Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/2rnZDzU_vrcAGZDGm0vSQkxiizk.roa
File:                     2rnZDzU_vrcAGZDGm0vSQkxiizk.roa (raw, json)
Hash identifier:          HbNnS8Y/e1XkHVn+Q3cbTutIRW+9Bx9Dy19ix8rIo50=
Subject key identifier:   DA:B9:D9:0F:35:3F:BE:B7:00:19:90:C6:9B:4B:D2:42:4C:62:8B:39
Certificate issuer:       /CN=65c5dad544df49716085ebe80dbe82eb68a209c9
Certificate serial:       018CC64B46F8273DD583D7440F8836C3A5E7
Authority key identifier: 65:C5:DA:D5:44:DF:49:71:60:85:EB:E8:0D:BE:82:EB:68:A2:09:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/2rnZDzU_vrcAGZDGm0vSQkxiizk.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16376
IP address blocks:        185.202.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:46:f8:27:3d:d5:83:d7:44:0f:88:36:c3:a5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65c5dad544df49716085ebe80dbe82eb68a209c9
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dab9d90f353fbeb7001990c69b4bd2424c628b39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0c:e6:7f:f1:2a:70:8d:89:72:76:10:85:cf:
                    cd:d8:17:fb:de:bd:58:8e:d8:96:c9:29:43:97:55:
                    b3:0b:9f:af:7b:4d:39:4e:55:cf:33:4d:82:d8:5e:
                    f0:e8:b7:7a:6a:cf:cd:f3:31:6b:96:e7:21:c7:86:
                    73:f8:eb:8f:85:fa:74:85:5e:b4:f6:c2:7f:b3:10:
                    61:81:f6:60:50:6e:25:d3:a3:30:c7:e4:23:22:05:
                    22:c1:d2:d6:f9:54:da:a8:59:6a:ae:9a:97:87:b4:
                    56:c7:58:a1:6f:b4:11:42:86:07:e6:90:82:7d:ea:
                    64:d6:b5:2b:47:ec:0b:c1:66:1e:cf:d4:ed:b2:2e:
                    03:75:37:b5:6e:cf:3f:cf:e0:1e:3c:0d:eb:c3:5e:
                    ce:cd:4b:55:d4:7e:96:76:7f:f7:ea:44:67:12:79:
                    a9:29:28:a2:1e:16:c4:0d:1c:88:44:cd:66:c5:19:
                    8a:3f:ae:80:9d:11:bb:8b:b2:a6:6d:88:de:3f:8e:
                    8e:8d:38:fc:82:8c:ba:f4:0c:50:a5:be:ef:7b:4c:
                    cb:66:99:e8:6d:f0:38:f0:84:f9:73:6c:61:c1:3e:
                    f5:86:87:15:4c:41:25:83:79:28:31:08:d3:d6:ee:
                    6b:f1:1c:4c:9d:1b:bb:11:ec:4f:95:c2:b7:7e:43:
                    99:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B9:D9:0F:35:3F:BE:B7:00:19:90:C6:9B:4B:D2:42:4C:62:8B:39
            X509v3 Authority Key Identifier:
                keyid:65:C5:DA:D5:44:DF:49:71:60:85:EB:E8:0D:BE:82:EB:68:A2:09:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZcXa1UTfSXFghevoDb6C62iiCck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/2rnZDzU_vrcAGZDGm0vSQkxiizk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5cfd38-5e37-43af-a1b0-ad012aff5172/1/ZcXa1UTfSXFghevoDb6C62iiCck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a4:a0:1a:e5:70:f1:f6:a7:47:d0:85:19:21:12:07:ce:37:
         8d:ec:d1:7e:50:e2:24:41:6b:dd:e5:17:f8:6a:5a:b0:85:24:
         08:5f:44:27:81:aa:fe:94:6b:24:4c:d6:17:16:e3:94:ce:ee:
         64:82:aa:fd:6e:cb:85:1a:3a:52:ad:45:56:1e:a3:c8:f1:55:
         c5:b7:85:af:dc:a4:86:fb:22:1e:91:b9:61:18:9a:e3:ec:3e:
         5d:cc:64:11:e4:f4:17:5f:2b:af:2a:48:4f:0c:29:61:8d:48:
         d5:99:27:9b:de:46:f8:d2:78:62:91:5e:81:85:fa:a6:bd:08:
         e5:14:af:c4:c2:4b:23:41:1a:ca:b5:40:b1:b6:0d:e1:0f:28:
         b3:44:1f:04:f5:d4:20:be:4f:52:c7:06:22:fc:cf:53:fa:5d:
         e9:d9:96:3e:cb:e9:04:71:89:72:81:03:93:1e:0f:17:16:7f:
         ca:7f:ff:a2:c0:0c:69:83:76:b5:d5:d3:de:8b:29:04:c5:18:
         e5:eb:e3:4b:c6:bd:16:47:72:ec:5c:e0:4c:11:01:ce:b4:ae:
         16:da:6f:9e:43:4f:92:84:b8:0f:4e:92:31:e7:1a:ca:df:33:
         d3:25:73:ec:8d:87:81:39:59:72:ae:2f:72:37:de:c0:9d:7a:
         a8:f0:e0:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0b4Jz3Vg9dED4g2w6XnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YzVkYWQ1NDRkZjQ5NzE2MDg1ZWJlODBkYmU4MmViNjhh
MjA5YzkwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWI5ZDkwZjM1M2ZiZWI3MDAxOTkwYzY5YjRiZDI0MjRjNjI4YjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgzmf/EqcI2JcnYQhc/N2Bf73r1Y
jtiWySlDl1WzC5+ve005TlXPM02C2F7w6Ld6as/N8zFrluchx4Zz+OuPhfp0hV60
9sJ/sxBhgfZgUG4l06Mwx+QjIgUiwdLW+VTaqFlqrpqXh7RWx1ihb7QRQoYH5pCC
fepk1rUrR+wLwWYez9Ttsi4DdTe1bs8/z+AePA3rw17OzUtV1H6Wdn/36kRnEnmp
KSiiHhbEDRyIRM1mxRmKP66AnRG7i7KmbYjeP46OjTj8goy69AxQpb7ve0zLZpno
bfA48IT5c2xhwT71hocVTEElg3koMQjT1u5r8RxMnRu7EexPlcK3fkOZbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNq52Q81P763ABmQxptL0kJMYos5MB8GA1UdIwQY
MBaAFGXF2tVE30lxYIXr6A2+gutoognJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmNYYTFVVGZTWEZnaGV2b0RiNkM2MmlpQ2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny81Y2ZkMzgtNWUzNy00M2FmLWExYjAt
YWQwMTJhZmY1MTcyLzEvMnJuWkR6VV92cmNBR1pER20wdlNRa3hpaXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny81Y2ZkMzgtNWUzNy00M2FmLWExYjAtYWQwMTJhZmY1MTcy
LzEvWmNYYTFVVGZTWEZnaGV2b0RiNkM2MmlpQ2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucpzMA0G
CSqGSIb3DQEBCwUAA4IBAQACpKAa5XDx9qdH0IUZIRIHzjeN7NF+UOIkQWvd5Rf4
alqwhSQIX0Qngar+lGskTNYXFuOUzu5kgqr9bsuFGjpSrUVWHqPI8VXFt4Wv3KSG
+yIekblhGJrj7D5dzGQR5PQXXyuvKkhPDClhjUjVmSeb3kb40nhikV6BhfqmvQjl
FK/EwksjQRrKtUCxtg3hDyizRB8E9dQgvk9SxwYi/M9T+l3p2ZY+y+kEcYlygQOT
Hg8XFn/Kf/+iwAxpg3a11dPeiykExRjl6+NLxr0WR3LsXOBMEQHOtK4W2m+eQ0+S
hLgPTpIx5xrK3zPTJXPsjYeBOVlyri9yN97AnXqo8ODF
-----END CERTIFICATE-----