Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/2joWpTYz2yglFJvvMDXAh8boHEI.roa
File:                     2joWpTYz2yglFJvvMDXAh8boHEI.roa (raw, json)
Hash identifier:          podyg7PSuwqULq01nYRz9Vx//UVoUyqMHR6KEs4MoEk=
Subject key identifier:   DA:3A:16:A5:36:33:DB:28:25:14:9B:EF:30:35:C0:87:C6:E8:1C:42
Certificate issuer:       /CN=128fde2bfc63efe3d132ddac7837e15c7f4b49f4
Certificate serial:       018CC8DE3AB5AD00C47F7D5B25B35972A755
Authority key identifier: 12:8F:DE:2B:FC:63:EF:E3:D1:32:DD:AC:78:37:E1:5C:7F:4B:49:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/2joWpTYz2yglFJvvMDXAh8boHEI.roa
Signing time:             Tue 02 Jan 2024 06:30:56 +0000
ROA not before:           Tue 02 Jan 2024 06:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136907
IP address blocks:        193.105.244.0/23 maxlen: 23
                          193.84.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:3a:b5:ad:00:c4:7f:7d:5b:25:b3:59:72:a7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=128fde2bfc63efe3d132ddac7837e15c7f4b49f4
        Validity
            Not Before: Jan  2 06:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da3a16a53633db2825149bef3035c087c6e81c42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8c:61:73:ff:9b:04:44:e3:fc:96:83:d3:c0:
                    29:23:81:52:66:5f:16:53:4c:b9:d3:db:1f:51:1b:
                    41:c8:fc:eb:51:6a:90:25:05:17:c3:50:01:57:5b:
                    4a:46:6c:b7:14:04:44:c9:04:65:08:87:05:6f:18:
                    27:02:dc:fb:8f:c4:a8:23:79:21:9f:9c:83:f0:ad:
                    54:a7:72:ca:07:d5:c2:b6:44:e5:4e:b1:06:af:19:
                    10:39:3e:f0:54:44:f4:00:9a:31:4e:73:7a:76:07:
                    9b:73:9f:54:3f:62:15:f5:60:16:62:0a:78:e2:53:
                    c2:9a:93:a0:0c:b5:72:5c:8b:bd:bb:12:44:a8:7b:
                    21:e6:ad:29:17:36:36:55:04:16:6d:7f:4b:38:27:
                    e0:e9:60:b8:c1:bd:d4:90:7a:25:93:f4:ef:81:08:
                    2c:a5:bf:4f:fa:f1:39:f0:24:ae:7a:f7:31:1e:b4:
                    6b:d3:57:94:ad:3a:29:e5:21:38:95:4d:98:7a:e2:
                    d8:4d:0d:67:d3:99:88:dd:a2:5f:56:6d:3e:9b:8e:
                    4d:d5:28:f0:4b:30:20:3b:d6:f1:b7:ba:47:5f:59:
                    98:66:65:4a:b7:6e:39:25:3a:55:de:0f:48:de:1e:
                    a4:ff:06:9f:7f:be:a3:dd:80:f1:2a:ca:cc:3c:e1:
                    d2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3A:16:A5:36:33:DB:28:25:14:9B:EF:30:35:C0:87:C6:E8:1C:42
            X509v3 Authority Key Identifier:
                keyid:12:8F:DE:2B:FC:63:EF:E3:D1:32:DD:AC:78:37:E1:5C:7F:4B:49:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/2joWpTYz2yglFJvvMDXAh8boHEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.248.0/23
                  193.105.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:76:de:1f:bc:f3:82:96:77:9d:e8:aa:7e:29:5d:0a:be:e2:
         91:d3:18:f0:57:94:e9:7d:46:fb:19:a3:0a:65:b5:59:91:dd:
         bc:6b:57:c7:25:a1:d5:95:f9:57:25:6b:0f:f6:bd:22:8c:01:
         03:86:7c:39:df:eb:58:f0:d0:04:a6:eb:57:21:73:84:cd:76:
         bc:b8:60:a3:88:ff:29:1c:4b:a9:69:a0:a3:08:ac:ae:96:b0:
         d2:f8:60:88:b0:32:e2:14:e8:24:00:a4:c4:0d:bb:31:de:1a:
         44:06:4f:cc:b8:b0:a4:05:e2:27:36:19:e4:3f:19:0f:61:1f:
         c9:a8:f6:23:c4:cd:11:c3:3c:c4:2f:bf:39:fb:45:74:86:ea:
         ad:4f:b7:44:96:99:52:8a:2d:b8:1e:22:55:b7:55:36:20:da:
         d6:66:4c:ee:35:44:a0:c0:51:a6:1d:7f:b8:24:f4:12:26:1d:
         a0:5c:c2:63:3f:6d:47:ab:e8:7b:20:3c:90:7b:33:85:1e:22:
         22:95:48:ad:dc:2d:77:85:7b:58:c2:8a:69:be:68:a9:7c:1c:
         e4:2c:89:c2:18:eb:99:99:bc:ad:ca:d2:7b:8f:bd:4c:97:65:
         fb:ab:7d:ba:8c:5b:af:11:87:ca:29:61:64:e8:27:c6:35:c3:
         d3:ae:fa:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3jq1rQDEf31bJbNZcqdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyOGZkZTJiZmM2M2VmZTNkMTMyZGRhYzc4MzdlMTVjN2Y0
YjQ5ZjQwHhcNMjQwMTAyMDYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNhMTZhNTM2MzNkYjI4MjUxNDliZWYzMDM1YzA4N2M2ZTgxYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYxhc/+bBETj/JaD08ApI4FSZl8W
U0y509sfURtByPzrUWqQJQUXw1ABV1tKRmy3FAREyQRlCIcFbxgnAtz7j8SoI3kh
n5yD8K1Up3LKB9XCtkTlTrEGrxkQOT7wVET0AJoxTnN6dgebc59UP2IV9WAWYgp4
4lPCmpOgDLVyXIu9uxJEqHsh5q0pFzY2VQQWbX9LOCfg6WC4wb3UkHolk/TvgQgs
pb9P+vE58CSuevcxHrRr01eUrTop5SE4lU2YeuLYTQ1n05mI3aJfVm0+m45N1Sjw
SzAgO9bxt7pHX1mYZmVKt245JTpV3g9I3h6k/waff76j3YDxKsrMPOHS3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNo6FqU2M9soJRSb7zA1wIfG6BxCMB8GA1UdIwQY
MBaAFBKP3iv8Y+/j0TLdrHg34Vx/S0n0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW9fZUtfeGo3LVBSTXQyc2VEZmhYSDlMU2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9hOWY4MWUtNzliMi00YzJlLTlmM2Ut
N2MyNGVmMDI1OWRiLzEvMmpvV3BUWXoyeWdsRkp2dk1EWEFoOGJvSEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9hOWY4MWUtNzliMi00YzJlLTlmM2UtN2MyNGVmMDI1OWRi
LzEvRW9fZUtfeGo3LVBSTXQyc2VEZmhYSDlMU2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwVT4AwQB
wWn0MA0GCSqGSIb3DQEBCwUAA4IBAQCXdt4fvPOClned6Kp+KV0KvuKR0xjwV5Tp
fUb7GaMKZbVZkd28a1fHJaHVlflXJWsP9r0ijAEDhnw53+tY8NAEputXIXOEzXa8
uGCjiP8pHEupaaCjCKyulrDS+GCIsDLiFOgkAKTEDbsx3hpEBk/MuLCkBeInNhnk
PxkPYR/JqPYjxM0RwzzEL785+0V0huqtT7dElplSii24HiJVt1U2INrWZkzuNUSg
wFGmHX+4JPQSJh2gXMJjP21Hq+h7IDyQezOFHiIilUit3C13hXtYwoppvmipfBzk
LInCGOuZmbytytJ7j71Ml2X7q326jFuvEYfKKWFk6CfGNcPTrvrw
-----END CERTIFICATE-----