Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/gufc2aJM9qOejF2zQAYL8Tu6g0I.roa
File:                     gufc2aJM9qOejF2zQAYL8Tu6g0I.roa (raw, json)
Hash identifier:          +bTQVFP4eLZD7lailCpizo83BNOnAP8hKpJb/o/2Rwg=
Subject key identifier:   82:E7:DC:D9:A2:4C:F6:A3:9E:8C:5D:B3:40:06:0B:F1:3B:BA:83:42
Certificate issuer:       /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial:       018CCA294CA618B8916EA25569E9A9105469
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/gufc2aJM9qOejF2zQAYL8Tu6g0I.roa
Signing time:             Tue 02 Jan 2024 12:32:33 +0000
ROA not before:           Tue 02 Jan 2024 12:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205550
IP address blocks:        82.99.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 19:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:4c:a6:18:b8:91:6e:a2:55:69:e9:a9:10:54:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
        Validity
            Not Before: Jan  2 12:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e7dcd9a24cf6a39e8c5db340060bf13bba8342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:48:d8:fc:4d:90:f0:2f:1f:04:96:24:58:3b:
                    24:83:79:c6:19:b7:f6:1c:d2:f2:1e:67:44:1a:71:
                    ea:2e:21:1f:01:1d:34:e4:0d:68:0c:1c:f7:bb:d2:
                    a1:05:c6:6d:a1:9a:10:55:d4:39:c7:7d:b4:49:b8:
                    76:66:64:23:ea:23:c5:03:5c:18:56:2f:6c:20:db:
                    6a:2b:82:4b:38:71:8a:eb:5c:7f:df:6b:ca:84:a8:
                    86:08:b8:05:4b:7e:b6:64:1f:3e:ac:a4:9f:e3:1f:
                    0a:b3:14:91:e7:45:50:7c:6c:e5:95:dc:6c:82:32:
                    01:88:c8:60:04:0c:65:34:26:ea:b5:4a:ea:5d:93:
                    99:73:66:7a:c0:6f:98:c7:5e:07:45:5c:b8:8a:3b:
                    92:10:b9:82:19:ce:5f:43:47:be:de:4f:4c:69:da:
                    01:83:86:a3:46:61:71:20:c1:e8:6f:38:84:9a:c9:
                    b8:b5:99:a9:46:bf:41:a4:b8:63:11:10:c4:92:f3:
                    32:2a:53:5a:96:b4:88:2e:7b:0b:0a:c4:09:c3:0c:
                    8c:36:ff:b7:a7:42:49:63:f8:43:d5:f2:16:87:86:
                    1b:0b:b7:35:71:9c:1d:3c:1a:14:14:b4:6b:e9:3a:
                    d4:7f:7e:16:cf:64:e7:41:f0:a4:22:2e:07:d3:d9:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E7:DC:D9:A2:4C:F6:A3:9E:8C:5D:B3:40:06:0B:F1:3B:BA:83:42
            X509v3 Authority Key Identifier:
                keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/gufc2aJM9qOejF2zQAYL8Tu6g0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.99.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bf:cd:5f:41:59:33:8e:43:b7:ae:01:c2:d6:bd:c5:f3:76:
         60:ac:be:5d:95:af:1e:6a:a6:6e:b3:d4:76:78:5e:2c:b5:c5:
         7d:71:ce:45:66:40:43:b2:a1:1c:dc:51:03:da:4c:bb:93:4a:
         f2:9e:59:88:f9:1e:72:d9:55:31:06:e3:2c:af:20:4c:dc:ad:
         b4:8c:66:1e:74:47:98:fb:00:37:31:c9:1e:7e:7a:c5:e3:81:
         b1:58:c4:bd:0b:fb:7a:7c:74:0e:85:a3:4d:e4:84:82:bc:35:
         7c:5b:a9:b5:fc:6b:a9:16:05:54:6b:14:2e:a3:93:8d:8a:c6:
         0c:f0:2c:53:2c:81:0a:80:b1:fb:85:1b:08:6e:c8:65:7d:02:
         17:4a:03:f3:34:4a:ba:89:25:48:e9:4f:2d:ab:c1:8b:d1:6f:
         1a:32:1c:1a:5e:d3:49:1c:0f:b5:58:7e:bc:b3:62:97:12:e9:
         07:c0:6d:0a:82:35:d3:38:83:c9:00:90:b8:fe:74:e9:23:65:
         2c:d2:0d:45:19:a9:bb:91:f8:bf:1a:f2:57:fe:18:70:38:b6:
         bb:eb:e7:56:13:38:37:35:37:40:a5:f5:29:a7:bc:9d:c3:cb:
         9c:7d:2b:97:1c:bf:bd:cb:69:ab:58:e9:4a:cf:7b:30:82:7c:
         25:6c:7c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKUymGLiRbqJVaempEFRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjQwMTAyMTIzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU3ZGNkOWEyNGNmNmEzOWU4YzVkYjM0MDA2MGJmMTNiYmE4MzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0jY/E2Q8C8fBJYkWDskg3nGGbf2
HNLyHmdEGnHqLiEfAR005A1oDBz3u9KhBcZtoZoQVdQ5x320Sbh2ZmQj6iPFA1wY
Vi9sINtqK4JLOHGK61x/32vKhKiGCLgFS362ZB8+rKSf4x8KsxSR50VQfGzlldxs
gjIBiMhgBAxlNCbqtUrqXZOZc2Z6wG+Yx14HRVy4ijuSELmCGc5fQ0e+3k9MadoB
g4ajRmFxIMHobziEmsm4tZmpRr9BpLhjERDEkvMyKlNalrSILnsLCsQJwwyMNv+3
p0JJY/hD1fIWh4YbC7c1cZwdPBoUFLRr6TrUf34Wz2TnQfCkIi4H09mFMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILn3NmiTPajnoxds0AGC/E7uoNCMB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvZ3VmYzJhSk05cU9lakYyelFBWUw4VHU2ZzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmPgMA0G
CSqGSIb3DQEBCwUAA4IBAQBCv81fQVkzjkO3rgHC1r3F83ZgrL5dla8eaqZus9R2
eF4stcV9cc5FZkBDsqEc3FED2ky7k0rynlmI+R5y2VUxBuMsryBM3K20jGYedEeY
+wA3MckefnrF44GxWMS9C/t6fHQOhaNN5ISCvDV8W6m1/GupFgVUaxQuo5ONisYM
8CxTLIEKgLH7hRsIbshlfQIXSgPzNEq6iSVI6U8tq8GL0W8aMhwaXtNJHA+1WH68
s2KXEukHwG0KgjXTOIPJAJC4/nTpI2Us0g1FGam7kfi/GvJX/hhwOLa76+dWEzg3
NTdApfUpp7ydw8ucfSuXHL+9y2mrWOlKz3swgnwlbHz6
-----END CERTIFICATE-----