Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/2ySkL2qL_FgkdTeGQ1hmgpMmPNE.roa
File:                     2ySkL2qL_FgkdTeGQ1hmgpMmPNE.roa (raw, json)
Hash identifier:          BQKgclTUvTPSmzy2UisilQ8q5HohxKH+c7EOze1Ddbg=
Subject key identifier:   DB:24:A4:2F:6A:8B:FC:58:24:75:37:86:43:58:66:82:93:26:3C:D1
Certificate issuer:       /CN=d79f925e1738bc352bc6b5cf5ff951b3d813ae39
Certificate serial:       018F579866D054FB1562E30B4A372D5A8199
Authority key identifier: D7:9F:92:5E:17:38:BC:35:2B:C6:B5:CF:5F:F9:51:B3:D8:13:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15-SXhc4vDUrxrXPX_lRs9gTrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/2ySkL2qL_FgkdTeGQ1hmgpMmPNE.roa
Signing time:             Wed 08 May 2024 09:45:56 +0000
ROA not before:           Wed 08 May 2024 09:45:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        194.50.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/15-SXhc4vDUrxrXPX_lRs9gTrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/15-SXhc4vDUrxrXPX_lRs9gTrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/15-SXhc4vDUrxrXPX_lRs9gTrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:98:66:d0:54:fb:15:62:e3:0b:4a:37:2d:5a:81:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79f925e1738bc352bc6b5cf5ff951b3d813ae39
        Validity
            Not Before: May  8 09:45:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db24a42f6a8bfc58247537864358668293263cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:1a:81:d2:82:18:07:0b:0c:62:47:81:bd:
                    ce:40:a3:b5:43:64:45:36:fa:32:28:d2:1c:03:f5:
                    0a:8f:ab:e7:fd:53:31:96:58:26:62:28:91:33:0b:
                    57:f8:d4:45:a4:17:46:cb:d9:6e:62:3a:41:d0:7a:
                    95:a5:fe:fd:21:a1:cd:cd:80:d1:13:21:b8:b5:1d:
                    39:72:b3:d5:49:2e:e6:78:37:69:9e:70:02:96:32:
                    14:ba:33:94:75:1e:4d:d1:f5:cd:d4:27:40:5c:2f:
                    29:c0:bd:f2:e6:0a:2d:be:e6:be:86:c4:4b:c0:93:
                    49:a5:c0:05:76:9c:89:ca:42:a5:53:3e:b6:2c:db:
                    97:c0:51:67:4f:ed:e1:58:62:65:b1:d7:27:05:bf:
                    96:8d:b3:49:50:cd:b6:11:b6:e7:82:3d:17:3d:2d:
                    0d:32:fe:14:2e:ec:49:b9:0b:55:60:06:26:25:2f:
                    cc:2d:d9:cf:ec:af:b2:18:e9:d9:5e:07:d1:66:69:
                    8c:35:de:b6:a9:97:e0:e9:86:6c:5e:f5:a5:8b:33:
                    e9:ba:66:05:91:ed:a3:f7:0a:db:78:7e:9b:5c:3d:
                    af:ad:db:30:0e:8d:12:50:24:b4:e3:90:62:84:79:
                    58:15:ee:46:3b:fb:30:a7:84:bb:70:1c:9e:0a:61:
                    05:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:24:A4:2F:6A:8B:FC:58:24:75:37:86:43:58:66:82:93:26:3C:D1
            X509v3 Authority Key Identifier:
                keyid:D7:9F:92:5E:17:38:BC:35:2B:C6:B5:CF:5F:F9:51:B3:D8:13:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15-SXhc4vDUrxrXPX_lRs9gTrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/2ySkL2qL_FgkdTeGQ1hmgpMmPNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3b2c00-94b6-434d-b362-96a34b022f89/1/15-SXhc4vDUrxrXPX_lRs9gTrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:26:79:d1:b5:16:f3:9f:ee:31:bc:4a:f6:ff:5c:5a:14:d1:
         6d:dc:a1:a5:1b:31:79:6e:9a:05:62:86:e3:9e:93:cc:be:c6:
         71:06:48:8f:f9:b3:03:04:92:68:7b:2b:3d:f7:c4:d6:fe:f7:
         b4:30:e3:1c:67:e0:73:14:c9:91:cc:3f:7f:85:31:e1:f7:19:
         19:13:de:fd:75:43:e3:08:84:68:59:2d:41:64:42:56:06:3f:
         81:a6:54:31:66:cf:d1:4e:50:12:e1:59:a4:32:fb:a5:eb:23:
         75:0f:75:40:1c:19:72:b8:ba:d8:d4:fe:90:a3:8d:14:32:57:
         14:a8:92:a6:ce:af:53:97:23:ca:c3:e8:24:a6:87:12:9f:21:
         bc:6f:a3:c8:07:84:9b:c7:49:12:39:2f:80:ad:e4:7e:7a:a6:
         e4:c4:54:1c:8f:4e:7f:d9:27:96:2b:97:67:66:0a:fc:7f:79:
         f9:4e:93:52:90:36:f8:03:4d:45:16:f8:a9:0b:ad:46:fe:f5:
         d0:82:97:66:81:34:fb:e6:86:b5:4c:67:76:87:85:b8:d6:e8:
         6a:f1:d9:82:bb:4c:64:89:a9:43:10:88:63:32:93:db:9b:0a:
         e2:e6:22:2b:e1:f2:ba:7f:49:82:f5:c0:5e:0a:68:28:1c:f1:
         bc:c0:8f:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9XmGbQVPsVYuMLSjctWoGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWY5MjVlMTczOGJjMzUyYmM2YjVjZjVmZjk1MWIzZDgx
M2FlMzkwHhcNMjQwNTA4MDk0NTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI0YTQyZjZhOGJmYzU4MjQ3NTM3ODY0MzU4NjY4MjkzMjYzY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b0agdKCGAcLDGJHgb3OQKO1Q2RF
NvoyKNIcA/UKj6vn/VMxllgmYiiRMwtX+NRFpBdGy9luYjpB0HqVpf79IaHNzYDR
EyG4tR05crPVSS7meDdpnnACljIUujOUdR5N0fXN1CdAXC8pwL3y5gotvua+hsRL
wJNJpcAFdpyJykKlUz62LNuXwFFnT+3hWGJlsdcnBb+WjbNJUM22Ebbngj0XPS0N
Mv4ULuxJuQtVYAYmJS/MLdnP7K+yGOnZXgfRZmmMNd62qZfg6YZsXvWlizPpumYF
ke2j9wrbeH6bXD2vrdswDo0SUCS045BihHlYFe5GO/swp4S7cByeCmEFGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNskpC9qi/xYJHU3hkNYZoKTJjzRMB8GA1UdIwQY
MBaAFNefkl4XOLw1K8a1z1/5UbPYE645MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTUtU1hoYzR2RFVyeHJYUFhfbFJzOWdUcmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zYjJjMDAtOTRiNi00MzRkLWIzNjIt
OTZhMzRiMDIyZjg5LzEvMnlTa0wycUxfRmdrZFRlR1ExaG1ncE1tUE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zYjJjMDAtOTRiNi00MzRkLWIzNjItOTZhMzRiMDIyZjg5
LzEvMTUtU1hoYzR2RFVyeHJYUFhfbFJzOWdUcmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKpMA0G
CSqGSIb3DQEBCwUAA4IBAQBpJnnRtRbzn+4xvEr2/1xaFNFt3KGlGzF5bpoFYobj
npPMvsZxBkiP+bMDBJJoeys998TW/ve0MOMcZ+BzFMmRzD9/hTHh9xkZE979dUPj
CIRoWS1BZEJWBj+BplQxZs/RTlAS4VmkMvul6yN1D3VAHBlyuLrY1P6Qo40UMlcU
qJKmzq9TlyPKw+gkpocSnyG8b6PIB4Sbx0kSOS+AreR+eqbkxFQcj05/2SeWK5dn
Zgr8f3n5TpNSkDb4A01FFvipC61G/vXQgpdmgTT75oa1TGd2h4W41uhq8dmCu0xk
ialDEIhjMpPbmwri5iIr4fK6f0mC9cBeCmgoHPG8wI+N
-----END CERTIFICATE-----