Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2TpHms_rgwG7dkqFned5lAxRJqg.roa
File:                     2TpHms_rgwG7dkqFned5lAxRJqg.roa (raw, json)
Hash identifier:          N7eLRlNYcytd8GPITAcejlDYl3cjC7EfRAFzD/V3Tx8=
Subject key identifier:   D9:3A:47:9A:CF:EB:83:01:BB:76:4A:85:9D:E7:79:94:0C:51:26:A8
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018E8040A96A55FFEB50A0676B3DC97FBE8B
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2TpHms_rgwG7dkqFned5lAxRJqg.roa
Signing time:             Wed 27 Mar 2024 14:11:45 +0000
ROA not before:           Wed 27 Mar 2024 14:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215238
IP address blocks:        185.243.182.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:40:a9:6a:55:ff:eb:50:a0:67:6b:3d:c9:7f:be:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Mar 27 14:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d93a479acfeb8301bb764a859de779940c5126a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ba:87:e6:1f:aa:69:01:fb:99:a7:6b:e0:1f:
                    fd:46:a7:02:34:71:6a:c9:ea:9f:32:f0:ed:1d:bd:
                    74:11:9e:5f:c3:be:6a:41:57:2b:26:61:b6:9b:37:
                    c7:70:04:61:f6:9d:51:b5:43:8f:8a:94:5c:0a:be:
                    a4:e1:8c:81:ce:f0:03:14:62:dc:8d:3c:bd:a5:00:
                    30:35:05:7b:38:42:bb:05:7b:fd:d4:fe:67:48:4a:
                    e6:4c:74:f3:93:97:1a:ac:19:14:94:40:7b:6a:33:
                    cb:ad:3e:a9:c8:6d:eb:0f:a2:9a:f4:66:c1:cc:7f:
                    4b:08:73:e7:99:d3:a6:c8:a4:35:a3:c0:7a:b3:65:
                    a6:c9:7a:f9:08:c8:68:da:5e:22:01:58:07:59:fa:
                    28:81:53:ab:ea:82:7e:ef:3e:7b:bd:ea:90:d0:1b:
                    ac:13:e6:34:6d:2c:b3:19:64:ba:55:bb:9a:47:be:
                    fd:01:e5:82:21:16:5b:aa:9b:b0:0d:30:5e:8f:fa:
                    94:94:06:7b:26:f5:55:01:45:5f:51:c2:1d:1f:c6:
                    a7:62:d8:f7:98:88:ac:a4:a6:1a:20:84:30:be:6b:
                    ba:da:4f:39:46:b9:b3:df:06:3f:de:1e:44:5d:86:
                    73:f4:af:45:1e:a4:8f:cb:af:fe:16:76:94:99:24:
                    b8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3A:47:9A:CF:EB:83:01:BB:76:4A:85:9D:E7:79:94:0C:51:26:A8
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2TpHms_rgwG7dkqFned5lAxRJqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.182.0/24
                  185.249.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f0:61:c2:91:ad:53:dc:d2:39:97:8c:70:fa:02:03:d2:09:
         f3:bb:d0:af:45:2b:fd:00:b1:3a:ba:60:03:51:7a:49:27:1d:
         c8:af:72:2f:0a:4c:7a:01:d7:db:01:57:2f:06:bd:c4:6e:06:
         74:d6:b6:b9:06:46:4f:05:7b:dc:cd:d0:91:47:0e:6f:8c:06:
         58:09:e0:6a:b2:91:aa:7c:e7:90:19:18:46:93:8a:7b:20:2c:
         14:3b:14:5d:41:fc:e3:6c:f5:54:6d:99:cd:00:95:f1:0e:ff:
         6b:46:3b:5b:cf:a3:51:a6:a7:cf:e5:46:b9:a0:bd:1e:3d:b7:
         73:9c:82:ba:7f:49:05:b2:18:70:86:41:09:cd:f2:9b:dc:bb:
         26:7a:81:f1:8e:a7:24:0c:9e:b6:60:ab:ef:35:17:35:d1:51:
         4c:13:dd:4c:7d:06:53:9c:ce:ad:00:bb:8d:31:40:3a:dc:4c:
         d4:17:e0:47:6c:a6:b0:b3:7f:71:b8:fe:fa:21:b3:2d:51:b4:
         e9:2a:98:07:74:be:2d:90:af:5e:53:3e:14:56:2f:33:8b:00:
         35:fc:a7:da:cc:f1:ed:19:2d:ec:79:a3:74:4b:14:91:28:04:
         8f:92:cd:ab:8e:a7:1c:e7:57:97:3c:f5:5d:db:85:16:17:77:
         90:08:d7:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6AQKlqVf/rUKBnaz3Jf76LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMzI3MTQxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNhNDc5YWNmZWI4MzAxYmI3NjRhODU5ZGU3Nzk5NDBjNTEyNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLqH5h+qaQH7madr4B/9RqcCNHFq
yeqfMvDtHb10EZ5fw75qQVcrJmG2mzfHcARh9p1RtUOPipRcCr6k4YyBzvADFGLc
jTy9pQAwNQV7OEK7BXv91P5nSErmTHTzk5carBkUlEB7ajPLrT6pyG3rD6Ka9GbB
zH9LCHPnmdOmyKQ1o8B6s2WmyXr5CMho2l4iAVgHWfoogVOr6oJ+7z57veqQ0Bus
E+Y0bSyzGWS6VbuaR779AeWCIRZbqpuwDTBej/qUlAZ7JvVVAUVfUcIdH8anYtj3
mIispKYaIIQwvmu62k85Rrmz3wY/3h5EXYZz9K9FHqSPy6/+FnaUmSS4jQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNk6R5rP64MBu3ZKhZ3neZQMUSaoMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvMlRwSG1zX3Jnd0c3ZGtxRm5lZDVsQXhSSnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufO2AwQA
ufnKMA0GCSqGSIb3DQEBCwUAA4IBAQAa8GHCka1T3NI5l4xw+gID0gnzu9CvRSv9
ALE6umADUXpJJx3Ir3IvCkx6AdfbAVcvBr3EbgZ01ra5BkZPBXvczdCRRw5vjAZY
CeBqspGqfOeQGRhGk4p7ICwUOxRdQfzjbPVUbZnNAJXxDv9rRjtbz6NRpqfP5Ua5
oL0ePbdznIK6f0kFshhwhkEJzfKb3LsmeoHxjqckDJ62YKvvNRc10VFME91MfQZT
nM6tALuNMUA63EzUF+BHbKaws39xuP76IbMtUbTpKpgHdL4tkK9eUz4UVi8ziwA1
/KfazPHtGS3seaN0SxSRKASPks2rjqcc51eXPPVd24UWF3eQCNeB
-----END CERTIFICATE-----