Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/Kn7bObmdwfJfnW1adGHDuNBFh6s.roa
File:                     Kn7bObmdwfJfnW1adGHDuNBFh6s.roa (raw, json)
Hash identifier:          e5Fa58sK/pye7VA8LS10UbGazE8Ta4NKNbTqfb85hnc=
Subject key identifier:   2A:7E:DB:39:B9:9D:C1:F2:5F:9D:6D:5A:74:61:C3:B8:D0:45:87:AB
Certificate issuer:       /CN=54e5d6917dc2dabfb5caf907c3e745149502c90e
Certificate serial:       018CC34945FD69DA460B6004089D5CE35EB1
Authority key identifier: 54:E5:D6:91:7D:C2:DA:BF:B5:CA:F9:07:C3:E7:45:14:95:02:C9:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/Kn7bObmdwfJfnW1adGHDuNBFh6s.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        185.248.248.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:45:fd:69:da:46:0b:60:04:08:9d:5c:e3:5e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54e5d6917dc2dabfb5caf907c3e745149502c90e
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a7edb39b99dc1f25f9d6d5a7461c3b8d04587ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3c:23:5e:e0:2b:7b:72:17:0e:74:8a:83:fe:
                    ca:f8:9b:fb:78:09:5c:bc:1b:bb:0d:89:3e:dc:76:
                    a3:02:69:ba:38:ef:a7:1c:46:14:5b:1b:4e:f4:4d:
                    c0:68:65:d6:b1:e4:aa:4e:3e:ef:d2:c5:ce:b9:b6:
                    bf:23:e8:dc:c5:94:6e:89:16:82:b5:2c:db:db:c8:
                    96:51:65:73:9d:13:8f:4a:d5:37:71:87:2f:4b:eb:
                    c5:df:33:44:da:90:8b:5a:a7:ad:aa:5f:a5:0f:3a:
                    02:96:44:00:2e:31:95:1a:aa:a0:76:f5:ef:24:48:
                    d9:f1:4b:0d:c3:ec:c7:04:15:ae:7b:be:e7:76:43:
                    d6:e4:c3:6d:54:fe:0e:47:1d:72:aa:f6:69:bf:7b:
                    04:61:6c:a9:59:57:90:8b:40:3d:a6:23:bc:49:4c:
                    b7:ab:85:40:7f:11:65:9c:f7:07:6d:df:2b:7b:2c:
                    18:cd:e3:13:38:42:c8:72:c9:80:c3:66:80:36:da:
                    3c:1b:a5:25:52:a3:a2:85:99:1a:29:48:ce:81:e2:
                    66:ba:6f:2b:9e:e1:d1:f2:1c:e1:18:ba:83:f5:fd:
                    2c:32:45:34:bb:ed:92:f5:41:bd:0b:1a:82:21:8a:
                    11:08:b0:49:f6:58:c8:20:2f:36:b1:8c:20:7d:bd:
                    f3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7E:DB:39:B9:9D:C1:F2:5F:9D:6D:5A:74:61:C3:B8:D0:45:87:AB
            X509v3 Authority Key Identifier:
                keyid:54:E5:D6:91:7D:C2:DA:BF:B5:CA:F9:07:C3:E7:45:14:95:02:C9:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/Kn7bObmdwfJfnW1adGHDuNBFh6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/479d06-9e84-4f76-8ae0-131d2916488c/1/VOXWkX3C2r-1yvkHw-dFFJUCyQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:bc:73:bb:55:45:92:94:cf:1f:cd:b8:70:56:d6:e5:4d:4e:
         31:e1:e0:33:56:e5:23:e7:35:78:6c:1e:5f:74:94:51:db:81:
         8e:ee:19:81:f7:69:f7:4f:2d:7a:d8:e6:ee:32:6b:15:cd:f7:
         74:bd:7c:72:d1:e7:26:ab:02:9d:bb:2a:d6:f5:71:0c:c4:61:
         b1:69:00:fe:2e:a1:44:4e:8d:eb:5c:8c:c4:13:34:84:6d:58:
         6c:62:18:58:ca:f3:8d:81:1f:5e:18:45:17:a3:ef:35:98:dd:
         84:39:30:04:e0:e5:ba:4d:b9:04:28:81:50:01:9e:10:03:70:
         85:9c:a7:f0:25:39:69:f4:3c:5e:62:6a:78:7f:db:be:eb:3d:
         88:93:a6:7f:7a:0a:0b:47:d5:70:e3:b8:cd:9f:b8:43:82:9f:
         7b:c3:91:75:ca:e8:0c:78:e2:7e:31:87:1e:cd:f6:b3:9e:92:
         e4:61:d5:ec:a0:54:5b:74:29:6b:0e:b7:19:88:59:a7:fa:90:
         3a:e3:f4:f1:da:25:34:df:aa:27:3e:f4:e6:67:21:1c:74:83:
         53:54:94:96:ba:28:24:10:c8:53:52:9e:cf:91:f7:11:48:cb:
         19:c8:e1:c3:36:d9:64:32:ad:f0:b8:76:ba:79:c2:a1:db:41:
         f3:9a:a3:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUX9adpGC2AECJ1c416xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZTVkNjkxN2RjMmRhYmZiNWNhZjkwN2MzZTc0NTE0OTUw
MmM5MGUwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdlZGIzOWI5OWRjMWYyNWY5ZDZkNWE3NDYxYzNiOGQwNDU4N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DwjXuAre3IXDnSKg/7K+Jv7eAlc
vBu7DYk+3HajAmm6OO+nHEYUWxtO9E3AaGXWseSqTj7v0sXOuba/I+jcxZRuiRaC
tSzb28iWUWVznROPStU3cYcvS+vF3zNE2pCLWqetql+lDzoClkQALjGVGqqgdvXv
JEjZ8UsNw+zHBBWue77ndkPW5MNtVP4ORx1yqvZpv3sEYWypWVeQi0A9piO8SUy3
q4VAfxFlnPcHbd8reywYzeMTOELIcsmAw2aANto8G6UlUqOihZkaKUjOgeJmum8r
nuHR8hzhGLqD9f0sMkU0u+2S9UG9CxqCIYoRCLBJ9ljIIC82sYwgfb3z8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp+2zm5ncHyX51tWnRhw7jQRYerMB8GA1UdIwQY
MBaAFFTl1pF9wtq/tcr5B8PnRRSVAskOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk9YV2tYM0Myci0xeXZrSHctZEZGSlVDeVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80NzlkMDYtOWU4NC00Zjc2LThhZTAt
MTMxZDI5MTY0ODhjLzEvS243Yk9ibWR3ZkpmblcxYWRHSER1TkJGaDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80NzlkMDYtOWU4NC00Zjc2LThhZTAtMTMxZDI5MTY0ODhj
LzEvVk9YV2tYM0Myci0xeXZrSHctZEZGSlVDeVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufj4MA0G
CSqGSIb3DQEBCwUAA4IBAQAWvHO7VUWSlM8fzbhwVtblTU4x4eAzVuUj5zV4bB5f
dJRR24GO7hmB92n3Ty162ObuMmsVzfd0vXxy0ecmqwKduyrW9XEMxGGxaQD+LqFE
To3rXIzEEzSEbVhsYhhYyvONgR9eGEUXo+81mN2EOTAE4OW6TbkEKIFQAZ4QA3CF
nKfwJTlp9DxeYmp4f9u+6z2Ik6Z/egoLR9Vw47jNn7hDgp97w5F1yugMeOJ+MYce
zfaznpLkYdXsoFRbdClrDrcZiFmn+pA64/Tx2iU036onPvTmZyEcdINTVJSWuigk
EMhTUp7PkfcRSMsZyOHDNtlkMq3wuHa6ecKh20HzmqOd
-----END CERTIFICATE-----