Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/2ZXhEmlS2Z4F3xffsr850d-ETgA.roa
File:                     2ZXhEmlS2Z4F3xffsr850d-ETgA.roa (raw, json)
Hash identifier:          VfuFwu0tEr8HFITsqPeCJGSrWtg8BKQxC1HG63AFOfo=
Subject key identifier:   D9:95:E1:12:69:52:D9:9E:05:DF:17:DF:B2:BF:39:D1:DF:84:4E:00
Certificate issuer:       /CN=1d2fefbd168f18661eca15569dc6218f86746942
Certificate serial:       018CCA990A7A846D3E64BEB323C62B7381D9
Authority key identifier: 1D:2F:EF:BD:16:8F:18:66:1E:CA:15:56:9D:C6:21:8F:86:74:69:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/2ZXhEmlS2Z4F3xffsr850d-ETgA.roa
Signing time:             Tue 02 Jan 2024 14:34:36 +0000
ROA not before:           Tue 02 Jan 2024 14:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1213
IP address blocks:        140.203.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:0a:7a:84:6d:3e:64:be:b3:23:c6:2b:73:81:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d2fefbd168f18661eca15569dc6218f86746942
        Validity
            Not Before: Jan  2 14:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d995e1126952d99e05df17dfb2bf39d1df844e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d2:a8:4a:0a:6c:5a:2a:79:c8:65:41:d9:49:
                    4b:31:c7:de:f3:13:1b:ea:f4:88:ec:ee:36:62:53:
                    64:3d:46:90:a1:29:e3:b6:57:e2:8b:5d:df:ef:69:
                    06:a7:c7:3d:5b:62:49:46:a9:40:2d:c2:d2:49:19:
                    14:7f:de:61:ff:03:bc:4d:5c:8e:5c:39:6b:74:21:
                    6e:c5:b1:04:94:39:07:14:db:68:65:6f:3b:98:4c:
                    0e:1f:fc:f2:fd:58:1d:e6:da:d9:96:81:f2:c8:00:
                    72:05:57:34:91:6e:da:ef:27:a2:1d:da:05:d3:10:
                    f4:0c:bc:98:b9:af:cd:3d:5a:09:f4:e2:cf:aa:e0:
                    9e:cd:eb:5a:21:db:ff:83:0e:cb:ee:78:46:e4:54:
                    69:a6:ed:f3:7c:08:a9:10:9f:6f:9c:b1:3d:c3:2c:
                    9b:45:30:34:03:76:e2:29:a6:0f:f7:26:ea:14:87:
                    96:4e:e3:9c:7c:fe:0d:08:4d:43:fe:a5:b5:b6:9a:
                    56:1e:2f:dd:54:a3:72:4b:3f:d3:bb:86:bd:eb:29:
                    46:66:55:00:1d:35:04:06:7b:c2:fc:e1:33:ec:3f:
                    9b:d3:5a:fd:4d:a2:e4:08:44:a7:d0:32:09:e6:a8:
                    34:45:83:04:8c:1f:a1:74:ce:4b:c7:01:0e:68:63:
                    a9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:95:E1:12:69:52:D9:9E:05:DF:17:DF:B2:BF:39:D1:DF:84:4E:00
            X509v3 Authority Key Identifier:
                keyid:1D:2F:EF:BD:16:8F:18:66:1E:CA:15:56:9D:C6:21:8F:86:74:69:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HS_vvRaPGGYeyhVWncYhj4Z0aUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/2ZXhEmlS2Z4F3xffsr850d-ETgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/c2df59-9f1e-48df-8466-c6495853cc1a/1/HS_vvRaPGGYeyhVWncYhj4Z0aUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.203.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:f1:f0:fb:50:b9:c1:2f:ea:2b:ef:56:78:0e:1b:8c:d9:17:
         92:62:8a:7e:a4:26:9c:54:ff:08:40:5e:0a:b8:18:46:59:27:
         ac:03:9b:51:5e:db:e8:ee:8f:ed:f1:1d:6f:89:61:82:65:c9:
         15:4e:4e:71:fb:ef:23:d4:a8:fc:99:5f:d1:7e:2d:c3:2c:c0:
         b2:48:f2:bc:7e:27:dd:2f:69:8e:95:d4:49:99:b5:d0:b4:c9:
         e8:3c:9d:07:67:97:b7:4e:38:fd:c4:5c:8f:12:10:07:f3:03:
         c2:e2:ac:8e:f1:a4:8a:95:31:33:9f:34:db:c1:46:d9:c1:50:
         c2:45:a4:5c:8a:20:b8:15:f7:fe:4a:63:24:27:ae:5a:35:44:
         b1:9c:39:fc:aa:47:78:fa:76:a2:2a:79:08:19:1b:c4:26:65:
         25:bd:3c:ba:4e:d5:28:42:14:80:17:fa:ab:af:bb:a2:88:7e:
         fb:94:37:cd:7e:54:95:14:da:26:da:96:e0:e7:73:33:ac:61:
         ee:1c:2f:af:c9:50:75:e4:cc:b9:35:17:3b:07:4f:29:db:89:
         30:da:46:0e:d7:98:7d:29:e1:58:22:6d:77:8b:02:78:3c:cb:
         46:e0:5c:e7:2d:44:f5:8f:d8:b0:b8:76:70:56:b7:ca:c8:bf:
         25:28:b1:e3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKmQp6hG0+ZL6zI8Yrc4HZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMmZlZmJkMTY4ZjE4NjYxZWNhMTU1NjlkYzYyMThmODY3
NDY5NDIwHhcNMjQwMTAyMTQzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk1ZTExMjY5NTJkOTllMDVkZjE3ZGZiMmJmMzlkMWRmODQ0ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdKoSgpsWip5yGVB2UlLMcfe8xMb
6vSI7O42YlNkPUaQoSnjtlfii13f72kGp8c9W2JJRqlALcLSSRkUf95h/wO8TVyO
XDlrdCFuxbEElDkHFNtoZW87mEwOH/zy/Vgd5trZloHyyAByBVc0kW7a7yeiHdoF
0xD0DLyYua/NPVoJ9OLPquCezetaIdv/gw7L7nhG5FRppu3zfAipEJ9vnLE9wyyb
RTA0A3biKaYP9ybqFIeWTuOcfP4NCE1D/qW1tppWHi/dVKNySz/Tu4a96ylGZlUA
HTUEBnvC/OEz7D+b01r9TaLkCESn0DIJ5qg0RYMEjB+hdM5LxwEOaGOpdwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNmV4RJpUtmeBd8X37K/OdHfhE4AMB8GA1UdIwQY
MBaAFB0v770WjxhmHsoVVp3GIY+GdGlCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNfdnZSYVBHR1lleWhWV25jWWhqNFowYVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9jMmRmNTktOWYxZS00OGRmLTg0NjYt
YzY0OTU4NTNjYzFhLzEvMlpYaEVtbFMyWjRGM3hmZnNyODUwZC1FVGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9jMmRmNTktOWYxZS00OGRmLTg0NjYtYzY0OTU4NTNjYzFh
LzEvSFNfdnZSYVBHR1lleWhWV25jWWhqNFowYVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjMswDQYJ
KoZIhvcNAQELBQADggEBAErx8PtQucEv6ivvVngOG4zZF5Jiin6kJpxU/whAXgq4
GEZZJ6wDm1Fe2+juj+3xHW+JYYJlyRVOTnH77yPUqPyZX9F+LcMswLJI8rx+J90v
aY6V1EmZtdC0yeg8nQdnl7dOOP3EXI8SEAfzA8LirI7xpIqVMTOfNNvBRtnBUMJF
pFyKILgV9/5KYyQnrlo1RLGcOfyqR3j6dqIqeQgZG8QmZSW9PLpO1ShCFIAX+quv
u6KIfvuUN81+VJUU2ibaluDnczOsYe4cL6/JUHXkzLk1FzsHTynbiTDaRg7XmH0p
4VgibXeLAng8y0bgXOctRPWP2LC4dnBWt8rIvyUoseM=
-----END CERTIFICATE-----