Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/2ECn95bqZfzbT4pZYsOi0zbFQig.roa
File:                     2ECn95bqZfzbT4pZYsOi0zbFQig.roa (raw, json)
Hash identifier:          wuIkePzrIdK0F4KB+oQWr9nxnJKW9olLgkczKwILb+s=
Subject key identifier:   D8:40:A7:F7:96:EA:65:FC:DB:4F:8A:59:62:C3:A2:D3:36:C5:42:28
Certificate issuer:       /CN=9ce22dca2a2db0a59fe56681c8d1c40677a745b5
Certificate serial:       018CC34919FEBF11BA3C348D42FE247BD605
Authority key identifier: 9C:E2:2D:CA:2A:2D:B0:A5:9F:E5:66:81:C8:D1:C4:06:77:A7:45:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOItyiotsKWf5WaByNHEBnenRbU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/2ECn95bqZfzbT4pZYsOi0zbFQig.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47736
IP address blocks:        185.209.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/nOItyiotsKWf5WaByNHEBnenRbU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/nOItyiotsKWf5WaByNHEBnenRbU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOItyiotsKWf5WaByNHEBnenRbU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:19:fe:bf:11:ba:3c:34:8d:42:fe:24:7b:d6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce22dca2a2db0a59fe56681c8d1c40677a745b5
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d840a7f796ea65fcdb4f8a5962c3a2d336c54228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9f:83:68:13:f1:3d:a4:d6:d2:b2:cb:68:8a:
                    9d:cd:84:bd:ca:8d:31:0b:5c:23:7c:fe:f9:cb:9a:
                    67:c8:88:db:eb:06:a9:0c:63:1e:f6:02:8d:b7:7f:
                    c4:14:7e:0c:d8:a5:dd:47:3d:b1:67:a8:c6:b0:87:
                    96:ee:13:41:50:e3:dd:5d:5c:5a:c9:dd:0e:85:f3:
                    fe:d6:27:54:02:e2:a2:91:f4:3f:66:59:0d:22:5b:
                    a2:9c:2e:eb:4a:ba:20:24:f8:5d:de:9d:8d:63:9c:
                    ec:6c:43:02:a0:13:e2:71:8e:f8:a9:99:87:db:1b:
                    25:a1:f2:70:c0:3f:25:e5:00:94:81:89:b6:b2:e5:
                    ac:6a:17:38:0d:b6:1f:4d:b3:0a:03:04:4d:e5:6f:
                    f4:16:f9:73:cf:c1:0a:be:c7:1a:dc:48:d2:59:86:
                    6b:ea:a0:42:6a:c8:2a:45:b8:b2:6c:63:37:39:a0:
                    47:2e:dd:56:65:20:f6:47:69:23:e9:36:9d:6c:8e:
                    c6:6d:7f:94:62:70:35:d7:b4:8e:48:3f:5b:02:fc:
                    eb:44:86:07:62:a2:3f:f1:df:0d:5f:bf:01:b5:bb:
                    88:e9:69:e9:19:ac:ef:d6:fb:8c:33:88:36:d1:28:
                    e5:e5:66:ef:89:af:c0:d7:66:0b:79:29:60:49:15:
                    b4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:40:A7:F7:96:EA:65:FC:DB:4F:8A:59:62:C3:A2:D3:36:C5:42:28
            X509v3 Authority Key Identifier:
                keyid:9C:E2:2D:CA:2A:2D:B0:A5:9F:E5:66:81:C8:D1:C4:06:77:A7:45:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOItyiotsKWf5WaByNHEBnenRbU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/2ECn95bqZfzbT4pZYsOi0zbFQig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/nOItyiotsKWf5WaByNHEBnenRbU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:d2:dc:fb:1e:24:d5:36:8b:f0:00:8d:01:71:7e:0d:d6:6d:
         21:98:eb:f0:ea:d6:1f:a5:40:15:d1:76:b4:64:49:52:58:f3:
         ff:a0:25:01:fe:a3:30:b6:7d:c9:c5:a4:f0:40:4b:0b:6a:f4:
         43:e8:1f:a8:7f:7e:3b:77:5b:89:a8:44:95:9a:b5:a9:0c:94:
         9e:ab:8f:05:04:5f:74:7f:bf:46:61:b6:59:c9:5f:0e:37:7d:
         5e:03:b4:cd:a7:c2:8c:08:b7:33:e5:98:b0:79:53:a1:a6:34:
         5d:5e:e3:b0:71:4c:5b:a7:3d:c4:08:85:e6:28:c0:2e:01:11:
         d0:04:2e:51:b3:95:6c:f8:03:38:61:55:69:0c:8d:68:06:71:
         7b:71:8d:7c:ab:24:29:2a:c2:a1:00:71:57:b5:12:34:7d:6e:
         e3:5f:a4:28:60:eb:51:4f:b4:77:3c:07:27:a9:fa:5b:36:b6:
         c4:df:7c:d0:a1:c2:60:dc:03:ac:84:a8:12:99:a3:54:80:c0:
         d1:33:62:8b:8f:c4:9c:39:6c:0c:92:19:af:39:00:05:5b:49:
         2c:24:1a:d3:1e:2f:d5:46:3c:d7:53:08:a0:5f:f2:57:e9:dd:
         cb:03:c3:fe:a3:8c:fa:8d:d9:8d:3a:a2:44:2d:63:86:d8:c0:
         88:ad:7e:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRn+vxG6PDSNQv4ke9YFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTIyZGNhMmEyZGIwYTU5ZmU1NjY4MWM4ZDFjNDA2Nzdh
NzQ1YjUwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQwYTdmNzk2ZWE2NWZjZGI0ZjhhNTk2MmMzYTJkMzM2YzU0MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5+DaBPxPaTW0rLLaIqdzYS9yo0x
C1wjfP75y5pnyIjb6wapDGMe9gKNt3/EFH4M2KXdRz2xZ6jGsIeW7hNBUOPdXVxa
yd0OhfP+1idUAuKikfQ/ZlkNIluinC7rSrogJPhd3p2NY5zsbEMCoBPicY74qZmH
2xslofJwwD8l5QCUgYm2suWsahc4DbYfTbMKAwRN5W/0Fvlzz8EKvsca3EjSWYZr
6qBCasgqRbiybGM3OaBHLt1WZSD2R2kj6TadbI7GbX+UYnA117SOSD9bAvzrRIYH
YqI/8d8NX78BtbuI6WnpGazv1vuMM4g20Sjl5Wbvia/A12YLeSlgSRW0uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhAp/eW6mX820+KWWLDotM2xUIoMB8GA1UdIwQY
MBaAFJziLcoqLbCln+VmgcjRxAZ3p0W1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9JdHlpb3RzS1dmNVdhQnlOSEVCbmVuUmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC82YjBlMGUtOGJlNS00YmY5LWI0Mjct
NzBkNjMxMDdkMDVkLzEvMkVDbjk1YnFaZnpiVDRwWllzT2kwemJGUWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC82YjBlMGUtOGJlNS00YmY5LWI0MjctNzBkNjMxMDdkMDVk
LzEvbk9JdHlpb3RzS1dmNVdhQnlOSEVCbmVuUmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCU0tz7HiTVNovwAI0BcX4N1m0hmOvw6tYfpUAV0Xa0
ZElSWPP/oCUB/qMwtn3JxaTwQEsLavRD6B+of347d1uJqESVmrWpDJSeq48FBF90
f79GYbZZyV8ON31eA7TNp8KMCLcz5ZiweVOhpjRdXuOwcUxbpz3ECIXmKMAuARHQ
BC5Rs5Vs+AM4YVVpDI1oBnF7cY18qyQpKsKhAHFXtRI0fW7jX6QoYOtRT7R3PAcn
qfpbNrbE33zQocJg3AOshKgSmaNUgMDRM2KLj8ScOWwMkhmvOQAFW0ksJBrTHi/V
RjzXUwigX/JX6d3LA8P+o4z6jdmNOqJELWOG2MCIrX44
-----END CERTIFICATE-----