Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/2oQ6OJeMPFxNRYZuirFRK11PFc4.roa
File:                     2oQ6OJeMPFxNRYZuirFRK11PFc4.roa (raw, json)
Hash identifier:          3RKYu26oRFdKcoqtDIw6pKj+0uzjBxKgPxk0OO9s/lA=
Subject key identifier:   DA:84:3A:38:97:8C:3C:5C:4D:45:86:6E:8A:B1:51:2B:5D:4F:15:CE
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       018CC870728686478F2432805FD9B769A91B
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/2oQ6OJeMPFxNRYZuirFRK11PFc4.roa
Signing time:             Tue 02 Jan 2024 04:31:01 +0000
ROA not before:           Tue 02 Jan 2024 04:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        185.254.16.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:72:86:86:47:8f:24:32:80:5f:d9:b7:69:a9:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jan  2 04:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da843a38978c3c5c4d45866e8ab1512b5d4f15ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:60:6d:de:5f:39:46:cf:2b:47:ac:f5:21:72:
                    39:ef:0e:63:20:87:e5:52:93:b2:14:ca:92:cc:0d:
                    a0:4e:67:9c:02:e2:db:4d:a6:8c:df:48:d9:c6:50:
                    29:33:f8:3d:ad:e4:61:83:34:10:3d:1d:0f:55:f9:
                    46:71:d1:e0:a5:04:bf:66:8c:1a:c8:c3:01:02:b7:
                    75:85:e4:24:b5:89:e5:36:e2:dd:b8:85:20:1e:29:
                    4c:80:7b:fe:57:c1:f9:65:8b:b8:31:a6:64:11:14:
                    41:15:02:a7:9b:62:af:a6:a9:0a:3e:d0:42:79:30:
                    27:ef:bc:51:44:48:32:e2:61:53:0b:2e:c4:07:ff:
                    9f:e3:a1:d9:64:d7:3f:be:24:eb:ed:58:1a:fc:41:
                    2a:bb:2f:e0:25:9f:c3:5f:bf:23:e5:23:c2:ed:52:
                    18:d9:8c:af:7d:c5:1a:03:5e:e6:8a:f0:80:b6:79:
                    82:6c:11:d0:54:5b:12:8e:c0:60:73:ca:55:0d:a8:
                    b2:70:ad:31:38:99:ec:ad:ab:19:e3:4e:fa:45:6e:
                    3b:45:c1:7b:2a:2c:e7:8b:48:f7:dd:01:26:18:19:
                    fe:d7:ec:8d:2a:38:fe:f6:12:8f:08:85:eb:67:1c:
                    3d:71:5b:33:e1:ab:f4:03:90:51:03:d5:89:2a:c5:
                    11:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:84:3A:38:97:8C:3C:5C:4D:45:86:6E:8A:B1:51:2B:5D:4F:15:CE
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/2oQ6OJeMPFxNRYZuirFRK11PFc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:11:90:d8:da:ec:0b:cb:84:8b:4c:27:a7:58:7e:0d:10:05:
         ab:51:9c:f6:75:d4:e6:e8:fe:5b:2b:b4:bb:5d:03:d3:36:f4:
         80:78:97:65:6a:3d:7d:34:b7:de:f4:b5:19:ce:f6:04:8c:2b:
         d1:38:1e:99:8d:8f:13:ea:61:5c:8b:60:eb:eb:93:ac:e4:12:
         db:f6:02:c2:52:90:5d:b8:64:49:0b:2a:03:2a:4a:c9:15:a2:
         46:cd:9f:af:79:1a:0a:19:b7:8b:6b:9c:b5:24:4e:b8:86:05:
         9c:14:21:1c:57:73:e2:c7:44:1a:23:dc:05:b9:13:78:7b:87:
         c4:98:6d:85:55:a6:98:97:de:6e:8f:00:27:5b:19:03:26:48:
         96:37:0c:c2:c6:62:bf:4f:22:26:48:22:9c:64:da:c1:1e:45:
         23:cc:44:a1:ee:0a:4e:dd:85:bb:5e:f8:c3:18:76:65:53:5a:
         35:cc:c8:18:ae:09:ac:8d:11:9d:95:b8:2d:05:5d:02:f2:9f:
         db:a5:21:93:66:63:4e:78:de:39:aa:f0:b4:39:be:2c:0c:48:
         18:6c:77:99:7e:22:98:47:c0:10:91:21:4a:0a:18:f9:db:d1:
         c6:53:d4:ec:ee:07:f6:40:9d:13:a5:2c:0e:c6:18:8c:07:5a:
         47:15:03:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcHKGhkePJDKAX9m3aakbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjQwMTAyMDQzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTg0M2EzODk3OGMzYzVjNGQ0NTg2NmU4YWIxNTEyYjVkNGYxNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWBt3l85Rs8rR6z1IXI57w5jIIfl
UpOyFMqSzA2gTmecAuLbTaaM30jZxlApM/g9reRhgzQQPR0PVflGcdHgpQS/Zowa
yMMBArd1heQktYnlNuLduIUgHilMgHv+V8H5ZYu4MaZkERRBFQKnm2KvpqkKPtBC
eTAn77xRREgy4mFTCy7EB/+f46HZZNc/viTr7Vga/EEquy/gJZ/DX78j5SPC7VIY
2YyvfcUaA17mivCAtnmCbBHQVFsSjsBgc8pVDaiycK0xOJnsrasZ4076RW47RcF7
Kizni0j33QEmGBn+1+yNKjj+9hKPCIXrZxw9cVsz4av0A5BRA9WJKsURDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqEOjiXjDxcTUWGboqxUStdTxXOMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvMm9RNk9KZU1QRnhOUlladWlyRlJLMTFQRmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuf4QMA0G
CSqGSIb3DQEBCwUAA4IBAQBzEZDY2uwLy4SLTCenWH4NEAWrUZz2ddTm6P5bK7S7
XQPTNvSAeJdlaj19NLfe9LUZzvYEjCvROB6ZjY8T6mFci2Dr65Os5BLb9gLCUpBd
uGRJCyoDKkrJFaJGzZ+veRoKGbeLa5y1JE64hgWcFCEcV3Pix0QaI9wFuRN4e4fE
mG2FVaaYl95ujwAnWxkDJkiWNwzCxmK/TyImSCKcZNrBHkUjzESh7gpO3YW7XvjD
GHZlU1o1zMgYrgmsjRGdlbgtBV0C8p/bpSGTZmNOeN45qvC0Ob4sDEgYbHeZfiKY
R8AQkSFKChj529HGU9Ts7gf2QJ0TpSwOxhiMB1pHFQPo
-----END CERTIFICATE-----