Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/eJL1xlCA2Gkj9Ujf3WryCemY7DM.roa
File:                     eJL1xlCA2Gkj9Ujf3WryCemY7DM.roa (raw, json)
Hash identifier:          5kMiEhpUQwfwEgl5+sVa7C31lagzQ11yeaDTRxnKeAU=
Subject key identifier:   78:92:F5:C6:50:80:D8:69:23:F5:48:DF:DD:6A:F2:09:E9:98:EC:33
Certificate issuer:       /CN=282434a9a038b0fe73caf776bccd542fd3e2f6a5
Certificate serial:       018CC8DFA3720A2FE5D39017395ECDB088B5
Authority key identifier: 28:24:34:A9:A0:38:B0:FE:73:CA:F7:76:BC:CD:54:2F:D3:E2:F6:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/eJL1xlCA2Gkj9Ujf3WryCemY7DM.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39419
IP address blocks:        185.237.24.0/22 maxlen: 24
                          2a0c:180::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a3:72:0a:2f:e5:d3:90:17:39:5e:cd:b0:88:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=282434a9a038b0fe73caf776bccd542fd3e2f6a5
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7892f5c65080d86923f548dfdd6af209e998ec33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:09:8b:14:db:96:e6:23:38:d9:d1:c4:fa:
                    17:3d:af:65:43:2f:22:2d:5f:dc:2b:28:7d:00:51:
                    be:ac:f4:67:7a:f9:da:5c:f2:95:d0:66:55:01:5a:
                    44:fa:e4:0d:ef:bf:79:25:b0:9c:bb:e5:95:37:ca:
                    ee:93:a3:ea:7e:95:c6:ee:7f:d2:4e:17:3c:c3:c3:
                    5f:e7:69:b9:64:b7:58:14:b7:36:f9:cb:ac:b9:41:
                    a4:fe:25:4e:ca:fd:09:40:99:df:7e:5c:25:a4:88:
                    1b:62:57:2c:83:c1:ed:bc:0f:67:52:46:22:a3:64:
                    63:dc:3f:02:1c:16:4b:c3:1e:0d:6d:d2:93:9c:71:
                    48:01:7a:06:9c:dc:df:e2:ee:ba:3b:df:97:b0:11:
                    1e:b2:39:95:89:7b:ca:62:bd:f1:8a:bf:81:28:82:
                    36:a5:fc:76:f7:85:80:b1:d2:dc:ea:4c:d1:b3:83:
                    2c:13:0c:1f:26:b2:71:32:80:42:24:db:03:d7:26:
                    e9:4c:8c:10:d9:ae:bc:06:79:cb:8a:fa:66:d5:51:
                    f1:12:c9:a0:c6:71:03:4f:f2:cd:11:a1:a1:6c:46:
                    12:bb:bd:21:d2:67:62:f2:e8:c7:b9:de:b4:82:6b:
                    14:9b:fb:34:92:f8:ef:5a:7a:f2:23:2f:02:be:fb:
                    5c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:92:F5:C6:50:80:D8:69:23:F5:48:DF:DD:6A:F2:09:E9:98:EC:33
            X509v3 Authority Key Identifier:
                keyid:28:24:34:A9:A0:38:B0:FE:73:CA:F7:76:BC:CD:54:2F:D3:E2:F6:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/eJL1xlCA2Gkj9Ujf3WryCemY7DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/e7fbe8-d98e-45d2-b19c-11627d7469ab/1/KCQ0qaA4sP5zyvd2vM1UL9Pi9qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.24.0/22
                IPv6:
                  2a0c:180::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:10:69:0d:28:d8:a6:86:0b:40:c5:52:49:9e:79:3c:67:db:
         bf:0c:c3:96:1b:06:69:d1:d7:25:6f:10:96:f0:37:eb:66:ff:
         8d:8a:51:93:9d:2f:73:74:be:eb:ae:f0:05:e6:c2:86:09:78:
         62:ae:09:42:02:a5:82:04:32:0c:ca:84:5e:17:c3:b2:c4:bd:
         d4:d1:70:c7:04:08:da:95:b2:b3:64:e9:8b:8c:47:62:b8:7c:
         63:40:07:a3:76:a8:76:bc:79:88:2d:53:2a:0a:99:c5:b1:53:
         e6:d8:3a:8b:08:36:11:c1:44:ce:b5:03:23:d1:b2:b4:21:4f:
         9b:d9:9d:94:ab:c7:dc:76:1b:20:98:1a:1a:23:48:45:50:90:
         7e:26:29:18:c6:c4:ce:a0:ac:1c:5b:df:a6:e6:10:3a:4f:35:
         e2:d9:6b:3e:1c:83:2f:78:3c:d8:be:7b:56:25:f4:e6:5f:3b:
         23:67:0c:0b:c3:c3:ff:b5:0a:37:c6:19:f7:26:75:2c:86:3f:
         c4:b0:e3:4f:2c:e6:1a:db:4d:f1:d4:ba:8c:fd:90:65:ff:37:
         cb:42:e5:fa:95:fa:cb:33:3e:f0:27:65:97:6f:7f:03:36:d0:
         b9:c4:8b:7e:55:c6:2f:87:5a:a7:ba:1b:8e:83:dd:4f:61:f8:
         3d:83:63:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI36NyCi/l05AXOV7NsIi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjQzNGE5YTAzOGIwZmU3M2NhZjc3NmJjY2Q1NDJmZDNl
MmY2YTUwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODkyZjVjNjUwODBkODY5MjNmNTQ4ZGZkZDZhZjIwOWU5OThlYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoloJixTbluYjONnRxPoXPa9lQy8i
LV/cKyh9AFG+rPRnevnaXPKV0GZVAVpE+uQN7795JbCcu+WVN8ruk6PqfpXG7n/S
Thc8w8Nf52m5ZLdYFLc2+cusuUGk/iVOyv0JQJnfflwlpIgbYlcsg8HtvA9nUkYi
o2Rj3D8CHBZLwx4NbdKTnHFIAXoGnNzf4u66O9+XsBEesjmViXvKYr3xir+BKII2
pfx294WAsdLc6kzRs4MsEwwfJrJxMoBCJNsD1ybpTIwQ2a68BnnLivpm1VHxEsmg
xnEDT/LNEaGhbEYSu70h0mdi8ujHud60gmsUm/s0kvjvWnryIy8Cvvtc6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHiS9cZQgNhpI/VI391q8gnpmOwzMB8GA1UdIwQY
MBaAFCgkNKmgOLD+c8r3drzNVC/T4valMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NRMHFhQTRzUDV6eXZkMnZNMVVMOVBpOXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lN2ZiZTgtZDk4ZS00NWQyLWIxOWMt
MTE2MjdkNzQ2OWFiLzEvZUpMMXhsQ0EyR2tqOVVqZjNXcnlDZW1ZN0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lN2ZiZTgtZDk4ZS00NWQyLWIxOWMtMTE2MjdkNzQ2OWFi
LzEvS0NRMHFhQTRzUDV6eXZkMnZNMVVMOVBpOXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCue0YMA0E
AgACMAcDBQMqDAGAMA0GCSqGSIb3DQEBCwUAA4IBAQA6EGkNKNimhgtAxVJJnnk8
Z9u/DMOWGwZp0dclbxCW8DfrZv+NilGTnS9zdL7rrvAF5sKGCXhirglCAqWCBDIM
yoReF8OyxL3U0XDHBAjalbKzZOmLjEdiuHxjQAejdqh2vHmILVMqCpnFsVPm2DqL
CDYRwUTOtQMj0bK0IU+b2Z2Uq8fcdhsgmBoaI0hFUJB+JikYxsTOoKwcW9+m5hA6
TzXi2Ws+HIMveDzYvntWJfTmXzsjZwwLw8P/tQo3xhn3JnUshj/EsONPLOYa203x
1LqM/ZBl/zfLQuX6lfrLMz7wJ2WXb38DNtC5xIt+VcYvh1qnuhuOg91PYfg9g2PS
-----END CERTIFICATE-----