Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/1-PPxx6cqZmqqAiDeGqVHCTJ2mdI.roa
File:                     1-PPxx6cqZmqqAiDeGqVHCTJ2mdI.roa (raw, json)
Hash identifier:          LEQQJeoVv4HOJLwgixUejRwYkOPSPifDplHe0W55Pxo=
Subject key identifier:   F8:F3:F1:C7:A7:2A:66:6A:AA:02:20:DE:1A:A5:47:09:32:76:99:D2
Certificate issuer:       /CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Certificate serial:       018CC2DB613BC2A93CDAC3AABDB779B12BBB
Authority key identifier: 2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/1-PPxx6cqZmqqAiDeGqVHCTJ2mdI.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213093
IP address blocks:        185.184.63.0/24 maxlen: 24
                          185.184.62.0/24 maxlen: 24
                          185.184.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:3b:c2:a9:3c:da:c3:aa:bd:b7:79:b1:2b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8f3f1c7a72a666aaa0220de1aa54709327699d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:49:e0:71:07:b5:b1:ee:ef:13:8a:1f:05:86:
                    22:85:be:11:47:63:b3:e1:6e:3f:cc:7e:97:9f:6d:
                    d4:1e:6a:05:02:16:34:4a:be:61:a5:75:83:2d:e7:
                    bf:42:b9:ba:0d:99:4d:ec:c1:6a:58:03:44:fc:cc:
                    59:c7:b4:64:ff:90:2b:64:aa:38:70:7a:a1:ff:7f:
                    d6:e5:54:64:21:36:97:ac:e2:f9:00:ad:08:0b:68:
                    6d:15:3e:87:75:db:fc:05:95:ae:8a:bd:91:00:98:
                    1e:c2:96:23:bd:30:a3:71:79:e8:1d:f7:7e:26:97:
                    74:11:bd:32:10:0f:88:11:36:2e:59:66:98:3d:af:
                    cd:36:eb:4a:b2:98:b8:5e:0e:d7:ad:4d:99:c1:b4:
                    72:d7:07:1d:7f:91:da:ca:ec:fe:30:59:6b:6a:ef:
                    5f:a5:10:ad:4f:2d:72:51:8d:b0:3d:d8:20:68:26:
                    2a:cc:48:9e:20:dc:1d:bb:68:cf:31:15:02:cc:34:
                    73:19:cb:28:15:fb:7b:21:b5:a1:a7:5b:85:17:7b:
                    af:00:9c:1c:c6:27:ce:1f:f1:95:e2:70:92:f5:dd:
                    b1:b6:c8:f2:93:2e:88:9b:1c:a8:db:3a:1f:33:36:
                    84:ce:ce:f3:5a:a9:5a:3c:a4:6c:e2:10:8c:0f:77:
                    e8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F3:F1:C7:A7:2A:66:6A:AA:02:20:DE:1A:A5:47:09:32:76:99:D2
            X509v3 Authority Key Identifier:
                keyid:2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/1-PPxx6cqZmqqAiDeGqVHCTJ2mdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:ab:04:7c:00:d7:92:d5:15:71:e6:5a:da:ce:7f:6d:ae:fc:
         3a:62:64:c9:a3:c6:b0:c0:42:fc:2d:55:c8:d2:6f:3f:db:17:
         1e:9a:36:87:29:a4:80:cc:22:ac:8e:17:75:c3:4a:47:41:56:
         92:a4:4e:bc:4a:f5:85:d9:6a:19:38:9c:3a:88:52:80:9e:a3:
         bf:93:17:8d:51:1d:ff:25:88:a8:1d:f2:a2:d3:a7:ce:db:62:
         f3:f0:e5:c0:02:3f:f5:b4:1b:59:72:79:23:32:7a:4c:07:28:
         42:f2:43:ab:61:6a:33:da:66:b7:7a:74:21:82:f0:c5:3f:64:
         b7:21:ed:0f:a6:5f:a4:cc:bb:2f:78:e3:25:59:e5:28:74:7b:
         d1:31:e5:ac:7f:a5:69:93:7c:f5:b5:2f:2b:d7:d1:1f:4b:1e:
         15:e4:d4:d0:db:e5:dd:a6:e2:46:4a:88:d8:19:ba:94:96:b7:
         a6:2a:fa:af:d7:9e:4e:d1:3c:0f:85:79:93:da:3b:66:ad:b4:
         b3:d2:d5:85:5f:72:47:ad:99:be:a4:16:1d:da:6c:ff:32:de:
         14:61:61:95:75:c6:00:d9:3c:1c:a2:19:b2:a0:dd:68:b9:3f:
         6b:8a:36:c1:a6:b4:a6:6c:7c:42:cc:0c:4f:9b:9a:c3:da:d4:
         80:1c:16:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC22E7wqk82sOqvbd5sSu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNTY2NGUwMjkzNmNiNWI1NDU0ZDU5NWM1MzgyYjdlN2Ew
Yzc5NDQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGYzZjFjN2E3MmE2NjZhYWEwMjIwZGUxYWE1NDcwOTMyNzY5OWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0ngcQe1se7vE4ofBYYihb4RR2Oz
4W4/zH6Xn23UHmoFAhY0Sr5hpXWDLee/Qrm6DZlN7MFqWANE/MxZx7Rk/5ArZKo4
cHqh/3/W5VRkITaXrOL5AK0IC2htFT6Hddv8BZWuir2RAJgewpYjvTCjcXnoHfd+
Jpd0Eb0yEA+IETYuWWaYPa/NNutKspi4Xg7XrU2ZwbRy1wcdf5Hayuz+MFlrau9f
pRCtTy1yUY2wPdggaCYqzEieINwdu2jPMRUCzDRzGcsoFft7IbWhp1uFF3uvAJwc
xifOH/GV4nCS9d2xtsjyky6Imxyo2zofMzaEzs7zWqlaPKRs4hCMD3foMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjz8cenKmZqqgIg3hqlRwkydpnSMB8GA1UdIwQY
MBaAFC5WZOApNstbVFTVlcU4K356DHlEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMt
ZWY4MWZjYTYzMDI5LzEvMS1QUHh4NmNxWm1xcUFpRGVHcVZIQ1RKMm1kSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDYvMjdjOTE5LWNjY2UtNDZhOS04NGIzLWVmODFmY2E2MzAy
OS8xL0xsWms0Q2syeTF0VVZOV1Z4VGdyZm5vTWVVUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbm4PjAN
BgkqhkiG9w0BAQsFAAOCAQEAJ6sEfADXktUVceZa2s5/ba78OmJkyaPGsMBC/C1V
yNJvP9sXHpo2hymkgMwirI4XdcNKR0FWkqROvEr1hdlqGTicOohSgJ6jv5MXjVEd
/yWIqB3yotOnztti8/DlwAI/9bQbWXJ5IzJ6TAcoQvJDq2FqM9pmt3p0IYLwxT9k
tyHtD6ZfpMy7L3jjJVnlKHR70THlrH+laZN89bUvK9fRH0seFeTU0Nvl3abiRkqI
2Bm6lJa3pir6r9eeTtE8D4V5k9o7Zq20s9LVhV9yR62ZvqQWHdps/zLeFGFhlXXG
ANk8HKIZsqDdaLk/a4o2waa0pmx8QswMT5uaw9rUgBwWqw==
-----END CERTIFICATE-----