Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/P2L_RJvPks-8bQcldav_ZYu4taw.roa
File:                     P2L_RJvPks-8bQcldav_ZYu4taw.roa (raw, json)
Hash identifier:          SJvjlfXzYZP3ItXngrorufGj6flbaobFdCQUoK+yEzA=
Subject key identifier:   3F:62:FF:44:9B:CF:92:CF:BC:6D:07:25:75:AB:FF:65:8B:B8:B5:AC
Certificate issuer:       /CN=5c6d7d87faec48dca4369d6838ceec51ae2bd86a
Certificate serial:       018CC8DD9E06AE93F79201AFE364380B3B75
Authority key identifier: 5C:6D:7D:87:FA:EC:48:DC:A4:36:9D:68:38:CE:EC:51:AE:2B:D8:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/P2L_RJvPks-8bQcldav_ZYu4taw.roa
Signing time:             Tue 02 Jan 2024 06:30:16 +0000
ROA not before:           Tue 02 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213317
IP address blocks:        185.167.252.0/24 maxlen: 24
                          2a10:7a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:9e:06:ae:93:f7:92:01:af:e3:64:38:0b:3b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6d7d87faec48dca4369d6838ceec51ae2bd86a
        Validity
            Not Before: Jan  2 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f62ff449bcf92cfbc6d072575abff658bb8b5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:eb:f4:35:d4:87:b8:2d:14:21:de:ba:c3:68:
                    9f:64:28:3f:e2:43:d8:67:37:33:f6:9e:67:91:3e:
                    c0:f6:06:ab:67:23:f1:f5:55:09:1f:64:6d:e7:3f:
                    b6:49:18:c8:47:5f:11:2c:1c:18:21:da:a1:23:3a:
                    8f:62:2c:00:bb:0f:89:3b:4d:55:6f:a5:58:a5:9e:
                    0c:68:e5:cd:e3:5c:43:f4:58:7c:3e:8a:cd:e9:48:
                    13:8f:82:69:b0:43:2d:38:d2:a0:3d:10:85:80:44:
                    52:15:1c:a7:ee:74:54:2a:66:50:60:bf:3a:f9:1b:
                    1f:d6:f3:b9:74:00:89:69:62:c3:27:98:3a:2a:66:
                    1c:15:ab:b6:02:c8:f0:17:fe:f4:22:eb:22:1d:75:
                    c8:d2:53:fb:70:f1:ea:f0:2b:9f:bf:71:35:0e:02:
                    7a:f6:23:a5:42:e7:79:ca:83:74:fb:a4:18:8d:a7:
                    bf:03:bc:90:88:af:2e:23:08:f3:e3:f1:6b:63:5c:
                    7a:81:1e:23:f0:4a:71:96:bb:f4:77:50:ee:ce:a8:
                    19:81:18:85:a8:2a:c1:aa:2e:30:ce:38:39:28:29:
                    85:cb:7c:48:f0:6e:74:06:65:0c:e6:a7:e1:27:89:
                    7f:54:7a:cc:2e:1c:9f:ce:91:cb:61:e2:fc:df:77:
                    35:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:62:FF:44:9B:CF:92:CF:BC:6D:07:25:75:AB:FF:65:8B:B8:B5:AC
            X509v3 Authority Key Identifier:
                keyid:5C:6D:7D:87:FA:EC:48:DC:A4:36:9D:68:38:CE:EC:51:AE:2B:D8:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/P2L_RJvPks-8bQcldav_ZYu4taw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.252.0/24
                IPv6:
                  2a10:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:87:10:e5:fd:d0:6e:63:af:a1:42:f9:c1:85:bd:de:9f:83:
         5e:00:5d:c0:72:a9:73:08:6e:0b:af:64:78:c1:76:81:d5:4b:
         b3:f3:e8:55:66:b5:89:16:e5:12:22:f6:1e:5f:93:a3:9f:4c:
         f2:c3:38:ad:84:32:07:61:26:03:1d:4c:ed:92:6b:de:6a:3c:
         38:fd:4a:b0:0d:af:68:6c:9e:a3:9c:03:df:cd:56:88:a0:be:
         92:7b:5f:eb:92:45:75:2c:6c:c0:4d:1a:e1:d8:d6:4a:b1:28:
         ef:20:25:88:93:56:7f:57:2b:19:02:27:3a:2e:43:e0:cb:d3:
         c7:b2:c1:00:4e:f8:bc:c8:80:d2:ba:ad:38:f7:59:45:cb:55:
         49:08:c3:d1:ed:d0:5c:f8:3f:74:56:09:cb:96:4f:f0:a9:f0:
         78:1b:7a:72:5e:8f:95:df:2d:d3:ca:73:fa:86:09:74:dd:6e:
         93:32:91:d5:1c:51:f7:91:cf:46:bd:ca:02:f5:43:57:7c:f4:
         90:fc:9c:0b:e8:4a:70:c6:22:bd:b3:21:4f:1c:b6:08:f8:18:
         08:eb:3a:dd:d6:1e:05:eb:e4:5a:9d:f7:67:ad:9f:5c:7a:da:
         ee:76:fb:cd:f6:4b:74:c7:33:9c:63:23:e0:5c:96:83:58:33:
         3f:63:b0:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3Z4GrpP3kgGv42Q4Czt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmQ3ZDg3ZmFlYzQ4ZGNhNDM2OWQ2ODM4Y2VlYzUxYWUy
YmQ4NmEwHhcNMjQwMTAyMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYyZmY0NDliY2Y5MmNmYmM2ZDA3MjU3NWFiZmY2NThiYjhiNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuv0NdSHuC0UId66w2ifZCg/4kPY
Zzcz9p5nkT7A9garZyPx9VUJH2Rt5z+2SRjIR18RLBwYIdqhIzqPYiwAuw+JO01V
b6VYpZ4MaOXN41xD9Fh8PorN6UgTj4JpsEMtONKgPRCFgERSFRyn7nRUKmZQYL86
+Rsf1vO5dACJaWLDJ5g6KmYcFau2AsjwF/70IusiHXXI0lP7cPHq8Cufv3E1DgJ6
9iOlQud5yoN0+6QYjae/A7yQiK8uIwjz4/FrY1x6gR4j8Epxlrv0d1DuzqgZgRiF
qCrBqi4wzjg5KCmFy3xI8G50BmUM5qfhJ4l/VHrMLhyfzpHLYeL833c1IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD9i/0Sbz5LPvG0HJXWr/2WLuLWsMB8GA1UdIwQY
MBaAFFxtfYf67EjcpDadaDjO7FGuK9hqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEcxOWhfcnNTTnlrTnAxb09NN3NVYTRyMkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jNDM5ZDMtOGY4MS00MDIyLTk4N2Ut
ZTY5N2M1MmRmYzFlLzEvUDJMX1JKdlBrcy04YlFjbGRhdl9aWXU0dGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jNDM5ZDMtOGY4MS00MDIyLTk4N2UtZTY5N2M1MmRmYzFl
LzEvWEcxOWhfcnNTTnlrTnAxb09NN3NVYTRyMkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaf8MA0E
AgACMAcDBQMqEHqAMA0GCSqGSIb3DQEBCwUAA4IBAQCvhxDl/dBuY6+hQvnBhb3e
n4NeAF3AcqlzCG4Lr2R4wXaB1Uuz8+hVZrWJFuUSIvYeX5Ojn0zywzithDIHYSYD
HUztkmveajw4/UqwDa9obJ6jnAPfzVaIoL6Se1/rkkV1LGzATRrh2NZKsSjvICWI
k1Z/VysZAic6LkPgy9PHssEATvi8yIDSuq0491lFy1VJCMPR7dBc+D90VgnLlk/w
qfB4G3pyXo+V3y3TynP6hgl03W6TMpHVHFH3kc9GvcoC9UNXfPSQ/JwL6EpwxiK9
syFPHLYI+BgI6zrd1h4F6+RanfdnrZ9cetrudvvN9kt0xzOcYyPgXJaDWDM/Y7CY
-----END CERTIFICATE-----