Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/2Rw57iC399HLJY7A-cqdBFUvbvE.roa
File:                     2Rw57iC399HLJY7A-cqdBFUvbvE.roa (raw, json)
Hash identifier:          ZUhwZeadTuaNP3AfTqrBDBG75mivVCOlwYDLPuhm7a0=
Subject key identifier:   D9:1C:39:EE:20:B7:F7:D1:CB:25:8E:C0:F9:CA:9D:04:55:2F:6E:F1
Certificate issuer:       /CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
Certificate serial:       018CC94D82AAA353A4C6CA3F53878EE538A3
Authority key identifier: 1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/2Rw57iC399HLJY7A-cqdBFUvbvE.roa
Signing time:             Tue 02 Jan 2024 08:32:29 +0000
ROA not before:           Tue 02 Jan 2024 08:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209342
IP address blocks:        185.54.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:82:aa:a3:53:a4:c6:ca:3f:53:87:8e:e5:38:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
        Validity
            Not Before: Jan  2 08:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d91c39ee20b7f7d1cb258ec0f9ca9d04552f6ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:92:1a:06:a7:67:44:1d:32:78:71:7a:80:b5:
                    57:6a:d6:ac:5d:82:06:e5:bf:5c:ee:e9:6c:60:37:
                    3c:81:d8:3a:ab:d7:b0:6b:ea:0a:9a:9e:23:18:28:
                    50:42:ef:58:28:f7:8d:97:62:6a:1d:e9:2a:5a:3f:
                    d9:8f:a4:a4:1f:91:a8:19:f0:39:8a:8e:42:a2:d8:
                    a7:13:57:c4:d9:a9:1d:e2:2c:88:e4:35:ec:3b:0f:
                    b2:1d:4d:25:69:68:f7:f7:98:99:f4:17:95:6e:2f:
                    a1:8f:52:6c:cf:33:ab:5a:a2:b9:3b:7c:b5:78:0e:
                    34:81:aa:5f:e0:9c:95:fe:07:c8:c0:d5:bf:0b:aa:
                    fd:b9:f5:31:28:29:f6:05:19:b6:a0:d3:a8:d3:33:
                    6b:de:f2:bb:ad:a3:48:c1:3e:2a:46:5f:21:f5:b3:
                    e6:53:56:5f:47:18:a7:3e:ce:6a:f0:74:b4:a1:44:
                    01:b8:c1:e7:1e:ab:fc:c7:d1:dc:85:b9:d3:2e:f6:
                    32:7c:32:73:3c:c9:a2:fd:d0:82:70:9c:bc:75:80:
                    7c:49:a6:ed:e9:fd:b1:84:16:3e:9b:24:87:60:b1:
                    fd:1d:24:d5:58:78:79:43:69:8a:56:ae:6b:26:a1:
                    80:40:2c:85:b4:b1:9e:3a:f6:91:bf:b6:b9:05:ee:
                    fd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1C:39:EE:20:B7:F7:D1:CB:25:8E:C0:F9:CA:9D:04:55:2F:6E:F1
            X509v3 Authority Key Identifier:
                keyid:1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/2Rw57iC399HLJY7A-cqdBFUvbvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:75:72:3d:c5:3b:af:0f:a3:8c:f7:2a:27:ee:e9:d1:32:7e:
         91:cd:b3:b2:1e:e6:da:ee:66:48:70:fe:3c:b9:d8:88:17:cd:
         bc:48:ea:7c:08:bb:95:88:eb:23:5c:af:63:3d:63:a4:d9:ff:
         af:16:09:0b:a6:68:d7:87:91:69:9d:a7:29:42:b8:43:d6:15:
         54:fd:08:3a:f0:a8:3e:bf:92:7b:63:6e:54:0f:1c:79:1a:f6:
         b6:c0:7d:5d:83:f6:64:97:01:5d:78:9c:73:00:a5:2c:0e:be:
         72:0b:9b:70:c5:de:96:70:7c:ac:f7:a9:43:7f:b8:9e:2f:97:
         8f:ff:e8:ca:b0:75:f2:33:d6:d8:1f:ce:e8:7a:94:ce:b2:3d:
         59:10:72:83:01:bd:d9:76:31:c6:e7:89:b1:42:79:d9:bd:7b:
         25:c1:fa:03:85:e3:d5:12:16:1b:7e:4d:15:ca:b2:a8:32:e8:
         77:20:c4:8e:bd:9f:fd:c8:37:4f:98:68:1f:4f:0e:08:f1:72:
         0f:f6:f8:d2:e8:ec:36:ce:8f:37:b2:6d:92:21:26:ec:3e:f9:
         5b:bb:bd:11:1c:4f:41:cf:f2:a4:2f:72:a3:84:63:12:91:c9:
         30:f9:a8:4f:6c:b8:c6:13:a6:26:85:7b:64:8b:ae:ff:b8:c7:
         00:7b:da:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYKqo1Okxso/U4eO5TijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGQyMDVjNzk4ZWQ3OGYzYzQ0Y2EwYzhmMjg1MmU4YmVj
OGVhYTIwHhcNMjQwMTAyMDgzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFjMzllZTIwYjdmN2QxY2IyNThlYzBmOWNhOWQwNDU1MmY2ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5IaBqdnRB0yeHF6gLVXatasXYIG
5b9c7ulsYDc8gdg6q9ewa+oKmp4jGChQQu9YKPeNl2JqHekqWj/Zj6SkH5GoGfA5
io5CotinE1fE2akd4iyI5DXsOw+yHU0laWj395iZ9BeVbi+hj1JszzOrWqK5O3y1
eA40gapf4JyV/gfIwNW/C6r9ufUxKCn2BRm2oNOo0zNr3vK7raNIwT4qRl8h9bPm
U1ZfRxinPs5q8HS0oUQBuMHnHqv8x9HchbnTLvYyfDJzPMmi/dCCcJy8dYB8Sabt
6f2xhBY+mySHYLH9HSTVWHh5Q2mKVq5rJqGAQCyFtLGeOvaRv7a5Be79dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkcOe4gt/fRyyWOwPnKnQRVL27xMB8GA1UdIwQY
MBaAFB6NIFx5jtePPETKDI8oUui+yOqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTkt
ZWUxYmQzNDRmMDE1LzEvMlJ3NTdpQzM5OUhMSlk3QS1jcWRCRlV2YnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTktZWUxYmQzNDRmMDE1
LzEvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTaRMA0G
CSqGSIb3DQEBCwUAA4IBAQBKdXI9xTuvD6OM9yon7unRMn6RzbOyHuba7mZIcP48
udiIF828SOp8CLuViOsjXK9jPWOk2f+vFgkLpmjXh5FpnacpQrhD1hVU/Qg68Kg+
v5J7Y25UDxx5Gva2wH1dg/ZklwFdeJxzAKUsDr5yC5twxd6WcHys96lDf7ieL5eP
/+jKsHXyM9bYH87oepTOsj1ZEHKDAb3ZdjHG54mxQnnZvXslwfoDhePVEhYbfk0V
yrKoMuh3IMSOvZ/9yDdPmGgfTw4I8XIP9vjS6Ow2zo83sm2SISbsPvlbu70RHE9B
z/KkL3KjhGMSkckw+ahPbLjGE6YmhXtki67/uMcAe9pg
-----END CERTIFICATE-----