Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa
File:                     _2midcNDWWX8VfuEA2XvawTfOeE.roa (raw, json)
Hash identifier:          XbMC0BC0cB/ITFc4PAAsAqgTIaSMHrhZIpU0+J9skNs=
Subject key identifier:   FF:69:A2:75:C3:43:59:65:FC:55:FB:84:03:65:EF:6B:04:DF:39:E1
Certificate issuer:       /CN=3a1935b3cbc2527eaf167d69b2078d33e4c4da20
Certificate serial:       018CC5DC093758C4E51C349B847D5D5BDDB5
Authority key identifier: 3A:19:35:B3:CB:C2:52:7E:AF:16:7D:69:B2:07:8D:33:E4:C4:DA:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ohk1s8vCUn6vFn1psgeNM-TE2iA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34125
IP address blocks:        193.29.2.0/24 maxlen: 24
                          212.2.64.0/19 maxlen: 24
                          2a0a:ba80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/Ohk1s8vCUn6vFn1psgeNM-TE2iA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/Ohk1s8vCUn6vFn1psgeNM-TE2iA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ohk1s8vCUn6vFn1psgeNM-TE2iA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:09:37:58:c4:e5:1c:34:9b:84:7d:5d:5b:dd:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1935b3cbc2527eaf167d69b2078d33e4c4da20
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff69a275c3435965fc55fb840365ef6b04df39e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:00:de:d4:86:2a:4c:82:74:00:31:90:d9:63:
                    91:84:4e:be:e4:ed:bb:f7:7d:cf:68:1d:93:3d:78:
                    e3:49:82:0e:84:1e:5f:92:d8:19:a0:8b:50:ea:d1:
                    fa:38:31:42:42:0b:18:2b:d2:58:94:62:a5:b7:b2:
                    22:a2:f1:f0:b4:7b:75:5b:5c:cf:16:1f:e7:86:13:
                    66:ba:8d:25:3b:77:22:18:f2:cd:af:ba:ed:36:12:
                    df:c0:de:71:0f:66:77:10:77:68:90:fb:8e:5c:3c:
                    71:92:28:02:85:d9:df:df:21:ea:4c:bb:ba:79:d0:
                    44:92:da:df:5b:58:7b:87:47:ae:2b:ec:5d:6d:62:
                    df:b1:17:e1:63:30:b8:f8:b0:52:4f:e0:0f:56:97:
                    d8:87:ff:bf:0d:64:2d:ca:9f:13:ee:ec:dc:62:9f:
                    0b:b4:3b:0f:60:17:37:89:4f:db:73:96:04:0f:e8:
                    f0:c8:dc:66:47:44:70:ea:7e:f9:82:4e:73:40:37:
                    e1:8c:dd:61:e7:2f:18:89:56:38:23:90:77:3e:8b:
                    2c:60:e4:ed:b7:91:28:34:13:5a:c0:52:9a:3a:15:
                    e4:46:3a:1d:05:69:d2:69:33:69:f2:8b:fe:b3:36:
                    82:1a:2f:41:6a:3d:49:5f:40:6f:af:2a:b5:52:c3:
                    a0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:69:A2:75:C3:43:59:65:FC:55:FB:84:03:65:EF:6B:04:DF:39:E1
            X509v3 Authority Key Identifier:
                keyid:3A:19:35:B3:CB:C2:52:7E:AF:16:7D:69:B2:07:8D:33:E4:C4:DA:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ohk1s8vCUn6vFn1psgeNM-TE2iA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/Ohk1s8vCUn6vFn1psgeNM-TE2iA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.2.0/24
                  212.2.64.0/19
                IPv6:
                  2a0a:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:7e:d0:f9:16:6d:e5:ba:de:c8:05:37:63:84:b2:76:b6:60:
         14:99:35:8e:fb:95:35:a6:03:28:ca:91:3f:06:d0:d0:4d:a2:
         dc:82:86:37:37:63:dd:a4:4b:c4:2f:d8:60:e2:87:17:f1:80:
         43:a4:e8:af:2d:7f:9d:a0:b1:99:73:ba:ce:ff:f3:18:a0:f9:
         73:ae:86:22:56:92:e8:87:bf:68:20:dc:de:fb:4f:9e:28:5d:
         d1:81:c6:0d:03:c4:2d:d2:13:49:ea:46:77:2b:7f:52:26:d3:
         1c:6a:3f:93:88:72:9b:a4:7d:db:a1:9c:5c:83:3b:a6:ec:67:
         2d:a7:93:8e:ee:7b:8b:1a:3c:d4:ac:52:e8:a3:49:c8:d3:c1:
         28:c8:fa:6b:09:6d:6d:fa:d0:86:e4:8e:40:c0:d5:5c:d8:21:
         34:8b:88:e0:e4:db:99:b1:48:f3:84:6e:6b:b9:ec:94:12:33:
         ee:8f:97:fe:b0:d4:18:1d:8c:87:1d:45:27:b7:d4:87:9b:85:
         4a:e8:fd:cc:c2:b2:10:43:50:9d:6b:cd:b5:8b:ed:f5:1b:36:
         bb:ca:0e:d3:a8:93:c1:18:8b:50:ec:58:06:78:df:e4:18:5c:
         8b:97:3e:c0:0f:97:ee:bc:05:9e:62:31:2a:32:c6:1c:0a:5b:
         b1:d3:cb:ff
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3Ak3WMTlHDSbhH1dW921MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTkzNWIzY2JjMjUyN2VhZjE2N2Q2OWIyMDc4ZDMzZTRj
NGRhMjAwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjY5YTI3NWMzNDM1OTY1ZmM1NWZiODQwMzY1ZWY2YjA0ZGYzOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQDe1IYqTIJ0ADGQ2WORhE6+5O27
933PaB2TPXjjSYIOhB5fktgZoItQ6tH6ODFCQgsYK9JYlGKlt7IiovHwtHt1W1zP
Fh/nhhNmuo0lO3ciGPLNr7rtNhLfwN5xD2Z3EHdokPuOXDxxkigChdnf3yHqTLu6
edBEktrfW1h7h0euK+xdbWLfsRfhYzC4+LBST+APVpfYh/+/DWQtyp8T7uzcYp8L
tDsPYBc3iU/bc5YED+jwyNxmR0Rw6n75gk5zQDfhjN1h5y8YiVY4I5B3PossYOTt
t5EoNBNawFKaOhXkRjodBWnSaTNp8ov+szaCGi9Baj1JX0Bvryq1UsOgXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP9ponXDQ1ll/FX7hANl72sE3znhMB8GA1UdIwQY
MBaAFDoZNbPLwlJ+rxZ9abIHjTPkxNogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hrMXM4dkNVbjZ2Rm4xcHNnZU5NLVRFMmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9mZmZiYTQtMmVmYS00NjVmLWFmOTYt
YWJmODM3YWNlOGU0LzEvXzJtaWRjTkRXV1g4VmZ1RUEyWHZhd1RmT2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9mZmZiYTQtMmVmYS00NjVmLWFmOTYtYWJmODM3YWNlOGU0
LzEvT2hrMXM4dkNVbjZ2Rm4xcHNnZU5NLVRFMmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwR0CAwQF
1AJAMA0EAgACMAcDBQMqCrqAMA0GCSqGSIb3DQEBCwUAA4IBAQA5ftD5Fm3lut7I
BTdjhLJ2tmAUmTWO+5U1pgMoypE/BtDQTaLcgoY3N2PdpEvEL9hg4ocX8YBDpOiv
LX+doLGZc7rO//MYoPlzroYiVpLoh79oINze+0+eKF3RgcYNA8Qt0hNJ6kZ3K39S
JtMcaj+TiHKbpH3boZxcgzum7Gctp5OO7nuLGjzUrFLoo0nI08EoyPprCW1t+tCG
5I5AwNVc2CE0i4jg5NuZsUjzhG5rueyUEjPuj5f+sNQYHYyHHUUnt9SHm4VK6P3M
wrIQQ1Cda821i+31Gza7yg7TqJPBGItQ7FgGeN/kGFyLlz7AD5fuvAWeYjEqMsYc
Clux08v/
-----END CERTIFICATE-----