Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/2tNahKUrUABgs48X2AoFopkyTFM.roa
File:                     2tNahKUrUABgs48X2AoFopkyTFM.roa (raw, json)
Hash identifier:          j52G6GpzkJ/V+6JDS5my3LoCBJn/E29U6+nPvjfqC9c=
Subject key identifier:   DA:D3:5A:84:A5:2B:50:00:60:B3:8F:17:D8:0A:05:A2:99:32:4C:53
Certificate issuer:       /CN=69b66c6e9a14c6fd773fa31df9820b3396952e2e
Certificate serial:       0190F90E07B3FB1D565A62DB4619B81BBA73
Authority key identifier: 69:B6:6C:6E:9A:14:C6:FD:77:3F:A3:1D:F9:82:0B:33:96:95:2E:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/2tNahKUrUABgs48X2AoFopkyTFM.roa
Signing time:             Sun 28 Jul 2024 11:16:04 +0000
ROA not before:           Sun 28 Jul 2024 11:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215839
IP address blocks:        213.134.27.0/24 maxlen: 24
                          2a14:2c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f9:0e:07:b3:fb:1d:56:5a:62:db:46:19:b8:1b:ba:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69b66c6e9a14c6fd773fa31df9820b3396952e2e
        Validity
            Not Before: Jul 28 11:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dad35a84a52b500060b38f17d80a05a299324c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5f:27:3c:e0:c4:0e:3a:a1:3a:f6:d0:2a:90:
                    24:e8:08:39:a9:ec:ac:a9:55:82:63:b2:74:3d:74:
                    60:9f:6c:33:f7:a1:1c:12:cb:e5:38:e5:27:fb:24:
                    c3:1c:61:17:a8:cb:da:85:11:42:e8:80:5f:e9:71:
                    64:19:78:d7:28:24:35:48:f9:d3:6b:b1:76:34:29:
                    1d:cf:93:90:6c:8a:66:bd:b1:7d:db:14:8c:de:4a:
                    23:8b:bf:db:4c:68:1f:87:8b:fc:43:12:b2:ea:b2:
                    e0:6b:25:8e:e5:ef:db:c3:2e:ac:de:7a:bc:a1:0c:
                    1b:bf:26:48:71:b8:08:53:34:c3:5c:0f:32:1b:0b:
                    c3:fb:f1:ee:9b:e3:b3:3b:3d:2e:dd:f9:bb:77:17:
                    25:2b:47:0c:e0:1e:f8:52:12:45:f0:6c:c6:2d:6c:
                    75:95:40:94:0f:0b:a4:f4:a5:cb:0e:71:74:a8:64:
                    02:33:41:92:a8:f2:e1:f5:52:d6:48:22:1e:c6:7e:
                    d6:c2:de:63:d8:f8:c1:a2:d1:17:b0:23:22:8b:c7:
                    26:40:df:75:13:f1:5f:43:c0:9c:9c:a0:5d:4b:43:
                    b3:a6:12:ee:98:db:1a:92:8c:b6:f9:7c:11:04:53:
                    6f:d9:d4:f1:c0:85:57:00:82:c2:74:77:fe:19:15:
                    d1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D3:5A:84:A5:2B:50:00:60:B3:8F:17:D8:0A:05:A2:99:32:4C:53
            X509v3 Authority Key Identifier:
                keyid:69:B6:6C:6E:9A:14:C6:FD:77:3F:A3:1D:F9:82:0B:33:96:95:2E:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/abZsbpoUxv13P6Md-YILM5aVLi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/2tNahKUrUABgs48X2AoFopkyTFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9de70d-7425-4c07-a80f-42dc82cca192/1/abZsbpoUxv13P6Md-YILM5aVLi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.27.0/24
                IPv6:
                  2a14:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d1:31:03:39:50:53:87:21:3f:fb:fc:a4:76:e0:ac:48:42:ea:
         40:d0:70:72:ba:40:9c:be:eb:55:3f:78:8b:fb:7c:ec:0a:4a:
         13:b5:1f:14:86:c5:6a:47:c6:78:d0:3f:88:15:41:01:ce:a3:
         7f:f8:a4:a5:b5:5c:8e:f4:3d:0d:0b:58:39:27:83:10:a4:b6:
         e4:7f:3f:df:92:75:3d:70:f7:7a:8f:5c:8f:b1:c4:f5:5b:e5:
         99:a5:78:ea:ad:46:30:81:56:ba:3c:08:b8:ad:d7:d4:05:c1:
         62:69:b5:64:a3:fd:15:35:ec:45:c5:c3:11:44:33:e1:b9:f3:
         df:0f:08:c7:ea:97:94:fd:bf:db:58:22:b1:73:fc:c4:93:1d:
         90:3f:a4:15:24:f4:aa:ba:e4:3e:73:23:4c:4d:67:f8:20:12:
         84:a6:61:ca:68:b4:40:21:21:09:55:08:fd:ee:33:d8:17:42:
         db:7c:fc:2c:eb:c6:f9:da:dc:17:8b:69:08:d0:06:7a:2b:b9:
         0c:23:6b:72:a3:4a:e6:87:89:22:52:b5:a0:9b:f4:b7:6f:5e:
         bf:96:20:70:ef:85:2c:c5:e6:21:d5:5a:c8:cb:b9:bf:18:87:
         5c:6b:3b:c2:81:99:c3:7d:6a:70:14:de:d2:e4:98:85:ea:a4:
         99:16:73:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZD5Dgez+x1WWmLbRhm4G7pzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YjY2YzZlOWExNGM2ZmQ3NzNmYTMxZGY5ODIwYjMzOTY5
NTJlMmUwHhcNMjQwNzI4MTExNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQzNWE4NGE1MmI1MDAwNjBiMzhmMTdkODBhMDVhMjk5MzI0YzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF8nPODEDjqhOvbQKpAk6Ag5qeys
qVWCY7J0PXRgn2wz96EcEsvlOOUn+yTDHGEXqMvahRFC6IBf6XFkGXjXKCQ1SPnT
a7F2NCkdz5OQbIpmvbF92xSM3koji7/bTGgfh4v8QxKy6rLgayWO5e/bwy6s3nq8
oQwbvyZIcbgIUzTDXA8yGwvD+/Hum+OzOz0u3fm7dxclK0cM4B74UhJF8GzGLWx1
lUCUDwuk9KXLDnF0qGQCM0GSqPLh9VLWSCIexn7Wwt5j2PjBotEXsCMii8cmQN91
E/FfQ8CcnKBdS0OzphLumNsakoy2+XwRBFNv2dTxwIVXAILCdHf+GRXRFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNrTWoSlK1AAYLOPF9gKBaKZMkxTMB8GA1UdIwQY
MBaAFGm2bG6aFMb9dz+jHfmCCzOWlS4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWJac2Jwb1V4djEzUDZNZC1ZSUxNNWFWTGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85ZGU3MGQtNzQyNS00YzA3LWE4MGYt
NDJkYzgyY2NhMTkyLzEvMnROYWhLVXJVQUJnczQ4WDJBb0ZvcGt5VEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85ZGU3MGQtNzQyNS00YzA3LWE4MGYtNDJkYzgyY2NhMTky
LzEvYWJac2Jwb1V4djEzUDZNZC1ZSUxNNWFWTGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1YYbMA0E
AgACMAcDBQMqFCyAMA0GCSqGSIb3DQEBCwUAA4IBAQDRMQM5UFOHIT/7/KR24KxI
QupA0HByukCcvutVP3iL+3zsCkoTtR8UhsVqR8Z40D+IFUEBzqN/+KSltVyO9D0N
C1g5J4MQpLbkfz/fknU9cPd6j1yPscT1W+WZpXjqrUYwgVa6PAi4rdfUBcFiabVk
o/0VNexFxcMRRDPhufPfDwjH6peU/b/bWCKxc/zEkx2QP6QVJPSquuQ+cyNMTWf4
IBKEpmHKaLRAISEJVQj97jPYF0LbfPws68b52twXi2kI0AZ6K7kMI2tyo0rmh4ki
UrWgm/S3b16/liBw74UsxeYh1VrIy7m/GIdcazvCgZnDfWpwFN7S5JiF6qSZFnPq
-----END CERTIFICATE-----