Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2praxHhsCtXVuhx_dcPPOS2kawI.roa
File:                     2praxHhsCtXVuhx_dcPPOS2kawI.roa (raw, json)
Hash identifier:          Hwo2J2BAfngWUx4/J+QJtoC0WEx6NE+Fwx2IBoPjUYY=
Subject key identifier:   DA:9A:DA:C4:78:6C:0A:D5:D5:BA:1C:7F:75:C3:CF:39:2D:A4:6B:02
Certificate issuer:       /CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
Certificate serial:       018CC4255B36867153739421D20BBE5E185D
Authority key identifier: D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2praxHhsCtXVuhx_dcPPOS2kawI.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209622
IP address blocks:        185.131.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:36:86:71:53:73:94:21:d2:0b:be:5e:18:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da9adac4786c0ad5d5ba1c7f75c3cf392da46b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:48:10:08:01:11:88:a1:a6:2e:8d:72:ad:e4:
                    aa:ec:dd:6c:c3:e5:c1:ae:c7:13:1c:cb:e3:25:5a:
                    57:b1:47:f5:df:0b:fa:f8:f5:46:77:eb:5e:6d:24:
                    2e:af:dc:da:68:43:25:57:50:9b:6f:75:e0:a3:61:
                    53:ab:a3:50:d4:b6:e6:42:45:93:39:23:8b:30:0d:
                    f7:ea:f5:84:0a:47:cf:e5:8c:10:55:a2:97:55:69:
                    32:14:d1:b1:6a:7a:11:fc:c6:e9:c9:1a:8b:6e:ed:
                    fa:7c:81:07:d4:99:89:60:7a:ad:7e:49:13:66:1c:
                    81:4d:df:68:b8:ae:6d:1e:f1:2d:de:38:f4:a7:fa:
                    98:be:1d:cd:75:fe:2f:41:ee:c5:6b:89:36:03:2e:
                    22:26:a2:85:46:70:29:3c:de:14:74:2d:d8:da:fe:
                    1e:eb:09:30:45:b5:0c:14:b9:e3:cb:eb:23:ad:c8:
                    ab:3c:de:89:11:19:3d:ec:37:b8:f4:a0:74:f4:f0:
                    cf:3a:d4:aa:91:6d:80:3d:b4:67:ef:99:c9:9c:69:
                    73:aa:77:15:a3:7a:3e:2d:1a:60:e8:f1:99:c0:f3:
                    92:72:6f:bb:01:b8:23:1c:56:b4:05:92:86:cd:94:
                    dd:21:33:0f:4f:14:10:dc:35:80:e4:7d:8d:69:8a:
                    84:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:9A:DA:C4:78:6C:0A:D5:D5:BA:1C:7F:75:C3:CF:39:2D:A4:6B:02
            X509v3 Authority Key Identifier:
                keyid:D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2praxHhsCtXVuhx_dcPPOS2kawI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:cb:b3:5a:0a:02:63:35:5f:83:76:bc:51:98:0f:cd:d1:ba:
         65:fd:49:f5:0a:36:0d:6f:b2:2a:f5:dd:51:5e:4c:0d:d5:ee:
         71:03:6f:35:ff:24:ec:fe:31:c4:d8:0e:12:73:70:b0:54:7b:
         87:e2:6f:d2:b0:17:a6:05:91:99:00:d1:88:89:ca:fb:7f:b2:
         5b:af:2d:da:d1:d9:0e:aa:e0:1d:76:56:ea:96:4f:1d:8d:16:
         58:59:04:85:43:60:f0:3a:ad:de:e2:e0:f8:81:0d:22:51:9b:
         a5:fa:a0:00:63:4d:b1:e6:48:3d:24:e1:d8:98:43:67:35:85:
         fd:8b:f2:5d:1e:a5:06:56:23:5d:66:ab:96:07:5d:f8:d5:b4:
         3f:9b:b9:b0:68:4e:5a:aa:8e:55:11:88:b9:99:53:2a:ed:2e:
         22:39:09:dc:60:4b:9a:a8:45:3b:c3:3b:24:26:cb:2a:81:5c:
         54:38:6a:88:78:26:f6:9d:1e:f1:fd:7d:da:df:37:38:fa:3b:
         d7:32:54:95:5b:b0:5c:c3:98:9b:88:32:ed:68:49:f6:b9:14:
         b9:e3:43:5d:7b:7a:03:32:ef:ef:5c:ec:e3:29:fd:78:08:ec:
         00:7b:31:59:f1:bd:a2:b7:ff:d7:ef:fa:71:81:43:53:73:fc:
         2a:39:52:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVs2hnFTc5Qh0gu+XhhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWZlOWQzNmY1Zjg4ZmRmMDQ3NDJjNDE0MGM3NTMyMDkw
YWI3NzAwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTlhZGFjNDc4NmMwYWQ1ZDViYTFjN2Y3NWMzY2YzOTJkYTQ2YjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEgQCAERiKGmLo1yreSq7N1sw+XB
rscTHMvjJVpXsUf13wv6+PVGd+tebSQur9zaaEMlV1Cbb3Xgo2FTq6NQ1LbmQkWT
OSOLMA336vWECkfP5YwQVaKXVWkyFNGxanoR/MbpyRqLbu36fIEH1JmJYHqtfkkT
ZhyBTd9ouK5tHvEt3jj0p/qYvh3Ndf4vQe7Fa4k2Ay4iJqKFRnApPN4UdC3Y2v4e
6wkwRbUMFLnjy+sjrcirPN6JERk97De49KB09PDPOtSqkW2APbRn75nJnGlzqncV
o3o+LRpg6PGZwPOScm+7AbgjHFa0BZKGzZTdITMPTxQQ3DWA5H2NaYqE/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqa2sR4bArV1bocf3XDzzktpGsCMB8GA1UdIwQY
MBaAFNnv6dNvX4j98EdCxBQMdTIJCrdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1Yzkt
MzlmNmQ2NDI1MzM4LzEvMnByYXhIaHNDdFhWdWh4X2RjUFBPUzJrYXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1YzktMzlmNmQ2NDI1MzM4
LzEvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYOSMA0G
CSqGSIb3DQEBCwUAA4IBAQBey7NaCgJjNV+DdrxRmA/N0bpl/Un1CjYNb7Iq9d1R
XkwN1e5xA281/yTs/jHE2A4Sc3CwVHuH4m/SsBemBZGZANGIicr7f7Jbry3a0dkO
quAddlbqlk8djRZYWQSFQ2DwOq3e4uD4gQ0iUZul+qAAY02x5kg9JOHYmENnNYX9
i/JdHqUGViNdZquWB1341bQ/m7mwaE5aqo5VEYi5mVMq7S4iOQncYEuaqEU7wzsk
JssqgVxUOGqIeCb2nR7x/X3a3zc4+jvXMlSVW7Bcw5ibiDLtaEn2uRS540Nde3oD
Mu/vXOzjKf14COwAezFZ8b2it//X7/pxgUNTc/wqOVIp
-----END CERTIFICATE-----