Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/BHfnSnxwgMt3nwqjqNuxY72SDas.roa
File:                     BHfnSnxwgMt3nwqjqNuxY72SDas.roa (raw, json)
Hash identifier:          scUzXZjulWN2OiDVv1cmZcAxOkJUp4OgHlVvGDDBm98=
Subject key identifier:   04:77:E7:4A:7C:70:80:CB:77:9F:0A:A3:A8:DB:B1:63:BD:92:0D:AB
Certificate issuer:       /CN=c2a911d69c4f6457a109de77b1c75249dc530e17
Certificate serial:       018CC6B83D69207F3E4516F3D2C6972691B9
Authority key identifier: C2:A9:11:D6:9C:4F:64:57:A1:09:DE:77:B1:C7:52:49:DC:53:0E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wqkR1pxPZFehCd53scdSSdxTDhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/BHfnSnxwgMt3nwqjqNuxY72SDas.roa
Signing time:             Mon 01 Jan 2024 20:30:12 +0000
ROA not before:           Mon 01 Jan 2024 20:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        141.98.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/wqkR1pxPZFehCd53scdSSdxTDhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/wqkR1pxPZFehCd53scdSSdxTDhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wqkR1pxPZFehCd53scdSSdxTDhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:3d:69:20:7f:3e:45:16:f3:d2:c6:97:26:91:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2a911d69c4f6457a109de77b1c75249dc530e17
        Validity
            Not Before: Jan  1 20:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0477e74a7c7080cb779f0aa3a8dbb163bd920dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d0:d0:a3:23:d2:dc:3f:41:62:06:a5:f0:38:
                    54:88:92:f6:ab:7d:89:4f:8c:7f:80:82:08:87:8c:
                    3a:53:84:d4:5e:a1:4a:dc:d3:3a:c8:89:17:f4:3e:
                    01:70:81:18:04:92:f6:d9:a3:22:c4:8f:c3:19:f9:
                    3c:98:98:93:75:0f:bd:d1:e2:b1:20:3f:f7:4c:e1:
                    55:37:64:52:37:ca:f0:dc:df:be:dd:9a:1b:ec:96:
                    67:8c:58:ef:75:df:81:77:97:f9:18:86:28:3c:3c:
                    75:35:1a:d6:5d:10:03:a3:9f:0c:e9:93:9d:bf:9e:
                    b4:79:19:f0:e7:ba:af:31:bc:06:cd:ff:b8:c6:b6:
                    6d:a4:1a:dc:c7:e8:69:7e:d6:68:5c:42:6e:80:d2:
                    e1:e2:31:f1:26:cf:85:9d:b7:0e:aa:59:37:da:20:
                    3c:9b:e6:1a:1b:f8:48:ad:7a:8c:46:b6:c2:3d:34:
                    84:b0:43:e0:73:26:d0:a9:ca:00:e7:41:c6:50:65:
                    b7:d1:41:e1:29:e8:21:a5:4c:75:10:21:7d:43:c9:
                    6d:cc:94:81:71:8e:f7:eb:d7:eb:83:39:d5:43:0b:
                    ef:48:28:3e:7a:64:3c:36:c2:aa:85:ba:1c:e6:7f:
                    83:d4:7d:84:6a:b0:d9:f6:5e:89:33:4e:76:de:a7:
                    fa:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:77:E7:4A:7C:70:80:CB:77:9F:0A:A3:A8:DB:B1:63:BD:92:0D:AB
            X509v3 Authority Key Identifier:
                keyid:C2:A9:11:D6:9C:4F:64:57:A1:09:DE:77:B1:C7:52:49:DC:53:0E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wqkR1pxPZFehCd53scdSSdxTDhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/BHfnSnxwgMt3nwqjqNuxY72SDas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c6535d-721f-4301-9d89-fcdad2b5656b/1/wqkR1pxPZFehCd53scdSSdxTDhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:17:51:b7:a6:8e:18:ff:38:42:dc:b3:0c:3e:c2:31:9d:91:
         49:54:b7:c1:d2:7d:ab:f5:30:5b:95:96:07:31:66:b8:5f:c5:
         dd:ee:79:aa:08:2b:21:d3:b4:1d:4f:64:59:70:54:e2:a3:55:
         33:d7:01:5c:58:44:d4:c9:32:12:9c:e6:f7:af:e7:a7:61:5e:
         66:34:c1:99:dc:d2:e5:84:58:8b:f9:c6:71:56:d2:a5:f4:a6:
         42:3d:99:18:ac:8c:64:6c:4d:89:d9:7d:7d:3a:b3:16:09:54:
         4e:24:77:21:1a:2a:30:21:b2:c7:37:81:eb:60:5a:db:d7:ee:
         d7:b5:a3:dd:3d:44:b2:57:a0:ab:ea:d3:bf:b2:c7:be:99:51:
         4d:6d:98:e1:ba:a7:22:51:09:e5:29:15:37:c7:c3:bc:d6:4f:
         03:d3:c0:54:2f:55:d7:3a:10:2e:07:15:b9:6d:ce:33:92:ea:
         6f:b4:c8:54:62:21:e0:30:2c:13:42:31:5f:a2:6f:0a:e6:69:
         c4:a8:46:27:d5:4d:1f:f2:cf:36:24:26:cf:46:29:df:09:99:
         ae:31:be:5d:bb:d9:45:07:84:a7:3e:51:50:d1:3e:2f:cd:6b:
         44:55:91:ec:bb:f5:a3:26:06:ad:83:ed:ca:1b:29:da:00:e5:
         17:02:09:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuD1pIH8+RRbz0saXJpG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYTkxMWQ2OWM0ZjY0NTdhMTA5ZGU3N2IxYzc1MjQ5ZGM1
MzBlMTcwHhcNMjQwMTAxMjAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc3ZTc0YTdjNzA4MGNiNzc5ZjBhYTNhOGRiYjE2M2JkOTIwZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9DQoyPS3D9BYgal8DhUiJL2q32J
T4x/gIIIh4w6U4TUXqFK3NM6yIkX9D4BcIEYBJL22aMixI/DGfk8mJiTdQ+90eKx
ID/3TOFVN2RSN8rw3N++3Zob7JZnjFjvdd+Bd5f5GIYoPDx1NRrWXRADo58M6ZOd
v560eRnw57qvMbwGzf+4xrZtpBrcx+hpftZoXEJugNLh4jHxJs+FnbcOqlk32iA8
m+YaG/hIrXqMRrbCPTSEsEPgcybQqcoA50HGUGW30UHhKeghpUx1ECF9Q8ltzJSB
cY7369frgznVQwvvSCg+emQ8NsKqhboc5n+D1H2EarDZ9l6JM0523qf60QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR350p8cIDLd58Ko6jbsWO9kg2rMB8GA1UdIwQY
MBaAFMKpEdacT2RXoQned7HHUkncUw4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FrUjFweFBaRmVoQ2Q1M3NjZFNTZHhURGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jNjUzNWQtNzIxZi00MzAxLTlkODkt
ZmNkYWQyYjU2NTZiLzEvQkhmblNueHdnTXQzbndxanFOdXhZNzJTRGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jNjUzNWQtNzIxZi00MzAxLTlkODktZmNkYWQyYjU2NTZi
LzEvd3FrUjFweFBaRmVoQ2Q1M3NjZFNTZHhURGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWLSMA0G
CSqGSIb3DQEBCwUAA4IBAQAAF1G3po4Y/zhC3LMMPsIxnZFJVLfB0n2r9TBblZYH
MWa4X8Xd7nmqCCsh07QdT2RZcFTio1Uz1wFcWETUyTISnOb3r+enYV5mNMGZ3NLl
hFiL+cZxVtKl9KZCPZkYrIxkbE2J2X19OrMWCVROJHchGiowIbLHN4HrYFrb1+7X
taPdPUSyV6Cr6tO/sse+mVFNbZjhuqciUQnlKRU3x8O81k8D08BUL1XXOhAuBxW5
bc4zkupvtMhUYiHgMCwTQjFfom8K5mnEqEYn1U0f8s82JCbPRinfCZmuMb5du9lF
B4SnPlFQ0T4vzWtEVZHsu/WjJgatg+3KGynaAOUXAgkz
-----END CERTIFICATE-----