Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2jRAoB9uuSgRK8LnNyUfSfzeumI.roa
File:                     2jRAoB9uuSgRK8LnNyUfSfzeumI.roa (raw, json)
Hash identifier:          mqxYJ+4qztdoqf/uOGROAL62TWUcIVe6+pahJQdELKQ=
Subject key identifier:   DA:34:40:A0:1F:6E:B9:28:11:2B:C2:E7:37:25:1F:49:FC:DE:BA:62
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF2CCF42BBFF35B54653575831228
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2jRAoB9uuSgRK8LnNyUfSfzeumI.roa
Signing time:             Tue 02 Jan 2024 04:30:29 +0000
ROA not before:           Tue 02 Jan 2024 04:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60659
IP address blocks:        213.74.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f2:cc:f4:2b:bf:f3:5b:54:65:35:75:83:12:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da3440a01f6eb928112bc2e737251f49fcdeba62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:95:7c:43:3f:48:2f:ef:44:a1:81:9a:40:ba:
                    75:98:1a:47:3f:65:12:d1:90:3f:2d:1e:6b:f0:41:
                    ee:50:e8:33:7b:09:d4:e0:02:12:38:83:c4:91:03:
                    df:05:e7:0d:02:84:da:29:d2:06:94:ed:9a:14:dc:
                    83:71:90:b5:3b:49:2f:0a:33:5d:36:45:f7:7d:bf:
                    27:b1:d2:5f:e4:16:8e:35:93:53:2c:64:97:ef:c9:
                    42:62:af:15:11:d8:05:d4:30:d8:38:ba:73:af:02:
                    36:77:ad:13:d7:86:4d:6f:17:22:58:c4:4c:8c:06:
                    5a:ed:c3:a1:96:29:5e:13:d5:6f:d9:36:4c:01:66:
                    21:ff:29:70:80:78:de:08:d9:91:b0:54:47:62:66:
                    49:d5:aa:17:e8:bb:e9:9b:bd:14:fd:4e:fa:c0:1d:
                    30:d3:66:e2:fc:5b:e4:d4:22:2b:5b:68:91:c1:8c:
                    52:ef:79:c3:62:05:96:98:af:26:27:16:17:3c:ba:
                    c6:57:1f:19:e2:91:83:57:55:b8:d2:4a:94:d4:3d:
                    f5:76:8f:06:77:f5:5b:f8:3b:af:42:13:82:01:16:
                    69:dd:ab:21:2e:31:9a:5c:06:08:7c:9b:d9:5b:49:
                    d1:9b:ab:9c:83:19:a8:dd:67:75:4c:7e:dd:e1:1a:
                    47:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:34:40:A0:1F:6E:B9:28:11:2B:C2:E7:37:25:1F:49:FC:DE:BA:62
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2jRAoB9uuSgRK8LnNyUfSfzeumI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.74.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:62:56:db:06:7e:3f:80:cd:52:d8:60:4b:d4:ba:32:6e:d6:
         18:39:3d:1a:f3:90:6b:ba:c5:fe:35:ac:ec:5a:8b:03:91:a3:
         32:48:5b:ac:ce:26:71:74:ef:69:ff:40:3e:ed:42:a6:65:77:
         b7:3c:96:58:42:ea:58:b1:d4:c3:1c:56:f2:3e:7d:4f:d5:7b:
         87:ef:e7:af:ae:2d:57:22:8f:80:07:e6:d1:4f:35:02:7b:29:
         87:ae:7a:ae:d1:5f:6f:ea:58:a4:5a:ba:f7:d6:47:45:72:79:
         2a:9d:06:50:26:4d:0b:af:2b:87:7c:1e:25:fa:b5:50:64:7c:
         42:33:97:0d:ad:28:af:9e:5b:b2:e2:05:89:ba:d7:c1:65:2a:
         f3:69:ce:42:8c:db:1e:5d:a4:d8:06:ac:79:74:66:66:58:6b:
         47:e9:ec:18:4d:26:ab:7c:79:4c:61:70:de:4d:ce:87:31:53:
         56:17:a4:50:23:10:88:10:be:28:5b:21:46:1f:cc:a3:31:28:
         34:3a:16:32:68:81:89:1f:f8:5e:b6:ac:70:cc:61:0b:d4:96:
         be:89:9b:f9:8f:15:f1:45:1c:dd:49:d1:4e:32:55:a1:03:12:
         4b:5b:e6:3d:8a:5f:d1:00:89:8f:c7:cb:20:3d:aa:ad:7f:ff:
         fc:c6:6d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/LM9Cu/81tUZTV1gxIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM0NDBhMDFmNmViOTI4MTEyYmMyZTczNzI1MWY0OWZjZGViYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpV8Qz9IL+9EoYGaQLp1mBpHP2US
0ZA/LR5r8EHuUOgzewnU4AISOIPEkQPfBecNAoTaKdIGlO2aFNyDcZC1O0kvCjNd
NkX3fb8nsdJf5BaONZNTLGSX78lCYq8VEdgF1DDYOLpzrwI2d60T14ZNbxciWMRM
jAZa7cOhlileE9Vv2TZMAWYh/ylwgHjeCNmRsFRHYmZJ1aoX6Lvpm70U/U76wB0w
02bi/Fvk1CIrW2iRwYxS73nDYgWWmK8mJxYXPLrGVx8Z4pGDV1W40kqU1D31do8G
d/Vb+DuvQhOCARZp3ashLjGaXAYIfJvZW0nRm6ucgxmo3Wd1TH7d4RpHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNo0QKAfbrkoESvC5zclH0n83rpiMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvMmpSQW9COXV1U2dSSzhMbk55VWZTZnpldW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1UpmMA0G
CSqGSIb3DQEBCwUAA4IBAQAeYlbbBn4/gM1S2GBL1LoybtYYOT0a85BrusX+Nazs
WosDkaMySFusziZxdO9p/0A+7UKmZXe3PJZYQupYsdTDHFbyPn1P1XuH7+evri1X
Io+AB+bRTzUCeymHrnqu0V9v6likWrr31kdFcnkqnQZQJk0LryuHfB4l+rVQZHxC
M5cNrSivnluy4gWJutfBZSrzac5CjNseXaTYBqx5dGZmWGtH6ewYTSarfHlMYXDe
Tc6HMVNWF6RQIxCIEL4oWyFGH8yjMSg0OhYyaIGJH/hetqxwzGEL1Ja+iZv5jxXx
RRzdSdFOMlWhAxJLW+Y9il/RAImPx8sgPaqtf//8xm1y
-----END CERTIFICATE-----