Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2WXRAa0tZLIh44RgMtVlEUkWpyA.roa
File:                     2WXRAa0tZLIh44RgMtVlEUkWpyA.roa (raw, json)
Hash identifier:          RC49DwQSL33A/hAlXcRfixGZRl1kwX6b96WNbW/gV/Q=
Subject key identifier:   D9:65:D1:01:AD:2D:64:B2:21:E3:84:60:32:D5:65:11:49:16:A7:20
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018F18942530EDBB7BD810E2BBB69252F3BA
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2WXRAa0tZLIh44RgMtVlEUkWpyA.roa
Signing time:             Fri 26 Apr 2024 04:05:13 +0000
ROA not before:           Fri 26 Apr 2024 04:05:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        89.36.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:58:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:18:94:25:30:ed:bb:7b:d8:10:e2:bb:b6:92:52:f3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 26 04:05:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d965d101ad2d64b221e3846032d565114916a720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:bc:18:34:6e:46:30:80:a5:4f:5f:ec:cc:ee:
                    8e:b0:15:ee:af:73:7f:6a:76:72:2a:ee:75:99:ad:
                    4e:ea:31:39:35:99:90:49:2a:26:4c:24:05:fa:fb:
                    98:4b:2f:c5:43:4a:b4:19:01:82:db:34:20:e1:a6:
                    53:a0:aa:66:d7:d0:db:e2:8f:0e:cd:47:a9:10:86:
                    b8:e2:7c:40:42:1a:c8:81:cd:4a:5d:fa:86:23:60:
                    74:57:40:02:f0:57:ce:43:5a:72:4a:b4:06:36:07:
                    96:d9:fd:a4:1a:20:c0:b0:49:42:b9:1e:c9:d9:88:
                    d8:13:2d:5f:81:8a:99:29:7c:4a:5b:26:c2:26:0a:
                    56:b0:dd:af:d8:ae:c5:88:dc:51:ad:7e:60:cc:a0:
                    e7:52:06:17:27:7c:1a:65:a8:a1:47:11:44:8e:b7:
                    49:1a:4a:60:de:a0:3b:de:26:ae:38:92:0d:c5:84:
                    38:79:93:d7:e6:de:3c:de:ee:d2:5e:0c:4d:8b:67:
                    07:73:d5:72:bd:31:41:f5:7c:24:c0:45:0c:fd:61:
                    86:59:12:df:ad:ef:4b:4f:5c:e9:e7:cc:51:4a:be:
                    6f:40:a1:04:0b:de:06:76:69:88:28:cf:77:e0:a9:
                    b3:d8:e0:17:72:49:df:6e:a1:a1:27:1d:1b:7d:fa:
                    3b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:65:D1:01:AD:2D:64:B2:21:E3:84:60:32:D5:65:11:49:16:A7:20
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2WXRAa0tZLIh44RgMtVlEUkWpyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e9:e8:ff:59:ba:02:7f:a9:4f:31:4d:6d:f1:fa:12:84:ea:
         88:9a:f3:91:f2:ed:3a:a5:54:90:84:7b:03:d6:cf:4c:39:83:
         3b:bc:5f:f7:64:ea:55:a0:a2:30:f2:b9:48:70:84:96:59:28:
         db:52:ec:81:f4:0d:d8:1a:f9:2a:de:60:ba:d1:16:5f:14:87:
         db:27:2e:42:73:cd:e4:85:d7:99:0a:d8:4b:e8:91:b4:1d:56:
         1b:21:3f:0b:b5:17:d0:b3:7b:46:3f:ef:4c:a8:72:81:d3:b9:
         f7:b8:c1:31:22:8e:10:2d:d1:1f:67:62:1c:83:98:d2:12:0a:
         47:6d:cd:73:c2:4e:8d:92:a1:50:34:46:d2:3d:b3:fa:0b:26:
         92:f1:fe:07:ae:90:71:7d:4e:f7:4a:21:ca:66:af:0a:b5:3e:
         23:f3:36:54:c6:6b:3c:9b:46:6b:3f:f8:0c:ce:1c:80:3a:d3:
         6f:2c:a6:6b:29:af:6f:cc:34:00:d2:c4:72:ef:9f:b4:00:35:
         22:e4:af:89:75:76:c1:fa:64:aa:f4:ab:e5:40:43:a8:f4:bd:
         87:2e:b1:6f:6f:13:c8:6d:3b:f6:b7:e4:46:69:ba:72:38:56:
         ad:90:17:14:56:42:c7:bc:97:a3:eb:58:bc:f3:0f:35:ef:6f:
         b6:77:1e:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8YlCUw7bt72BDiu7aSUvO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDI2MDQwNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY1ZDEwMWFkMmQ2NGIyMjFlMzg0NjAzMmQ1NjUxMTQ5MTZhNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbwYNG5GMIClT1/szO6OsBXur3N/
anZyKu51ma1O6jE5NZmQSSomTCQF+vuYSy/FQ0q0GQGC2zQg4aZToKpm19Db4o8O
zUepEIa44nxAQhrIgc1KXfqGI2B0V0AC8FfOQ1pySrQGNgeW2f2kGiDAsElCuR7J
2YjYEy1fgYqZKXxKWybCJgpWsN2v2K7FiNxRrX5gzKDnUgYXJ3waZaihRxFEjrdJ
Gkpg3qA73iauOJINxYQ4eZPX5t483u7SXgxNi2cHc9VyvTFB9XwkwEUM/WGGWRLf
re9LT1zp58xRSr5vQKEEC94GdmmIKM934Kmz2OAXcknfbqGhJx0bffo78QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNll0QGtLWSyIeOEYDLVZRFJFqcgMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMldYUkFhMHRaTEloNDRSZ010VmxFVWtXcHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSSMMA0G
CSqGSIb3DQEBCwUAA4IBAQBb6ej/WboCf6lPMU1t8foShOqImvOR8u06pVSQhHsD
1s9MOYM7vF/3ZOpVoKIw8rlIcISWWSjbUuyB9A3YGvkq3mC60RZfFIfbJy5Cc83k
hdeZCthL6JG0HVYbIT8LtRfQs3tGP+9MqHKB07n3uMExIo4QLdEfZ2Icg5jSEgpH
bc1zwk6NkqFQNEbSPbP6CyaS8f4HrpBxfU73SiHKZq8KtT4j8zZUxms8m0ZrP/gM
zhyAOtNvLKZrKa9vzDQA0sRy75+0ADUi5K+JdXbB+mSq9KvlQEOo9L2HLrFvbxPI
bTv2t+RGabpyOFatkBcUVkLHvJej61i88w8172+2dx7x
-----END CERTIFICATE-----