Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/tK2dKpaP5HEqArEWWsz9tQN-hyg.roa
File:                     tK2dKpaP5HEqArEWWsz9tQN-hyg.roa (raw, json)
Hash identifier:          aMJZansCeACjH6ANwJXmjjPBucu1ONc2YfyZi3IYsi8=
Subject key identifier:   B4:AD:9D:2A:96:8F:E4:71:2A:02:B1:16:5A:CC:FD:B5:03:7E:87:28
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       018F51755C68C5F807159906BF85E50626BF
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/tK2dKpaP5HEqArEWWsz9tQN-hyg.roa
Signing time:             Tue 07 May 2024 05:09:56 +0000
ROA not before:           Tue 07 May 2024 05:09:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.14.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:51:75:5c:68:c5:f8:07:15:99:06:bf:85:e5:06:26:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: May  7 05:09:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4ad9d2a968fe4712a02b1165accfdb5037e8728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:21:7a:18:8b:56:9e:48:be:be:87:ca:98:2b:
                    b0:70:30:d1:e6:31:e8:93:7e:54:72:7b:bf:6f:b9:
                    01:5a:76:b4:0b:30:5c:b9:bc:47:97:c6:37:29:1c:
                    41:23:74:c7:80:24:6b:66:df:50:bc:2e:84:68:35:
                    07:00:7a:76:3f:e0:90:5a:04:e1:39:32:50:fe:8c:
                    63:8a:cd:5f:1d:12:0e:02:b6:ba:ac:55:ce:f3:17:
                    b2:51:37:24:89:fa:a6:4d:fe:60:69:c4:11:55:dd:
                    e4:97:b3:ce:9f:5c:a5:cc:bd:fb:f3:c1:8f:93:c9:
                    c2:3f:df:dc:a7:8d:f3:39:bb:a8:16:b5:6d:f7:01:
                    cc:08:22:34:45:bf:07:a6:51:26:4f:b2:cc:7c:59:
                    b5:44:93:14:84:ab:73:32:30:f3:f0:99:cd:2e:c0:
                    78:2c:62:92:f7:f7:53:cb:4d:51:62:b0:5d:49:3d:
                    45:d5:13:f0:69:5e:9b:16:a5:d7:41:bd:fb:5c:0d:
                    65:35:50:63:a6:13:90:f4:87:e4:a6:9e:79:f3:2d:
                    b9:60:31:3d:f7:1a:1d:50:36:1d:df:23:10:3d:9d:
                    fb:f2:8e:d0:c3:85:2f:7c:ec:61:fa:5a:5a:14:98:
                    ef:75:83:3e:af:ee:7d:b7:88:24:9d:b2:f6:1e:0e:
                    9a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AD:9D:2A:96:8F:E4:71:2A:02:B1:16:5A:CC:FD:B5:03:7E:87:28
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/tK2dKpaP5HEqArEWWsz9tQN-hyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:28:c6:51:b1:76:f1:cd:45:9d:96:19:b3:a3:97:35:1b:74:
         fc:11:e4:e0:9d:e6:97:03:3d:5b:10:60:eb:f8:ae:b1:48:d0:
         b4:10:4d:c5:37:5d:d7:02:f4:b3:3c:03:50:4f:57:55:e0:a5:
         8f:34:9a:29:e6:47:32:a7:7e:71:96:04:51:5e:95:b3:cd:7d:
         6d:a1:dc:a4:34:44:b6:2c:4b:da:28:f2:b4:5d:23:33:4a:6d:
         12:02:fe:38:d0:bd:ff:bf:b8:b0:de:ec:73:d9:ed:da:17:ab:
         65:b2:69:ed:00:af:25:40:59:f5:07:52:6d:db:d1:89:0d:4e:
         9d:08:6d:c2:66:fc:95:d0:ea:e0:92:f8:5b:f2:be:8b:d5:cc:
         05:9c:ce:bd:83:25:07:29:2c:3a:24:7d:39:e5:c9:d7:e9:69:
         ce:eb:b1:d7:33:a9:66:b9:2c:9f:d0:a5:6f:6a:f3:cb:35:fe:
         6b:a1:35:66:8c:fe:bb:ee:68:e2:cc:2c:34:3f:50:e1:16:35:
         cd:86:9e:ec:e4:41:cc:34:7d:75:9a:ef:d3:62:be:84:61:41:
         88:72:29:16:e8:fe:f4:f8:9c:a3:fc:67:97:b9:9f:f3:91:99:
         85:99:27:40:9b:7d:26:68:46:b0:1e:d5:62:b3:2f:3a:60:ef:
         99:1c:2b:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9RdVxoxfgHFZkGv4XlBia/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjQwNTA3MDUwOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFkOWQyYTk2OGZlNDcxMmEwMmIxMTY1YWNjZmRiNTAzN2U4NzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniF6GItWnki+vofKmCuwcDDR5jHo
k35Ucnu/b7kBWna0CzBcubxHl8Y3KRxBI3THgCRrZt9QvC6EaDUHAHp2P+CQWgTh
OTJQ/oxjis1fHRIOAra6rFXO8xeyUTckifqmTf5gacQRVd3kl7POn1ylzL3788GP
k8nCP9/cp43zObuoFrVt9wHMCCI0Rb8HplEmT7LMfFm1RJMUhKtzMjDz8JnNLsB4
LGKS9/dTy01RYrBdST1F1RPwaV6bFqXXQb37XA1lNVBjphOQ9Ifkpp558y25YDE9
9xodUDYd3yMQPZ378o7Qw4UvfOxh+lpaFJjvdYM+r+59t4gknbL2Hg6amwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLStnSqWj+RxKgKxFlrM/bUDfocoMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvdEsyZEtwYVA1SEVxQXJFV1dzejl0UU4taHlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQCRKMZRsXbxzUWdlhmzo5c1G3T8EeTgneaXAz1bEGDr
+K6xSNC0EE3FN13XAvSzPANQT1dV4KWPNJop5kcyp35xlgRRXpWzzX1todykNES2
LEvaKPK0XSMzSm0SAv440L3/v7iw3uxz2e3aF6tlsmntAK8lQFn1B1Jt29GJDU6d
CG3CZvyV0Orgkvhb8r6L1cwFnM69gyUHKSw6JH055cnX6WnO67HXM6lmuSyf0KVv
avPLNf5roTVmjP677mjizCw0P1DhFjXNhp7s5EHMNH11mu/TYr6EYUGIcikW6P70
+Jyj/GeXuZ/zkZmFmSdAm30maEawHtVisy86YO+ZHCtv
-----END CERTIFICATE-----