Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2-TT-w8rFLTh0jlu2zEmcN84J18.roa
File:                     2-TT-w8rFLTh0jlu2zEmcN84J18.roa (raw, json)
Hash identifier:          xw8HBmSMX6XOvEYfRGwJrij6f4RfdJPSjcieO15o/vk=
Subject key identifier:   DB:E4:D3:FB:0F:2B:14:B4:E1:D2:39:6E:DB:31:26:70:DF:38:27:5F
Certificate issuer:       /CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
Certificate serial:       018E9EF0CE45A0C11DDAC6BFF59D4CDF3924
Authority key identifier: 1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2-TT-w8rFLTh0jlu2zEmcN84J18.roa
Signing time:             Tue 02 Apr 2024 13:12:45 +0000
ROA not before:           Tue 02 Apr 2024 13:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15410
IP address blocks:        62.80.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:f0:ce:45:a0:c1:1d:da:c6:bf:f5:9d:4c:df:39:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
        Validity
            Not Before: Apr  2 13:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe4d3fb0f2b14b4e1d2396edb312670df38275f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:62:76:6c:dd:88:66:47:b4:39:fe:f1:ee:f3:
                    61:a2:b5:c6:cf:3c:4d:4b:29:ca:4c:0a:81:95:6c:
                    74:a2:cf:98:87:54:ae:49:28:3a:ea:78:d0:c3:e3:
                    ba:38:15:45:57:fe:f1:00:ef:b6:3a:51:84:75:e9:
                    89:a9:cf:5c:02:15:19:c9:cd:f5:56:c5:1f:93:6e:
                    99:7b:cd:8e:46:df:57:fa:cd:c0:cf:6e:4f:9e:ad:
                    a5:26:26:63:e6:c1:e2:56:e5:51:52:af:70:86:e0:
                    54:71:d8:9f:4a:09:1d:bc:b8:a0:38:70:c4:2c:e0:
                    54:48:3d:d5:5b:09:d9:6b:4f:8a:0a:70:64:e8:d3:
                    6a:77:6d:7c:eb:41:88:b0:55:a7:b7:40:03:1f:a0:
                    7a:5e:aa:6d:81:a4:01:7e:d2:5f:2f:73:dc:2b:cb:
                    79:89:f9:8c:7e:73:51:36:a0:eb:db:94:2c:1c:0f:
                    8c:91:a6:9b:5b:92:00:c8:3b:32:28:51:8a:de:57:
                    c5:3b:f5:43:3f:a9:a3:74:e2:47:52:ca:92:47:c4:
                    2d:1c:97:4f:a5:da:58:bf:47:f9:5b:b2:89:82:1b:
                    07:2b:8a:2b:0e:94:7e:6f:2b:dc:7b:1e:21:ac:04:
                    e9:09:b5:09:68:b6:7f:33:27:36:77:cb:09:b3:e7:
                    30:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E4:D3:FB:0F:2B:14:B4:E1:D2:39:6E:DB:31:26:70:DF:38:27:5F
            X509v3 Authority Key Identifier:
                keyid:1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2-TT-w8rFLTh0jlu2zEmcN84J18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.80.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ab:28:02:ed:25:fc:5c:f1:fe:2d:24:f8:13:f3:7e:d6:9c:f0:
         c9:63:3d:03:b5:d0:9d:6d:c1:20:9b:97:15:f8:13:36:a5:d8:
         a9:18:ce:99:49:48:e3:73:5e:37:a5:ee:9a:b7:b4:99:4a:dc:
         c7:a0:a0:42:ed:da:ae:f3:1e:95:1a:2c:f5:58:c9:a1:e4:dd:
         4e:8b:23:71:86:ff:a1:96:a5:eb:05:80:9d:96:06:26:27:be:
         05:f1:b4:c2:e8:27:c9:5c:5c:36:ce:a6:fa:1c:30:3b:af:ac:
         b8:7f:2e:1b:35:34:1d:6e:03:cf:33:80:1a:e0:80:e2:b5:f7:
         83:65:99:6a:af:32:d6:d7:01:4d:a1:6c:f9:e3:0b:29:81:05:
         b4:58:56:da:ed:a7:64:d4:c8:47:d6:b9:89:e8:6a:67:72:02:
         d7:34:6c:1d:ee:33:cd:62:21:c6:d2:39:55:19:fc:2c:bb:a3:
         77:08:e5:b3:3e:58:5b:f1:6e:c7:92:1f:93:2c:cd:01:09:dc:
         49:c1:78:46:cc:91:2a:0a:5a:b9:45:d4:82:a9:f6:ab:1f:e0:
         9c:0c:c3:1d:fc:6d:d8:9b:aa:f4:bf:ae:30:6b:dc:da:5d:ad:
         13:41:47:cc:2c:29:d2:92:33:f9:3f:ee:25:71:7f:2c:6e:8c:
         e6:b5:14:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6e8M5FoMEd2sa/9Z1M3zkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZDNkOGUyOWUwNjNiOWQyNzQwYWIzZGU2YzcyMjU1ZWM4
ZDA1NTcwHhcNMjQwNDAyMTMxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmU0ZDNmYjBmMmIxNGI0ZTFkMjM5NmVkYjMxMjY3MGRmMzgyNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGJ2bN2IZke0Of7x7vNhorXGzzxN
SynKTAqBlWx0os+Yh1SuSSg66njQw+O6OBVFV/7xAO+2OlGEdemJqc9cAhUZyc31
VsUfk26Ze82ORt9X+s3Az25Pnq2lJiZj5sHiVuVRUq9whuBUcdifSgkdvLigOHDE
LOBUSD3VWwnZa0+KCnBk6NNqd21860GIsFWnt0ADH6B6XqptgaQBftJfL3PcK8t5
ifmMfnNRNqDr25QsHA+MkaabW5IAyDsyKFGK3lfFO/VDP6mjdOJHUsqSR8QtHJdP
pdpYv0f5W7KJghsHK4orDpR+byvcex4hrATpCbUJaLZ/Myc2d8sJs+cwuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvk0/sPKxS04dI5btsxJnDfOCdfMB8GA1UdIwQY
MBaAFB7T2OKeBjudJ0CrPebHIlXsjQVXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUt
OWRjYTVjYzgwZGQ5LzEvMi1UVC13OHJGTFRoMGpsdTJ6RW1jTjg0SjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUtOWRjYTVjYzgwZGQ5
LzEvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPlBAMA0G
CSqGSIb3DQEBCwUAA4IBAQCrKALtJfxc8f4tJPgT837WnPDJYz0DtdCdbcEgm5cV
+BM2pdipGM6ZSUjjc143pe6at7SZStzHoKBC7dqu8x6VGiz1WMmh5N1OiyNxhv+h
lqXrBYCdlgYmJ74F8bTC6CfJXFw2zqb6HDA7r6y4fy4bNTQdbgPPM4Aa4IDitfeD
ZZlqrzLW1wFNoWz54wspgQW0WFba7adk1MhH1rmJ6GpncgLXNGwd7jPNYiHG0jlV
Gfwsu6N3COWzPlhb8W7Hkh+TLM0BCdxJwXhGzJEqClq5RdSCqfarH+CcDMMd/G3Y
m6r0v64wa9zaXa0TQUfMLCnSkjP5P+4lcX8sbozmtRT/
-----END CERTIFICATE-----