Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/2CbgenPAyht217Ui4afxF_SwM8s.roa
File:                     2CbgenPAyht217Ui4afxF_SwM8s.roa (raw, json)
Hash identifier:          AhljtxIqIsmnrmOO26jlNU4taxnGtvfmx5v6QEgKSLs=
Subject key identifier:   D8:26:E0:7A:73:C0:CA:1B:76:D7:B5:22:E1:A7:F1:17:F4:B0:33:CB
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EB31CB24C57D440FC6608E1366F4
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/2CbgenPAyht217Ui4afxF_SwM8s.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27323
IP address blocks:        194.62.166.0/24 maxlen: 24
                          193.42.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:eb:31:cb:24:c5:7d:44:0f:c6:60:8e:13:66:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d826e07a73c0ca1b76d7b522e1a7f117f4b033cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:64:16:d5:fa:f8:de:e3:5f:19:5c:30:7a:69:
                    93:2d:5b:d2:71:f3:ed:62:1a:64:df:bf:f5:46:5c:
                    09:33:86:a7:28:70:10:15:c3:f4:f7:a5:48:07:ba:
                    c6:28:24:d4:f7:22:ad:1f:47:86:08:ca:4f:9d:2b:
                    f4:2a:09:d6:14:22:71:f3:77:10:79:22:42:fd:96:
                    f8:53:a4:81:7b:c4:d9:7e:0e:fb:ca:65:b6:a0:3b:
                    be:d6:7b:89:7d:b9:fd:be:bb:a8:65:ec:68:3d:fd:
                    cd:88:f2:07:75:e4:63:02:70:32:c3:f0:69:42:23:
                    4c:d1:d0:20:0f:c5:cb:7e:0a:84:43:d8:32:7e:da:
                    55:65:c9:d0:a1:b0:c2:fb:c8:ad:03:17:3d:59:66:
                    d1:e3:ff:f4:4e:8d:45:09:5d:e8:79:7d:28:32:ea:
                    59:39:bc:9b:15:1c:e2:77:09:5e:28:e7:e8:b5:22:
                    29:b9:5e:9b:76:28:e8:e4:0b:95:e9:f3:11:32:30:
                    7c:d5:ec:10:81:32:ec:ed:b8:4c:10:f9:06:d6:64:
                    4d:dc:17:66:59:73:0b:47:c8:62:4e:52:bd:a1:e5:
                    1c:88:99:ca:24:52:26:bb:fc:6f:7e:85:08:42:9a:
                    f1:03:8b:58:3d:85:b8:e9:97:9a:49:85:7d:9f:20:
                    c9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:26:E0:7A:73:C0:CA:1B:76:D7:B5:22:E1:A7:F1:17:F4:B0:33:CB
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/2CbgenPAyht217Ui4afxF_SwM8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.244.0/24
                  194.62.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:88:aa:9b:57:96:98:fc:09:c8:00:06:f2:f2:c9:d8:1a:19:
         c1:55:69:bb:22:db:ed:ab:06:e7:d6:99:bd:49:77:5f:c9:cf:
         c3:7f:1e:59:e4:e2:2a:dd:37:66:a7:e1:3c:cb:67:29:ca:76:
         f5:f5:5a:1b:1f:55:f1:9b:6e:9b:2d:18:38:48:44:8b:16:0b:
         47:29:be:a6:51:9d:94:50:a9:a2:ab:74:03:cc:74:c2:ae:cd:
         e4:64:a8:8b:30:c4:3f:e9:e2:90:ca:61:f3:97:df:1d:b6:60:
         61:a2:aa:2b:44:5e:4a:b3:f6:d0:93:d0:3c:6f:bc:25:3d:f1:
         fc:63:77:6e:0f:08:d1:86:c4:dd:f0:2c:e6:d3:10:dd:fc:86:
         42:7b:37:e7:24:44:fc:e7:07:da:a0:5c:7f:04:59:a4:4f:58:
         25:e3:13:ec:5b:1d:c3:7c:86:2c:30:dd:d6:e3:62:c3:86:d2:
         b5:a9:59:47:e7:4c:33:13:ea:2e:70:c5:e9:ed:bd:fb:1c:30:
         ee:2c:d2:a3:a5:f5:8b:17:90:d4:6e:04:b4:72:2d:3f:dc:0d:
         84:e7:23:d6:b0:40:05:7e:e9:6b:08:df:1e:7a:38:85:ca:45:
         05:72:0e:ec:78:3f:e3:5e:87:d3:12:24:2c:1f:0a:41:99:e3:
         02:30:19:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlOsxyyTFfUQPxmCOE2b0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI2ZTA3YTczYzBjYTFiNzZkN2I1MjJlMWE3ZjExN2Y0YjAzM2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmQW1fr43uNfGVwwemmTLVvScfPt
Yhpk37/1RlwJM4anKHAQFcP096VIB7rGKCTU9yKtH0eGCMpPnSv0KgnWFCJx83cQ
eSJC/Zb4U6SBe8TZfg77ymW2oDu+1nuJfbn9vruoZexoPf3NiPIHdeRjAnAyw/Bp
QiNM0dAgD8XLfgqEQ9gyftpVZcnQobDC+8itAxc9WWbR4//0To1FCV3oeX0oMupZ
ObybFRzidwleKOfotSIpuV6bdijo5AuV6fMRMjB81ewQgTLs7bhMEPkG1mRN3Bdm
WXMLR8hiTlK9oeUciJnKJFImu/xvfoUIQprxA4tYPYW46ZeaSYV9nyDJuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNgm4HpzwMobdte1IuGn8Rf0sDPLMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvMkNiZ2VuUEF5aHQyMTdVaTRhZnhGX1N3TThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSr0AwQA
wj6mMA0GCSqGSIb3DQEBCwUAA4IBAQCbiKqbV5aY/AnIAAby8snYGhnBVWm7Itvt
qwbn1pm9SXdfyc/Dfx5Z5OIq3Tdmp+E8y2cpynb19VobH1Xxm26bLRg4SESLFgtH
Kb6mUZ2UUKmiq3QDzHTCrs3kZKiLMMQ/6eKQymHzl98dtmBhoqorRF5Ks/bQk9A8
b7wlPfH8Y3duDwjRhsTd8Czm0xDd/IZCezfnJET85wfaoFx/BFmkT1gl4xPsWx3D
fIYsMN3W42LDhtK1qVlH50wzE+oucMXp7b37HDDuLNKjpfWLF5DUbgS0ci0/3A2E
5yPWsEAFfulrCN8eejiFykUFcg7seD/jXofTEiQsHwpBmeMCMBm8
-----END CERTIFICATE-----