Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/DEkJdFevAZweFVDejm2aG51E-fY.roa
File:                     DEkJdFevAZweFVDejm2aG51E-fY.roa (raw, json)
Hash identifier:          Q6YEQeEwn3p7C9qPQYuEhoUsYcbOmZTe94HklSxvsZA=
Subject key identifier:   0C:49:09:74:57:AF:01:9C:1E:15:50:DE:8E:6D:9A:1B:9D:44:F9:F6
Certificate issuer:       /CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Certificate serial:       018CCA286C09BDBF890A75A196B210AA2C7B
Authority key identifier: BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/DEkJdFevAZweFVDejm2aG51E-fY.roa
Signing time:             Tue 02 Jan 2024 12:31:35 +0000
ROA not before:           Tue 02 Jan 2024 12:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5488
IP address blocks:        185.2.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6c:09:bd:bf:89:0a:75:a1:96:b2:10:aa:2c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
        Validity
            Not Before: Jan  2 12:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c49097457af019c1e1550de8e6d9a1b9d44f9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:f5:ec:90:47:09:8f:56:02:22:40:0a:3b:
                    5a:ba:65:22:74:83:9c:80:b8:a1:79:88:f4:aa:6c:
                    5c:24:37:ed:78:2b:59:26:f3:08:7c:e9:f2:49:4a:
                    70:a8:2f:e2:bc:96:a0:7c:cd:d5:d2:37:dd:e7:c7:
                    96:1a:89:4c:6b:9a:83:d7:ba:b5:70:92:62:11:cf:
                    a6:60:e2:42:49:27:9a:0a:ad:d3:29:c9:1d:45:cd:
                    4b:1a:91:fa:78:cc:ba:d8:5a:d8:d6:d0:76:c4:29:
                    b5:76:2d:40:3d:f6:c4:b7:db:d3:23:0d:af:8f:88:
                    3d:a7:37:41:4a:b4:e9:64:69:f6:fb:45:f2:f1:ca:
                    cd:a0:fe:39:74:4f:4d:3a:85:fe:80:d9:bc:07:45:
                    4f:49:2f:ee:ba:d0:05:4d:e3:fc:89:bd:e6:74:0e:
                    7c:c5:bf:dd:75:2f:bc:9c:53:9b:3a:bb:bd:27:3e:
                    5d:f1:7e:ef:06:59:7e:2a:b7:b7:0b:34:2b:58:db:
                    35:40:f1:c0:59:88:6a:c9:84:4e:5b:f2:3e:c6:29:
                    fd:0d:9c:b4:50:1e:c8:f8:b7:46:1e:47:9f:81:51:
                    19:08:67:d7:2b:9e:fb:d9:bb:bc:42:c2:ff:e6:c7:
                    6e:dc:5e:5b:11:26:4c:de:0b:1c:81:c4:db:d4:25:
                    8b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:49:09:74:57:AF:01:9C:1E:15:50:DE:8E:6D:9A:1B:9D:44:F9:F6
            X509v3 Authority Key Identifier:
                keyid:BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/DEkJdFevAZweFVDejm2aG51E-fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:63:f4:b4:0a:78:ce:d4:82:1a:51:46:a8:df:eb:52:a4:b1:
         bb:61:4a:6c:d1:b7:83:45:37:4a:7f:bc:c1:c1:8d:a9:a7:c8:
         10:81:77:4b:6b:ed:eb:5f:cc:06:fd:cc:a0:f0:7b:93:82:9a:
         6d:0c:e9:4d:4c:f3:e3:02:ec:8e:8e:c8:27:b1:e5:c3:24:9b:
         08:82:7c:f8:2e:7e:1e:99:d4:8f:80:45:03:7a:b3:5c:74:ae:
         93:79:13:7d:3e:7a:36:1d:d2:46:6e:8b:8a:35:a8:39:80:4f:
         8b:09:46:96:03:95:54:da:7d:a5:4c:9c:65:8c:ab:9e:44:28:
         93:9f:d4:98:5e:9d:c3:9d:48:7c:05:b7:d9:b8:7c:25:14:25:
         30:cb:8b:6c:67:15:35:7e:06:de:e9:73:65:6b:3c:bf:b3:ce:
         ec:93:90:c1:65:ac:06:fe:5b:1b:c3:4a:0f:43:ff:09:d2:19:
         37:47:89:82:99:96:ae:11:0d:e8:fb:8d:05:4e:e2:e9:24:65:
         e5:22:9b:5f:15:ac:07:04:35:c1:5b:6d:5e:b6:ad:8b:7c:eb:
         1f:e1:49:a3:19:b7:a3:1f:01:1e:81:7c:8c:6c:c2:1e:4f:e5:
         14:3f:40:71:48:d8:4d:bd:41:a0:b6:2b:94:94:8a:83:42:90:
         9d:49:86:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKGwJvb+JCnWhlrIQqix7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmEzYWY4MzlhYTFkY2U3NThmNDg5ZTJkMzFhZTIyMDky
ZmM5OWEwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ5MDk3NDU3YWYwMTljMWUxNTUwZGU4ZTZkOWExYjlkNDRmOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzH17JBHCY9WAiJACjtaumUidIOc
gLiheYj0qmxcJDfteCtZJvMIfOnySUpwqC/ivJagfM3V0jfd58eWGolMa5qD17q1
cJJiEc+mYOJCSSeaCq3TKckdRc1LGpH6eMy62FrY1tB2xCm1di1APfbEt9vTIw2v
j4g9pzdBSrTpZGn2+0Xy8crNoP45dE9NOoX+gNm8B0VPSS/uutAFTeP8ib3mdA58
xb/ddS+8nFObOru9Jz5d8X7vBll+Kre3CzQrWNs1QPHAWYhqyYROW/I+xin9DZy0
UB7I+LdGHkefgVEZCGfXK5772bu8QsL/5sdu3F5bESZM3gscgcTb1CWLJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxJCXRXrwGcHhVQ3o5tmhudRPn2MB8GA1UdIwQY
MBaAFL36Ovg5qh3OdY9Ini0xriIJL8maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMt
YWU3NzQ2ZjA5NjMwLzEvREVrSmRGZXZBWndlRlZEZWptMmFHNTFFLWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMtYWU3NzQ2ZjA5NjMw
LzEvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQJcMA0G
CSqGSIb3DQEBCwUAA4IBAQArY/S0CnjO1IIaUUao3+tSpLG7YUps0beDRTdKf7zB
wY2pp8gQgXdLa+3rX8wG/cyg8HuTgpptDOlNTPPjAuyOjsgnseXDJJsIgnz4Ln4e
mdSPgEUDerNcdK6TeRN9Pno2HdJGbouKNag5gE+LCUaWA5VU2n2lTJxljKueRCiT
n9SYXp3DnUh8BbfZuHwlFCUwy4tsZxU1fgbe6XNlazy/s87sk5DBZawG/lsbw0oP
Q/8J0hk3R4mCmZauEQ3o+40FTuLpJGXlIptfFawHBDXBW21etq2LfOsf4UmjGbej
HwEegXyMbMIeT+UUP0BxSNhNvUGgtiuUlIqDQpCdSYZe
-----END CERTIFICATE-----