Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/2LdUeQ2AqByZeexMRoImu32pplA.roa
File:                     2LdUeQ2AqByZeexMRoImu32pplA.roa (raw, json)
Hash identifier:          I/qBixg9wofc+nNAIgMwi0w1XBAPwxQHpMwzlALEDWg=
Subject key identifier:   D8:B7:54:79:0D:80:A8:1C:99:79:EC:4C:46:82:26:BB:7D:A9:A6:50
Certificate issuer:       /CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
Certificate serial:       018CC64B6E584AB4060BE50F3DC4AA60B745
Authority key identifier: E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/2LdUeQ2AqByZeexMRoImu32pplA.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56465
IP address blocks:        94.124.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6e:58:4a:b4:06:0b:e5:0f:3d:c4:aa:60:b7:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8b754790d80a81c9979ec4c468226bb7da9a650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fd:c7:99:b6:04:e8:c6:fa:2b:bf:b1:6c:07:
                    35:df:d9:ec:7e:cd:16:c7:1b:84:82:2a:e0:4e:74:
                    f8:a1:26:3a:d1:db:e6:06:7a:a1:de:27:33:d7:55:
                    10:78:19:a6:2d:f9:19:02:09:64:0b:ac:fa:21:3b:
                    bf:55:e2:e7:aa:53:56:a8:3c:90:9d:6a:ed:5e:e8:
                    bf:40:b5:6f:87:01:99:9a:1c:9a:49:cf:86:02:76:
                    66:25:b2:c6:21:e1:39:2d:72:08:ca:73:46:a9:e8:
                    a3:06:00:09:57:12:7b:db:c7:ba:6e:3a:b3:97:12:
                    7e:22:44:1b:fe:09:a9:a5:9f:51:5e:9e:f8:8c:2f:
                    1b:f4:df:f2:8b:99:86:75:99:13:9b:9d:f9:f0:4d:
                    fc:01:97:96:4c:d7:b9:a1:09:41:34:13:dd:a5:84:
                    fc:6a:c2:4c:0d:d0:11:f7:54:bb:68:e8:3a:d3:8a:
                    55:6c:bc:6e:e5:4f:35:bd:80:ef:a1:13:b1:04:1d:
                    f7:dc:05:48:ab:f6:e7:99:bf:44:f6:3f:a6:c2:d1:
                    93:c2:e4:1e:19:08:ed:1d:9e:a4:23:ef:85:b6:59:
                    76:4c:e2:99:ee:de:c4:b3:cf:c2:29:a0:d7:02:4c:
                    86:7d:a8:4b:4f:d8:53:fb:06:38:e3:de:db:91:91:
                    1b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B7:54:79:0D:80:A8:1C:99:79:EC:4C:46:82:26:BB:7D:A9:A6:50
            X509v3 Authority Key Identifier:
                keyid:E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/2LdUeQ2AqByZeexMRoImu32pplA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:55:25:81:8b:52:19:46:79:2b:2c:90:81:67:0b:d7:1b:16:
         39:fa:22:3c:4f:84:0f:53:16:89:f9:7a:44:0f:bd:32:c5:fa:
         cd:63:67:40:ac:eb:94:d7:e8:00:f0:d6:58:69:0b:94:7a:4a:
         3a:72:70:b0:b1:d4:6b:3f:17:0c:dd:89:49:b2:b3:bc:0f:ef:
         de:30:f2:c0:ad:6d:80:03:00:4a:59:0d:f4:b4:d1:95:ee:aa:
         3a:30:67:66:ad:8d:a5:1b:a9:24:01:b9:8d:39:12:37:ee:47:
         93:0c:3d:72:b1:d5:9f:77:46:2d:a9:38:fd:05:cc:d6:3b:f5:
         d7:3e:57:29:4b:00:98:6b:ef:c2:71:b3:c9:3c:d7:48:a0:03:
         d2:a9:1d:28:d5:44:c6:f5:62:fe:f6:e8:27:90:52:a4:fc:00:
         dd:e7:88:e8:32:e6:61:d4:ac:2b:67:ba:23:5f:74:81:9f:57:
         9b:58:8e:f0:89:3b:eb:f4:2d:fd:a4:f9:1a:f2:9a:e2:63:f6:
         2d:09:02:8d:05:d0:ff:ba:4c:43:6d:59:13:4d:07:3c:0f:e3:
         a1:07:3d:b7:cd:76:d8:a4:e3:07:18:65:0e:22:55:0c:b6:48:
         4a:b7:aa:e5:61:7f:20:b4:a1:f2:b2:24:e5:ef:f9:2b:0e:e6:
         7b:10:9e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS25YSrQGC+UPPcSqYLdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTc0YzI4NzhkNmI1MzYxMzliODk1ZjA4YzljNmRiMThl
MTJhOWIwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGI3NTQ3OTBkODBhODFjOTk3OWVjNGM0NjgyMjZiYjdkYTlhNjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/3HmbYE6Mb6K7+xbAc139nsfs0W
xxuEgirgTnT4oSY60dvmBnqh3icz11UQeBmmLfkZAglkC6z6ITu/VeLnqlNWqDyQ
nWrtXui/QLVvhwGZmhyaSc+GAnZmJbLGIeE5LXIIynNGqeijBgAJVxJ728e6bjqz
lxJ+IkQb/gmppZ9RXp74jC8b9N/yi5mGdZkTm5358E38AZeWTNe5oQlBNBPdpYT8
asJMDdAR91S7aOg604pVbLxu5U81vYDvoROxBB333AVIq/bnmb9E9j+mwtGTwuQe
GQjtHZ6kI++Ftll2TOKZ7t7Es8/CKaDXAkyGfahLT9hT+wY4497bkZEbywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNi3VHkNgKgcmXnsTEaCJrt9qaZQMB8GA1UdIwQY
MBaAFOBXTCh41rU2E5uJXwjJxtsY4SqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUt
NDQ2MDE5OTY2YTE5LzEvMkxkVWVRMkFxQnlaZWV4TVJvSW11MzJwcGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUtNDQ2MDE5OTY2YTE5
LzEvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXnylMA0G
CSqGSIb3DQEBCwUAA4IBAQAiVSWBi1IZRnkrLJCBZwvXGxY5+iI8T4QPUxaJ+XpE
D70yxfrNY2dArOuU1+gA8NZYaQuUeko6cnCwsdRrPxcM3YlJsrO8D+/eMPLArW2A
AwBKWQ30tNGV7qo6MGdmrY2lG6kkAbmNORI37keTDD1ysdWfd0YtqTj9BczWO/XX
PlcpSwCYa+/CcbPJPNdIoAPSqR0o1UTG9WL+9ugnkFKk/ADd54joMuZh1KwrZ7oj
X3SBn1ebWI7wiTvr9C39pPka8priY/YtCQKNBdD/ukxDbVkTTQc8D+OhBz23zXbY
pOMHGGUOIlUMtkhKt6rlYX8gtKHysiTl7/krDuZ7EJ7W
-----END CERTIFICATE-----