Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/2-Nz7aX1maT33j2UNj_9Z_9VPUg.roa
File:                     2-Nz7aX1maT33j2UNj_9Z_9VPUg.roa (raw, json)
Hash identifier:          7nqke6Rh00dMHnMiz1/KjaTsPkb9+6vpkyw53WOrYf0=
Subject key identifier:   DB:E3:73:ED:A5:F5:99:A4:F7:DE:3D:94:36:3F:FD:67:FF:55:3D:48
Certificate issuer:       /CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
Certificate serial:       0192B072A77154B95F672FEF1EBF28FB0D5A
Authority key identifier: A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/2-Nz7aX1maT33j2UNj_9Z_9VPUg.roa
Signing time:             Mon 21 Oct 2024 18:59:16 +0000
ROA not before:           Mon 21 Oct 2024 18:59:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213993
IP address blocks:        91.227.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b0:72:a7:71:54:b9:5f:67:2f:ef:1e:bf:28:fb:0d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
        Validity
            Not Before: Oct 21 18:59:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe373eda5f599a4f7de3d94363ffd67ff553d48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:62:42:9c:4f:1d:b7:c3:a3:ac:bb:94:2f:0f:
                    54:fe:bb:94:ce:56:13:34:7a:36:c9:bf:03:ba:6a:
                    85:5f:f3:89:8e:85:31:98:f0:7b:34:de:69:a6:cc:
                    e6:3c:12:bb:34:3a:d5:50:c3:2e:4b:62:c5:bf:3a:
                    de:9a:d7:2e:f3:33:09:e4:48:6f:a8:82:e8:60:dd:
                    af:d8:63:9d:58:5d:7f:d6:bd:a8:f1:e8:61:8f:c2:
                    83:48:50:a0:ca:d0:24:14:82:0d:7d:0a:b5:6c:63:
                    02:8a:a6:55:e8:7e:90:55:0a:15:12:af:2f:b4:59:
                    40:94:76:d5:1e:91:98:85:b4:6c:fd:cf:9b:c8:64:
                    a2:6b:16:fd:fd:2c:f7:06:7e:0e:e3:9e:c7:7e:df:
                    88:fd:d7:f9:54:e5:6a:63:aa:12:6d:39:a3:d6:ff:
                    f9:9e:47:4b:5a:ed:71:6b:4c:b9:8b:35:5b:7a:d8:
                    ce:24:7c:55:d3:4a:6e:fc:5a:fe:a9:ae:52:ac:59:
                    81:b4:0a:f6:07:1f:72:d7:40:09:e7:02:81:b1:57:
                    50:97:df:0a:58:29:23:c8:9a:77:ae:b0:9b:ae:48:
                    50:5d:e6:97:af:23:aa:fe:f3:9f:60:03:7d:9b:be:
                    38:93:d8:e7:90:44:b6:97:44:6a:6e:90:f2:39:36:
                    52:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E3:73:ED:A5:F5:99:A4:F7:DE:3D:94:36:3F:FD:67:FF:55:3D:48
            X509v3 Authority Key Identifier:
                keyid:A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/2-Nz7aX1maT33j2UNj_9Z_9VPUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:6d:16:cf:ed:d5:da:aa:55:51:f1:af:d5:65:e9:d8:30:09:
         93:73:57:4d:59:96:76:fb:93:0d:24:36:a2:9d:db:00:fa:25:
         08:a9:1c:05:0d:1a:68:44:2e:f5:80:6e:39:bc:57:45:0c:97:
         58:04:b9:85:cf:a2:d7:81:fa:75:d6:8d:18:74:41:8e:71:90:
         5c:f1:a5:26:b5:09:be:59:e3:7b:35:7b:ab:51:24:14:0d:b9:
         55:f4:2b:ef:27:58:3d:0b:bf:df:96:95:f0:d9:38:48:ce:ac:
         c2:bc:a5:41:71:fa:23:1a:a3:cc:5a:ed:52:4a:58:ce:c7:8c:
         6f:d2:ff:fc:c0:d3:65:3d:ac:8e:49:16:27:1b:d6:33:ae:e4:
         03:b9:f8:98:a7:09:55:87:64:b4:92:3d:86:03:91:6f:63:08:
         1c:62:d9:03:4b:1f:72:0b:70:ec:a5:38:35:00:47:2b:22:94:
         5b:44:91:66:d1:d4:18:46:1a:9e:0a:02:f7:00:7b:56:2c:6d:
         05:65:2f:b3:37:84:05:73:e1:0e:27:26:08:48:13:d5:2d:69:
         a8:e0:f5:59:b5:d6:d3:89:21:3d:68:58:5b:8d:05:38:76:2f:
         2f:8c:60:9f:5d:25:0b:2a:f3:da:89:d5:1a:af:2c:27:2e:66:
         cb:ff:34:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKwcqdxVLlfZy/vHr8o+w1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZGMwNjMwZTk2MDk2ZGU0ODIyZDFmNTFlZjgwYzZmZmY1
NDE5MWIwHhcNMjQxMDIxMTg1OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUzNzNlZGE1ZjU5OWE0ZjdkZTNkOTQzNjNmZmQ2N2ZmNTUzZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WJCnE8dt8OjrLuULw9U/ruUzlYT
NHo2yb8DumqFX/OJjoUxmPB7NN5ppszmPBK7NDrVUMMuS2LFvzremtcu8zMJ5Ehv
qILoYN2v2GOdWF1/1r2o8ehhj8KDSFCgytAkFIINfQq1bGMCiqZV6H6QVQoVEq8v
tFlAlHbVHpGYhbRs/c+byGSiaxb9/Sz3Bn4O457Hft+I/df5VOVqY6oSbTmj1v/5
nkdLWu1xa0y5izVbetjOJHxV00pu/Fr+qa5SrFmBtAr2Bx9y10AJ5wKBsVdQl98K
WCkjyJp3rrCbrkhQXeaXryOq/vOfYAN9m744k9jnkES2l0RqbpDyOTZS2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvjc+2l9Zmk9949lDY//Wf/VT1IMB8GA1UdIwQY
MBaAFKHcBjDpYJbeSCLR9R74DG//VBkbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYt
M2UwNmEwMTgyNjE0LzEvMi1OejdhWDFtYVQzM2oyVU5qXzlaXzlWUFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYtM2UwNmEwMTgyNjE0
LzEvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+M+MA0G
CSqGSIb3DQEBCwUAA4IBAQAobRbP7dXaqlVR8a/VZenYMAmTc1dNWZZ2+5MNJDai
ndsA+iUIqRwFDRpoRC71gG45vFdFDJdYBLmFz6LXgfp11o0YdEGOcZBc8aUmtQm+
WeN7NXurUSQUDblV9CvvJ1g9C7/flpXw2ThIzqzCvKVBcfojGqPMWu1SSljOx4xv
0v/8wNNlPayOSRYnG9YzruQDufiYpwlVh2S0kj2GA5FvYwgcYtkDSx9yC3DspTg1
AEcrIpRbRJFm0dQYRhqeCgL3AHtWLG0FZS+zN4QFc+EOJyYISBPVLWmo4PVZtdbT
iSE9aFhbjQU4di8vjGCfXSULKvPaidUarywnLmbL/zTk
-----END CERTIFICATE-----