Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/2z7YhK3yonKpzKVgMsODO-zp4ls.roa
File:                     2z7YhK3yonKpzKVgMsODO-zp4ls.roa (raw, json)
Hash identifier:          HiOe8WKAxk+mokIaN/ws7bw20ZgnvJEt1t6DYNLORuI=
Subject key identifier:   DB:3E:D8:84:AD:F2:A2:72:A9:CC:A5:60:32:C3:83:3B:EC:E9:E2:5B
Certificate issuer:       /CN=232b798ff76e8d5cec5ba47f7be7832983db3335
Certificate serial:       018DC1E00B747A6B36E1FA075AAE9463532B
Authority key identifier: 23:2B:79:8F:F7:6E:8D:5C:EC:5B:A4:7F:7B:E7:83:29:83:DB:33:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iyt5j_dujVzsW6R_e-eDKYPbMzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/2z7YhK3yonKpzKVgMsODO-zp4ls.roa
Signing time:             Mon 19 Feb 2024 14:58:21 +0000
ROA not before:           Mon 19 Feb 2024 14:58:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44381
IP address blocks:        195.191.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/Iyt5j_dujVzsW6R_e-eDKYPbMzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/Iyt5j_dujVzsW6R_e-eDKYPbMzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iyt5j_dujVzsW6R_e-eDKYPbMzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:e0:0b:74:7a:6b:36:e1:fa:07:5a:ae:94:63:53:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232b798ff76e8d5cec5ba47f7be7832983db3335
        Validity
            Not Before: Feb 19 14:58:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db3ed884adf2a272a9cca56032c3833bece9e25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:73:e9:1b:26:37:3b:8d:aa:77:77:db:17:d4:
                    9b:8a:1d:1d:06:92:fd:8b:d0:ca:75:2c:f8:7b:3e:
                    1c:26:b7:a1:0e:32:44:bc:ee:1c:59:20:24:f4:4a:
                    bc:5e:fe:bd:a8:0e:a6:44:07:33:ed:f2:b4:12:32:
                    16:5d:0a:fa:ed:8d:c1:11:87:28:f8:15:11:46:e7:
                    c7:7c:7f:e7:e3:01:63:b5:1d:29:1b:38:79:f6:a1:
                    85:d9:9e:ca:bb:a7:86:a9:6c:c6:c8:95:68:e1:05:
                    85:6e:f6:e9:e3:10:5e:eb:24:e2:24:b6:61:ca:a4:
                    88:d8:d0:a5:57:15:eb:df:78:1b:1f:e0:eb:d2:82:
                    5e:4b:1e:4e:4c:e9:ff:d2:f2:09:3a:22:1f:12:22:
                    38:8d:c4:22:3c:ff:96:f7:88:8a:df:fe:1b:3e:80:
                    d7:b6:3c:e7:0b:43:48:db:36:a3:89:46:69:ee:83:
                    f0:d3:69:bf:38:ea:91:68:26:76:08:80:b5:94:95:
                    8c:fb:1f:b7:45:3c:57:b2:9b:f1:fc:88:91:6f:6c:
                    d7:b9:55:9e:a6:0e:18:ac:d0:89:18:c9:06:dd:93:
                    29:a3:58:c2:c1:91:17:93:4c:3f:77:e1:02:ee:c6:
                    6d:a3:53:a8:c3:69:73:b4:12:45:c9:cd:16:93:c7:
                    30:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3E:D8:84:AD:F2:A2:72:A9:CC:A5:60:32:C3:83:3B:EC:E9:E2:5B
            X509v3 Authority Key Identifier:
                keyid:23:2B:79:8F:F7:6E:8D:5C:EC:5B:A4:7F:7B:E7:83:29:83:DB:33:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iyt5j_dujVzsW6R_e-eDKYPbMzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/2z7YhK3yonKpzKVgMsODO-zp4ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/2f91ed-a1fd-4bfe-8131-fd483de9e7e4/1/Iyt5j_dujVzsW6R_e-eDKYPbMzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:be:82:b1:2f:69:f2:06:b9:07:68:28:6c:9d:d6:2d:43:50:
         f3:45:18:a6:04:f5:18:33:75:ca:17:05:f3:2a:cf:3b:6a:3f:
         bb:9b:c1:96:12:ea:ac:3f:2a:76:93:a7:de:0a:e5:68:4d:eb:
         1d:8e:f2:71:ec:6a:12:38:d5:58:5e:de:da:b6:f1:06:dc:e3:
         a5:1a:79:6a:00:57:a0:10:36:67:aa:81:5b:a0:ea:1e:1a:dd:
         f0:a9:3a:63:94:4e:04:65:52:bb:4b:f1:15:07:c9:98:0a:e2:
         9f:de:43:89:e4:9c:4d:2d:e9:b9:e5:3e:90:ef:99:c8:f9:06:
         e0:75:c6:1e:e6:c4:6b:38:d7:b1:41:71:77:d2:c5:05:2a:52:
         01:49:3c:e3:ff:ee:6f:0e:0b:7f:34:44:54:83:92:fd:71:f1:
         68:65:68:fc:cf:66:89:92:17:d0:41:76:7d:73:61:8a:04:a6:
         c2:13:ea:7b:cf:e3:88:10:82:ff:f3:74:b7:c5:2e:1d:31:49:
         79:bd:27:ea:1d:33:58:a5:23:f6:da:70:98:ee:f0:a1:6c:f7:
         3c:3d:45:06:c0:1e:d9:0d:a9:fd:6d:52:94:93:78:c8:3d:c5:
         b2:39:76:d7:20:92:49:34:99:a1:0c:83:2d:9a:fa:29:32:f4:
         54:c1:65:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3B4At0ems24foHWq6UY1MrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMmI3OThmZjc2ZThkNWNlYzViYTQ3ZjdiZTc4MzI5ODNk
YjMzMzUwHhcNMjQwMjE5MTQ1ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNlZDg4NGFkZjJhMjcyYTljY2E1NjAzMmMzODMzYmVjZTllMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3PpGyY3O42qd3fbF9Sbih0dBpL9
i9DKdSz4ez4cJrehDjJEvO4cWSAk9Eq8Xv69qA6mRAcz7fK0EjIWXQr67Y3BEYco
+BURRufHfH/n4wFjtR0pGzh59qGF2Z7Ku6eGqWzGyJVo4QWFbvbp4xBe6yTiJLZh
yqSI2NClVxXr33gbH+Dr0oJeSx5OTOn/0vIJOiIfEiI4jcQiPP+W94iK3/4bPoDX
tjznC0NI2zajiUZp7oPw02m/OOqRaCZ2CIC1lJWM+x+3RTxXspvx/IiRb2zXuVWe
pg4YrNCJGMkG3ZMpo1jCwZEXk0w/d+EC7sZto1Oow2lztBJFyc0Wk8cw/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs+2ISt8qJyqcylYDLDgzvs6eJbMB8GA1UdIwQY
MBaAFCMreY/3bo1c7Fukf3vngymD2zM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXl0NWpfZHVqVnpzVzZSX2UtZURLWVBiTXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yZjkxZWQtYTFmZC00YmZlLTgxMzEt
ZmQ0ODNkZTllN2U0LzEvMno3WWhLM3lvbktwektWZ01zT0RPLXpwNGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yZjkxZWQtYTFmZC00YmZlLTgxMzEtZmQ0ODNkZTllN2U0
LzEvSXl0NWpfZHVqVnpzVzZSX2UtZURLWVBiTXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw78eMA0G
CSqGSIb3DQEBCwUAA4IBAQAwvoKxL2nyBrkHaChsndYtQ1DzRRimBPUYM3XKFwXz
Ks87aj+7m8GWEuqsPyp2k6feCuVoTesdjvJx7GoSONVYXt7atvEG3OOlGnlqAFeg
EDZnqoFboOoeGt3wqTpjlE4EZVK7S/EVB8mYCuKf3kOJ5JxNLem55T6Q75nI+Qbg
dcYe5sRrONexQXF30sUFKlIBSTzj/+5vDgt/NERUg5L9cfFoZWj8z2aJkhfQQXZ9
c2GKBKbCE+p7z+OIEIL/83S3xS4dMUl5vSfqHTNYpSP22nCY7vChbPc8PUUGwB7Z
Dan9bVKUk3jIPcWyOXbXIJJJNJmhDIMtmvopMvRUwWW4
-----END CERTIFICATE-----