Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/2XZQDWpT_JY5KkNaoVOUqBw6nOc.roa
File:                     2XZQDWpT_JY5KkNaoVOUqBw6nOc.roa (raw, json)
Hash identifier:          H+Quk5Ini/WA2277UNf3OF4SvNetSePqG8L1AB7XDY8=
Subject key identifier:   D9:76:50:0D:6A:53:FC:96:39:2A:43:5A:A1:53:94:A8:1C:3A:9C:E7
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956CE0D712EEBBD84B9B03D6B52213
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/2XZQDWpT_JY5KkNaoVOUqBw6nOc.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        152.89.169.0/24 maxlen: 24
                          152.89.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 07:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6c:e0:d7:12:ee:bb:d8:4b:9b:03:d6:b5:22:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d976500d6a53fc96392a435aa15394a81c3a9ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:5e:09:9f:28:3d:b9:18:6c:e8:5c:3c:b7:
                    49:58:3f:24:93:4a:70:cc:7b:0d:c7:d3:dc:4e:a4:
                    89:c6:0b:bf:7b:94:b4:f7:3f:ea:b4:f0:0d:77:dd:
                    2b:42:3d:24:38:f3:34:57:1d:e3:1a:c1:46:dd:6c:
                    5c:a3:7d:b3:0c:47:40:69:2e:e3:dc:09:6d:07:c7:
                    d6:44:9e:ac:6e:1e:17:d3:8f:7f:39:66:b4:69:8d:
                    0b:7b:4c:61:b0:31:60:02:a7:d6:ee:ca:3f:d2:08:
                    20:30:a1:70:92:87:59:2f:8d:b4:1f:09:9c:11:bc:
                    08:c9:bd:bb:ad:5a:4e:ec:0c:8c:e0:30:42:f1:4d:
                    43:bb:13:41:c7:8a:b0:3e:e3:38:06:71:9d:d0:86:
                    5c:47:7e:79:61:c9:99:0e:29:0a:58:89:fe:6e:e2:
                    af:61:33:bf:56:52:36:f1:a1:46:1c:da:27:ad:07:
                    1f:f2:fa:00:0f:8d:b3:a2:d4:d2:a2:26:cc:c7:85:
                    1f:f5:d7:7a:3f:1a:b8:8d:93:51:f1:49:2d:c9:50:
                    8c:b1:43:a7:26:8f:d0:b6:53:32:05:ae:42:ad:8d:
                    f6:e7:a6:49:48:7a:65:8d:27:6e:a3:f8:f6:f2:fa:
                    ed:86:69:cc:95:a4:a5:4b:98:c6:6c:04:ef:75:77:
                    8f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:76:50:0D:6A:53:FC:96:39:2A:43:5A:A1:53:94:A8:1C:3A:9C:E7
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/2XZQDWpT_JY5KkNaoVOUqBw6nOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:e1:ef:b2:5c:85:f2:0a:11:3b:7b:06:63:39:d6:29:4a:a9:
         93:6d:9f:b8:04:18:46:d9:ab:5b:51:63:63:b6:87:1f:45:30:
         34:7f:f7:dc:ec:c7:e7:3a:3b:65:8a:f4:3f:20:e2:e9:f2:fa:
         1d:f1:5d:7b:a7:97:06:2a:36:0a:7a:55:ac:0a:a3:9f:bc:0d:
         79:b3:55:6c:fe:8d:d3:00:9b:ed:03:c4:5f:95:8b:4a:ce:ae:
         20:67:f8:86:cf:26:e3:54:d0:d5:66:44:48:d2:1c:f0:73:c9:
         7d:2e:41:16:64:58:d4:1e:c6:b5:8e:7b:10:b4:75:08:90:8d:
         4b:bb:2a:c4:32:7c:2a:9d:c0:37:07:d0:9f:fd:a6:58:14:69:
         7c:eb:08:b4:e1:ff:1e:55:48:ec:76:a1:a3:b4:37:b0:fe:fc:
         d9:20:8c:d4:44:3a:3a:9a:fa:43:a6:b7:2d:7e:02:ca:29:b7:
         d1:71:76:83:d5:52:59:d2:65:92:39:f3:cd:6b:83:b1:af:44:
         5e:70:1d:c1:04:5f:0d:bd:34:26:77:0e:87:ed:36:38:2d:bb:
         f8:f3:ec:8a:b2:78:fb:00:1a:fe:be:a0:f0:55:6e:44:48:c0:
         d7:d6:5d:6d:0c:f7:a1:df:66:0a:84:c6:db:20:09:44:59:87:
         94:8c:6d:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWzg1xLuu9hLmwPWtSITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTc2NTAwZDZhNTNmYzk2MzkyYTQzNWFhMTUzOTRhODFjM2E5Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvppeCZ8oPbkYbOhcPLdJWD8kk0pw
zHsNx9PcTqSJxgu/e5S09z/qtPANd90rQj0kOPM0Vx3jGsFG3Wxco32zDEdAaS7j
3AltB8fWRJ6sbh4X049/OWa0aY0Le0xhsDFgAqfW7so/0gggMKFwkodZL420Hwmc
EbwIyb27rVpO7AyM4DBC8U1DuxNBx4qwPuM4BnGd0IZcR355YcmZDikKWIn+buKv
YTO/VlI28aFGHNonrQcf8voAD42zotTSoibMx4Uf9dd6Pxq4jZNR8UktyVCMsUOn
Jo/QtlMyBa5CrY3256ZJSHpljSduo/j28vrthmnMlaSlS5jGbATvdXePCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNl2UA1qU/yWOSpDWqFTlKgcOpznMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvMlhaUURXcFRfSlk1S2tOYW9WT1VxQnc2bk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmFmoMA0G
CSqGSIb3DQEBCwUAA4IBAQAb4e+yXIXyChE7ewZjOdYpSqmTbZ+4BBhG2atbUWNj
tocfRTA0f/fc7MfnOjtlivQ/IOLp8vod8V17p5cGKjYKelWsCqOfvA15s1Vs/o3T
AJvtA8RflYtKzq4gZ/iGzybjVNDVZkRI0hzwc8l9LkEWZFjUHsa1jnsQtHUIkI1L
uyrEMnwqncA3B9Cf/aZYFGl86wi04f8eVUjsdqGjtDew/vzZIIzURDo6mvpDprct
fgLKKbfRcXaD1VJZ0mWSOfPNa4Oxr0RecB3BBF8NvTQmdw6H7TY4Lbv48+yKsnj7
ABr+vqDwVW5ESMDX1l1tDPeh32YKhMbbIAlEWYeUjG2P
-----END CERTIFICATE-----