Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iznsD8RBPhq-9hPNM4qZM_aDnzY.roa
File:                     iznsD8RBPhq-9hPNM4qZM_aDnzY.roa (raw, json)
Hash identifier:          7i03RU985Yty25evXCX9O60uGQ6mKCAZPjff88feFrM=
Subject key identifier:   8B:39:EC:0F:C4:41:3E:1A:BE:F6:13:CD:33:8A:99:33:F6:83:9F:36
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EB7769558E23687B231B9C1B37D6
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iznsD8RBPhq-9hPNM4qZM_aDnzY.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29713
IP address blocks:        185.240.87.0/24 maxlen: 24
                          80.76.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 13:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:eb:77:69:55:8e:23:68:7b:23:1b:9c:1b:37:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b39ec0fc4413e1abef613cd338a9933f6839f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:23:69:d2:13:aa:5b:b7:7f:e2:5a:91:08:b7:
                    29:ea:d4:a9:1d:43:dd:c0:ea:73:73:d8:1b:57:e1:
                    c1:ef:32:1d:7a:ff:89:31:87:af:71:4a:e9:b3:fe:
                    b6:de:44:cb:b1:ba:47:a1:7c:5d:8b:3b:48:45:d9:
                    de:65:26:6d:a6:c4:cd:50:a8:ef:03:1c:07:e9:49:
                    44:b0:ad:65:19:55:cb:00:80:22:d3:43:cf:e4:cf:
                    86:ce:dc:b5:f5:ad:80:73:07:da:9d:19:68:a1:68:
                    84:73:44:ee:51:d5:bb:dc:bb:e5:b8:e4:1c:7f:bd:
                    4f:e0:30:ed:3f:d1:73:bc:b8:f0:5f:bb:59:8f:7c:
                    f6:61:13:78:c7:66:63:d2:0c:29:1a:64:79:70:dc:
                    fd:59:ad:0e:14:94:e1:7d:99:81:5a:5d:d3:4d:13:
                    e4:1d:d6:ca:b1:fc:69:2d:bc:5c:ca:35:2d:eb:74:
                    76:46:94:c0:50:56:f8:31:2b:1d:77:79:fc:84:f9:
                    ea:8a:a1:b1:1e:bd:9c:75:7f:b6:90:7a:26:c7:30:
                    5d:53:d5:54:1b:b8:f6:8a:b6:11:ad:2e:b9:45:d1:
                    78:db:e0:0d:6a:cc:67:fd:43:53:72:29:1a:80:34:
                    08:38:70:b8:94:b6:c8:cb:75:7c:71:ae:8e:65:50:
                    82:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:39:EC:0F:C4:41:3E:1A:BE:F6:13:CD:33:8A:99:33:F6:83:9F:36
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iznsD8RBPhq-9hPNM4qZM_aDnzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.44.0/24
                  185.240.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:94:52:59:d5:c6:02:e1:05:1f:77:5e:89:ad:47:50:af:90:
         ef:7a:0a:35:8a:65:02:db:0d:32:9a:e2:24:d8:d3:43:80:e5:
         61:63:76:6d:14:0a:79:48:47:71:aa:f6:e5:82:58:8b:7f:e9:
         af:8a:90:1e:65:ca:40:d5:21:37:fa:d6:45:44:c9:5f:55:10:
         02:af:7a:f2:a5:0c:36:fa:c7:d2:a8:3b:a9:3f:9f:45:5e:96:
         27:6c:26:ad:62:58:d0:8f:db:43:93:cf:44:d3:3b:a7:3d:59:
         a1:b0:da:af:79:0e:91:af:55:61:d5:6c:76:56:db:ed:c2:53:
         3e:49:12:be:46:6b:fc:48:e5:11:cd:1a:39:ab:bc:f3:70:2f:
         22:f8:1a:46:61:7a:93:95:30:c2:13:6a:f6:2b:13:2b:91:94:
         43:8a:ad:dc:0c:1c:62:4d:75:f9:71:46:aa:c5:83:7e:56:f6:
         22:75:ca:a8:8f:3f:43:f9:db:30:ec:c1:2c:21:b2:5b:2e:dd:
         3e:c5:2e:68:de:91:48:33:47:9d:e5:3c:4c:0f:dd:45:06:fb:
         d4:c1:53:1e:b4:36:6c:8f:9b:af:d0:94:96:27:6f:4c:73:69:
         97:32:e5:40:82:c0:a2:a9:66:35:30:24:4d:9b:16:af:65:7e:
         6e:bb:bb:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlOt3aVWOI2h7IxucGzfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjM5ZWMwZmM0NDEzZTFhYmVmNjEzY2QzMzhhOTkzM2Y2ODM5ZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCNp0hOqW7d/4lqRCLcp6tSpHUPd
wOpzc9gbV+HB7zIdev+JMYevcUrps/623kTLsbpHoXxdiztIRdneZSZtpsTNUKjv
AxwH6UlEsK1lGVXLAIAi00PP5M+Gzty19a2AcwfanRlooWiEc0TuUdW73LvluOQc
f71P4DDtP9FzvLjwX7tZj3z2YRN4x2Zj0gwpGmR5cNz9Wa0OFJThfZmBWl3TTRPk
HdbKsfxpLbxcyjUt63R2RpTAUFb4MSsdd3n8hPnqiqGxHr2cdX+2kHomxzBdU9VU
G7j2irYRrS65RdF42+ANasxn/UNTcikagDQIOHC4lLbIy3V8ca6OZVCCJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIs57A/EQT4avvYTzTOKmTP2g582MB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvaXpuc0Q4UkJQaHEtOWhQTk00cVpNX2FEbnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEwsAwQA
ufBXMA0GCSqGSIb3DQEBCwUAA4IBAQAOlFJZ1cYC4QUfd16JrUdQr5Dvego1imUC
2w0ymuIk2NNDgOVhY3ZtFAp5SEdxqvblgliLf+mvipAeZcpA1SE3+tZFRMlfVRAC
r3rypQw2+sfSqDupP59FXpYnbCatYljQj9tDk89E0zunPVmhsNqveQ6Rr1Vh1Wx2
VtvtwlM+SRK+Rmv8SOURzRo5q7zzcC8i+BpGYXqTlTDCE2r2KxMrkZRDiq3cDBxi
TXX5cUaqxYN+VvYidcqojz9D+dsw7MEsIbJbLt0+xS5o3pFIM0ed5TxMD91FBvvU
wVMetDZsj5uv0JSWJ29Mc2mXMuVAgsCiqWY1MCRNmxavZX5uu7vf
-----END CERTIFICATE-----