Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/A2XrLgzhk_kwKJfkFrI2aq2AJXE.roa
File:                     A2XrLgzhk_kwKJfkFrI2aq2AJXE.roa (raw, json)
Hash identifier:          AjareoSOAwJYXqpeDT24MNkbHwFHeX4eQIYF7UAZdhg=
Subject key identifier:   03:65:EB:2E:0C:E1:93:F9:30:28:97:E4:16:B2:36:6A:AD:80:25:71
Certificate issuer:       /CN=f832463d4dabd2034f8fafc786351dfb293613f8
Certificate serial:       018CC3B7224AAAF709A85A050D67AEB0F661
Authority key identifier: F8:32:46:3D:4D:AB:D2:03:4F:8F:AF:C7:86:35:1D:FB:29:36:13:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/A2XrLgzhk_kwKJfkFrI2aq2AJXE.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        88.151.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:22:4a:aa:f7:09:a8:5a:05:0d:67:ae:b0:f6:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f832463d4dabd2034f8fafc786351dfb293613f8
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0365eb2e0ce193f9302897e416b2366aad802571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:af:c6:ed:38:41:94:52:26:2b:a1:a0:99:f6:
                    cd:31:a6:fd:7e:86:d9:79:a9:4d:6b:db:09:88:95:
                    74:81:aa:b0:b4:72:6b:b6:da:09:93:8e:98:ed:3a:
                    2c:11:67:0a:4f:49:f8:d8:af:c0:8a:35:fa:80:d8:
                    3e:0c:07:27:c6:c5:91:3d:1b:0d:b7:c9:d1:af:70:
                    b4:74:b1:c7:c2:93:fb:ed:ae:46:a8:96:3e:53:ba:
                    27:b0:2c:76:bf:02:14:a0:70:bd:fb:d8:1a:92:bb:
                    43:d3:c1:04:68:7b:be:7a:68:2c:ad:62:1a:2c:7f:
                    5c:72:30:bd:e0:5e:73:35:f2:7f:f7:73:e6:75:c4:
                    c8:ba:d6:d4:24:5a:2b:35:98:87:b9:7f:9a:7d:73:
                    4b:d5:fc:f9:d7:c7:97:5e:92:5d:db:2b:20:09:30:
                    cb:99:2c:f4:68:35:6d:cd:fb:64:9b:ac:bc:75:57:
                    ca:55:62:7e:50:f5:7b:2d:39:b8:65:32:df:58:4c:
                    c4:e7:34:20:1b:a1:b8:f2:f5:a5:42:2e:41:85:30:
                    5e:a8:02:13:67:45:d7:4c:4c:23:28:b3:9f:bd:e2:
                    2a:c3:07:08:fe:5f:df:11:05:b4:c1:29:7d:e1:bd:
                    0c:f2:02:43:c9:5c:3a:2e:e3:23:89:48:29:b2:f1:
                    49:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:65:EB:2E:0C:E1:93:F9:30:28:97:E4:16:B2:36:6A:AD:80:25:71
            X509v3 Authority Key Identifier:
                keyid:F8:32:46:3D:4D:AB:D2:03:4F:8F:AF:C7:86:35:1D:FB:29:36:13:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/A2XrLgzhk_kwKJfkFrI2aq2AJXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/68844e-9216-4b1b-96d0-16d9769b0eca/1/1-DJGPU2r0gNPj6_HhjUd-yk2E_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:b7:cb:9f:8c:c9:ad:19:26:8e:3e:3f:e8:cf:49:6b:f6:80:
         d1:a6:7b:61:e6:12:96:2f:b8:fd:96:cc:13:57:c3:00:58:cc:
         da:cb:83:cf:02:e8:e5:78:9b:4f:00:a6:1d:a1:56:2e:4b:cd:
         f3:43:2e:f1:b9:b9:c7:87:da:14:42:5a:86:1b:2a:89:67:74:
         5c:69:ec:8d:1f:79:b1:c7:0e:50:f3:fe:18:3f:b8:1b:66:da:
         eb:75:4c:a7:42:98:09:dd:f1:ba:ec:3d:a5:37:9f:ac:2c:43:
         2b:46:10:e8:30:1e:85:de:73:13:29:d2:0c:9b:75:22:fb:e2:
         d1:dd:3a:19:66:c7:0f:86:6c:0f:13:00:e8:60:64:61:9c:0a:
         8a:ef:1d:8c:1d:f8:14:15:5d:2c:f5:b9:20:c7:c8:57:4a:38:
         63:e4:99:7c:36:78:30:76:02:16:66:af:05:e1:d1:f4:29:76:
         ba:5f:67:c1:c3:8e:f9:11:81:06:d2:5e:8b:ba:6f:ee:f2:50:
         d7:ab:19:b5:c7:9f:a6:7b:d1:04:2e:cb:39:b9:a9:15:51:93:
         18:cc:c6:20:1a:9b:26:67:6a:5c:68:aa:a2:f1:0b:d2:bd:aa:
         49:9d:af:b3:66:80:3c:a2:29:6c:63:56:13:cf:34:16:69:f4:
         0c:fc:0b:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtyJKqvcJqFoFDWeusPZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MzI0NjNkNGRhYmQyMDM0ZjhmYWZjNzg2MzUxZGZiMjkz
NjEzZjgwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY1ZWIyZTBjZTE5M2Y5MzAyODk3ZTQxNmIyMzY2YWFkODAyNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAha/G7ThBlFImK6GgmfbNMab9fobZ
ealNa9sJiJV0gaqwtHJrttoJk46Y7TosEWcKT0n42K/AijX6gNg+DAcnxsWRPRsN
t8nRr3C0dLHHwpP77a5GqJY+U7onsCx2vwIUoHC9+9gakrtD08EEaHu+emgsrWIa
LH9ccjC94F5zNfJ/93PmdcTIutbUJForNZiHuX+afXNL1fz518eXXpJd2ysgCTDL
mSz0aDVtzftkm6y8dVfKVWJ+UPV7LTm4ZTLfWEzE5zQgG6G48vWlQi5BhTBeqAIT
Z0XXTEwjKLOfveIqwwcI/l/fEQW0wSl94b0M8gJDyVw6LuMjiUgpsvFJZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFANl6y4M4ZP5MCiX5BayNmqtgCVxMB8GA1UdIwQY
MBaAFPgyRj1Nq9IDT4+vx4Y1HfspNhP4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ESkdQVTJyMGdOUGo2X0hoalVkLXlrMkVfZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIvNjg4NDRlLTkyMTYtNGIxYi05NmQw
LTE2ZDk3NjliMGVjYS8xL0EyWHJMZ3poa19rd0tKZmtGckkyYXEyQUpYRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmIvNjg4NDRlLTkyMTYtNGIxYi05NmQwLTE2ZDk3NjliMGVj
YS8xLzEtREpHUFUycjBnTlBqNl9IaGpVZC15azJFX2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABYl3Mw
DQYJKoZIhvcNAQELBQADggEBAFq3y5+Mya0ZJo4+P+jPSWv2gNGme2HmEpYvuP2W
zBNXwwBYzNrLg88C6OV4m08Aph2hVi5LzfNDLvG5uceH2hRCWoYbKolndFxp7I0f
ebHHDlDz/hg/uBtm2ut1TKdCmAnd8brsPaU3n6wsQytGEOgwHoXecxMp0gybdSL7
4tHdOhlmxw+GbA8TAOhgZGGcCorvHYwd+BQVXSz1uSDHyFdKOGPkmXw2eDB2AhZm
rwXh0fQpdrpfZ8HDjvkRgQbSXou6b+7yUNerGbXHn6Z70QQuyzm5qRVRkxjMxiAa
myZnalxoqqLxC9K9qkmdr7NmgDyiKWxjVhPPNBZp9Az8Cxc=
-----END CERTIFICATE-----