Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2_S-Vg_l6ZN9p5AKNJ5j5Oe5ZXM.roa
File:                     2_S-Vg_l6ZN9p5AKNJ5j5Oe5ZXM.roa (raw, json)
Hash identifier:          9NEMIS0QWGanvza0HssLKTF9qr7t8/UuQKOz2FWd1jY=
Subject key identifier:   DB:F4:BE:56:0F:E5:E9:93:7D:A7:90:0A:34:9E:63:E4:E7:B9:65:73
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7944B00643CF09EBA7C7305F1344CEE
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2_S-Vg_l6ZN9p5AKNJ5j5Oe5ZXM.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212097
IP address blocks:        212.115.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4b:00:64:3c:f0:9e:ba:7c:73:05:f1:34:4c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbf4be560fe5e9937da7900a349e63e4e7b96573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:16:1e:2e:bb:3f:a2:ae:c9:61:35:0c:b9:af:
                    8b:af:c6:95:37:76:a5:36:a1:69:e8:0f:41:df:e1:
                    d4:40:8e:0e:db:8c:6f:ab:e1:85:92:58:52:c3:0e:
                    38:4c:78:61:28:41:57:65:ee:84:39:bc:f0:ef:97:
                    2f:25:d8:11:31:b8:39:b4:b8:0a:23:ff:66:7d:f5:
                    23:0c:42:ac:eb:19:21:30:72:8b:d3:85:c6:34:3e:
                    39:c6:16:50:9a:1e:2f:e3:b1:c6:a7:68:20:60:a6:
                    0e:83:a4:99:b0:2a:c3:27:4a:db:5f:28:c9:69:67:
                    6e:bf:48:dc:c0:f0:4e:2b:86:c5:c6:8f:a8:37:51:
                    a6:83:9f:1b:d6:3a:a2:4a:7b:14:04:48:a5:c9:cb:
                    62:52:40:fd:51:aa:01:6b:1d:cd:f8:77:06:b9:58:
                    48:b2:c7:f9:28:f3:02:45:1d:fc:9d:c2:e8:36:6a:
                    17:d0:c7:63:6f:e8:0f:da:9c:cb:96:66:e4:c4:9e:
                    8f:1a:ea:df:f2:23:e4:84:3b:e8:8b:8d:bc:ba:dd:
                    0d:de:80:69:16:2b:33:29:cf:62:c0:40:4a:c2:68:
                    c5:ce:17:d8:2e:9d:3b:49:29:f5:e9:fa:b3:05:7c:
                    70:dc:78:f7:56:ee:6d:6e:55:86:7b:59:16:40:19:
                    c2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F4:BE:56:0F:E5:E9:93:7D:A7:90:0A:34:9E:63:E4:E7:B9:65:73
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2_S-Vg_l6ZN9p5AKNJ5j5Oe5ZXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:81:d2:d5:28:14:33:67:65:d7:04:fb:f7:99:06:22:64:f4:
         f8:85:23:74:75:f8:c1:89:92:3f:a1:23:be:18:d3:b3:e5:f6:
         c1:21:ce:62:b0:fa:f5:f7:68:8d:9d:23:c5:9e:50:8f:70:8a:
         3f:d4:a1:8b:cb:37:af:ba:a7:27:1a:3d:ac:21:76:53:37:ca:
         e3:49:fb:3a:c5:29:55:53:a5:b6:3a:b3:4a:4f:a7:3a:c6:c9:
         a0:b0:80:8a:17:d1:40:5e:9d:77:2f:af:53:52:31:42:06:9a:
         12:95:4a:8c:25:c1:75:f9:6f:28:64:37:3b:06:17:d7:85:a7:
         e2:7c:f1:fb:14:16:1f:63:57:6c:7f:3a:a8:ba:41:1d:2a:a1:
         0b:78:98:1c:bb:c2:d3:5d:df:a2:46:84:14:01:da:10:f2:d0:
         a2:96:1d:38:70:10:7b:b9:00:34:41:cf:9c:28:96:15:29:64:
         06:a3:d7:34:d5:26:4d:d5:3f:01:fa:8c:52:e6:2a:3d:eb:1a:
         da:b6:0d:70:11:6b:22:f2:4f:d7:91:22:b0:d7:47:65:5c:c4:
         11:a1:80:79:ec:cd:13:72:2b:6a:03:d7:6d:43:15:ec:61:a0:
         0e:e3:b7:aa:1c:6c:e9:28:7d:77:18:af:23:ef:26:21:e0:dc:
         b8:6a:a2:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEsAZDzwnrp8cwXxNEzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY0YmU1NjBmZTVlOTkzN2RhNzkwMGEzNDllNjNlNGU3Yjk2NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRYeLrs/oq7JYTUMua+Lr8aVN3al
NqFp6A9B3+HUQI4O24xvq+GFklhSww44THhhKEFXZe6EObzw75cvJdgRMbg5tLgK
I/9mffUjDEKs6xkhMHKL04XGND45xhZQmh4v47HGp2ggYKYOg6SZsCrDJ0rbXyjJ
aWduv0jcwPBOK4bFxo+oN1Gmg58b1jqiSnsUBEilyctiUkD9UaoBax3N+HcGuVhI
ssf5KPMCRR38ncLoNmoX0Mdjb+gP2pzLlmbkxJ6PGurf8iPkhDvoi428ut0N3oBp
FiszKc9iwEBKwmjFzhfYLp07SSn16fqzBXxw3Hj3Vu5tblWGe1kWQBnCCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv0vlYP5emTfaeQCjSeY+TnuWVzMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMl9TLVZnX2w2Wk45cDVBS05KNWo1T2U1WlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HOCMA0G
CSqGSIb3DQEBCwUAA4IBAQAAgdLVKBQzZ2XXBPv3mQYiZPT4hSN0dfjBiZI/oSO+
GNOz5fbBIc5isPr192iNnSPFnlCPcIo/1KGLyzevuqcnGj2sIXZTN8rjSfs6xSlV
U6W2OrNKT6c6xsmgsICKF9FAXp13L69TUjFCBpoSlUqMJcF1+W8oZDc7BhfXhafi
fPH7FBYfY1dsfzqoukEdKqELeJgcu8LTXd+iRoQUAdoQ8tCilh04cBB7uQA0Qc+c
KJYVKWQGo9c01SZN1T8B+oxS5io96xratg1wEWsi8k/XkSKw10dlXMQRoYB57M0T
citqA9dtQxXsYaAO47eqHGzpKH13GK8j7yYh4Ny4aqKW
-----END CERTIFICATE-----