Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/EdjUYCXOeI4a_5PgHRXQ0uAIKlc.roa
File:                     EdjUYCXOeI4a_5PgHRXQ0uAIKlc.roa (raw, json)
Hash identifier:          SE6pa7nS7Q0NNF28gzcOeP6TPFsXJ42FwbMcF8BDC+Q=
Subject key identifier:   11:D8:D4:60:25:CE:78:8E:1A:FF:93:E0:1D:15:D0:D2:E0:08:2A:57
Certificate issuer:       /CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
Certificate serial:       018CC5DCD13E837F389809441480D37B3E7E
Authority key identifier: 43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/EdjUYCXOeI4a_5PgHRXQ0uAIKlc.roa
Signing time:             Mon 01 Jan 2024 16:30:32 +0000
ROA not before:           Mon 01 Jan 2024 16:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48728
IP address blocks:        185.2.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d1:3e:83:7f:38:98:09:44:14:80:d3:7b:3e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
        Validity
            Not Before: Jan  1 16:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11d8d46025ce788e1aff93e01d15d0d2e0082a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:73:83:aa:dd:73:a5:69:f7:25:70:7c:12:64:
                    8b:b7:9b:33:86:47:6a:90:fc:68:75:37:d9:57:25:
                    5e:ae:5a:bf:2a:f0:ed:81:ea:1c:ac:2b:da:86:c3:
                    d9:db:ca:c1:d1:bc:20:86:51:66:b0:d3:7c:ad:36:
                    49:a7:6d:7c:ae:e9:cb:9d:cc:7b:04:2a:58:5c:cd:
                    ad:43:ec:2d:31:17:b2:e6:96:1b:d2:83:eb:d7:ff:
                    9f:1d:63:c1:35:fa:c2:06:c6:99:d6:0b:46:5b:a2:
                    ea:42:96:96:1e:7b:fd:ac:97:93:a5:04:07:cc:e0:
                    51:2f:33:38:32:5f:22:0e:9a:86:8a:c1:e6:7a:f3:
                    44:f8:61:02:89:f3:2a:6a:2c:58:fe:3c:7d:68:cb:
                    55:69:06:4c:44:a1:64:3e:a3:68:8f:06:c3:e3:dd:
                    3f:4c:f1:9b:e3:3b:dd:f9:8f:0b:6a:55:88:2b:78:
                    3f:d3:00:85:8d:2b:27:87:7c:28:27:48:f7:4f:3e:
                    27:13:8e:63:0b:39:e7:a7:60:05:ac:69:c2:80:61:
                    fc:33:80:d8:96:63:a9:e2:e5:04:7e:4d:e0:44:c1:
                    ae:da:78:e7:2e:b5:2b:99:0c:fb:de:07:c5:cd:d9:
                    41:9b:aa:55:1a:46:2b:44:52:f0:89:11:f2:f5:4a:
                    d7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D8:D4:60:25:CE:78:8E:1A:FF:93:E0:1D:15:D0:D2:E0:08:2A:57
            X509v3 Authority Key Identifier:
                keyid:43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/EdjUYCXOeI4a_5PgHRXQ0uAIKlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:a7:af:28:5e:b9:eb:a3:23:8a:c8:47:a3:40:ba:c9:c8:5e:
         f4:7e:f3:02:19:6b:d6:7f:df:63:b6:09:a8:b5:b0:fe:62:06:
         50:36:c6:bc:0f:08:c3:88:8f:45:3d:a7:9b:8c:e9:8c:d4:29:
         0c:e1:ae:9d:8d:06:d1:2c:dc:ea:d1:30:46:cb:05:52:3c:a6:
         f4:3a:46:cc:79:78:e6:a5:cc:07:45:c1:53:26:fb:9c:11:eb:
         6b:18:7b:19:51:37:bc:47:1d:44:15:c8:83:f9:53:dd:57:49:
         5c:ab:ab:57:f4:d1:f1:a8:15:19:86:bf:32:3f:b3:ee:9e:0d:
         bb:f0:0e:4b:c9:18:4e:20:18:b2:53:f7:79:be:23:2a:de:f9:
         c3:15:2d:0a:d6:ed:6e:fe:ea:ae:fe:ac:22:38:d4:ad:b1:c9:
         17:63:08:35:97:1e:27:af:41:40:ce:4a:80:63:a2:c8:17:25:
         7e:89:65:ba:9f:96:9a:f7:ae:20:df:fe:ce:8f:05:2d:57:7f:
         a7:52:0f:b7:42:75:5a:0a:34:44:da:d0:0c:3a:71:4e:90:75:
         45:fd:8d:11:59:0b:26:d5:04:80:83:54:1a:ae:87:a8:5b:93:
         43:6a:96:a0:03:63:1e:21:d3:af:f8:6e:aa:54:49:ed:79:10:
         08:b4:47:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NE+g384mAlEFIDTez5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWYyZTk4N2QyYjYzYWRkYWE1YWRjMTc4ZjMxZTkwZDg3
NmFhYTcwHhcNMjQwMTAxMTYzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQ4ZDQ2MDI1Y2U3ODhlMWFmZjkzZTAxZDE1ZDBkMmUwMDgyYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43ODqt1zpWn3JXB8EmSLt5szhkdq
kPxodTfZVyVerlq/KvDtgeocrCvahsPZ28rB0bwghlFmsNN8rTZJp218runLncx7
BCpYXM2tQ+wtMRey5pYb0oPr1/+fHWPBNfrCBsaZ1gtGW6LqQpaWHnv9rJeTpQQH
zOBRLzM4Ml8iDpqGisHmevNE+GECifMqaixY/jx9aMtVaQZMRKFkPqNojwbD490/
TPGb4zvd+Y8LalWIK3g/0wCFjSsnh3woJ0j3Tz4nE45jCznnp2AFrGnCgGH8M4DY
lmOp4uUEfk3gRMGu2njnLrUrmQz73gfFzdlBm6pVGkYrRFLwiRHy9UrXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHY1GAlzniOGv+T4B0V0NLgCCpXMB8GA1UdIwQY
MBaAFEOvLph9K2Ot2qWtwXjzHpDYdqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3Yzgt
Y2M3NzQ2NzE5NDA2LzEvRWRqVVlDWE9lSTRhXzVQZ0hSWFEwdUFJS2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3YzgtY2M3NzQ2NzE5NDA2
LzEvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQL2MA0G
CSqGSIb3DQEBCwUAA4IBAQC/p68oXrnroyOKyEejQLrJyF70fvMCGWvWf99jtgmo
tbD+YgZQNsa8DwjDiI9FPaebjOmM1CkM4a6djQbRLNzq0TBGywVSPKb0OkbMeXjm
pcwHRcFTJvucEetrGHsZUTe8Rx1EFciD+VPdV0lcq6tX9NHxqBUZhr8yP7Pung27
8A5LyRhOIBiyU/d5viMq3vnDFS0K1u1u/uqu/qwiONStsckXYwg1lx4nr0FAzkqA
Y6LIFyV+iWW6n5aa964g3/7OjwUtV3+nUg+3QnVaCjRE2tAMOnFOkHVF/Y0RWQsm
1QSAg1QaroeoW5NDapagA2MeIdOv+G6qVEnteRAItEdW
-----END CERTIFICATE-----