Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/s2IRSJo0a3mWzi9bUK0IWtrL_rw.roa
File:                     s2IRSJo0a3mWzi9bUK0IWtrL_rw.roa (raw, json)
Hash identifier:          xMSB29OnjHOfUhH38S/iRti6kKTRcLWBA4yMa7CLnzs=
Subject key identifier:   B3:62:11:48:9A:34:6B:79:96:CE:2F:5B:50:AD:08:5A:DA:CB:FE:BC
Certificate issuer:       /CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
Certificate serial:       018CC56EC13C109381EEF17D1CE5D3E95C9E
Authority key identifier: 04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/s2IRSJo0a3mWzi9bUK0IWtrL_rw.roa
Signing time:             Mon 01 Jan 2024 14:30:19 +0000
ROA not before:           Mon 01 Jan 2024 14:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        193.219.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/BNm8gopWawavTXZd-12lvB12xyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/BNm8gopWawavTXZd-12lvB12xyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c1:3c:10:93:81:ee:f1:7d:1c:e5:d3:e9:5c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
        Validity
            Not Before: Jan  1 14:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b36211489a346b7996ce2f5b50ad085adacbfebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bd:83:3e:78:45:c0:a7:ec:2a:e8:78:29:8a:
                    a1:d1:81:8a:1d:3a:3a:53:3e:a1:17:bd:e1:a4:7b:
                    6c:5a:f0:d0:96:1c:af:eb:7f:31:21:28:43:ba:de:
                    52:9c:a3:29:dc:c4:d4:b2:c4:cb:e5:bc:00:59:a8:
                    87:85:dc:a9:2b:ec:3f:51:a4:2a:c6:90:a4:f9:1a:
                    2d:5b:2b:96:68:29:7c:5a:a2:e7:bb:12:5f:31:08:
                    90:cb:99:28:04:8d:62:a7:98:01:27:d0:3a:d2:97:
                    fa:d0:f0:45:d5:d6:6a:ed:dc:40:fa:24:98:df:9e:
                    53:0d:bc:e1:3b:32:4c:e6:f9:69:a0:21:24:79:05:
                    6d:79:86:5a:f4:0e:91:42:7c:27:b6:a6:37:37:a2:
                    70:2e:ff:9c:e6:fe:a6:bc:dd:ed:47:a6:92:d2:cd:
                    04:3e:75:a2:05:b0:77:5e:02:69:a6:02:6a:19:c3:
                    38:4f:36:f9:e3:52:4a:1e:71:dd:c4:12:82:14:e6:
                    58:ec:73:bf:25:47:e4:03:07:2c:cc:4e:d4:5d:71:
                    ff:e0:58:06:df:9e:3d:42:f8:c3:df:02:41:75:01:
                    91:56:f4:ea:7e:07:59:a3:72:be:42:2b:b5:f9:a7:
                    46:bb:37:37:4e:be:12:be:8b:fc:96:31:d8:6e:73:
                    a3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:62:11:48:9A:34:6B:79:96:CE:2F:5B:50:AD:08:5A:DA:CB:FE:BC
            X509v3 Authority Key Identifier:
                keyid:04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/s2IRSJo0a3mWzi9bUK0IWtrL_rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/BNm8gopWawavTXZd-12lvB12xyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.219.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a8:ea:15:cc:e2:ba:fe:57:54:b6:d5:e1:bd:3a:82:c8:18:
         95:9d:26:fc:ad:9d:02:f3:34:6c:88:d9:d5:a1:5e:f3:7d:d1:
         13:b2:4b:6c:59:42:4c:ee:4e:6f:68:38:dd:68:56:97:2a:21:
         d2:45:76:e1:aa:ee:46:7e:d8:d8:fb:27:a4:5b:39:97:02:f3:
         ba:cc:b2:e5:9c:10:2e:05:a7:19:a4:56:67:95:83:13:85:e4:
         e5:a7:18:94:94:e6:88:37:cf:e1:e7:e0:32:70:4b:13:10:1d:
         2d:8c:b7:e7:41:78:06:d0:70:fe:37:f0:13:ba:b9:3b:23:ce:
         e2:5d:83:d3:98:b9:5c:d1:f0:0d:03:f3:c8:c0:e3:a4:50:df:
         ca:7a:bc:6f:a5:39:ab:7e:78:eb:0e:69:77:bf:d7:09:7a:91:
         bc:63:36:62:b2:c2:29:00:3e:1f:bb:c8:e0:1e:05:34:42:f9:
         63:50:39:86:34:43:5d:2a:5b:9c:1a:38:8b:f2:78:c5:38:78:
         d7:e2:d1:af:ea:36:50:12:b9:ab:81:e2:54:ca:29:41:eb:fd:
         13:93:25:b1:29:50:01:52:fb:ed:b1:0d:60:f8:e6:22:b4:c7:
         ee:ea:36:82:a1:6e:a9:22:29:dc:84:86:2b:e0:c4:06:a0:10:
         e5:b7:30:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsE8EJOB7vF9HOXT6VyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZDliYzgyOGE1NjZiMDZhZjRkNzY1ZGZiNWRhNWJjMWQ3
NmM3MjUwHhcNMjQwMTAxMTQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzYyMTE0ODlhMzQ2Yjc5OTZjZTJmNWI1MGFkMDg1YWRhY2JmZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgr2DPnhFwKfsKuh4KYqh0YGKHTo6
Uz6hF73hpHtsWvDQlhyv638xIShDut5SnKMp3MTUssTL5bwAWaiHhdypK+w/UaQq
xpCk+RotWyuWaCl8WqLnuxJfMQiQy5koBI1ip5gBJ9A60pf60PBF1dZq7dxA+iSY
355TDbzhOzJM5vlpoCEkeQVteYZa9A6RQnwntqY3N6JwLv+c5v6mvN3tR6aS0s0E
PnWiBbB3XgJppgJqGcM4Tzb541JKHnHdxBKCFOZY7HO/JUfkAwcszE7UXXH/4FgG
3549QvjD3wJBdQGRVvTqfgdZo3K+Qiu1+adGuzc3Tr4Svov8ljHYbnOjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNiEUiaNGt5ls4vW1CtCFray/68MB8GA1UdIwQY
MBaAFATZvIKKVmsGr012XftdpbwddsclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQt
OTgyYzQyOWQ0MTU2LzEvczJJUlNKbzBhM21Xemk5YlVLMElXdHJMX3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQtOTgyYzQyOWQ0MTU2
LzEvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdt2MA0G
CSqGSIb3DQEBCwUAA4IBAQCyqOoVzOK6/ldUttXhvTqCyBiVnSb8rZ0C8zRsiNnV
oV7zfdETsktsWUJM7k5vaDjdaFaXKiHSRXbhqu5GftjY+yekWzmXAvO6zLLlnBAu
BacZpFZnlYMTheTlpxiUlOaIN8/h5+AycEsTEB0tjLfnQXgG0HD+N/ATurk7I87i
XYPTmLlc0fANA/PIwOOkUN/KerxvpTmrfnjrDml3v9cJepG8YzZissIpAD4fu8jg
HgU0QvljUDmGNENdKlucGjiL8njFOHjX4tGv6jZQErmrgeJUyilB6/0TkyWxKVAB
UvvtsQ1g+OYitMfu6jaCoW6pIinchIYr4MQGoBDltzAr
-----END CERTIFICATE-----