Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/0EpccPhq7xpAst0WoCz6ULZuC8w.roa
File:                     0EpccPhq7xpAst0WoCz6ULZuC8w.roa (raw, json)
Hash identifier:          ++SdK5sUy5ks9QWHCHaUs1hk7t8vrZFU/bLn3D1nR7o=
Subject key identifier:   D0:4A:5C:70:F8:6A:EF:1A:40:B2:DD:16:A0:2C:FA:50:B6:6E:0B:CC
Certificate issuer:       /CN=d890d4ee07fc21c111d635284da7fb19fd706ce2
Certificate serial:       01921E2FE726D366FDCDC0927C1868D231F7
Authority key identifier: D8:90:D4:EE:07:FC:21:C1:11:D6:35:28:4D:A7:FB:19:FD:70:6C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/0EpccPhq7xpAst0WoCz6ULZuC8w.roa
Signing time:             Mon 23 Sep 2024 09:21:48 +0000
ROA not before:           Mon 23 Sep 2024 09:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        185.157.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:2f:e7:26:d3:66:fd:cd:c0:92:7c:18:68:d2:31:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d890d4ee07fc21c111d635284da7fb19fd706ce2
        Validity
            Not Before: Sep 23 09:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d04a5c70f86aef1a40b2dd16a02cfa50b66e0bcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:64:d6:e9:7a:a3:60:56:2f:39:30:cb:94:d5:
                    d5:2d:a6:66:d2:68:ff:13:2b:14:5d:58:56:19:53:
                    da:bb:25:f2:63:c6:7d:2b:97:ee:42:9c:82:3f:9b:
                    16:0a:13:bd:51:4e:9e:6e:3b:85:fe:f4:5e:bc:41:
                    e8:64:8a:d3:f0:d1:ad:0c:89:56:72:e2:64:89:56:
                    f4:e6:55:4b:a1:21:82:19:24:95:fa:7d:cc:83:d9:
                    ec:01:c4:af:53:b1:b7:05:98:61:3c:9c:ac:da:2e:
                    47:f3:c0:8e:fd:99:91:0d:cd:1b:a0:bf:bb:96:fe:
                    a5:58:f6:e8:3a:45:62:cb:2c:50:ab:2c:b6:d0:7f:
                    8f:ab:ed:e4:ce:4d:ac:19:11:16:d8:a0:73:3a:af:
                    45:74:96:bf:0b:a3:29:7e:84:0e:ba:3f:c4:dd:dc:
                    71:58:e8:13:f3:c6:2a:3f:09:69:01:37:46:7d:ec:
                    fd:b9:a3:0a:3c:31:00:a6:a2:bc:b6:68:b6:c6:ec:
                    46:5a:bd:4b:c4:78:ed:cc:4c:bb:0d:6a:a7:f9:4d:
                    e7:ff:f6:4a:83:31:23:74:dc:eb:5e:a7:83:30:6f:
                    55:3d:82:84:93:01:6f:60:46:18:a8:16:d8:c8:a8:
                    2e:04:2e:ba:bb:dc:d5:51:9b:08:d5:8c:6f:54:04:
                    a7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4A:5C:70:F8:6A:EF:1A:40:B2:DD:16:A0:2C:FA:50:B6:6E:0B:CC
            X509v3 Authority Key Identifier:
                keyid:D8:90:D4:EE:07:FC:21:C1:11:D6:35:28:4D:A7:FB:19:FD:70:6C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/0EpccPhq7xpAst0WoCz6ULZuC8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:f0:e9:15:fd:c3:4b:d3:05:8b:ac:2c:e6:b4:6c:61:a6:a7:
         4a:9a:81:f6:76:ec:a3:e3:e3:59:7d:08:1d:9e:2b:9a:36:4a:
         90:1d:d0:a9:d7:60:2b:5e:51:f4:66:17:9f:e3:17:a4:8e:fd:
         34:62:c5:87:14:3d:25:cd:da:71:e4:2c:a6:09:9c:82:eb:b0:
         54:87:3b:b0:f2:7b:d7:93:4e:75:a4:5d:aa:73:43:27:8c:a4:
         b2:7a:d1:2a:5a:10:46:2f:55:7e:3a:ad:19:66:77:1d:65:e5:
         1c:00:70:b0:77:9b:d4:69:a4:08:12:e6:ef:22:85:d0:fd:8e:
         9f:a8:d1:94:f0:dc:18:63:49:87:0f:e1:54:20:80:e3:ce:71:
         e1:d7:85:e1:69:1f:a7:9e:c5:96:e7:99:f0:68:cd:a2:71:77:
         84:15:2a:fa:cc:fd:7c:fe:9c:cc:30:40:a0:2f:a7:73:1e:16:
         ec:a3:11:7d:1f:d8:6b:b5:89:9f:3f:4c:32:33:81:3a:e8:ed:
         2e:33:03:e2:a7:84:95:36:78:d8:63:ec:21:58:3f:90:2e:51:
         bb:a0:0b:47:d8:67:a3:a9:e8:1a:03:1f:5d:3f:5c:ef:1f:ff:
         5f:94:71:6d:8c:c3:00:ff:ea:90:52:43:a9:01:9d:79:94:c6:
         30:7b:6b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIeL+cm02b9zcCSfBho0jH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTBkNGVlMDdmYzIxYzExMWQ2MzUyODRkYTdmYjE5ZmQ3
MDZjZTIwHhcNMjQwOTIzMDkyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRhNWM3MGY4NmFlZjFhNDBiMmRkMTZhMDJjZmE1MGI2NmUwYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22TW6XqjYFYvOTDLlNXVLaZm0mj/
EysUXVhWGVPauyXyY8Z9K5fuQpyCP5sWChO9UU6ebjuF/vRevEHoZIrT8NGtDIlW
cuJkiVb05lVLoSGCGSSV+n3Mg9nsAcSvU7G3BZhhPJys2i5H88CO/ZmRDc0boL+7
lv6lWPboOkViyyxQqyy20H+Pq+3kzk2sGREW2KBzOq9FdJa/C6MpfoQOuj/E3dxx
WOgT88YqPwlpATdGfez9uaMKPDEApqK8tmi2xuxGWr1LxHjtzEy7DWqn+U3n//ZK
gzEjdNzrXqeDMG9VPYKEkwFvYEYYqBbYyKguBC66u9zVUZsI1YxvVASncQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBKXHD4au8aQLLdFqAs+lC2bgvMMB8GA1UdIwQY
MBaAFNiQ1O4H/CHBEdY1KE2n+xn9cGziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpEVTdnZjhJY0VSMWpVb1RhZjdHZjF3Yk9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8zZWMyNGEtYjE5MS00MzRhLWJkYzIt
MDZhODEwYWY4ZDM0LzEvMEVwY2NQaHE3eHBBc3QwV29DejZVTFp1Qzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8zZWMyNGEtYjE5MS00MzRhLWJkYzItMDZhODEwYWY4ZDM0
LzEvMkpEVTdnZjhJY0VSMWpVb1RhZjdHZjF3Yk9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ1cMA0G
CSqGSIb3DQEBCwUAA4IBAQAq8OkV/cNL0wWLrCzmtGxhpqdKmoH2duyj4+NZfQgd
niuaNkqQHdCp12ArXlH0Zhef4xekjv00YsWHFD0lzdpx5CymCZyC67BUhzuw8nvX
k051pF2qc0MnjKSyetEqWhBGL1V+Oq0ZZncdZeUcAHCwd5vUaaQIEubvIoXQ/Y6f
qNGU8NwYY0mHD+FUIIDjznHh14XhaR+nnsWW55nwaM2icXeEFSr6zP18/pzMMECg
L6dzHhbsoxF9H9hrtYmfP0wyM4E66O0uMwPip4SVNnjYY+whWD+QLlG7oAtH2Gej
qegaAx9dP1zvH/9flHFtjMMA/+qQUkOpAZ15lMYwe2tc
-----END CERTIFICATE-----