Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/2xM2ojpqbXgXAXgO-b53TwG2uOs.roa
File:                     2xM2ojpqbXgXAXgO-b53TwG2uOs.roa (raw, json)
Hash identifier:          iiAkPAmj8C+lPPp6LJVNw37UE2SvuZzpdBNEU2iqx/A=
Subject key identifier:   DB:13:36:A2:3A:6A:6D:78:17:01:78:0E:F9:BE:77:4F:01:B6:B8:EB
Certificate issuer:       /CN=8e3bf3d0b765f2ea42461d1237ce7eade43b68af
Certificate serial:       018CC8010DEACDAB89A984D7B51938C23385
Authority key identifier: 8E:3B:F3:D0:B7:65:F2:EA:42:46:1D:12:37:CE:7E:AD:E4:3B:68:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjvz0Ldl8upCRh0SN85-reQ7aK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/2xM2ojpqbXgXAXgO-b53TwG2uOs.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.212.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/jjvz0Ldl8upCRh0SN85-reQ7aK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/jjvz0Ldl8upCRh0SN85-reQ7aK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jjvz0Ldl8upCRh0SN85-reQ7aK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0d:ea:cd:ab:89:a9:84:d7:b5:19:38:c2:33:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3bf3d0b765f2ea42461d1237ce7eade43b68af
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db1336a23a6a6d781701780ef9be774f01b6b8eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0f:a2:53:c5:e7:9a:a2:14:18:47:77:3f:5f:
                    a6:9d:bd:5f:04:11:2f:d0:d9:da:61:80:10:68:3f:
                    ef:9b:18:e2:01:ae:e9:36:2b:be:b6:84:25:75:b9:
                    51:d3:f3:2b:e5:1b:08:a4:ec:ea:fb:06:25:69:ed:
                    00:63:7a:27:0f:6c:a2:e8:9b:28:af:a0:03:7e:39:
                    5c:74:f4:ef:e7:fa:d7:26:ce:38:3b:c6:62:07:14:
                    91:5a:c6:4b:d7:ca:b2:a2:b1:d6:71:5a:b4:01:e8:
                    cd:54:f6:75:28:b4:d2:6e:1a:88:f0:2f:92:1a:84:
                    f0:60:4c:40:1a:12:a5:3d:56:45:c3:d3:8e:4c:5e:
                    6f:6d:c7:e8:fa:8d:d5:f6:30:9b:02:f7:a7:cb:c5:
                    a4:0a:8e:84:d5:31:ab:c0:ea:7c:64:fb:75:60:c4:
                    f8:bd:25:fd:32:75:94:6e:50:0f:ea:b6:09:d9:7f:
                    99:cb:82:7a:db:2c:4c:96:de:e9:23:7d:27:69:48:
                    c7:87:23:9c:04:31:b0:ff:c9:63:14:cd:c4:ac:94:
                    df:03:67:df:40:43:2d:45:46:a5:db:29:f3:e3:aa:
                    f9:81:6a:28:75:5d:7c:02:44:53:b4:71:4c:8c:5c:
                    b2:ce:7d:fd:84:87:97:7d:40:f5:16:f2:dc:14:06:
                    9a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:13:36:A2:3A:6A:6D:78:17:01:78:0E:F9:BE:77:4F:01:B6:B8:EB
            X509v3 Authority Key Identifier:
                keyid:8E:3B:F3:D0:B7:65:F2:EA:42:46:1D:12:37:CE:7E:AD:E4:3B:68:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjvz0Ldl8upCRh0SN85-reQ7aK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/2xM2ojpqbXgXAXgO-b53TwG2uOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/619250-12e7-4ea1-939c-51766b9ca86f/1/jjvz0Ldl8upCRh0SN85-reQ7aK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:a8:f7:be:df:70:79:a1:88:93:d2:ed:80:2d:4b:30:1d:45:
         de:76:55:d7:f4:51:ec:42:1e:78:c2:85:43:40:99:7c:98:a6:
         9f:b3:c4:d0:31:eb:f6:4b:85:26:a0:49:54:0c:8d:2c:96:fd:
         9c:a2:8a:c9:b4:d7:2d:0c:a2:e2:fc:c5:28:c5:b7:dc:08:ab:
         d9:ed:d8:14:66:9b:6e:3e:e0:b2:56:a6:be:b1:22:a7:1f:41:
         09:b2:83:0e:aa:c7:46:4f:45:0b:19:8f:d2:93:bf:7f:7b:91:
         1c:c0:3c:9b:fb:be:78:f9:04:49:ee:f7:9e:3c:5a:68:c8:42:
         1b:91:b8:33:e7:b1:ce:c3:aa:a6:80:cf:9e:d8:38:6d:9d:d2:
         b0:ea:67:13:33:df:6f:5f:b3:0a:d1:84:3e:bd:9f:31:7e:9f:
         e4:b9:e5:62:43:1d:8b:23:40:8a:12:16:25:b9:63:8c:ae:aa:
         f0:b1:26:6f:49:85:19:69:35:40:0e:57:fd:c1:2d:f7:51:94:
         89:7d:a8:72:9e:4f:c7:2e:e2:cb:fa:85:c9:b8:40:c2:2f:9b:
         1d:e5:8d:6e:d8:50:6f:42:2a:a0:e9:94:d6:ab:70:57:67:72:
         e4:20:49:dd:e7:94:68:54:b7:eb:a2:0e:16:c7:2d:e4:34:70:
         fe:93:1d:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQ3qzauJqYTXtRk4wjOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2JmM2QwYjc2NWYyZWE0MjQ2MWQxMjM3Y2U3ZWFkZTQz
YjY4YWYwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjEzMzZhMjNhNmE2ZDc4MTcwMTc4MGVmOWJlNzc0ZjAxYjZiOGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0w+iU8XnmqIUGEd3P1+mnb1fBBEv
0NnaYYAQaD/vmxjiAa7pNiu+toQldblR0/Mr5RsIpOzq+wYlae0AY3onD2yi6Jso
r6ADfjlcdPTv5/rXJs44O8ZiBxSRWsZL18qyorHWcVq0AejNVPZ1KLTSbhqI8C+S
GoTwYExAGhKlPVZFw9OOTF5vbcfo+o3V9jCbAveny8WkCo6E1TGrwOp8ZPt1YMT4
vSX9MnWUblAP6rYJ2X+Zy4J62yxMlt7pI30naUjHhyOcBDGw/8ljFM3ErJTfA2ff
QEMtRUal2ynz46r5gWoodV18AkRTtHFMjFyyzn39hIeXfUD1FvLcFAaa4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsTNqI6am14FwF4Dvm+d08BtrjrMB8GA1UdIwQY
MBaAFI4789C3ZfLqQkYdEjfOfq3kO2ivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamp2ejBMZGw4dXBDUmgwU044NS1yZVE3YUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82MTkyNTAtMTJlNy00ZWExLTkzOWMt
NTE3NjZiOWNhODZmLzEvMnhNMm9qcHFiWGdYQVhnTy1iNTNUd0cydU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82MTkyNTAtMTJlNy00ZWExLTkzOWMtNTE3NjZiOWNhODZm
LzEvamp2ejBMZGw4dXBDUmgwU044NS1yZVE3YUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQiMA0G
CSqGSIb3DQEBCwUAA4IBAQB2qPe+33B5oYiT0u2ALUswHUXedlXX9FHsQh54woVD
QJl8mKafs8TQMev2S4UmoElUDI0slv2coorJtNctDKLi/MUoxbfcCKvZ7dgUZptu
PuCyVqa+sSKnH0EJsoMOqsdGT0ULGY/Sk79/e5EcwDyb+754+QRJ7veePFpoyEIb
kbgz57HOw6qmgM+e2DhtndKw6mcTM99vX7MK0YQ+vZ8xfp/kueViQx2LI0CKEhYl
uWOMrqrwsSZvSYUZaTVADlf9wS33UZSJfahynk/HLuLL+oXJuEDCL5sd5Y1u2FBv
Qiqg6ZTWq3BXZ3LkIEnd55RoVLfrog4Wxy3kNHD+kx38
-----END CERTIFICATE-----