Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/2-ENE8qCVRNGZ3Gg_9ecsLZTeHw.roa
File:                     2-ENE8qCVRNGZ3Gg_9ecsLZTeHw.roa (raw, json)
Hash identifier:          DgHOebdTTX85KX1AT/TLLstDp6ASkQmWh/lQhUNBM6k=
Subject key identifier:   DB:E1:0D:13:CA:82:55:13:46:67:71:A0:FF:D7:9C:B0:B6:53:78:7C
Certificate issuer:       /CN=660899133329faa5b5716b1c95fbaf93021fbc61
Certificate serial:       018F2EC623D12794E6159C6AB9D2DBB28CD3
Authority key identifier: 66:08:99:13:33:29:FA:A5:B5:71:6B:1C:95:FB:AF:93:02:1F:BC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/2-ENE8qCVRNGZ3Gg_9ecsLZTeHw.roa
Signing time:             Tue 30 Apr 2024 11:31:28 +0000
ROA not before:           Tue 30 Apr 2024 11:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201319
IP address blocks:        194.56.0.0/18 maxlen: 24
                          194.56.64.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:c6:23:d1:27:94:e6:15:9c:6a:b9:d2:db:b2:8c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=660899133329faa5b5716b1c95fbaf93021fbc61
        Validity
            Not Before: Apr 30 11:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe10d13ca825513466771a0ffd79cb0b653787c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:72:ea:e7:ab:db:d6:db:85:fd:d5:13:d9:c7:
                    3b:41:bc:3f:0d:22:46:20:b3:08:8a:d6:24:52:e3:
                    93:3c:cb:99:6c:1b:04:af:44:eb:6e:c0:24:b4:eb:
                    ad:ae:07:6c:e2:09:e0:74:70:96:3c:80:08:e6:fa:
                    7f:e3:92:ab:ef:fc:60:9a:54:11:bb:14:1b:dd:95:
                    a0:b7:b2:d3:5f:65:8f:31:27:29:2a:95:a6:05:8d:
                    19:c7:aa:7b:c6:b6:eb:1a:9b:3b:74:cf:31:ef:b5:
                    20:3f:d9:56:26:cd:13:21:0a:ad:99:f6:78:b1:49:
                    6f:c6:05:66:46:f9:ed:27:e0:35:2c:37:74:92:33:
                    b3:e9:d7:2c:07:15:6a:89:f1:2f:77:54:ca:c6:11:
                    b6:65:90:3e:57:57:77:45:9d:6a:7e:d8:71:89:d4:
                    ab:bf:f4:33:95:41:d8:09:96:59:65:d9:87:68:f2:
                    49:7b:ec:95:03:92:cb:a2:cb:0f:a5:72:ba:eb:7c:
                    69:99:0a:89:df:6c:9c:b5:8d:7f:4b:82:22:d4:54:
                    3c:e8:8c:17:63:00:ea:53:82:ee:c6:76:34:75:86:
                    45:bb:24:c9:c6:35:e4:2e:1c:46:d6:c1:5b:3c:f6:
                    27:93:a4:a7:d5:ee:ef:b5:99:03:73:71:9f:70:60:
                    f5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E1:0D:13:CA:82:55:13:46:67:71:A0:FF:D7:9C:B0:B6:53:78:7C
            X509v3 Authority Key Identifier:
                keyid:66:08:99:13:33:29:FA:A5:B5:71:6B:1C:95:FB:AF:93:02:1F:BC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/2-ENE8qCVRNGZ3Gg_9ecsLZTeHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.0.0-194.56.71.255

    Signature Algorithm: sha256WithRSAEncryption
         33:69:bf:24:60:03:7e:99:a8:89:92:e6:33:50:15:1a:15:a9:
         90:63:17:5a:63:a8:d0:3b:73:53:38:f8:46:1c:58:ce:b9:cd:
         06:0f:2d:3d:b2:7c:ed:f6:cd:5d:e0:50:45:1a:c2:56:d6:3b:
         59:78:29:f0:59:a8:52:a0:1d:4a:22:9c:97:cc:6c:7d:d6:c7:
         de:32:36:6d:64:26:3c:f3:a4:2c:3b:c6:76:9e:ce:cb:11:36:
         61:ed:98:f5:78:97:20:40:07:5b:43:e9:23:8c:85:7a:5c:eb:
         9a:d3:85:99:2d:31:d8:4d:a3:0e:9e:fe:de:b9:b6:f5:de:b4:
         ae:dd:35:ff:cb:59:65:bc:97:10:81:11:33:10:a5:1a:75:ee:
         93:90:cb:5e:cf:e5:14:c6:7e:8c:ae:c0:c0:34:7e:94:56:d7:
         0f:2d:62:e3:1a:95:77:96:5b:c2:15:5e:f7:ea:68:75:93:f7:
         58:69:71:94:ba:4d:ff:ad:43:8e:19:cf:89:78:90:de:ac:ee:
         ca:87:d7:a5:c8:94:a4:6d:3e:0b:c6:ce:53:9f:9c:b3:0c:df:
         69:38:ae:79:3c:c2:4c:d5:24:05:33:46:08:28:c5:1f:e0:64:
         d9:eb:89:fd:cc:32:95:2b:6d:c0:92:bd:9d:f1:67:fa:e1:1a:
         20:20:ba:d9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY8uxiPRJ5TmFZxqudLbsozTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MDg5OTEzMzMyOWZhYTViNTcxNmIxYzk1ZmJhZjkzMDIx
ZmJjNjEwHhcNMjQwNDMwMTEzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUxMGQxM2NhODI1NTEzNDY2NzcxYTBmZmQ3OWNiMGI2NTM3ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXLq56vb1tuF/dUT2cc7Qbw/DSJG
ILMIitYkUuOTPMuZbBsEr0TrbsAktOutrgds4gngdHCWPIAI5vp/45Kr7/xgmlQR
uxQb3ZWgt7LTX2WPMScpKpWmBY0Zx6p7xrbrGps7dM8x77UgP9lWJs0TIQqtmfZ4
sUlvxgVmRvntJ+A1LDd0kjOz6dcsBxVqifEvd1TKxhG2ZZA+V1d3RZ1qfthxidSr
v/QzlUHYCZZZZdmHaPJJe+yVA5LLossPpXK663xpmQqJ32yctY1/S4Ii1FQ86IwX
YwDqU4LuxnY0dYZFuyTJxjXkLhxG1sFbPPYnk6Sn1e7vtZkDc3GfcGD1zwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFNvhDRPKglUTRmdxoP/XnLC2U3h8MB8GA1UdIwQY
MBaAFGYImRMzKfqltXFrHJX7r5MCH7xhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmdpWkV6TXAtcVcxY1dzY2xmdXZrd0lmdkdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9iZDc1YjEtMTc0Yi00MTdjLTg3NTAt
ZWI4YTQ1M2JjNTZlLzEvMi1FTkU4cUNWUk5HWjNHZ185ZWNzTFpUZUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9iZDc1YjEtMTc0Yi00MTdjLTg3NTAtZWI4YTQ1M2JjNTZl
LzEvWmdpWkV6TXAtcVcxY1dzY2xmdXZrd0lmdkdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwPCOAME
A8I4QDANBgkqhkiG9w0BAQsFAAOCAQEAM2m/JGADfpmoiZLmM1AVGhWpkGMXWmOo
0DtzUzj4RhxYzrnNBg8tPbJ87fbNXeBQRRrCVtY7WXgp8FmoUqAdSiKcl8xsfdbH
3jI2bWQmPPOkLDvGdp7OyxE2Ye2Y9XiXIEAHW0PpI4yFelzrmtOFmS0x2E2jDp7+
3rm29d60rt01/8tZZbyXEIERMxClGnXuk5DLXs/lFMZ+jK7AwDR+lFbXDy1i4xqV
d5ZbwhVe9+podZP3WGlxlLpN/61DjhnPiXiQ3qzuyofXpciUpG0+C8bOU5+cswzf
aTiueTzCTNUkBTNGCCjFH+Bk2euJ/cwylSttwJK9nfFn+uEaICC62Q==
-----END CERTIFICATE-----