Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/2wPcqvmscs0jPYLcoOVOZsfylQw.roa
File:                     2wPcqvmscs0jPYLcoOVOZsfylQw.roa (raw, json)
Hash identifier:          7de/4Kuh5R62ev3QMbDbPko0kCqPw7eKFarKwXB0sfs=
Subject key identifier:   DB:03:DC:AA:F9:AC:72:CD:23:3D:82:DC:A0:E5:4E:66:C7:F2:95:0C
Certificate issuer:       /CN=0edda2c6074c56241f5c7e060caccb657f64e91c
Certificate serial:       018CC5DC110CD2A78E1008A12B3A36A5D9CD
Authority key identifier: 0E:DD:A2:C6:07:4C:56:24:1F:5C:7E:06:0C:AC:CB:65:7F:64:E9:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/2wPcqvmscs0jPYLcoOVOZsfylQw.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57112
IP address blocks:        185.242.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 10:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:11:0c:d2:a7:8e:10:08:a1:2b:3a:36:a5:d9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0edda2c6074c56241f5c7e060caccb657f64e91c
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db03dcaaf9ac72cd233d82dca0e54e66c7f2950c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ac:12:74:64:eb:e8:94:25:77:5f:49:c4:71:
                    c0:0f:29:0b:6b:91:aa:c7:6a:d0:a2:89:d4:92:7d:
                    fd:dd:4b:97:20:96:47:04:83:21:b5:54:67:06:a6:
                    b5:81:a9:ee:d5:7c:ca:6e:c3:af:89:ad:bc:8b:70:
                    df:2f:c3:51:e6:42:44:5a:cb:c4:4e:12:e7:0a:34:
                    1d:11:b6:16:54:69:fb:f0:64:96:fb:09:73:17:b0:
                    c0:da:66:cb:93:5d:d9:75:d8:77:ac:0b:1f:a5:79:
                    9f:37:ea:30:bf:d6:63:da:e2:9e:54:74:69:70:fe:
                    36:0e:3b:54:b5:00:4f:d3:17:30:ff:46:5d:ee:a6:
                    23:0c:e3:30:e9:11:8a:c1:72:1a:fa:60:3c:29:44:
                    2f:ec:40:65:db:11:20:c7:44:5e:81:15:06:cd:82:
                    73:b5:2d:1d:c9:81:dc:99:b5:81:65:2a:74:af:6c:
                    4d:a1:2b:bd:6c:05:32:fd:e1:44:a1:d3:7c:dc:67:
                    84:63:c7:87:5e:09:ba:31:dd:3d:ea:4a:1a:de:5e:
                    4d:10:30:87:24:6f:b2:40:2b:ab:20:9c:78:06:64:
                    3f:9b:25:3e:ce:bf:c9:ef:b1:2c:a9:c1:9c:96:76:
                    ad:bc:05:aa:ab:a5:ae:cd:31:c5:21:db:37:9b:3e:
                    0c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:03:DC:AA:F9:AC:72:CD:23:3D:82:DC:A0:E5:4E:66:C7:F2:95:0C
            X509v3 Authority Key Identifier:
                keyid:0E:DD:A2:C6:07:4C:56:24:1F:5C:7E:06:0C:AC:CB:65:7F:64:E9:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/2wPcqvmscs0jPYLcoOVOZsfylQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ba459f-846f-47a9-a625-671158a63c23/1/Dt2ixgdMViQfXH4GDKzLZX9k6Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:0f:d2:28:06:68:11:33:73:2e:6a:bf:05:56:45:f0:02:14:
         76:e5:c7:84:29:5b:da:4f:bb:de:1a:07:10:fe:06:46:4c:90:
         b2:92:15:be:93:6d:66:be:85:6b:9a:46:8f:86:81:0a:7c:cd:
         b7:78:46:3c:0b:b1:35:c6:d0:b6:e1:af:f8:5c:38:7f:f6:47:
         c9:dc:80:1a:52:fa:db:3f:7b:82:57:e4:ac:e7:d0:ad:9f:43:
         d7:92:ae:9c:25:39:b4:81:22:16:b5:fc:c3:ad:32:4a:95:e6:
         88:dc:45:40:5c:2d:3c:6d:74:4c:a7:4a:66:af:fe:44:d9:4a:
         da:68:08:86:bd:f1:b4:5b:86:62:b3:cb:4e:56:28:5c:65:ed:
         fb:d9:1d:58:bf:fb:c3:7b:a6:8b:ff:e9:ce:5a:96:2f:b2:2d:
         2a:48:04:a5:fd:ca:83:05:86:59:ac:96:72:3b:89:45:c3:6b:
         e6:ad:e8:88:68:28:8d:43:f3:c5:94:5a:b3:a5:a9:8b:d0:6c:
         93:a1:78:ed:78:e6:a0:b1:0f:53:92:6a:2b:51:6d:87:9f:e1:
         5e:2b:ea:f6:74:d5:52:38:10:26:cc:cc:22:b2:51:cb:72:aa:
         66:6a:51:b7:a7:20:b4:72:7c:ec:7e:78:84:43:a5:db:16:36:
         5a:7f:5b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BEM0qeOEAihKzo2pdnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZGRhMmM2MDc0YzU2MjQxZjVjN2UwNjBjYWNjYjY1N2Y2
NGU5MWMwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAzZGNhYWY5YWM3MmNkMjMzZDgyZGNhMGU1NGU2NmM3ZjI5NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqwSdGTr6JQld19JxHHADykLa5Gq
x2rQoonUkn393UuXIJZHBIMhtVRnBqa1ganu1XzKbsOvia28i3DfL8NR5kJEWsvE
ThLnCjQdEbYWVGn78GSW+wlzF7DA2mbLk13Zddh3rAsfpXmfN+owv9Zj2uKeVHRp
cP42DjtUtQBP0xcw/0Zd7qYjDOMw6RGKwXIa+mA8KUQv7EBl2xEgx0RegRUGzYJz
tS0dyYHcmbWBZSp0r2xNoSu9bAUy/eFEodN83GeEY8eHXgm6Md096koa3l5NEDCH
JG+yQCurIJx4BmQ/myU+zr/J77EsqcGclnatvAWqq6WuzTHFIds3mz4MRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsD3Kr5rHLNIz2C3KDlTmbH8pUMMB8GA1UdIwQY
MBaAFA7dosYHTFYkH1x+Bgysy2V/ZOkcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHQyaXhnZE1WaVFmWEg0R0RLekxaWDlrNlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9iYTQ1OWYtODQ2Zi00N2E5LWE2MjUt
NjcxMTU4YTYzYzIzLzEvMndQY3F2bXNjczBqUFlMY29PVk9ac2Z5bFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9iYTQ1OWYtODQ2Zi00N2E5LWE2MjUtNjcxMTU4YTYzYzIz
LzEvRHQyaXhnZE1WaVFmWEg0R0RLekxaWDlrNlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufI0MA0G
CSqGSIb3DQEBCwUAA4IBAQBND9IoBmgRM3Muar8FVkXwAhR25ceEKVvaT7veGgcQ
/gZGTJCykhW+k21mvoVrmkaPhoEKfM23eEY8C7E1xtC24a/4XDh/9kfJ3IAaUvrb
P3uCV+Ss59Ctn0PXkq6cJTm0gSIWtfzDrTJKleaI3EVAXC08bXRMp0pmr/5E2Ura
aAiGvfG0W4Zis8tOVihcZe372R1Yv/vDe6aL/+nOWpYvsi0qSASl/cqDBYZZrJZy
O4lFw2vmreiIaCiNQ/PFlFqzpamL0GyToXjteOagsQ9TkmorUW2Hn+FeK+r2dNVS
OBAmzMwislHLcqpmalG3pyC0cnzsfniEQ6XbFjZaf1vX
-----END CERTIFICATE-----