Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/2EfUHNFEjQhvRSYgWVytFsXwDsY.roa
File:                     2EfUHNFEjQhvRSYgWVytFsXwDsY.roa (raw, json)
Hash identifier:          ZnpyAPsJTSO8V6FOmUnQocdNlp1czxvXoCl6R+jvLck=
Subject key identifier:   D8:47:D4:1C:D1:44:8D:08:6F:45:26:20:59:5C:AD:16:C5:F0:0E:C6
Certificate issuer:       /CN=137e1103775785d012fc8ddab4c02ac03791b9d4
Certificate serial:       018CC94D48AD8D1C9B021CF6EBC13A5CA093
Authority key identifier: 13:7E:11:03:77:57:85:D0:12:FC:8D:DA:B4:C0:2A:C0:37:91:B9:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/2EfUHNFEjQhvRSYgWVytFsXwDsY.roa
Signing time:             Tue 02 Jan 2024 08:32:14 +0000
ROA not before:           Tue 02 Jan 2024 08:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203715
IP address blocks:        185.126.60.0/22 maxlen: 23
                          2a06:bf00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:48:ad:8d:1c:9b:02:1c:f6:eb:c1:3a:5c:a0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e1103775785d012fc8ddab4c02ac03791b9d4
        Validity
            Not Before: Jan  2 08:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d847d41cd1448d086f452620595cad16c5f00ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:42:28:a0:3f:72:45:42:90:59:e9:67:04:00:
                    26:6a:f0:a9:ea:02:44:1a:7c:a1:3f:f2:ec:14:6d:
                    46:d7:0d:6a:19:83:63:95:27:c6:dc:a3:0d:f1:ea:
                    81:ee:a3:3d:cc:43:ad:22:51:dc:40:d6:a1:12:0a:
                    74:b4:99:90:f5:0b:bd:4e:94:37:a8:ea:11:4e:a1:
                    5d:76:c6:15:3a:e4:b5:c7:b4:3a:ce:b7:e5:2e:8c:
                    19:a1:2f:c2:c8:cc:0c:12:c6:a1:27:c8:8a:12:ac:
                    68:c9:4d:a9:86:2a:f3:55:a1:28:17:43:c3:fd:43:
                    4c:f0:6c:a2:a6:eb:ee:b7:0f:14:a9:5f:c8:f9:92:
                    a7:f3:ff:4d:f4:24:b8:26:c1:a9:e5:9e:26:9b:5e:
                    80:55:01:f3:1c:a0:ed:8d:55:75:8b:71:e3:79:50:
                    c1:5f:a9:9c:a0:57:d5:50:9c:c0:3a:e8:ba:b9:73:
                    c2:0f:38:f9:3b:b2:f0:0f:68:d7:56:ea:99:d8:02:
                    c4:6a:4e:82:c5:eb:0d:6b:93:1b:c9:42:53:8b:ed:
                    6a:e5:d6:c4:86:12:ca:80:cc:36:d2:9d:14:7f:39:
                    0f:86:77:45:3a:2b:a2:67:51:16:b7:5d:6c:ae:68:
                    7f:6c:87:05:6b:17:5d:27:b5:1d:df:28:94:64:c8:
                    8c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:47:D4:1C:D1:44:8D:08:6F:45:26:20:59:5C:AD:16:C5:F0:0E:C6
            X509v3 Authority Key Identifier:
                keyid:13:7E:11:03:77:57:85:D0:12:FC:8D:DA:B4:C0:2A:C0:37:91:B9:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/2EfUHNFEjQhvRSYgWVytFsXwDsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.60.0/22
                IPv6:
                  2a06:bf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:e7:d3:3d:2a:4c:bc:ad:fa:c2:b4:01:63:ec:d9:42:f1:f8:
         68:3f:60:c8:4e:83:63:c8:86:b1:f5:9f:aa:b5:6d:94:df:6b:
         27:10:52:fc:f5:cd:38:8b:bb:4c:bb:ff:6c:9d:64:35:c6:42:
         8f:e8:7e:c0:b9:ca:db:3b:9f:c9:43:f9:23:e3:84:0a:14:4e:
         79:b8:77:0b:1a:fa:fc:46:2e:88:1b:f9:de:c0:6e:11:0b:dd:
         42:1d:2b:b9:3e:c4:c4:9e:e1:37:10:36:92:a8:77:8f:fd:de:
         18:35:55:38:50:bc:70:ba:25:46:0b:64:b0:d9:83:2f:b1:4c:
         12:1c:83:33:d6:a6:65:0e:5e:7f:ed:b9:26:27:80:75:12:80:
         00:d4:5f:f8:cd:aa:8a:ed:ae:42:af:d6:7b:47:ed:2a:f6:13:
         be:31:05:fa:6c:95:91:b0:ca:1b:70:72:79:10:ed:c9:6f:06:
         50:85:09:2e:e0:56:5d:fa:c9:eb:94:e6:90:12:fd:c1:25:d9:
         7a:e9:bf:a9:50:5e:2a:f9:c3:ea:18:2b:d2:51:1d:68:1a:c1:
         a9:60:28:cc:40:43:06:43:97:07:53:ad:8f:fe:83:78:dc:45:
         25:50:8f:b7:13:1f:bf:b3:65:60:f8:35:ec:5d:fe:7b:c9:bb:
         f7:b4:04:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTUitjRybAhz268E6XKCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2UxMTAzNzc1Nzg1ZDAxMmZjOGRkYWI0YzAyYWMwMzc5
MWI5ZDQwHhcNMjQwMTAyMDgzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ3ZDQxY2QxNDQ4ZDA4NmY0NTI2MjA1OTVjYWQxNmM1ZjAwZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUIooD9yRUKQWelnBAAmavCp6gJE
GnyhP/LsFG1G1w1qGYNjlSfG3KMN8eqB7qM9zEOtIlHcQNahEgp0tJmQ9Qu9TpQ3
qOoRTqFddsYVOuS1x7Q6zrflLowZoS/CyMwMEsahJ8iKEqxoyU2phirzVaEoF0PD
/UNM8Gyipuvutw8UqV/I+ZKn8/9N9CS4JsGp5Z4mm16AVQHzHKDtjVV1i3HjeVDB
X6mcoFfVUJzAOui6uXPCDzj5O7LwD2jXVuqZ2ALEak6CxesNa5MbyUJTi+1q5dbE
hhLKgMw20p0UfzkPhndFOiuiZ1EWt11srmh/bIcFaxddJ7Ud3yiUZMiMOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNhH1BzRRI0Ib0UmIFlcrRbF8A7GMB8GA1UdIwQY
MBaAFBN+EQN3V4XQEvyN2rTAKsA3kbnUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM0UkEzZFhoZEFTX0kzYXRNQXF3RGVSdWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lMTZlZTctZWZlZi00ODA5LTg5ZmYt
OGJkY2NjZTVkZmU4LzEvMkVmVUhORkVqUWh2UlNZZ1dWeXRGc1h3RHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lMTZlZTctZWZlZi00ODA5LTg5ZmYtOGJkY2NjZTVkZmU4
LzEvRTM0UkEzZFhoZEFTX0kzYXRNQXF3RGVSdWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX48MA0E
AgACMAcDBQMqBr8AMA0GCSqGSIb3DQEBCwUAA4IBAQAD59M9Kky8rfrCtAFj7NlC
8fhoP2DIToNjyIax9Z+qtW2U32snEFL89c04i7tMu/9snWQ1xkKP6H7AucrbO5/J
Q/kj44QKFE55uHcLGvr8Ri6IG/newG4RC91CHSu5PsTEnuE3EDaSqHeP/d4YNVU4
ULxwuiVGC2Sw2YMvsUwSHIMz1qZlDl5/7bkmJ4B1EoAA1F/4zaqK7a5Cr9Z7R+0q
9hO+MQX6bJWRsMobcHJ5EO3JbwZQhQku4FZd+snrlOaQEv3BJdl66b+pUF4q+cPq
GCvSUR1oGsGpYCjMQEMGQ5cHU62P/oN43EUlUI+3Ex+/s2Vg+DXsXf57ybv3tATr
-----END CERTIFICATE-----