Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/K2vKbi9lEkd7OcGbiPcp0e-lM6w.roa
File:                     K2vKbi9lEkd7OcGbiPcp0e-lM6w.roa (raw, json)
Hash identifier:          7tYuFPM3TbIAgJ7cSsoBoxREYXfXOSxbKmygchvu+HA=
Subject key identifier:   2B:6B:CA:6E:2F:65:12:47:7B:39:C1:9B:88:F7:29:D1:EF:A5:33:AC
Certificate issuer:       /CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
Certificate serial:       018CC3B7287B0846E1F24C92379B0D3C2271
Authority key identifier: 63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/K2vKbi9lEkd7OcGbiPcp0e-lM6w.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42005
IP address blocks:        92.240.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/Y9nR2VwetxbugZUEWnfLohgdeew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/Y9nR2VwetxbugZUEWnfLohgdeew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:28:7b:08:46:e1:f2:4c:92:37:9b:0d:3c:22:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b6bca6e2f6512477b39c19b88f729d1efa533ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:19:6b:b2:b5:24:69:7b:c8:98:49:29:08:70:
                    e5:c8:54:1a:f3:1d:6a:c6:40:6d:7c:f8:d7:d8:ca:
                    2a:66:54:8b:39:5a:03:15:be:8f:f6:e3:96:cc:60:
                    20:7e:75:fe:94:80:d2:c2:6f:7f:33:a7:e8:df:22:
                    bc:14:fe:c4:c3:18:17:e0:2b:0d:8b:d3:27:81:6b:
                    5c:9e:56:aa:53:c2:dd:d8:7b:85:ee:d0:9b:e8:be:
                    eb:99:3c:3b:90:93:0e:0b:14:65:f1:a1:85:43:51:
                    b3:68:28:aa:e0:0f:bb:a2:64:d1:ae:a5:e5:47:68:
                    7b:51:10:41:b4:db:0a:ea:e8:fb:19:35:13:a8:d0:
                    01:a4:b5:21:95:2f:6e:ab:12:f2:8d:99:28:cd:c2:
                    12:51:ee:16:bf:c3:f5:1a:12:8f:27:72:b6:bc:a0:
                    41:7b:66:56:4a:9e:42:d8:cb:63:ca:da:b1:c2:50:
                    2d:85:a1:a0:09:79:19:3e:56:e1:9a:2a:27:df:c4:
                    8c:ad:c0:09:55:01:eb:2d:33:fc:68:a8:39:b6:32:
                    9c:db:41:cf:b4:fd:39:5e:e2:9d:40:d7:e5:8c:97:
                    ee:68:be:12:5b:97:dc:5c:e9:e3:9d:16:fa:76:a5:
                    6b:70:ab:3a:a9:87:ba:3b:bc:5e:a7:f0:3b:65:b0:
                    76:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6B:CA:6E:2F:65:12:47:7B:39:C1:9B:88:F7:29:D1:EF:A5:33:AC
            X509v3 Authority Key Identifier:
                keyid:63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/K2vKbi9lEkd7OcGbiPcp0e-lM6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/Y9nR2VwetxbugZUEWnfLohgdeew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:88:9a:66:12:b3:5d:fd:7e:e2:65:93:64:cf:97:92:e1:92:
         b7:0b:30:dc:c5:b5:6a:0b:7f:7e:3b:10:89:1c:09:18:4d:23:
         5f:d5:68:b5:dc:fe:d0:55:b2:98:5a:c5:7f:ae:8e:cb:e0:86:
         6e:49:fe:e6:34:27:55:8d:51:3d:d4:5c:14:0f:17:14:73:91:
         c0:29:82:e1:b4:81:f9:2f:a4:6b:86:bd:0c:29:c2:ec:b3:3e:
         25:71:d2:39:c9:71:f3:cb:57:d7:93:39:f4:53:02:e2:e6:b9:
         ba:e5:5e:d2:4c:95:68:8a:ff:51:3d:fd:79:47:04:b8:77:65:
         58:96:83:83:5a:88:56:9e:8d:15:5e:97:84:af:86:cf:bf:5a:
         e6:a6:0a:1f:f2:ed:1f:fb:71:1f:4e:3e:da:38:a0:72:0d:ad:
         5d:4c:0f:0f:6c:de:f8:ee:e9:60:03:98:98:a0:81:91:43:f5:
         7c:1e:85:1f:c2:04:36:72:de:3a:0f:93:d6:6b:5b:42:41:69:
         0d:ca:c6:26:54:5a:1e:90:e9:6c:02:4b:23:df:b1:48:1f:71:
         94:a0:b7:59:1c:7c:ab:53:91:e5:ee:6f:fa:f8:ab:8a:68:32:
         7a:a4:2c:df:7d:55:8e:b4:3a:3c:0e:56:18:01:32:d2:57:6a:
         57:6b:34:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyh7CEbh8kySN5sNPCJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZDlkMWQ5NWMxZWI3MTZlZTgxOTUwNDVhNzdjYmEyMTgx
ZDc5ZWMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZiY2E2ZTJmNjUxMjQ3N2IzOWMxOWI4OGY3MjlkMWVmYTUzM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRlrsrUkaXvImEkpCHDlyFQa8x1q
xkBtfPjX2MoqZlSLOVoDFb6P9uOWzGAgfnX+lIDSwm9/M6fo3yK8FP7EwxgX4CsN
i9MngWtcnlaqU8Ld2HuF7tCb6L7rmTw7kJMOCxRl8aGFQ1GzaCiq4A+7omTRrqXl
R2h7URBBtNsK6uj7GTUTqNABpLUhlS9uqxLyjZkozcISUe4Wv8P1GhKPJ3K2vKBB
e2ZWSp5C2MtjytqxwlAthaGgCXkZPlbhmion38SMrcAJVQHrLTP8aKg5tjKc20HP
tP05XuKdQNfljJfuaL4SW5fcXOnjnRb6dqVrcKs6qYe6O7xep/A7ZbB2EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtrym4vZRJHeznBm4j3KdHvpTOsMB8GA1UdIwQY
MBaAFGPZ0dlcHrcW7oGVBFp3y6IYHXnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDIt
ZDgwYzZiODVjZGE0LzEvSzJ2S2JpOWxFa2Q3T2NHYmlQY3AwZS1sTTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDItZDgwYzZiODVjZGE0
LzEvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPDkMA0G
CSqGSIb3DQEBCwUAA4IBAQCbiJpmErNd/X7iZZNkz5eS4ZK3CzDcxbVqC39+OxCJ
HAkYTSNf1Wi13P7QVbKYWsV/ro7L4IZuSf7mNCdVjVE91FwUDxcUc5HAKYLhtIH5
L6Rrhr0MKcLssz4lcdI5yXHzy1fXkzn0UwLi5rm65V7STJVoiv9RPf15RwS4d2VY
loODWohWno0VXpeEr4bPv1rmpgof8u0f+3EfTj7aOKByDa1dTA8PbN747ulgA5iY
oIGRQ/V8HoUfwgQ2ct46D5PWa1tCQWkNysYmVFoekOlsAksj37FIH3GUoLdZHHyr
U5Hl7m/6+KuKaDJ6pCzffVWOtDo8DlYYATLSV2pXazS2
-----END CERTIFICATE-----