Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/rrh8MaxzHshtL7eznDjpZVuop04.roa
File:                     rrh8MaxzHshtL7eznDjpZVuop04.roa (raw, json)
Hash identifier:          K+Dzl+jnDq5KoO2v3O1/YlzStCS4ahsAMo54419if+s=
Subject key identifier:   AE:B8:7C:31:AC:73:1E:C8:6D:2F:B7:B3:9C:38:E9:65:5B:A8:A7:4E
Certificate issuer:       /CN=2a6edf23264b43821dae97d10bd364cb6bb7f234
Certificate serial:       018CC794A05263A946EC8D0C4F4EDB95DE94
Authority key identifier: 2A:6E:DF:23:26:4B:43:82:1D:AE:97:D1:0B:D3:64:CB:6B:B7:F2:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/rrh8MaxzHshtL7eznDjpZVuop04.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51178
IP address blocks:        185.18.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a0:52:63:a9:46:ec:8d:0c:4f:4e:db:95:de:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6edf23264b43821dae97d10bd364cb6bb7f234
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeb87c31ac731ec86d2fb7b39c38e9655ba8a74e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:55:5c:b6:2c:9f:67:75:b6:9a:82:19:92:90:
                    94:5f:4e:fe:dc:b5:b7:cf:bb:23:62:dc:ed:65:f0:
                    7f:c2:80:b6:aa:f5:99:b8:e7:4c:af:1e:57:c5:45:
                    10:d6:f6:48:b7:a5:81:0e:bb:61:ae:5f:57:90:57:
                    a1:26:4a:7a:5d:b7:04:8f:3c:3f:1c:d5:4b:f9:d9:
                    a1:fa:09:5c:85:be:4e:19:b4:fa:c3:5b:ce:c3:73:
                    50:25:13:c7:8f:00:1e:33:09:cd:12:29:d5:76:72:
                    2f:00:fb:88:7b:e5:ce:ee:28:35:7c:9a:00:67:33:
                    e0:db:c2:ac:ba:4e:60:43:19:01:24:0c:ba:c2:02:
                    58:41:b7:7c:28:8a:3d:39:4e:1b:3b:9d:33:94:ec:
                    b6:11:b5:c3:6e:a5:59:0a:a0:ad:d5:f0:c6:bf:d3:
                    4d:97:e9:07:6d:fe:57:2b:82:8e:03:4d:a9:87:0c:
                    f6:0c:ca:df:f1:d3:22:a5:42:de:e9:2f:1d:bb:9c:
                    78:d8:47:86:71:ad:ac:a8:7a:55:38:c1:a2:b5:51:
                    a7:42:66:d4:42:2d:8e:72:e2:d8:61:47:92:ad:62:
                    07:76:de:fc:37:e6:f7:92:da:96:72:a8:ca:e7:f6:
                    a2:e4:25:57:3e:57:95:e7:ed:8e:0a:95:60:e9:2f:
                    70:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B8:7C:31:AC:73:1E:C8:6D:2F:B7:B3:9C:38:E9:65:5B:A8:A7:4E
            X509v3 Authority Key Identifier:
                keyid:2A:6E:DF:23:26:4B:43:82:1D:AE:97:D1:0B:D3:64:CB:6B:B7:F2:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/rrh8MaxzHshtL7eznDjpZVuop04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:0c:89:7a:06:2e:cb:8f:f3:be:d7:fc:ca:2f:0b:bf:00:42:
         c6:81:22:99:47:be:be:ea:f1:ac:99:1b:be:19:26:9d:92:f5:
         3d:c7:49:61:4b:18:da:7c:11:df:1c:ad:15:65:3a:d0:e2:2d:
         4d:b1:34:14:8d:ac:46:ba:80:7d:08:28:4d:49:ad:e0:31:07:
         53:6f:ec:f4:b2:d6:b2:db:13:dc:9e:02:13:8c:81:a3:33:15:
         b7:b0:73:77:7b:2b:fa:c7:c3:72:52:ce:32:ce:a8:12:f6:0b:
         cc:fb:4f:7d:dd:6f:25:6b:bb:b1:aa:26:55:42:97:f5:43:a0:
         4e:a3:ae:11:92:7b:86:df:3e:e8:48:69:55:78:38:15:8b:6c:
         70:83:26:11:77:b6:2c:18:93:34:b7:17:4f:f5:06:2f:03:8a:
         49:31:cc:03:a9:bd:0e:99:5c:23:b9:d3:85:08:5b:bb:32:32:
         d6:ce:d5:a1:b3:2d:6f:63:6b:48:dd:f3:e2:32:d8:7e:ea:f2:
         37:16:de:40:11:12:89:ae:f0:71:5e:31:12:4e:bf:68:6e:b2:
         34:c1:d4:b7:53:3b:72:de:cc:20:2b:58:14:fa:c4:4d:33:49:
         18:e7:58:f8:22:31:6f:f9:70:8a:65:f3:3f:1b:1d:1e:4f:0a:
         36:54:cc:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKBSY6lG7I0MT07bld6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNmVkZjIzMjY0YjQzODIxZGFlOTdkMTBiZDM2NGNiNmJi
N2YyMzQwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI4N2MzMWFjNzMxZWM4NmQyZmI3YjM5YzM4ZTk2NTViYThhNzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1VctiyfZ3W2moIZkpCUX07+3LW3
z7sjYtztZfB/woC2qvWZuOdMrx5XxUUQ1vZIt6WBDrthrl9XkFehJkp6XbcEjzw/
HNVL+dmh+glchb5OGbT6w1vOw3NQJRPHjwAeMwnNEinVdnIvAPuIe+XO7ig1fJoA
ZzPg28Ksuk5gQxkBJAy6wgJYQbd8KIo9OU4bO50zlOy2EbXDbqVZCqCt1fDGv9NN
l+kHbf5XK4KOA02phwz2DMrf8dMipULe6S8du5x42EeGca2sqHpVOMGitVGnQmbU
Qi2OcuLYYUeSrWIHdt78N+b3ktqWcqjK5/ai5CVXPleV5+2OCpVg6S9w8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK64fDGscx7IbS+3s5w46WVbqKdOMB8GA1UdIwQY
MBaAFCpu3yMmS0OCHa6X0QvTZMtrt/I0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS203Zkl5WkxRNElkcnBmUkM5Tmt5MnUzOGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS85YmI0MGQtMzYzOC00NDllLWFlMjUt
ZDQyOGYyMzQ5NjYwLzEvcnJoOE1heHpIc2h0TDdlem5EanBaVnVvcDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS85YmI0MGQtMzYzOC00NDllLWFlMjUtZDQyOGYyMzQ5NjYw
LzEvS203Zkl5WkxRNElkcnBmUkM5Tmt5MnUzOGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQCSDIl6Bi7Lj/O+1/zKLwu/AELGgSKZR76+6vGsmRu+
GSadkvU9x0lhSxjafBHfHK0VZTrQ4i1NsTQUjaxGuoB9CChNSa3gMQdTb+z0stay
2xPcngITjIGjMxW3sHN3eyv6x8NyUs4yzqgS9gvM+0993W8la7uxqiZVQpf1Q6BO
o64RknuG3z7oSGlVeDgVi2xwgyYRd7YsGJM0txdP9QYvA4pJMcwDqb0OmVwjudOF
CFu7MjLWztWhsy1vY2tI3fPiMth+6vI3Ft5AERKJrvBxXjESTr9obrI0wdS3Uzty
3swgK1gU+sRNM0kY51j4IjFv+XCKZfM/Gx0eTwo2VMzc
-----END CERTIFICATE-----