Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/2DGb-LfAQjW4zjMm0NoD_pIuYDw.roa
File:                     2DGb-LfAQjW4zjMm0NoD_pIuYDw.roa (raw, json)
Hash identifier:          arG1yuc5/yJbYZRGMgFBlOX6isHl0sWiM4CVLc7paqo=
Subject key identifier:   D8:31:9B:F8:B7:C0:42:35:B8:CE:33:26:D0:DA:03:FE:92:2E:60:3C
Certificate issuer:       /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial:       018CC3B6AAD4AD532F4994F6ECF9A184E8AF
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/2DGb-LfAQjW4zjMm0NoD_pIuYDw.roa
Signing time:             Mon 01 Jan 2024 06:29:37 +0000
ROA not before:           Mon 01 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212648
IP address blocks:        217.145.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:aa:d4:ad:53:2f:49:94:f6:ec:f9:a1:84:e8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
        Validity
            Not Before: Jan  1 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8319bf8b7c04235b8ce3326d0da03fe922e603c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:44:b7:92:af:3d:d3:a6:32:f5:f9:c1:d0:8c:
                    7d:a0:57:97:8d:c3:13:a8:21:49:89:e5:1f:e2:c5:
                    ba:85:f5:38:9b:5d:ea:96:6d:0d:cf:41:5e:08:97:
                    d0:89:cc:19:aa:1b:24:d7:e9:b7:93:39:c3:db:c6:
                    39:05:91:3f:a4:be:31:74:32:08:43:df:0f:7f:15:
                    9e:99:11:6c:9c:5d:7e:91:3d:fb:76:f9:7a:92:61:
                    b9:cd:d6:66:6b:df:67:3c:a3:94:72:96:1b:02:9c:
                    e6:c1:06:07:7b:88:30:df:e8:b9:c9:05:98:88:2b:
                    b2:55:94:ac:77:9a:e5:12:38:de:59:48:15:3b:88:
                    d4:01:cd:1e:f1:90:7f:ec:69:5e:3f:f7:15:ae:27:
                    9d:aa:99:cc:a1:43:33:02:6c:55:c8:04:d7:54:18:
                    fd:3b:d9:f5:c7:21:4e:8c:c3:de:7e:af:f9:4f:a2:
                    d8:09:bf:3a:6f:24:a1:26:f0:05:fa:39:a9:8b:00:
                    23:10:c0:df:d1:2d:13:ab:30:50:57:68:ff:84:cd:
                    65:a1:0d:92:19:90:36:bf:ab:3a:ac:c5:71:e2:3b:
                    79:7a:83:db:06:03:04:81:43:ab:11:ea:65:5f:42:
                    61:6f:43:0b:aa:33:64:c6:53:0c:03:f8:53:9b:f3:
                    7c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:31:9B:F8:B7:C0:42:35:B8:CE:33:26:D0:DA:03:FE:92:2E:60:3C
            X509v3 Authority Key Identifier:
                keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/2DGb-LfAQjW4zjMm0NoD_pIuYDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:2c:5f:cc:87:75:7f:fa:91:14:cb:cb:73:12:da:07:51:54:
         ec:bb:db:2a:9b:b1:cb:4c:9a:2c:7c:b0:0d:64:83:a6:35:fa:
         b0:6f:b3:b9:02:55:f9:87:f5:7b:40:eb:4c:f8:af:55:b8:df:
         b2:90:0b:63:41:61:01:6d:43:f3:81:c0:01:27:14:44:4b:13:
         ba:23:c5:44:fd:a3:60:0b:43:c4:19:71:68:0c:b4:0f:c2:0a:
         c0:5a:71:21:fd:95:7d:2b:2f:d3:fb:bc:a4:69:99:a0:53:cb:
         f5:49:e0:62:58:3d:3f:6e:67:ac:f1:44:6b:cc:94:0c:7e:43:
         67:07:19:a9:94:cd:60:3d:da:d4:f8:aa:88:bb:3d:34:2a:9b:
         b2:03:5a:79:b1:77:15:90:25:b5:af:1b:59:a5:41:5c:54:c0:
         df:4d:bd:2f:6f:7c:d4:ad:cb:50:70:ee:a1:4d:c6:01:4f:29:
         8f:04:2d:44:2f:4d:5e:86:7b:09:6a:ae:3d:77:87:5a:6f:db:
         98:e7:9e:73:7c:b2:26:2c:ab:50:0f:bd:da:91:17:34:41:63:
         8b:71:bb:f4:79:70:48:4a:76:a4:c8:0f:49:63:38:62:c5:9f:
         58:53:47:55:d8:a5:f2:d6:07:a3:21:93:3e:43:86:01:d5:92:
         78:1f:d7:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqrUrVMvSZT27PmhhOivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODMxOWJmOGI3YzA0MjM1YjhjZTMzMjZkMGRhMDNmZTkyMmU2MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0S3kq8906Yy9fnB0Ix9oFeXjcMT
qCFJieUf4sW6hfU4m13qlm0Nz0FeCJfQicwZqhsk1+m3kznD28Y5BZE/pL4xdDII
Q98PfxWemRFsnF1+kT37dvl6kmG5zdZma99nPKOUcpYbApzmwQYHe4gw3+i5yQWY
iCuyVZSsd5rlEjjeWUgVO4jUAc0e8ZB/7GleP/cVriedqpnMoUMzAmxVyATXVBj9
O9n1xyFOjMPefq/5T6LYCb86byShJvAF+jmpiwAjEMDf0S0TqzBQV2j/hM1loQ2S
GZA2v6s6rMVx4jt5eoPbBgMEgUOrEeplX0Jhb0MLqjNkxlMMA/hTm/N8cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgxm/i3wEI1uM4zJtDaA/6SLmA8MB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvMkRHYi1MZkFRalc0empNbTBOb0RfcEl1WUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZHnMA0G
CSqGSIb3DQEBCwUAA4IBAQC2LF/Mh3V/+pEUy8tzEtoHUVTsu9sqm7HLTJosfLAN
ZIOmNfqwb7O5AlX5h/V7QOtM+K9VuN+ykAtjQWEBbUPzgcABJxRESxO6I8VE/aNg
C0PEGXFoDLQPwgrAWnEh/ZV9Ky/T+7ykaZmgU8v1SeBiWD0/bmes8URrzJQMfkNn
BxmplM1gPdrU+KqIuz00KpuyA1p5sXcVkCW1rxtZpUFcVMDfTb0vb3zUrctQcO6h
TcYBTymPBC1EL01ehnsJaq49d4dab9uY555zfLImLKtQD73akRc0QWOLcbv0eXBI
SnakyA9JYzhixZ9YU0dV2KXy1gejIZM+Q4YB1ZJ4H9ex
-----END CERTIFICATE-----