Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/2BfraX45-B3YnX4Y_nUP4OFEobY.roa
File:                     2BfraX45-B3YnX4Y_nUP4OFEobY.roa (raw, json)
Hash identifier:          xIATUq+DXkZLbwzSJRRz6m9w/TNswrVmRq1S2zMhQvI=
Subject key identifier:   D8:17:EB:69:7E:39:F8:1D:D8:9D:7E:18:FE:75:0F:E0:E1:44:A1:B6
Certificate issuer:       /CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
Certificate serial:       018D9CF6C97A511DEEAC32B9B258EED2E259
Authority key identifier: 21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/2BfraX45-B3YnX4Y_nUP4OFEobY.roa
Signing time:             Mon 12 Feb 2024 10:57:15 +0000
ROA not before:           Mon 12 Feb 2024 10:57:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        91.212.26.0/24 maxlen: 24
                          185.177.44.0/24 maxlen: 24
                          2a0a:2f81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:f6:c9:7a:51:1d:ee:ac:32:b9:b2:58:ee:d2:e2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
        Validity
            Not Before: Feb 12 10:57:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d817eb697e39f81dd89d7e18fe750fe0e144a1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c7:6f:d8:ce:2e:24:7e:7c:fa:4f:dc:ce:50:
                    89:f7:25:41:88:78:f6:e2:02:bb:4a:dd:be:25:dd:
                    5c:f1:e9:9e:64:1f:84:b6:98:81:07:09:18:bf:b6:
                    4a:ba:67:32:cc:8e:48:02:45:ae:52:de:58:8e:1f:
                    93:66:01:7b:c4:10:2a:76:1d:a0:2d:a1:36:6c:e2:
                    bc:76:9d:43:ea:3a:12:94:81:32:07:61:27:7d:5c:
                    88:61:88:44:74:e3:ed:9c:9e:01:27:40:05:43:95:
                    27:08:e9:55:0f:e7:29:3a:83:60:db:96:10:37:63:
                    e0:b0:61:04:08:86:9f:7e:6c:ac:4d:e8:64:f7:5d:
                    82:75:ca:e2:ae:8a:c0:6b:81:f3:96:1c:d8:ba:c7:
                    f6:68:28:b3:ea:5f:ec:bc:9b:b0:98:8b:41:2e:15:
                    22:2b:e1:8d:94:59:a3:d8:01:ba:74:ac:b8:fd:af:
                    43:f9:50:5e:73:24:3f:b9:dc:29:79:44:c8:89:d3:
                    16:85:53:11:56:8f:7b:f5:b0:dd:c6:7e:52:e1:8e:
                    fd:1a:52:36:17:c3:a3:b8:f3:79:63:65:84:da:93:
                    c1:49:a0:e2:6f:4d:2e:70:e2:58:0c:83:e4:06:48:
                    c0:a5:96:f2:93:2c:c0:75:11:bd:9e:64:46:b6:9c:
                    55:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:17:EB:69:7E:39:F8:1D:D8:9D:7E:18:FE:75:0F:E0:E1:44:A1:B6
            X509v3 Authority Key Identifier:
                keyid:21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/2BfraX45-B3YnX4Y_nUP4OFEobY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.26.0/24
                  185.177.44.0/24
                IPv6:
                  2a0a:2f81::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:6c:bd:d1:17:41:2b:af:5d:10:7d:8d:e6:a3:9c:e5:93:3f:
         7f:11:e6:b5:36:3b:52:31:31:87:20:f7:a5:4f:ac:51:ed:90:
         1c:b0:ed:c7:6d:11:2f:0f:bf:2d:38:c4:12:25:8e:4b:03:ec:
         8a:42:c2:ab:35:77:98:17:68:10:20:28:06:5d:5f:65:f5:81:
         38:17:6b:17:54:24:c3:44:f2:b9:5f:50:ae:5a:a3:73:e0:65:
         5c:41:b8:2b:46:d8:bd:9b:b2:aa:e5:9d:4f:dd:db:87:c3:d1:
         d1:23:42:51:11:8d:f6:94:96:40:e2:43:fe:03:ac:12:61:f3:
         e9:1c:fa:73:2b:35:cd:13:fe:ce:a9:fe:42:43:07:15:90:7c:
         73:ef:5d:a8:9e:d7:e1:23:40:14:32:4d:95:60:60:85:91:55:
         01:c4:71:61:ff:73:8e:43:e0:36:49:c6:2d:2a:6f:67:8d:a3:
         b3:fc:4d:76:a5:8f:1f:ae:bb:3e:ce:c7:91:a1:7e:fe:fd:c5:
         b5:ba:86:69:57:db:62:f9:a4:f5:b8:c7:ed:65:b2:06:a6:68:
         db:2a:f8:d2:08:4d:85:a5:0e:77:a1:1a:fb:7d:a8:05:51:70:
         f2:5c:23:80:a2:a0:58:2c:37:47:b0:49:a9:8d:0f:35:0b:c8:
         fc:a0:62:54
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY2c9sl6UR3urDK5slju0uJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2IyYWMzNzdmYzYwM2Y5NWZhZWNjNTRhYzdkNTkwZjJj
YzMxOWQwHhcNMjQwMjEyMTA1NzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE3ZWI2OTdlMzlmODFkZDg5ZDdlMThmZTc1MGZlMGUxNDRhMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMdv2M4uJH58+k/czlCJ9yVBiHj2
4gK7St2+Jd1c8emeZB+EtpiBBwkYv7ZKumcyzI5IAkWuUt5Yjh+TZgF7xBAqdh2g
LaE2bOK8dp1D6joSlIEyB2EnfVyIYYhEdOPtnJ4BJ0AFQ5UnCOlVD+cpOoNg25YQ
N2PgsGEECIaffmysTehk912CdcrirorAa4HzlhzYusf2aCiz6l/svJuwmItBLhUi
K+GNlFmj2AG6dKy4/a9D+VBecyQ/udwpeUTIidMWhVMRVo979bDdxn5S4Y79GlI2
F8OjuPN5Y2WE2pPBSaDib00ucOJYDIPkBkjApZbykyzAdRG9nmRGtpxVHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNgX62l+Ofgd2J1+GP51D+DhRKG2MB8GA1UdIwQY
MBaAFCHLKsN3/GA/lfrsxUrH1ZDyzDGdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUt
ZmI0MGQ2ZGEyNDY4LzEvMkJmcmFYNDUtQjNZblg0WV9uVVA0T0ZFb2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUtZmI0MGQ2ZGEyNDY4
LzEvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9QaAwQA
ubEsMA0EAgACMAcDBQAqCi+BMA0GCSqGSIb3DQEBCwUAA4IBAQAAbL3RF0Err10Q
fY3mo5zlkz9/Eea1NjtSMTGHIPelT6xR7ZAcsO3HbREvD78tOMQSJY5LA+yKQsKr
NXeYF2gQICgGXV9l9YE4F2sXVCTDRPK5X1CuWqNz4GVcQbgrRti9m7Kq5Z1P3duH
w9HRI0JREY32lJZA4kP+A6wSYfPpHPpzKzXNE/7Oqf5CQwcVkHxz712ontfhI0AU
Mk2VYGCFkVUBxHFh/3OOQ+A2ScYtKm9njaOz/E12pY8frrs+zseRoX7+/cW1uoZp
V9ti+aT1uMftZbIGpmjbKvjSCE2FpQ53oRr7fagFUXDyXCOAoqBYLDdHsEmpjQ81
C8j8oGJU
-----END CERTIFICATE-----