Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/2KomL7ThRUYw18W_-PL_MSb-wGA.roa
File:                     2KomL7ThRUYw18W_-PL_MSb-wGA.roa (raw, json)
Hash identifier:          xuGEtYiAySUCNhowhWOPFoqK37jKLtHlNul4/WvUeU4=
Subject key identifier:   D8:AA:26:2F:B4:E1:45:46:30:D7:C5:BF:F8:F2:FF:31:26:FE:C0:60
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       018CC5DC064EBB4B0E88DCC85A9E5F1EF5E4
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/2KomL7ThRUYw18W_-PL_MSb-wGA.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211503
IP address blocks:        81.29.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:06:4e:bb:4b:0e:88:dc:c8:5a:9e:5f:1e:f5:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8aa262fb4e1454630d7c5bff8f2ff3126fec060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f2:50:bd:b0:bf:37:db:84:76:eb:92:9a:d7:
                    ab:0b:14:1c:a3:1a:cb:75:c2:92:6d:64:60:b0:23:
                    dc:d5:24:0e:fc:8f:07:ac:6e:41:c5:44:77:f7:c9:
                    72:5c:5e:53:72:41:2f:f2:03:6f:db:8a:a8:f2:23:
                    05:c5:af:a6:ae:10:89:f7:9a:1d:d2:0a:c5:4a:eb:
                    f6:be:15:a5:22:aa:f7:5c:3a:41:c4:ed:83:8b:e2:
                    11:76:8e:5d:6b:1e:e9:ee:c3:dd:a9:4b:62:29:51:
                    5a:df:c0:c1:16:f8:0f:3b:ba:12:65:c9:2c:de:8e:
                    b0:e9:46:c8:f9:c0:6a:5a:05:84:d4:db:3a:64:a3:
                    d5:c1:0e:03:04:63:5e:05:83:6b:ac:22:62:ed:38:
                    63:51:96:da:b0:69:5e:9d:54:99:45:01:3f:d1:13:
                    b6:32:c8:64:73:9e:c8:1c:0c:0d:64:f1:a8:f8:a2:
                    aa:20:c7:92:0e:e9:35:a0:58:18:3c:df:51:d9:d1:
                    8e:b6:37:c4:61:5b:cc:b7:2a:c9:75:1a:a0:c4:09:
                    bf:26:3b:e0:74:e3:f7:ab:2c:e8:f0:02:ca:3b:8d:
                    95:a9:ff:86:af:88:bb:92:64:98:20:2f:bb:fb:07:
                    ba:ec:79:2b:8c:2c:3c:c5:2c:2d:ab:93:e2:44:f0:
                    22:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:AA:26:2F:B4:E1:45:46:30:D7:C5:BF:F8:F2:FF:31:26:FE:C0:60
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/2KomL7ThRUYw18W_-PL_MSb-wGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:d4:62:77:95:f6:cf:47:51:c3:0f:a1:71:1a:a0:8e:d0:d8:
         85:79:4a:27:ca:8b:26:93:18:ae:a6:9d:45:5e:0f:b2:09:6f:
         f5:41:82:1e:de:0c:d1:c7:0f:18:dd:20:53:53:20:54:b2:38:
         5f:5d:bd:02:30:a3:ab:bb:79:57:15:be:f7:8f:fd:75:4f:4d:
         a0:8a:38:66:ba:e6:fc:98:ed:93:3d:cf:96:59:52:a4:9a:46:
         2d:84:db:80:b6:17:d5:16:34:1d:71:aa:f5:13:9b:ce:80:58:
         1a:f6:f5:cb:b3:aa:f5:36:40:a7:6e:2e:24:61:86:9f:a0:9d:
         fa:ac:31:e5:49:44:67:2b:8d:f3:78:7f:d6:40:79:bd:80:3f:
         62:0c:67:0f:82:47:cd:8e:0c:bc:98:49:15:97:9b:3b:1f:cb:
         42:79:a9:ff:b0:cb:8a:b7:ad:05:80:f0:75:9e:c1:5e:e7:e1:
         93:50:da:5e:f9:bf:49:8c:7b:ee:2f:b2:0f:17:9e:36:ae:2b:
         88:02:9a:c6:66:ae:6d:9b:b3:73:7b:57:42:88:66:74:1d:7e:
         61:f2:33:ff:34:44:7e:0e:85:7f:e0:0a:90:c6:5d:f9:93:26:
         09:7d:f1:ea:93:7f:6d:36:61:55:a4:92:99:f1:db:49:8c:46:
         52:20:d7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AZOu0sOiNzIWp5fHvXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGFhMjYyZmI0ZTE0NTQ2MzBkN2M1YmZmOGYyZmYzMTI2ZmVjMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvJQvbC/N9uEduuSmterCxQcoxrL
dcKSbWRgsCPc1SQO/I8HrG5BxUR398lyXF5TckEv8gNv24qo8iMFxa+mrhCJ95od
0grFSuv2vhWlIqr3XDpBxO2Di+IRdo5dax7p7sPdqUtiKVFa38DBFvgPO7oSZcks
3o6w6UbI+cBqWgWE1Ns6ZKPVwQ4DBGNeBYNrrCJi7ThjUZbasGlenVSZRQE/0RO2
Mshkc57IHAwNZPGo+KKqIMeSDuk1oFgYPN9R2dGOtjfEYVvMtyrJdRqgxAm/Jjvg
dOP3qyzo8ALKO42Vqf+Gr4i7kmSYIC+7+we67HkrjCw8xSwtq5PiRPAiOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiqJi+04UVGMNfFv/jy/zEm/sBgMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvMktvbUw3VGhSVVl3MThXXy1QTF9NU2Itd0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2JMA0G
CSqGSIb3DQEBCwUAA4IBAQAT1GJ3lfbPR1HDD6FxGqCO0NiFeUonyosmkxiupp1F
Xg+yCW/1QYIe3gzRxw8Y3SBTUyBUsjhfXb0CMKOru3lXFb73j/11T02gijhmuub8
mO2TPc+WWVKkmkYthNuAthfVFjQdcar1E5vOgFga9vXLs6r1NkCnbi4kYYafoJ36
rDHlSURnK43zeH/WQHm9gD9iDGcPgkfNjgy8mEkVl5s7H8tCean/sMuKt60FgPB1
nsFe5+GTUNpe+b9JjHvuL7IPF542riuIAprGZq5tm7Nze1dCiGZ0HX5h8jP/NER+
DoV/4AqQxl35kyYJffHqk39tNmFVpJKZ8dtJjEZSINeL
-----END CERTIFICATE-----