Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/2gf75ybNcWte-YXJViT6ywLPiEQ.roa
File:                     2gf75ybNcWte-YXJViT6ywLPiEQ.roa (raw, json)
Hash identifier:          sU6E1UCITbRMWtM1MTurOfkYKw7Drz7Sbjs3vORYXUo=
Subject key identifier:   DA:07:FB:E7:26:CD:71:6B:5E:F9:85:C9:56:24:FA:CB:02:CF:88:44
Certificate issuer:       /CN=8819956ddceae022cfe123da373c6b111640368d
Certificate serial:       018CCA2B7A7E221ECF099443B9512DE133B2
Authority key identifier: 88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBmVbdzq4CLP4SPaNzxrERZANo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/2gf75ybNcWte-YXJViT6ywLPiEQ.roa
Signing time:             Tue 02 Jan 2024 12:34:56 +0000
ROA not before:           Tue 02 Jan 2024 12:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2600
IP address blocks:        212.109.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBmVbdzq4CLP4SPaNzxrERZANo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:7a:7e:22:1e:cf:09:94:43:b9:51:2d:e1:33:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8819956ddceae022cfe123da373c6b111640368d
        Validity
            Not Before: Jan  2 12:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da07fbe726cd716b5ef985c95624facb02cf8844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a5:0a:19:d9:ac:5f:b5:06:05:80:21:6c:21:
                    f5:4d:45:f5:6b:cb:a6:ef:28:43:ff:9b:63:e6:f8:
                    50:28:5f:82:92:8b:8e:17:0a:b8:4a:ad:2c:b8:0d:
                    b4:38:1d:4b:cb:b7:2d:4e:e5:37:ec:09:41:11:c5:
                    1f:7a:86:39:66:16:c9:ef:c1:97:b4:93:81:54:64:
                    a7:cd:2c:54:44:bd:05:24:18:a9:31:45:88:66:3c:
                    7c:85:0c:7b:84:08:2d:dc:57:0c:8d:60:51:7f:39:
                    f7:42:17:4f:eb:39:47:6a:ae:84:df:f7:42:06:28:
                    19:5e:25:eb:eb:1c:b6:27:93:b3:02:34:86:fa:fa:
                    ca:fd:82:b5:97:ca:73:5a:6a:9f:e0:f2:e0:0a:7e:
                    06:c9:fe:80:8f:95:50:27:35:97:57:69:1b:d9:4c:
                    fc:ec:3c:bb:b9:df:4e:27:90:55:c9:48:76:83:d6:
                    c2:f2:7b:f3:1f:0f:87:0f:e1:e0:c2:0c:d5:fd:4a:
                    81:a4:da:57:f6:39:cc:44:54:91:1a:ad:8c:68:a4:
                    ba:f7:ec:d9:18:bd:34:4a:7e:b6:ad:f9:6a:40:e1:
                    a1:a9:5a:6f:fd:91:e6:74:ac:7e:b3:29:2f:90:a9:
                    f7:d6:2e:cd:de:c8:e5:29:b9:66:94:5f:23:5a:a6:
                    47:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:07:FB:E7:26:CD:71:6B:5E:F9:85:C9:56:24:FA:CB:02:CF:88:44
            X509v3 Authority Key Identifier:
                keyid:88:19:95:6D:DC:EA:E0:22:CF:E1:23:DA:37:3C:6B:11:16:40:36:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBmVbdzq4CLP4SPaNzxrERZANo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/2gf75ybNcWte-YXJViT6ywLPiEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/988768-f17b-4f59-be09-2deb14c290ed/1/iBmVbdzq4CLP4SPaNzxrERZANo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.109.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:fc:18:ce:39:5c:66:02:0e:47:30:63:a7:0a:ea:0a:75:c6:
         71:5c:1b:d5:1b:91:1a:b4:eb:fe:f6:a4:b2:4e:77:4f:21:54:
         23:2c:02:c6:19:cb:85:80:4b:7e:bf:13:c0:8c:19:0f:d7:d3:
         3f:5c:51:29:0d:9a:25:e3:cd:56:dd:d9:87:97:c7:fc:47:05:
         9d:aa:ff:84:cc:36:31:15:88:29:44:0a:f8:d5:7b:68:c7:fa:
         24:fd:20:87:38:a8:1f:e2:22:ba:de:d0:41:57:52:4f:11:3a:
         e9:aa:95:33:62:b0:c5:4d:29:da:04:e1:d2:43:8a:e0:99:4b:
         ba:9c:f0:ba:37:2d:3d:63:4d:f0:b4:d9:ae:da:8e:7b:27:b6:
         7f:0b:0c:ca:27:f4:be:e1:d4:7d:db:8e:ea:11:c2:5a:14:65:
         b1:e1:c8:e9:ef:53:7d:dd:f1:f0:eb:cb:51:fc:37:ad:26:f6:
         f5:df:ba:0b:bc:60:13:97:c3:b2:37:43:a4:db:e4:e2:5e:a0:
         f6:02:80:da:ec:9e:31:3b:e0:ff:4d:b4:92:2f:75:cd:36:82:
         9d:d8:d7:db:d0:b1:06:50:cb:08:62:5c:79:80:7d:11:74:96:
         ab:cd:05:80:7d:31:0d:86:85:43:a3:4b:71:09:38:83:8f:73:
         2b:7d:1b:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3p+Ih7PCZRDuVEt4TOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTk5NTZkZGNlYWUwMjJjZmUxMjNkYTM3M2M2YjExMTY0
MDM2OGQwHhcNMjQwMTAyMTIzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA3ZmJlNzI2Y2Q3MTZiNWVmOTg1Yzk1NjI0ZmFjYjAyY2Y4ODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqUKGdmsX7UGBYAhbCH1TUX1a8um
7yhD/5tj5vhQKF+CkouOFwq4Sq0suA20OB1Ly7ctTuU37AlBEcUfeoY5ZhbJ78GX
tJOBVGSnzSxURL0FJBipMUWIZjx8hQx7hAgt3FcMjWBRfzn3QhdP6zlHaq6E3/dC
BigZXiXr6xy2J5OzAjSG+vrK/YK1l8pzWmqf4PLgCn4Gyf6Aj5VQJzWXV2kb2Uz8
7Dy7ud9OJ5BVyUh2g9bC8nvzHw+HD+HgwgzV/UqBpNpX9jnMRFSRGq2MaKS69+zZ
GL00Sn62rflqQOGhqVpv/ZHmdKx+sykvkKn31i7N3sjlKblmlF8jWqZH/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoH++cmzXFrXvmFyVYk+ssCz4hEMB8GA1UdIwQY
MBaAFIgZlW3c6uAiz+Ej2jc8axEWQDaNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJtVmJkenE0Q0xQNFNQYU56eHJFUlpBTm8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85ODg3NjgtZjE3Yi00ZjU5LWJlMDkt
MmRlYjE0YzI5MGVkLzEvMmdmNzV5Yk5jV3RlLVlYSlZpVDZ5d0xQaUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85ODg3NjgtZjE3Yi00ZjU5LWJlMDktMmRlYjE0YzI5MGVk
LzEvaUJtVmJkenE0Q0xQNFNQYU56eHJFUlpBTm8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G3gMA0G
CSqGSIb3DQEBCwUAA4IBAQC8/BjOOVxmAg5HMGOnCuoKdcZxXBvVG5EatOv+9qSy
TndPIVQjLALGGcuFgEt+vxPAjBkP19M/XFEpDZol481W3dmHl8f8RwWdqv+EzDYx
FYgpRAr41Xtox/ok/SCHOKgf4iK63tBBV1JPETrpqpUzYrDFTSnaBOHSQ4rgmUu6
nPC6Ny09Y03wtNmu2o57J7Z/CwzKJ/S+4dR9247qEcJaFGWx4cjp71N93fHw68tR
/DetJvb137oLvGATl8OyN0Ok2+TiXqD2AoDa7J4xO+D/TbSSL3XNNoKd2Nfb0LEG
UMsIYlx5gH0RdJarzQWAfTENhoVDo0txCTiDj3MrfRtr
-----END CERTIFICATE-----