Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/LB8X1B0qs2z2dTHrOnwY4_smpB4.roa
File:                     LB8X1B0qs2z2dTHrOnwY4_smpB4.roa (raw, json)
Hash identifier:          ZPuGPzgukjN8rqXwf/B42VGTmhkySaZxnypf62TAIdQ=
Subject key identifier:   2C:1F:17:D4:1D:2A:B3:6C:F6:75:31:EB:3A:7C:18:E3:FB:26:A4:1E
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0190C55C8A5A3163369E9541A5A8CC0393B9
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/LB8X1B0qs2z2dTHrOnwY4_smpB4.roa
Signing time:             Thu 18 Jul 2024 10:21:34 +0000
ROA not before:           Thu 18 Jul 2024 10:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215828
IP address blocks:        2a07:2486::/48 maxlen: 48
                          2a07:2486:1::/48 maxlen: 48
                          2a07:2487::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:5c:8a:5a:31:63:36:9e:95:41:a5:a8:cc:03:93:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Jul 18 10:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c1f17d41d2ab36cf67531eb3a7c18e3fb26a41e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:fe:26:62:84:4b:34:3c:e8:a7:98:9d:3e:be:
                    e5:e8:a5:35:9e:e8:ed:b0:a2:37:7a:c1:b4:ae:59:
                    fb:29:ff:d3:25:f7:6a:ea:b0:69:b3:bf:7b:9c:8e:
                    9e:99:06:14:3f:db:3a:ca:ef:60:ae:af:d7:55:f7:
                    3f:d2:79:28:21:23:b2:ca:31:26:96:af:6c:fd:ab:
                    11:83:85:41:ad:a1:a3:f2:46:eb:f3:42:ce:34:93:
                    fa:90:0d:eb:85:d3:f6:7b:8c:a6:92:e3:ef:9c:c7:
                    ae:c1:5f:c6:0b:fc:e0:e2:d1:42:81:56:10:61:5f:
                    b5:cf:8b:9f:08:f8:37:5c:00:87:94:3c:dc:c1:3a:
                    a7:34:79:25:c6:0e:13:24:60:f4:ad:c4:f0:6c:57:
                    8d:85:f6:67:c8:66:ef:ef:42:f9:c4:90:ad:fd:2d:
                    a9:ac:5a:c7:a7:27:11:ef:bb:79:f2:7e:6d:7e:c0:
                    7e:1a:5a:46:e0:c4:ca:92:a0:ca:0f:c2:40:5d:79:
                    d4:1a:5f:27:aa:b2:76:71:2f:c0:d2:08:77:2a:e5:
                    d1:56:7a:89:51:bb:2f:28:71:88:cc:4d:92:89:2d:
                    12:34:ce:dd:d2:8e:f7:8e:7d:6e:02:33:3c:98:56:
                    21:b5:c7:9e:f8:a2:12:a3:62:49:88:62:1e:ae:76:
                    23:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:1F:17:D4:1D:2A:B3:6C:F6:75:31:EB:3A:7C:18:E3:FB:26:A4:1E
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/LB8X1B0qs2z2dTHrOnwY4_smpB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486::/47
                  2a07:2487::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:b2:a3:63:67:6b:54:03:20:ef:d5:29:3e:30:38:ca:e3:ed:
         c9:1a:c1:0c:c5:c0:6e:a2:69:83:b8:f3:99:6b:01:85:e9:32:
         2a:3a:12:00:0b:24:ed:1f:f8:bf:11:c8:1a:db:71:ae:09:fa:
         53:b6:56:57:60:38:4f:87:cc:02:16:7d:46:42:63:48:08:44:
         22:af:6e:fc:50:12:ff:51:f2:e2:05:94:3c:ba:34:fb:4f:7f:
         8b:0f:ab:75:4e:b9:eb:46:6e:b9:6f:c3:1f:b0:74:3e:78:87:
         2c:9a:c9:a3:35:9c:f4:01:20:b1:bf:6c:69:a0:bc:54:3c:94:
         1e:71:f7:5b:7c:aa:f0:61:f9:77:5f:27:08:2d:71:39:0f:fa:
         94:60:6e:0c:8c:dc:64:da:40:5f:44:7d:fa:85:57:d5:37:18:
         3b:c1:ed:5a:f0:77:9b:a2:ff:22:31:77:fe:f6:af:80:16:73:
         eb:80:44:30:97:48:e0:77:2a:7a:40:b4:81:73:40:ea:47:c2:
         af:f1:63:b0:b3:7b:98:59:b9:dc:12:0f:2e:7f:2d:f8:79:52:
         7c:bf:74:7c:6b:bd:c2:99:bc:53:ba:42:fb:04:c9:d0:31:96:
         d0:d3:6f:75:d6:f4:28:59:1a:c8:37:9b:00:c8:38:59:25:da:
         ed:73:66:37
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZDFXIpaMWM2npVBpajMA5O5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwNzE4MTAyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzFmMTdkNDFkMmFiMzZjZjY3NTMxZWIzYTdjMThlM2ZiMjZhNDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/4mYoRLNDzop5idPr7l6KU1nujt
sKI3esG0rln7Kf/TJfdq6rBps797nI6emQYUP9s6yu9grq/XVfc/0nkoISOyyjEm
lq9s/asRg4VBraGj8kbr80LONJP6kA3rhdP2e4ymkuPvnMeuwV/GC/zg4tFCgVYQ
YV+1z4ufCPg3XACHlDzcwTqnNHklxg4TJGD0rcTwbFeNhfZnyGbv70L5xJCt/S2p
rFrHpycR77t58n5tfsB+GlpG4MTKkqDKD8JAXXnUGl8nqrJ2cS/A0gh3KuXRVnqJ
UbsvKHGIzE2SiS0SNM7d0o73jn1uAjM8mFYhtcee+KISo2JJiGIernYjIQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFCwfF9QdKrNs9nUx6zp8GOP7JqQeMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvTEI4WDFCMHFzMnoyZFRIck9ud1k0X3NtcEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcBKgckhgAA
AwUAKgckhzANBgkqhkiG9w0BAQsFAAOCAQEAVrKjY2drVAMg79UpPjA4yuPtyRrB
DMXAbqJpg7jzmWsBhekyKjoSAAsk7R/4vxHIGttxrgn6U7ZWV2A4T4fMAhZ9RkJj
SAhEIq9u/FAS/1Hy4gWUPLo0+09/iw+rdU6560ZuuW/DH7B0PniHLJrJozWc9AEg
sb9saaC8VDyUHnH3W3yq8GH5d18nCC1xOQ/6lGBuDIzcZNpAX0R9+oVX1TcYO8Ht
WvB3m6L/IjF3/vavgBZz64BEMJdI4HcqekC0gXNA6kfCr/FjsLN7mFm53BIPLn8t
+HlSfL90fGu9wpm8U7pC+wTJ0DGW0NNvddb0KFkayDebAMg4WSXa7XNmNw==
-----END CERTIFICATE-----