Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/2wMbk_qVGtVccWM2YIia2pV1fbk.roa
File:                     2wMbk_qVGtVccWM2YIia2pV1fbk.roa (raw, json)
Hash identifier:          1pxcMmNL7jdPgaKgQhChMODtIi7KVC9aYsiMrMJL91s=
Subject key identifier:   DB:03:1B:93:FA:95:1A:D5:5C:71:63:36:60:88:9A:DA:95:75:7D:B9
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B6605291D76A315B4DD5B23E6CFA8
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/2wMbk_qVGtVccWM2YIia2pV1fbk.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42960
IP address blocks:        91.238.203.0/24 maxlen: 24
                          193.200.130.0/24 maxlen: 24
                          193.200.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:66:05:29:1d:76:a3:15:b4:dd:5b:23:e6:cf:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db031b93fa951ad55c71633660889ada95757db9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c1:c4:d8:ad:23:8d:a1:94:81:b6:e6:53:6b:
                    88:3f:c9:70:d5:5d:df:61:c2:7f:74:54:dc:e5:98:
                    b5:2d:dd:95:d9:1f:c7:34:92:59:9f:e1:f7:4a:e0:
                    45:2c:62:61:f9:02:cc:17:c5:60:0f:5b:c2:73:79:
                    df:7e:ae:e0:4b:38:d8:ec:a4:16:40:af:ef:04:33:
                    fc:0d:53:c7:cb:5a:54:28:3e:17:33:30:0e:59:d0:
                    f4:c2:76:92:1b:50:14:21:7f:fa:d4:b0:1a:0e:c6:
                    34:85:87:ac:f3:bd:fa:8c:c9:4b:34:84:3d:ee:94:
                    d6:74:64:e6:25:3c:f2:70:1b:b6:1a:27:1d:3c:2c:
                    8a:e3:bc:69:c2:db:14:b3:03:b9:6e:24:f8:e5:a8:
                    bd:16:d7:f5:e7:59:ec:32:4a:9a:b7:d6:bf:21:b9:
                    24:b5:e9:2d:01:5b:dc:03:e8:15:02:1a:a1:a0:76:
                    87:a4:d7:e3:61:cd:d6:82:89:4b:5c:27:cf:bb:5c:
                    bf:20:4b:42:67:4d:67:a4:e4:35:7c:09:e1:42:e1:
                    92:a2:ae:33:26:1f:48:df:d7:9c:b2:8f:b4:c9:78:
                    7c:1c:ec:6b:74:fc:5c:17:78:ca:89:b0:78:cc:ee:
                    77:d6:bb:52:00:4d:e0:a5:d7:ac:5d:d8:a4:2f:63:
                    a0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:03:1B:93:FA:95:1A:D5:5C:71:63:36:60:88:9A:DA:95:75:7D:B9
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/2wMbk_qVGtVccWM2YIia2pV1fbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.203.0/24
                  193.200.130.0/24
                  193.200.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7c:e5:8c:c4:db:4d:c0:31:d8:28:32:0b:1e:bb:1e:78:28:
         22:33:12:eb:72:3f:a7:57:b8:9d:da:c3:aa:85:2a:71:b0:ea:
         63:4f:72:d5:2d:f8:2f:b6:69:00:9c:86:a6:04:58:e1:25:4b:
         ae:c4:58:e8:e6:f9:e6:6a:b5:79:de:40:c6:60:50:e5:6e:28:
         ca:ee:7b:28:e8:64:b6:fe:dd:47:f6:58:66:2c:6b:9f:cd:3c:
         27:c2:d7:e5:a7:6d:be:ed:94:97:78:40:aa:e5:07:d6:77:70:
         9c:52:01:0d:f6:69:9d:bb:7c:2a:75:12:d3:9a:13:14:50:f7:
         de:7c:b1:03:36:05:c6:c5:43:01:88:19:b5:de:a3:c0:2f:68:
         68:74:1c:b8:a4:27:2f:50:1e:90:77:91:ae:05:65:f7:28:97:
         0d:db:8c:e4:86:06:90:5a:4c:26:40:ac:36:94:5d:26:ee:98:
         83:91:0b:0b:7e:f6:73:1d:e7:68:85:7e:13:98:ea:f4:0c:2d:
         58:99:2d:dd:9c:72:5b:74:13:ff:20:96:1f:e7:e4:2b:52:67:
         05:a9:d5:78:cf:99:81:5b:2e:27:ef:4b:fc:1f:fd:b7:02:28:
         74:74:a9:84:0d:17:b9:9a:bc:5c:6a:41:98:23:c1:ff:29:b1:
         b4:90:0a:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGS2YFKR12oxW03Vsj5s+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAzMWI5M2ZhOTUxYWQ1NWM3MTYzMzY2MDg4OWFkYTk1NzU3ZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MHE2K0jjaGUgbbmU2uIP8lw1V3f
YcJ/dFTc5Zi1Ld2V2R/HNJJZn+H3SuBFLGJh+QLMF8VgD1vCc3nffq7gSzjY7KQW
QK/vBDP8DVPHy1pUKD4XMzAOWdD0wnaSG1AUIX/61LAaDsY0hYes8736jMlLNIQ9
7pTWdGTmJTzycBu2GicdPCyK47xpwtsUswO5biT45ai9Ftf151nsMkqat9a/Ibkk
tektAVvcA+gVAhqhoHaHpNfjYc3WgolLXCfPu1y/IEtCZ01npOQ1fAnhQuGSoq4z
Jh9I39ecso+0yXh8HOxrdPxcF3jKibB4zO531rtSAE3gpdesXdikL2OgNwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNsDG5P6lRrVXHFjNmCImtqVdX25MB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvMndNYmtfcVZHdFZjY1dNMllJaWEycFYxZmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+7LAwQA
wciCAwQAwciGMA0GCSqGSIb3DQEBCwUAA4IBAQACfOWMxNtNwDHYKDILHrseeCgi
MxLrcj+nV7id2sOqhSpxsOpjT3LVLfgvtmkAnIamBFjhJUuuxFjo5vnmarV53kDG
YFDlbijK7nso6GS2/t1H9lhmLGufzTwnwtflp22+7ZSXeECq5QfWd3CcUgEN9mmd
u3wqdRLTmhMUUPfefLEDNgXGxUMBiBm13qPAL2hodBy4pCcvUB6Qd5GuBWX3KJcN
24zkhgaQWkwmQKw2lF0m7piDkQsLfvZzHedohX4TmOr0DC1YmS3dnHJbdBP/IJYf
5+QrUmcFqdV4z5mBWy4n70v8H/23Aih0dKmEDRe5mrxcakGYI8H/KbG0kAoJ
-----END CERTIFICATE-----