Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2aQqDTm5zlV5nkl-HDTiGWYa4f4.roa
File:                     2aQqDTm5zlV5nkl-HDTiGWYa4f4.roa (raw, json)
Hash identifier:          dSXs0Hfpg6D4y1kWWm5ZVlT7bVFCSLrM10J9Zb+iDG4=
Subject key identifier:   D9:A4:2A:0D:39:B9:CE:55:79:9E:49:7E:1C:34:E2:19:66:1A:E1:FE
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019424B29BCA6902C768F0D3BAF2B9DFBAD5
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2aQqDTm5zlV5nkl-HDTiGWYa4f4.roa
Signing time:             Thu 02 Jan 2025 01:47:52 +0000
ROA not before:           Thu 02 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        213.18.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:9b:ca:69:02:c7:68:f0:d3:ba:f2:b9:df:ba:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan  2 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9a42a0d39b9ce55799e497e1c34e219661ae1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e4:2e:c7:43:f9:54:dc:69:18:d6:32:84:08:
                    97:f5:0b:54:25:cc:54:d9:99:29:1d:cd:32:8b:f7:
                    d6:e6:a0:0b:7e:d2:b2:05:00:d2:fe:2d:18:50:63:
                    4b:3a:ea:22:88:f9:ce:36:94:4a:d2:3d:e5:25:b4:
                    f1:6b:3a:43:41:be:f7:4c:09:bb:ba:f5:57:57:d1:
                    48:7f:e2:28:02:8c:67:5c:27:e2:09:f1:60:47:d4:
                    ca:98:77:f0:8d:fc:59:8e:0b:7e:d2:fe:73:bc:69:
                    b2:7c:b8:e0:2b:8b:38:87:c9:b8:31:e9:71:4d:11:
                    86:7d:6c:5d:32:3f:9a:06:35:a6:3f:5b:4c:c1:c9:
                    ec:65:6d:03:11:a2:3e:05:2a:fb:1c:78:ef:95:55:
                    54:d3:18:58:01:23:77:79:c3:85:98:e1:ee:bf:81:
                    22:1e:82:1e:95:56:db:db:26:41:c4:48:05:46:28:
                    f4:3d:94:1f:9d:e6:66:31:1f:19:43:9d:68:a6:45:
                    98:17:8e:29:23:78:42:8e:b8:2d:2b:d0:00:fe:b2:
                    c5:f7:99:d2:5b:a7:08:c0:d5:f1:73:1e:9b:42:b8:
                    be:a3:d1:ed:03:5e:91:c8:96:9a:38:5b:25:5e:f0:
                    b3:eb:31:e0:a6:7a:bc:d8:01:94:69:b2:52:69:00:
                    d8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A4:2A:0D:39:B9:CE:55:79:9E:49:7E:1C:34:E2:19:66:1A:E1:FE
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2aQqDTm5zlV5nkl-HDTiGWYa4f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.18.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:7b:6d:79:d9:4e:2c:25:70:38:0b:95:12:9d:09:33:d5:08:
         b1:cc:0f:fe:24:4b:19:e4:e8:3d:3c:25:69:03:58:5d:4e:d8:
         3c:2e:32:4f:4a:21:8a:34:f0:57:c8:29:c4:a8:7b:99:4d:b6:
         57:d3:08:b1:48:d4:30:7c:4f:bf:2c:ab:ba:8d:22:1f:e7:ca:
         bc:76:93:11:45:9b:9c:ee:19:6b:a9:fa:a8:e1:0f:e2:af:a6:
         37:e9:2b:93:bf:a0:03:0a:fa:32:bf:ed:ae:76:75:b5:49:f6:
         fd:76:05:3f:64:46:ca:4c:19:86:e2:31:7b:5b:73:07:8d:23:
         da:5f:21:98:0c:ab:24:65:55:72:04:67:17:ca:8e:8f:ee:cc:
         ae:a6:6c:61:8d:55:95:ae:62:f2:cc:9f:8a:84:08:49:c4:05:
         c5:93:80:9e:80:68:81:f8:91:b5:a8:f2:d4:e7:41:7a:61:24:
         2c:fb:9d:a3:2c:46:29:ca:fb:c3:d9:72:ca:c5:50:a4:e9:bc:
         51:21:15:a9:36:ab:0e:e5:08:40:73:bd:06:68:b9:b1:69:78:
         47:b6:a3:70:a5:c3:90:ae:36:26:70:9d:a8:11:da:12:67:62:
         1f:4f:a3:b4:07:b1:4f:24:72:73:f7:5d:1d:5b:83:8a:a4:46:
         9f:43:53:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkspvKaQLHaPDTuvK537rVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTAyMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWE0MmEwZDM5YjljZTU1Nzk5ZTQ5N2UxYzM0ZTIxOTY2MWFlMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Qux0P5VNxpGNYyhAiX9QtUJcxU
2ZkpHc0yi/fW5qALftKyBQDS/i0YUGNLOuoiiPnONpRK0j3lJbTxazpDQb73TAm7
uvVXV9FIf+IoAoxnXCfiCfFgR9TKmHfwjfxZjgt+0v5zvGmyfLjgK4s4h8m4Melx
TRGGfWxdMj+aBjWmP1tMwcnsZW0DEaI+BSr7HHjvlVVU0xhYASN3ecOFmOHuv4Ei
HoIelVbb2yZBxEgFRij0PZQfneZmMR8ZQ51opkWYF44pI3hCjrgtK9AA/rLF95nS
W6cIwNXxcx6bQri+o9HtA16RyJaaOFslXvCz6zHgpnq82AGUabJSaQDY0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmkKg05uc5VeZ5Jfhw04hlmGuH+MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvMmFRcURUbTV6bFY1bmtsLUhEVGlHV1lhNGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1RLAMA0G
CSqGSIb3DQEBCwUAA4IBAQCAe2152U4sJXA4C5USnQkz1QixzA/+JEsZ5Og9PCVp
A1hdTtg8LjJPSiGKNPBXyCnEqHuZTbZX0wixSNQwfE+/LKu6jSIf58q8dpMRRZuc
7hlrqfqo4Q/ir6Y36SuTv6ADCvoyv+2udnW1Sfb9dgU/ZEbKTBmG4jF7W3MHjSPa
XyGYDKskZVVyBGcXyo6P7syupmxhjVWVrmLyzJ+KhAhJxAXFk4CegGiB+JG1qPLU
50F6YSQs+52jLEYpyvvD2XLKxVCk6bxRIRWpNqsO5QhAc70GaLmxaXhHtqNwpcOQ
rjYmcJ2oEdoSZ2IfT6O0B7FPJHJz910dW4OKpEafQ1N4
-----END CERTIFICATE-----