfwK20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:cd:a5:8c:06:12:27:e8:f0:db:ee:4b:ee:31:da:b5:87:b8:
         f2:a7:bd:90:f3:51:d6:95:d1:fd:34:20:42:44:b2:0b:f9:41:
         7b:bc:79:d6:2d:3f:ce:24:5d:75:93:fc:b6:60:13:e3:7c:94:
         c4:65:04:43:e7:f2:9e:cb:a6:5b:2e:33:c4:28:ad:36:be:6f:
         b8:81:e7:43:b4:5c:55:00:e4:6b:61:6c:71:d7:e2:f9:39:3f:
         aa:37:b0:7c:2d:93:44:fd:be:14:25:34:e4:3c:38:52:03:20:
         61:0a:93:d4:80:79:b8:1e:6b:e8:aa:37:72:8c:f2:c5:ec:40:
         64:8b:af:cd:a5:a1:fa:ec:74:b2:03:81:7b:d7:c0:b8:61:20:
         77:aa:8e:3f:46:e1:22:0a:8d:7a:6e:eb:7d:d0:78:19:25:a3:
         5c:6a:6c:19:f6:14:5c:29:af:90:a8:3b:d1:62:a0:3d:c6:6f:
         27:26:82:0a:40:9a:c1:b2:c3:5d:5a:93:8a:80:1b:52:00:74:
         4b:6e:ca:20:41:bf:32:a0:00:fc:43:12:1f:31:52:e2:8d:e5:
         26:bb:41:fe:03:dc:f5:2b:6f:11:fe:50:43:96:d1:fa:8a:8b:
         8f:ce:9d:4b:5b:02:5f:f6:4f:56:eb:bd:55:5d:d8:d1:36:52:
         8a:00:0c:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3vBDqS+vMuWDh63IKAtTkaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWJkZGFlNmE3YWNlZTgzYTMyMmEwZTc0M2E2NzU5ZDg1
MzY1ZjIwHhcNMjQwMjI4MDkyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWQ2YzI2YWZjMTU5YmQxYTQ3ZmRmMjY0NmM2ZGUyMzI3ZjAyYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYm2MCfNfV5LgMoF4rBdN6HwkA6X
WxKPr2M7d7QFdVk/U5fC781oiFupdL4f3kby6cysm08UWWqptEapBa1EFpXUWDaa
sGXQmAcRd6JrLmqp1q0MxlzRx1Z/VojTC2A+zCHOrGlE4Dn3luD2d2/aqNSy6rEv
fih6hdilZyw5JC7mLRJ75tVVrmQ9S0qFQUWqPkulzHBJbAykKfNpr099hXYqngOS
b/k1RjOYrIAL4SyU5T2tT0Ra9B8fwQuyIPhbREZrXCDxrtWYrRZ6OwCsTcBRnGkV
FzcIzSCtCOYs+aoe9joUO/PFkG3jPzri9XnHDu8zGxvHxB/DhZ1qMECBCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHnWwmr8FZvRpH/fJkbG3iMn8CttMB8GA1UdIwQY
MBaAFEbr3a5qes7oOjIqDnQ6Z1nYU2XyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDIt
MmJjOTA3OTRkMzhkLzEvZWRiQ2F2d1ZtOUdrZjk4bVJzYmVJeWZ3SzIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDItMmJjOTA3OTRkMzhk
LzEvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudkkMA0G
CSqGSIb3DQEBCwUAA4IBAQCyzaWMBhIn6PDb7kvuMdq1h7jyp72Q81HWldH9NCBC
RLIL+UF7vHnWLT/OJF11k/y2YBPjfJTEZQRD5/Key6ZbLjPEKK02vm+4gedDtFxV
AORrYWxx1+L5OT+qN7B8LZNE/b4UJTTkPDhSAyBhCpPUgHm4HmvoqjdyjPLF7EBk
i6/NpaH67HSyA4F718C4YSB3qo4/RuEiCo16but90HgZJaNcamwZ9hRcKa+QqDvR
YqA9xm8nJoIKQJrBssNdWpOKgBtSAHRLbsogQb8yoAD8QxIfMVLijeUmu0H+A9z1
K28R/lBDltH6iouPzp1LWwJf9k9W671VXdjRNlKKAAxE
-----END CERTIFICATE-----