Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/2BYX46_atn39oTBpbMSiNAKCSDc.roa
File:                     2BYX46_atn39oTBpbMSiNAKCSDc.roa (raw, json)
Hash identifier:          OVpwX8vw3RIdQW01NzSyjZRcsU/kWbnvkqbtCDq+UKg=
Subject key identifier:   D8:16:17:E3:AF:DA:B6:7D:FD:A1:30:69:6C:C4:A2:34:02:82:48:37
Certificate issuer:       /CN=5797245d78078985c147dccbe0ec6d168dd9982d
Certificate serial:       018CC5DC3F2D788B653035E7869E009961CC
Authority key identifier: 57:97:24:5D:78:07:89:85:C1:47:DC:CB:E0:EC:6D:16:8D:D9:98:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/2BYX46_atn39oTBpbMSiNAKCSDc.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51379
IP address blocks:        178.212.112.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3f:2d:78:8b:65:30:35:e7:86:9e:00:99:61:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5797245d78078985c147dccbe0ec6d168dd9982d
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d81617e3afdab67dfda130696cc4a23402824837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b3:73:77:c0:15:fe:a7:36:14:a4:82:be:bb:
                    3a:b8:03:0a:f9:9b:7c:e9:91:90:81:c6:d9:d3:68:
                    46:11:82:b9:28:40:89:05:7b:9a:03:f9:fe:32:cf:
                    4a:5f:20:d8:6e:72:37:55:77:f0:31:92:e9:95:b1:
                    2b:b3:98:e4:ae:4a:95:42:64:79:0c:81:a6:b3:31:
                    22:1c:ab:96:f3:64:6d:36:9b:a6:24:fc:56:7d:09:
                    6e:ef:41:e8:25:ce:d1:6a:26:7b:e3:50:0f:95:d2:
                    1f:c3:de:2b:47:b3:80:90:46:a9:67:21:46:3e:9b:
                    f8:13:fd:76:6c:4d:2c:83:b0:54:57:27:b1:2b:cc:
                    cb:8a:f3:28:90:e1:8d:d6:8d:bb:b6:8f:80:01:d9:
                    83:79:f3:4c:94:bd:fa:c7:76:85:e6:68:38:8e:8a:
                    50:17:a8:5b:85:fd:2e:79:67:1d:1a:95:ed:51:b8:
                    f4:57:d7:c0:a8:5d:5c:ca:81:49:52:86:80:79:b2:
                    4d:f8:f5:bf:2e:c5:c6:7c:a3:8f:c7:80:59:0e:af:
                    ae:79:5b:d0:6f:67:a6:9b:bc:d3:27:9e:29:70:32:
                    eb:9e:3d:c9:a1:2f:6b:e4:c4:52:ed:da:e5:92:e2:
                    05:1d:f2:97:0a:8f:a0:2c:03:d7:e8:82:5f:cc:48:
                    ea:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:16:17:E3:AF:DA:B6:7D:FD:A1:30:69:6C:C4:A2:34:02:82:48:37
            X509v3 Authority Key Identifier:
                keyid:57:97:24:5D:78:07:89:85:C1:47:DC:CB:E0:EC:6D:16:8D:D9:98:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/2BYX46_atn39oTBpbMSiNAKCSDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/111579-ae19-4251-9785-73e38cce1383/1/V5ckXXgHiYXBR9zL4OxtFo3ZmC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:2d:7a:7d:74:a8:04:32:a5:c9:c4:6d:3f:d6:62:59:8f:f6:
         b4:d6:3c:db:94:f9:fb:36:5e:02:0b:69:d8:6d:fe:8f:2f:a8:
         35:a5:75:0a:5c:22:d0:9e:1b:8a:93:7e:d1:bf:d9:ca:cf:e3:
         2d:36:c1:a6:ad:47:f9:3a:c6:a2:30:ac:47:68:83:05:06:ce:
         42:ab:73:1f:78:8f:eb:dd:d2:e7:8c:f5:99:9c:a6:01:62:5d:
         81:96:65:60:bf:a3:71:0a:e3:0e:10:d7:84:5f:df:41:50:b7:
         db:aa:de:ba:4b:8f:f4:c5:c1:fa:ff:b8:de:43:4f:73:85:b8:
         ab:1d:7f:17:5b:00:97:d9:d9:55:9a:92:f2:4b:a3:9e:6c:f0:
         04:3b:bf:28:f4:b3:f0:05:d5:0d:33:0e:9c:fc:6e:d6:38:93:
         2c:11:f0:89:8c:66:22:e6:58:f6:60:48:65:bd:a1:d3:85:8d:
         c0:85:d9:de:4b:d9:dd:11:0d:bc:05:69:43:62:5f:e9:d7:11:
         d8:08:82:47:f8:51:f0:6a:45:62:a2:b5:a2:7e:a9:eb:13:61:
         69:af:89:c4:37:1e:69:63:9d:4f:3f:1d:4f:e7:bd:33:17:fe:
         42:d7:3d:15:b5:c2:8a:2b:8e:cd:94:ba:72:c9:ca:a4:68:42:
         38:16:49:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D8teItlMDXnhp4AmWHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTcyNDVkNzgwNzg5ODVjMTQ3ZGNjYmUwZWM2ZDE2OGRk
OTk4MmQwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE2MTdlM2FmZGFiNjdkZmRhMTMwNjk2Y2M0YTIzNDAyODI0ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrNzd8AV/qc2FKSCvrs6uAMK+Zt8
6ZGQgcbZ02hGEYK5KECJBXuaA/n+Ms9KXyDYbnI3VXfwMZLplbErs5jkrkqVQmR5
DIGmszEiHKuW82RtNpumJPxWfQlu70HoJc7RaiZ741APldIfw94rR7OAkEapZyFG
Ppv4E/12bE0sg7BUVyexK8zLivMokOGN1o27to+AAdmDefNMlL36x3aF5mg4jopQ
F6hbhf0ueWcdGpXtUbj0V9fAqF1cyoFJUoaAebJN+PW/LsXGfKOPx4BZDq+ueVvQ
b2emm7zTJ54pcDLrnj3JoS9r5MRS7drlkuIFHfKXCo+gLAPX6IJfzEjq7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgWF+Ov2rZ9/aEwaWzEojQCgkg3MB8GA1UdIwQY
MBaAFFeXJF14B4mFwUfcy+DsbRaN2ZgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVja1hYZ0hpWVhCUjl6TDRPeHRGbzNabUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xMTE1NzktYWUxOS00MjUxLTk3ODUt
NzNlMzhjY2UxMzgzLzEvMkJZWDQ2X2F0bjM5b1RCcGJNU2lOQUtDU0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xMTE1NzktYWUxOS00MjUxLTk3ODUtNzNlMzhjY2UxMzgz
LzEvVjVja1hYZ0hpWVhCUjl6TDRPeHRGbzNabUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstRwMA0G
CSqGSIb3DQEBCwUAA4IBAQCVLXp9dKgEMqXJxG0/1mJZj/a01jzblPn7Nl4CC2nY
bf6PL6g1pXUKXCLQnhuKk37Rv9nKz+MtNsGmrUf5OsaiMKxHaIMFBs5Cq3MfeI/r
3dLnjPWZnKYBYl2BlmVgv6NxCuMOENeEX99BULfbqt66S4/0xcH6/7jeQ09zhbir
HX8XWwCX2dlVmpLyS6OebPAEO78o9LPwBdUNMw6c/G7WOJMsEfCJjGYi5lj2YEhl
vaHThY3AhdneS9ndEQ28BWlDYl/p1xHYCIJH+FHwakViorWifqnrE2Fpr4nENx5p
Y51PPx1P570zF/5C1z0VtcKKK47NlLpyycqkaEI4Fkky
-----END CERTIFICATE-----