Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/2gJJbstmfj8-g989Ga54-w_YUgA.roa
File:                     2gJJbstmfj8-g989Ga54-w_YUgA.roa (raw, json)
Hash identifier:          onmL2lmdSvCcrhC0BywzYwJwlvtg4I7noBNCa0l2nkc=
Subject key identifier:   DA:02:49:6E:CB:66:7E:3F:3E:83:DF:3D:19:AE:78:FB:0F:D8:52:00
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       018CC87049E587ED9CF1F0CCFF7F42AE86A8
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/2gJJbstmfj8-g989Ga54-w_YUgA.roa
Signing time:             Tue 02 Jan 2024 04:30:51 +0000
ROA not before:           Tue 02 Jan 2024 04:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203162
IP address blocks:        146.19.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:49:e5:87:ed:9c:f1:f0:cc:ff:7f:42:ae:86:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Jan  2 04:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da02496ecb667e3f3e83df3d19ae78fb0fd85200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:4b:3a:c8:46:5a:77:67:f0:b4:49:fd:ba:a8:
                    ad:76:e1:6e:35:40:5c:00:12:e2:81:46:f6:b0:aa:
                    43:dc:ff:da:93:0f:c0:81:f2:e0:7d:cb:fc:29:ff:
                    dc:7b:d4:4b:5a:00:c0:f1:0a:f7:a6:b6:49:8c:e1:
                    38:51:db:ca:23:03:f4:36:f0:6e:45:07:8b:dc:fb:
                    ee:49:86:ce:17:db:ef:1f:76:e5:c9:ca:c0:6e:85:
                    44:3f:4a:e9:ce:94:f7:2e:7a:9a:cb:c0:68:12:cb:
                    07:f0:82:52:4f:af:ce:a2:18:1a:e8:35:02:fc:e5:
                    59:09:66:af:1d:b1:77:dd:c3:e2:8a:c4:52:55:77:
                    6f:df:95:3b:37:41:64:06:fe:af:99:c0:31:d4:0b:
                    b8:e7:6d:81:ef:17:f3:01:99:5e:ce:99:2c:07:b2:
                    43:da:7a:8b:39:64:a2:d8:02:7b:b0:3f:61:be:3a:
                    7f:e7:23:a9:1a:72:69:92:65:dd:2a:fa:39:9c:19:
                    df:35:77:a8:0a:97:1e:f0:47:b9:dd:7f:32:12:16:
                    d8:11:1e:0e:d2:5e:30:e7:cf:6a:e5:86:df:dc:ab:
                    ef:97:70:18:74:f8:98:d2:69:30:cb:58:e8:b4:29:
                    67:cc:68:f2:fa:a7:c1:a3:4d:7e:1e:04:e8:74:ef:
                    a0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:02:49:6E:CB:66:7E:3F:3E:83:DF:3D:19:AE:78:FB:0F:D8:52:00
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/2gJJbstmfj8-g989Ga54-w_YUgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:73:1f:41:e8:cb:d9:58:d9:5a:66:57:b1:5a:34:cc:67:0d:
         81:c6:dd:9a:46:2e:4d:70:d0:d7:d2:cb:db:d0:00:74:30:d4:
         83:d9:12:21:da:47:18:dc:3a:2d:b5:9a:b3:4f:39:08:30:e8:
         0b:a4:73:e7:18:40:42:bc:19:84:b9:4b:d7:93:66:af:ad:5c:
         12:00:42:8e:ef:fb:48:cb:30:72:29:31:75:4a:24:6d:42:d3:
         43:6c:08:df:fc:6c:26:04:7a:aa:30:a9:e2:76:7d:4a:13:bf:
         22:2b:12:df:f6:29:af:89:c3:8b:db:ec:1c:2e:59:15:a9:4d:
         cd:69:e7:15:d3:a4:54:00:48:df:5f:c4:92:ac:cb:f6:d9:fe:
         d4:ea:61:73:f1:2f:6a:16:dd:fe:d1:be:d6:81:39:fd:83:42:
         a3:10:ff:26:f2:8a:de:98:51:51:d1:c6:fe:c1:d2:4b:59:56:
         12:05:54:c7:1a:e1:7f:95:54:ce:2a:9b:ed:0c:44:93:c0:2f:
         a4:26:68:75:be:6b:32:17:01:d8:94:4c:b5:df:8f:4c:f1:55:
         d8:1e:5d:98:ff:d6:26:1f:92:18:0b:c2:4b:7b:c1:12:51:67:
         cb:ad:c1:3d:02:e2:18:12:e4:57:1a:11:ab:1c:23:55:e3:15:
         14:76:0f:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcEnlh+2c8fDM/39CroaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjQwMTAyMDQzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTAyNDk2ZWNiNjY3ZTNmM2U4M2RmM2QxOWFlNzhmYjBmZDg1MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA90s6yEZad2fwtEn9uqitduFuNUBc
ABLigUb2sKpD3P/akw/AgfLgfcv8Kf/ce9RLWgDA8Qr3prZJjOE4UdvKIwP0NvBu
RQeL3PvuSYbOF9vvH3blycrAboVEP0rpzpT3Lnqay8BoEssH8IJST6/Oohga6DUC
/OVZCWavHbF33cPiisRSVXdv35U7N0FkBv6vmcAx1Au4522B7xfzAZlezpksB7JD
2nqLOWSi2AJ7sD9hvjp/5yOpGnJpkmXdKvo5nBnfNXeoCpce8Ee53X8yEhbYER4O
0l4w589q5Ybf3Kvvl3AYdPiY0mkwy1jotClnzGjy+qfBo01+HgTodO+g+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoCSW7LZn4/PoPfPRmuePsP2FIAMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvMmdKSmJzdG1majgtZzk4OUdhNTQtd19ZVWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNoMA0G
CSqGSIb3DQEBCwUAA4IBAQCKcx9B6MvZWNlaZlexWjTMZw2Bxt2aRi5NcNDX0svb
0AB0MNSD2RIh2kcY3DottZqzTzkIMOgLpHPnGEBCvBmEuUvXk2avrVwSAEKO7/tI
yzByKTF1SiRtQtNDbAjf/GwmBHqqMKnidn1KE78iKxLf9imvicOL2+wcLlkVqU3N
aecV06RUAEjfX8SSrMv22f7U6mFz8S9qFt3+0b7WgTn9g0KjEP8m8oremFFR0cb+
wdJLWVYSBVTHGuF/lVTOKpvtDESTwC+kJmh1vmsyFwHYlEy1349M8VXYHl2Y/9Ym
H5IYC8JLe8ESUWfLrcE9AuIYEuRXGhGrHCNV4xUUdg+7
-----END CERTIFICATE-----