Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2mho_NFWcs5OSK7s8H5MtWZ9vF0.roa
File:                     2mho_NFWcs5OSK7s8H5MtWZ9vF0.roa (raw, json)
Hash identifier:          HV9I8uVerIHhNSSEbNlAslKWp003KXvm9rGH4Es6vBk=
Subject key identifier:   DA:68:68:FC:D1:56:72:CE:4E:48:AE:EC:F0:7E:4C:B5:66:7D:BC:5D
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7943F68524DE9E59DEC1A669A07CC3D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2mho_NFWcs5OSK7s8H5MtWZ9vF0.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8928
IP address blocks:        195.143.0.0/24 maxlen: 24
                          212.222.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3f:68:52:4d:e9:e5:9d:ec:1a:66:9a:07:cc:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da6868fcd15672ce4e48aeecf07e4cb5667dbc5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f3:86:3c:70:1f:01:13:ad:5f:2d:58:a9:82:
                    b0:b8:f7:a2:de:3f:7c:8d:05:66:37:2d:62:3e:4a:
                    fd:18:69:be:99:91:34:c4:08:79:13:4c:0d:ba:9c:
                    2d:b5:83:07:1f:0e:47:c3:6f:3c:80:47:54:88:b0:
                    d2:9c:32:1f:20:d0:1b:b8:6c:26:b4:b4:54:11:b4:
                    61:a5:7d:ed:76:9a:17:aa:2e:be:36:96:ad:0c:7e:
                    94:e5:39:47:16:f2:31:36:cc:16:f4:46:c8:e6:5e:
                    af:d7:4f:78:f7:01:e0:c1:16:a5:32:43:9b:7c:41:
                    66:e7:87:a3:7e:c5:f4:dc:3e:1b:f5:cc:b8:c4:6c:
                    bb:33:4f:42:1f:7b:5d:26:a3:7b:e0:67:3a:fc:16:
                    94:61:49:96:42:a0:e0:31:a3:62:0c:1c:74:39:e2:
                    61:61:cd:da:53:2a:bf:36:e2:c1:6c:23:1f:18:8f:
                    65:88:e5:21:fd:cf:05:0d:30:db:09:69:21:b5:6f:
                    65:54:f5:88:7b:d1:f1:0d:5f:3a:6b:a3:3b:c0:ae:
                    2c:ad:37:64:29:7e:22:b5:f8:d1:b1:f2:e6:d4:60:
                    f2:d6:43:00:4e:bb:6a:28:64:17:52:76:7a:f1:3d:
                    9b:f2:7c:40:58:67:68:44:0c:d7:90:f8:c6:84:96:
                    3e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:68:68:FC:D1:56:72:CE:4E:48:AE:EC:F0:7E:4C:B5:66:7D:BC:5D
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2mho_NFWcs5OSK7s8H5MtWZ9vF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.143.0.0/24
                  212.222.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0b:30:37:56:c4:f9:fc:1f:7e:13:4a:a5:be:a1:ec:d6:f3:
         cd:64:4e:b3:4d:ea:db:1c:f6:58:30:ad:a8:b2:c2:de:b8:d9:
         00:d3:95:ba:4d:24:27:af:cb:7b:c7:42:46:26:14:fa:f3:9f:
         a7:ac:ed:66:d0:6a:0f:2f:b4:a2:b8:f4:bb:13:de:ac:84:b1:
         49:f1:49:9e:4f:60:98:21:2a:1b:a1:aa:74:b9:b3:46:aa:74:
         19:ec:eb:bb:5f:af:ac:89:5e:96:73:97:bb:d2:65:0f:17:bf:
         ee:0a:44:39:74:8e:0c:8a:fe:92:8d:ac:ed:8d:47:6e:8a:96:
         2b:90:84:35:2d:00:36:0e:38:ef:f1:9d:74:42:5e:34:eb:8c:
         54:23:86:1c:6a:4d:c6:87:2c:c5:3a:c9:b9:af:f0:5b:7d:a7:
         69:50:8d:f0:1a:1c:4c:ee:a0:c9:db:5c:39:74:02:d8:7e:28:
         e6:f0:d2:11:11:c4:43:1a:2f:9d:d2:22:47:8f:af:cf:dd:17:
         83:5d:c0:65:6a:54:19:b6:49:72:3a:6f:47:f3:a6:be:c2:0e:
         85:04:be:c7:ab:b1:f7:e4:97:cd:e0:d4:db:73:76:9b:a8:c4:
         bf:e9:a1:4f:5c:fc:ed:47:5a:ca:56:f5:49:44:6f:af:48:b3:
         7a:a1:7b:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlD9oUk3p5Z3sGmaaB8w9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY4NjhmY2QxNTY3MmNlNGU0OGFlZWNmMDdlNGNiNTY2N2RiYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/OGPHAfAROtXy1YqYKwuPei3j98
jQVmNy1iPkr9GGm+mZE0xAh5E0wNupwttYMHHw5Hw288gEdUiLDSnDIfINAbuGwm
tLRUEbRhpX3tdpoXqi6+NpatDH6U5TlHFvIxNswW9EbI5l6v10949wHgwRalMkOb
fEFm54ejfsX03D4b9cy4xGy7M09CH3tdJqN74Gc6/BaUYUmWQqDgMaNiDBx0OeJh
Yc3aUyq/NuLBbCMfGI9liOUh/c8FDTDbCWkhtW9lVPWIe9HxDV86a6M7wK4srTdk
KX4itfjRsfLm1GDy1kMATrtqKGQXUnZ68T2b8nxAWGdoRAzXkPjGhJY+AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNpoaPzRVnLOTkiu7PB+TLVmfbxdMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMm1ob19ORldjczVPU0s3czhINU10V1o5dkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw48AAwQA
1N6AMA0GCSqGSIb3DQEBCwUAA4IBAQCjCzA3VsT5/B9+E0qlvqHs1vPNZE6zTerb
HPZYMK2ossLeuNkA05W6TSQnr8t7x0JGJhT685+nrO1m0GoPL7SiuPS7E96shLFJ
8UmeT2CYISoboap0ubNGqnQZ7Ou7X6+siV6Wc5e70mUPF7/uCkQ5dI4Miv6Sjazt
jUduipYrkIQ1LQA2Djjv8Z10Ql4064xUI4Ycak3GhyzFOsm5r/BbfadpUI3wGhxM
7qDJ21w5dALYfijm8NIREcRDGi+d0iJHj6/P3ReDXcBlalQZtklyOm9H86a+wg6F
BL7Hq7H35JfN4NTbc3abqMS/6aFPXPztR1rKVvVJRG+vSLN6oXvS
-----END CERTIFICATE-----