Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/NWrVvTh6es5CiCcwq6hmKNdO6pg.roa
File:                     NWrVvTh6es5CiCcwq6hmKNdO6pg.roa (raw, json)
Hash identifier:          zYKRI9uHL9uxlwMy6E2d6JOZfYlb+GoB6MHJE3xgOLE=
Subject key identifier:   35:6A:D5:BD:38:7A:7A:CE:42:88:27:30:AB:A8:66:28:D7:4E:EA:98
Certificate issuer:       /CN=2f0e3b758e248b801fc1f30d345d608b07af1bf6
Certificate serial:       018E844FC8C29069EAB81C456C2AAFD32F9E
Authority key identifier: 2F:0E:3B:75:8E:24:8B:80:1F:C1:F3:0D:34:5D:60:8B:07:AF:1B:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/NWrVvTh6es5CiCcwq6hmKNdO6pg.roa
Signing time:             Thu 28 Mar 2024 09:06:44 +0000
ROA not before:           Thu 28 Mar 2024 09:06:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49798
IP address blocks:        185.140.28.0/22 maxlen: 22
                          2a0c:c500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:84:4f:c8:c2:90:69:ea:b8:1c:45:6c:2a:af:d3:2f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f0e3b758e248b801fc1f30d345d608b07af1bf6
        Validity
            Not Before: Mar 28 09:06:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=356ad5bd387a7ace42882730aba86628d74eea98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e6:ea:3d:8c:08:df:1e:f6:a9:a8:85:1f:f0:
                    8a:83:aa:eb:5e:d6:01:67:68:e7:64:dc:c1:e0:65:
                    06:ce:e8:1f:5d:fb:59:8b:47:60:0b:4e:f1:76:ef:
                    60:d8:c3:b3:e6:bd:14:ea:5b:88:2b:8f:1b:45:cf:
                    37:64:68:67:92:0f:65:00:a8:96:ae:96:9f:e4:5c:
                    67:5d:1e:11:c5:27:65:2d:c6:94:22:9d:2c:2b:46:
                    c1:eb:44:e1:d8:6d:18:3d:24:24:a0:e0:a5:3b:f8:
                    c1:91:99:36:a1:8c:6e:0d:4d:f9:03:1a:80:22:6d:
                    e4:fc:20:d1:13:58:fb:d6:ca:96:c5:f1:45:17:68:
                    41:ef:be:2c:86:4c:dd:8c:19:8a:2d:2e:6d:6a:f5:
                    cb:bd:d2:6e:6f:62:53:f4:f3:40:1d:8f:84:1c:02:
                    35:96:34:94:ac:78:57:c3:1a:21:a8:0c:37:8b:6f:
                    81:2e:fa:33:04:3d:29:ba:56:9f:e3:e9:74:0f:05:
                    2a:f4:6b:2e:90:a7:42:a1:f5:d9:e0:54:ed:ca:71:
                    48:ee:4d:cf:41:00:90:10:54:ee:e5:77:e9:6f:de:
                    99:01:a5:56:e5:ba:90:0e:7f:b8:d7:26:0f:e8:f8:
                    97:8b:5b:93:37:0b:f0:e1:d9:0a:d2:95:9e:35:2a:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:6A:D5:BD:38:7A:7A:CE:42:88:27:30:AB:A8:66:28:D7:4E:EA:98
            X509v3 Authority Key Identifier:
                keyid:2F:0E:3B:75:8E:24:8B:80:1F:C1:F3:0D:34:5D:60:8B:07:AF:1B:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/NWrVvTh6es5CiCcwq6hmKNdO6pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.28.0/22
                IPv6:
                  2a0c:c500::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:6d:46:73:68:99:d5:4d:83:90:2f:c4:92:3b:04:c7:cd:b1:
         6a:c2:79:10:57:45:6e:cc:23:c9:a7:ab:b7:5b:1c:f5:82:3f:
         98:8c:79:da:0e:83:ec:ba:cc:65:ab:ea:c1:87:0d:93:0d:ed:
         17:42:f7:81:63:db:b0:29:17:0a:d9:16:fa:ba:c6:3c:f4:37:
         ef:4e:c3:06:bf:31:c1:87:4c:e2:0c:b3:22:30:4c:93:c4:90:
         52:92:f7:53:87:92:c1:79:7c:b2:02:ec:9d:93:c3:54:17:77:
         40:55:10:0a:bf:2b:61:8e:a6:1e:5f:8a:2b:ed:1c:41:92:15:
         26:e3:ca:50:75:49:ad:2e:3b:9e:42:10:2d:8c:b5:f2:16:c9:
         d4:03:0a:49:a1:28:aa:dc:b2:54:06:81:31:c8:57:87:58:19:
         43:3d:58:6b:81:28:71:ed:dd:45:a9:68:ca:39:94:c7:46:0d:
         f3:9f:b0:ed:23:03:2c:07:b0:21:a1:68:ac:36:7f:6e:66:93:
         2d:c9:c6:a3:9b:43:e6:0b:c4:7f:81:6b:fa:67:57:24:7c:71:
         f8:4a:a0:d2:15:c6:e1:f7:6d:7f:97:4b:fc:72:7b:bb:86:b5:
         f8:38:8a:eb:55:a7:87:92:66:31:ab:f3:05:39:a2:90:a9:98:
         26:11:b7:56
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6ET8jCkGnquBxFbCqv0y+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMGUzYjc1OGUyNDhiODAxZmMxZjMwZDM0NWQ2MDhiMDdh
ZjFiZjYwHhcNMjQwMzI4MDkwNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTZhZDViZDM4N2E3YWNlNDI4ODI3MzBhYmE4NjYyOGQ3NGVlYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkebqPYwI3x72qaiFH/CKg6rrXtYB
Z2jnZNzB4GUGzugfXftZi0dgC07xdu9g2MOz5r0U6luIK48bRc83ZGhnkg9lAKiW
rpaf5FxnXR4RxSdlLcaUIp0sK0bB60Th2G0YPSQkoOClO/jBkZk2oYxuDU35AxqA
Im3k/CDRE1j71sqWxfFFF2hB774shkzdjBmKLS5tavXLvdJub2JT9PNAHY+EHAI1
ljSUrHhXwxohqAw3i2+BLvozBD0pulaf4+l0DwUq9GsukKdCofXZ4FTtynFI7k3P
QQCQEFTu5Xfpb96ZAaVW5bqQDn+41yYP6PiXi1uTNwvw4dkK0pWeNSohZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDVq1b04enrOQognMKuoZijXTuqYMB8GA1UdIwQY
MBaAFC8OO3WOJIuAH8HzDTRdYIsHrxv2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHc0N2RZNGtpNEFmd2ZNTk5GMWdpd2V2R19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS83ZGVkMWYtYzQwZC00N2YyLWExMTAt
ODQ1NmRjZTU5Y2UwLzEvTldyVnZUaDZlczVDaUNjd3E2aG1LTmRPNnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS83ZGVkMWYtYzQwZC00N2YyLWExMTAtODQ1NmRjZTU5Y2Uw
LzEvTHc0N2RZNGtpNEFmd2ZNTk5GMWdpd2V2R19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYwcMA0E
AgACMAcDBQAqDMUAMA0GCSqGSIb3DQEBCwUAA4IBAQDHbUZzaJnVTYOQL8SSOwTH
zbFqwnkQV0VuzCPJp6u3Wxz1gj+YjHnaDoPsusxlq+rBhw2TDe0XQveBY9uwKRcK
2Rb6usY89DfvTsMGvzHBh0ziDLMiMEyTxJBSkvdTh5LBeXyyAuydk8NUF3dAVRAK
vythjqYeX4or7RxBkhUm48pQdUmtLjueQhAtjLXyFsnUAwpJoSiq3LJUBoExyFeH
WBlDPVhrgShx7d1FqWjKOZTHRg3zn7DtIwMsB7AhoWisNn9uZpMtycajm0PmC8R/
gWv6Z1ckfHH4SqDSFcbh921/l0v8cnu7hrX4OIrrVaeHkmYxq/MFOaKQqZgmEbdW
-----END CERTIFICATE-----