Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/k2JPo_Gp1TjBLmBSyL24tCVNLUc.roa
File:                     k2JPo_Gp1TjBLmBSyL24tCVNLUc.roa (raw, json)
Hash identifier:          nrXxRBzmPLvNs44McRuT/ydVGtYJNzCUfrnN8Ou6ueY=
Subject key identifier:   93:62:4F:A3:F1:A9:D5:38:C1:2E:60:52:C8:BD:B8:B4:25:4D:2D:47
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2E37AF835F328000067B4FA077A8
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/k2JPo_Gp1TjBLmBSyL24tCVNLUc.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62071
IP address blocks:        185.212.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2e:37:af:83:5f:32:80:00:06:7b:4f:a0:77:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93624fa3f1a9d538c12e6052c8bdb8b4254d2d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5b:34:1c:f0:d9:ae:2d:28:47:02:09:00:1b:
                    85:28:53:d9:eb:8f:b7:68:8e:bc:7a:36:f4:9d:20:
                    0e:bb:04:57:02:09:48:6e:0e:46:7f:56:5d:25:ae:
                    c0:e2:45:e9:8a:cf:87:14:b7:0d:be:b8:0b:86:62:
                    81:48:84:c4:7d:27:95:11:59:21:ef:94:ee:a6:e9:
                    e8:81:b9:3e:44:9d:b3:cd:1d:c3:7d:69:e0:d1:f4:
                    92:22:3f:57:11:f1:e3:5a:f4:00:ae:21:0d:3f:da:
                    6c:8c:36:4c:bd:63:2a:4f:b7:1c:e7:8d:2d:bb:bf:
                    ab:cf:68:ba:ad:15:ee:f0:a9:a0:67:2f:c1:0f:13:
                    3b:14:26:cf:d8:75:93:5d:58:28:fe:d1:fd:99:68:
                    bd:e3:d8:33:fc:36:4b:ca:52:a2:2f:bc:cd:55:2d:
                    06:32:eb:15:ae:dd:50:b9:12:91:f3:b7:98:cf:90:
                    39:e9:d8:a0:94:d5:b5:a7:1d:97:23:f3:9a:50:0e:
                    ac:b7:b4:c4:17:89:77:fc:a2:87:a5:19:c2:e5:ae:
                    4d:bb:4d:c7:80:43:df:99:d9:d2:ab:ae:7f:36:dd:
                    0c:f8:41:f5:da:92:fc:4b:85:f0:35:f3:85:a8:fd:
                    a4:25:ca:4a:72:90:84:c6:b9:9e:a3:87:38:d3:c7:
                    cb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:62:4F:A3:F1:A9:D5:38:C1:2E:60:52:C8:BD:B8:B4:25:4D:2D:47
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/k2JPo_Gp1TjBLmBSyL24tCVNLUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d4:9d:ef:6c:72:02:8a:f0:01:db:7f:12:ef:93:65:23:59:
         7f:38:63:7b:d7:a2:bc:6d:9f:8d:e0:f0:a4:73:fa:59:90:92:
         54:31:1a:b4:a3:d8:2c:08:d2:0b:34:17:a1:85:21:af:35:33:
         0b:ca:44:60:5f:86:43:62:55:c8:d1:b7:f7:9c:b7:cb:2d:d9:
         80:aa:72:58:13:54:d6:53:bc:fc:01:79:c4:ea:96:3d:30:ae:
         a6:4a:6c:2d:33:15:48:15:d8:65:15:52:9c:8f:3c:de:71:b4:
         42:3a:47:f6:4b:87:fe:5c:4b:ab:f7:e8:6f:81:ee:37:b7:30:
         f1:02:e4:8a:37:52:56:f7:03:fe:88:2d:f2:d1:c5:60:69:24:
         85:64:98:c0:73:e8:0a:be:00:8f:63:83:13:b2:a6:9e:ea:16:
         82:8f:a8:30:0b:cb:69:d5:68:2b:2b:a6:71:b5:b2:e8:2c:fb:
         c5:7d:61:4b:01:49:37:84:81:fa:38:1f:1f:f9:47:2e:f4:b7:
         8b:28:31:d7:31:fc:f6:ff:02:96:06:03:f4:0f:7b:af:04:77:
         6d:b7:f2:fd:12:e1:6b:e4:61:7c:f3:31:e1:e7:ce:46:c8:0c:
         e0:9e:26:b5:2c:bf:67:52:ad:a4:fc:e4:53:6a:3e:a1:46:ed:
         76:bd:a4:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2y43r4NfMoAABntPoHeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzYyNGZhM2YxYTlkNTM4YzEyZTYwNTJjOGJkYjhiNDI1NGQyZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAols0HPDZri0oRwIJABuFKFPZ64+3
aI68ejb0nSAOuwRXAglIbg5Gf1ZdJa7A4kXpis+HFLcNvrgLhmKBSITEfSeVEVkh
75Tupunogbk+RJ2zzR3DfWng0fSSIj9XEfHjWvQAriENP9psjDZMvWMqT7cc540t
u7+rz2i6rRXu8KmgZy/BDxM7FCbP2HWTXVgo/tH9mWi949gz/DZLylKiL7zNVS0G
MusVrt1QuRKR87eYz5A56diglNW1px2XI/OaUA6st7TEF4l3/KKHpRnC5a5Nu03H
gEPfmdnSq65/Nt0M+EH12pL8S4XwNfOFqP2kJcpKcpCExrmeo4c408fLkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNiT6PxqdU4wS5gUsi9uLQlTS1HMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvazJKUG9fR3AxVGpCTG1CU3lMMjR0Q1ZOTFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQIMA0G
CSqGSIb3DQEBCwUAA4IBAQCq1J3vbHICivAB238S75NlI1l/OGN716K8bZ+N4PCk
c/pZkJJUMRq0o9gsCNILNBehhSGvNTMLykRgX4ZDYlXI0bf3nLfLLdmAqnJYE1TW
U7z8AXnE6pY9MK6mSmwtMxVIFdhlFVKcjzzecbRCOkf2S4f+XEur9+hvge43tzDx
AuSKN1JW9wP+iC3y0cVgaSSFZJjAc+gKvgCPY4MTsqae6haCj6gwC8tp1WgrK6Zx
tbLoLPvFfWFLAUk3hIH6OB8f+Ucu9LeLKDHXMfz2/wKWBgP0D3uvBHdtt/L9EuFr
5GF88zHh585GyAzgnia1LL9nUq2k/ORTaj6hRu12vaQb
-----END CERTIFICATE-----