Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/2PgdO0M1s0eETxuYCOqGuvBKMJc.roa
File:                     2PgdO0M1s0eETxuYCOqGuvBKMJc.roa (raw, json)
Hash identifier:          H7be8bBQu3vuXAIdvAx0J5bHPhIMhVltGxO/P5mKjP0=
Subject key identifier:   D8:F8:1D:3B:43:35:B3:47:84:4F:1B:98:08:EA:86:BA:F0:4A:30:97
Certificate issuer:       /CN=ab9aab13427ad8c0072ae08d9bb80abc19d3f984
Certificate serial:       018CC64AA110C9219FA29115ABF7F101B077
Authority key identifier: AB:9A:AB:13:42:7A:D8:C0:07:2A:E0:8D:9B:B8:0A:BC:19:D3:F9:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/2PgdO0M1s0eETxuYCOqGuvBKMJc.roa
Signing time:             Mon 01 Jan 2024 18:30:28 +0000
ROA not before:           Mon 01 Jan 2024 18:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42695
IP address blocks:        185.141.152.0/22 maxlen: 22
                          2a07:2440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a1:10:c9:21:9f:a2:91:15:ab:f7:f1:01:b0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab9aab13427ad8c0072ae08d9bb80abc19d3f984
        Validity
            Not Before: Jan  1 18:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8f81d3b4335b347844f1b9808ea86baf04a3097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a8:7f:10:96:36:a6:62:53:21:5a:48:2e:8c:
                    87:75:39:43:b5:de:95:d6:c2:dd:97:f9:1c:24:84:
                    b7:b1:90:37:36:fd:c2:5a:d4:69:ec:bb:78:fb:cc:
                    54:b8:6d:11:01:32:e8:87:56:69:4d:4d:31:65:b4:
                    76:58:2a:7d:ed:14:a6:c7:98:a6:77:2f:20:8b:02:
                    33:c7:5b:dc:83:ea:96:a0:67:8e:44:c4:ac:ee:69:
                    07:11:62:6a:cb:67:7c:31:1a:37:89:d6:02:5f:6f:
                    38:99:f0:ba:4c:0b:1a:48:bf:99:a9:20:58:b1:4f:
                    39:cf:af:a0:ba:09:61:0c:6f:d5:52:61:3f:fd:cf:
                    9a:5d:3b:67:85:32:38:b4:a8:04:fa:f6:1d:3b:80:
                    6a:dc:8a:7e:1a:46:95:92:8c:da:a5:9a:8c:bc:7f:
                    59:3b:d8:43:50:a5:85:f9:82:44:b8:81:17:db:7b:
                    4c:24:5e:30:3b:19:77:a5:ee:c3:b7:84:62:dc:bf:
                    c6:f1:ab:fa:27:f9:ca:49:f1:1b:22:e8:48:a1:cb:
                    56:dc:de:4b:34:6b:8b:37:0d:d0:f1:01:c9:40:17:
                    92:7c:57:ea:a0:9a:07:22:c9:27:17:69:d9:74:0e:
                    d1:c8:d8:43:e3:8d:f5:e1:3c:bd:e6:68:b3:6a:b7:
                    85:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F8:1D:3B:43:35:B3:47:84:4F:1B:98:08:EA:86:BA:F0:4A:30:97
            X509v3 Authority Key Identifier:
                keyid:AB:9A:AB:13:42:7A:D8:C0:07:2A:E0:8D:9B:B8:0A:BC:19:D3:F9:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5qrE0J62MAHKuCNm7gKvBnT-YQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/2PgdO0M1s0eETxuYCOqGuvBKMJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eb9582-d275-497a-b62b-39260319c7bd/1/q5qrE0J62MAHKuCNm7gKvBnT-YQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.152.0/22
                IPv6:
                  2a07:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:0a:2d:3c:6f:c2:da:14:2f:a2:2c:b1:b7:21:c7:fc:fb:09:
         ee:9c:a2:08:38:da:e2:cc:2c:c2:3f:30:7a:4b:8c:13:f7:eb:
         bd:5f:c7:d8:ac:cd:85:02:ea:eb:2f:ba:46:7e:ae:53:99:96:
         98:9d:e9:94:52:9f:33:48:31:ea:82:06:a2:0e:a9:5a:03:82:
         7c:94:d6:25:99:e5:fa:44:af:ab:50:20:57:f7:f3:65:8e:82:
         f7:b4:db:ab:89:19:13:51:7a:cc:33:63:6a:33:77:8a:c6:8a:
         58:07:f3:0a:51:14:19:fb:b1:64:e5:d6:16:9a:57:39:51:ad:
         73:ca:58:60:e0:d2:d4:2e:cf:f1:1a:08:c8:de:91:6c:25:8f:
         fa:00:22:c4:3c:97:6c:a6:c6:70:f6:aa:70:eb:3d:57:3e:92:
         f4:ef:c3:b9:2b:3d:2f:6e:69:bb:ad:64:11:82:99:fc:0a:6c:
         20:34:44:7f:22:28:00:38:86:58:cf:47:b8:89:23:48:23:be:
         8d:d9:c9:f4:2d:64:7c:cd:76:d4:bf:04:d5:43:f6:1f:b7:60:
         17:d3:cb:7e:f8:f6:8a:73:1f:24:11:91:aa:b1:db:ef:06:bc:
         8a:0d:bd:8c:23:24:3e:31:28:72:c0:0b:7c:6f:a8:22:46:12:
         51:3e:bf:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSqEQySGfopEVq/fxAbB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOWFhYjEzNDI3YWQ4YzAwNzJhZTA4ZDliYjgwYWJjMTlk
M2Y5ODQwHhcNMjQwMTAxMTgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGY4MWQzYjQzMzViMzQ3ODQ0ZjFiOTgwOGVhODZiYWYwNGEzMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6h/EJY2pmJTIVpILoyHdTlDtd6V
1sLdl/kcJIS3sZA3Nv3CWtRp7Lt4+8xUuG0RATLoh1ZpTU0xZbR2WCp97RSmx5im
dy8giwIzx1vcg+qWoGeORMSs7mkHEWJqy2d8MRo3idYCX284mfC6TAsaSL+ZqSBY
sU85z6+guglhDG/VUmE//c+aXTtnhTI4tKgE+vYdO4Bq3Ip+GkaVkozapZqMvH9Z
O9hDUKWF+YJEuIEX23tMJF4wOxl3pe7Dt4Ri3L/G8av6J/nKSfEbIuhIoctW3N5L
NGuLNw3Q8QHJQBeSfFfqoJoHIsknF2nZdA7RyNhD44314Ty95mizareFowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNj4HTtDNbNHhE8bmAjqhrrwSjCXMB8GA1UdIwQY
MBaAFKuaqxNCetjAByrgjZu4CrwZ0/mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTVxckUwSjYyTUFIS3VDTm03Z0t2Qm5ULVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lYjk1ODItZDI3NS00OTdhLWI2MmIt
MzkyNjAzMTljN2JkLzEvMlBnZE8wTTFzMGVFVHh1WUNPcUd1dkJLTUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lYjk1ODItZDI3NS00OTdhLWI2MmItMzkyNjAzMTljN2Jk
LzEvcTVxckUwSjYyTUFIS3VDTm03Z0t2Qm5ULVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY2YMA0E
AgACMAcDBQMqByRAMA0GCSqGSIb3DQEBCwUAA4IBAQAVCi08b8LaFC+iLLG3Icf8
+wnunKIIONrizCzCPzB6S4wT9+u9X8fYrM2FAurrL7pGfq5TmZaYnemUUp8zSDHq
ggaiDqlaA4J8lNYlmeX6RK+rUCBX9/NljoL3tNuriRkTUXrMM2NqM3eKxopYB/MK
URQZ+7Fk5dYWmlc5Ua1zylhg4NLULs/xGgjI3pFsJY/6ACLEPJdspsZw9qpw6z1X
PpL078O5Kz0vbmm7rWQRgpn8CmwgNER/IigAOIZYz0e4iSNII76N2cn0LWR8zXbU
vwTVQ/Yft2AX08t++PaKcx8kEZGqsdvvBryKDb2MIyQ+MShywAt8b6giRhJRPr+b
-----END CERTIFICATE-----