Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/2JPmy-zDckHnhsI4S51evJFHiQA.roa
File:                     2JPmy-zDckHnhsI4S51evJFHiQA.roa (raw, json)
Hash identifier:          VKzqn5dbv/Z4PejU2XzX0JpWhcs9t8pAsx0HJRFj0Ig=
Subject key identifier:   D8:93:E6:CB:EC:C3:72:41:E7:86:C2:38:4B:9D:5E:BC:91:47:89:00
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0191802CC2BEAAF1762AE7787D0B125E5A31
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/2JPmy-zDckHnhsI4S51evJFHiQA.roa
Signing time:             Fri 23 Aug 2024 16:58:22 +0000
ROA not before:           Fri 23 Aug 2024 16:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55933
IP address blocks:        178.255.244.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:80:2c:c2:be:aa:f1:76:2a:e7:78:7d:0b:12:5e:5a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug 23 16:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d893e6cbecc37241e786c2384b9d5ebc91478900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:30:b1:fa:49:1d:17:a9:0e:73:ef:45:c3:9a:
                    1e:6d:ed:fe:3d:3c:a4:93:cf:a6:ed:3d:bc:b5:5b:
                    6c:eb:63:23:f6:22:50:2c:a7:c1:7d:dc:3b:96:d1:
                    c4:d3:cb:b6:e9:2a:3f:5e:5b:14:46:25:4c:a8:d2:
                    98:fa:51:eb:f6:ec:a4:f7:c3:e7:35:ba:91:85:17:
                    2c:66:e8:61:be:e2:03:c4:48:cc:b4:72:f5:fe:35:
                    b5:63:a0:13:99:bb:69:74:8e:4d:2d:6f:df:9f:8a:
                    65:0b:d5:20:3c:43:9a:8e:61:bd:98:bf:88:e6:74:
                    cb:40:8b:b3:20:d2:ed:a1:fa:fd:8a:ec:7e:ce:46:
                    cc:02:09:0c:69:80:e1:8c:99:80:18:d0:4e:e5:25:
                    3a:4a:51:25:45:bd:82:59:cd:8d:1b:3d:31:b8:87:
                    17:e9:5e:fb:f0:ee:2a:8f:df:72:ee:94:fe:9a:ea:
                    39:c1:2e:3c:a3:f4:70:8e:40:3a:78:ca:22:ee:24:
                    21:98:43:c3:c6:57:a8:bf:22:d8:b4:1f:f5:e7:85:
                    85:04:0e:3a:13:67:48:a3:34:0d:4a:27:17:59:00:
                    4d:7a:60:26:28:7a:a7:f8:f2:2d:4e:a8:39:56:74:
                    53:59:94:52:5d:32:9c:0f:cd:c4:bb:3d:a8:41:33:
                    7f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:93:E6:CB:EC:C3:72:41:E7:86:C2:38:4B:9D:5E:BC:91:47:89:00
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/2JPmy-zDckHnhsI4S51evJFHiQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:f0:26:ba:76:a6:7e:ef:7b:71:1b:0b:3d:8c:4f:2f:0a:e3:
         8a:d1:9a:8d:1f:d4:ac:58:8a:a4:97:24:6f:70:4c:fb:ce:e7:
         de:86:12:a3:84:3e:69:e1:86:d8:05:dd:2f:7c:8f:cf:16:a4:
         e1:2e:cc:9c:d6:96:42:34:0e:b5:52:55:bb:4f:30:8a:f3:89:
         bc:ef:ce:32:60:a6:92:0a:44:f6:14:96:03:86:5b:ae:2c:c9:
         de:13:9c:e2:48:36:52:bf:7c:3f:c4:37:f1:04:34:71:d8:67:
         77:97:c1:1c:80:04:c8:99:9b:01:b3:ff:fc:c1:a5:de:a2:7c:
         ca:0d:44:b5:e9:98:24:6e:d3:57:28:ee:9f:68:59:38:52:d6:
         ed:ab:55:51:8c:1b:eb:48:9a:87:88:ce:a7:03:67:22:b0:19:
         e0:24:db:36:a5:0e:8e:51:1a:05:58:1e:a7:33:cd:36:4f:72:
         10:9f:9b:d0:cf:a1:b7:38:da:85:74:6d:29:23:e9:24:5e:72:
         96:86:38:12:eb:03:21:2b:90:d4:14:33:6a:5c:ca:46:8a:d2:
         1e:78:86:62:ef:75:bf:1e:96:ab:a9:05:6c:a1:57:e7:35:7c:
         35:ca:a0:c9:d5:c0:28:15:32:bb:4d:af:0e:87:f2:cd:3a:53:
         8e:92:50:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGALMK+qvF2Kud4fQsSXloxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODIzMTY1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODkzZTZjYmVjYzM3MjQxZTc4NmMyMzg0YjlkNWViYzkxNDc4OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jCx+kkdF6kOc+9Fw5oebe3+PTyk
k8+m7T28tVts62Mj9iJQLKfBfdw7ltHE08u26So/XlsURiVMqNKY+lHr9uyk98Pn
NbqRhRcsZuhhvuIDxEjMtHL1/jW1Y6ATmbtpdI5NLW/fn4plC9UgPEOajmG9mL+I
5nTLQIuzINLtofr9iux+zkbMAgkMaYDhjJmAGNBO5SU6SlElRb2CWc2NGz0xuIcX
6V778O4qj99y7pT+muo5wS48o/RwjkA6eMoi7iQhmEPDxleovyLYtB/154WFBA46
E2dIozQNSicXWQBNemAmKHqn+PItTqg5VnRTWZRSXTKcD83Euz2oQTN/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiT5svsw3JB54bCOEudXryRR4kAMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvMkpQbXktekRja0huaHNJNFM1MWV2SkZIaVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv/0MA0G
CSqGSIb3DQEBCwUAA4IBAQCD8Ca6dqZ+73txGws9jE8vCuOK0ZqNH9SsWIqklyRv
cEz7zufehhKjhD5p4YbYBd0vfI/PFqThLsyc1pZCNA61UlW7TzCK84m8784yYKaS
CkT2FJYDhluuLMneE5ziSDZSv3w/xDfxBDRx2Gd3l8EcgATImZsBs//8waXeonzK
DUS16ZgkbtNXKO6faFk4Utbtq1VRjBvrSJqHiM6nA2cisBngJNs2pQ6OURoFWB6n
M802T3IQn5vQz6G3ONqFdG0pI+kkXnKWhjgS6wMhK5DUFDNqXMpGitIeeIZi73W/
HparqQVsoVfnNXw1yqDJ1cAoFTK7Ta8Oh/LNOlOOklC8
-----END CERTIFICATE-----