Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2BVU88vBTIoJFoGmGKy43-O6eyI.roa
File:                     2BVU88vBTIoJFoGmGKy43-O6eyI.roa (raw, json)
Hash identifier:          maYQJh/25Sfic7yRS43FBiResp4uO+Pi/sM8rx/AW3o=
Subject key identifier:   D8:15:54:F3:CB:C1:4C:8A:09:16:81:A6:18:AC:B8:DF:E3:BA:7B:22
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018DEA7B58BD64A55EA406C9DC6F3389E924
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2BVU88vBTIoJFoGmGKy43-O6eyI.roa
Signing time:             Tue 27 Feb 2024 12:12:48 +0000
ROA not before:           Tue 27 Feb 2024 12:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199159
IP address blocks:        217.146.7.0/24 maxlen: 24
                          2a05:8900:36::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:7b:58:bd:64:a5:5e:a4:06:c9:dc:6f:33:89:e9:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Feb 27 12:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d81554f3cbc14c8a091681a618acb8dfe3ba7b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:cf:8a:5b:2b:a0:e8:37:29:c3:c9:34:fd:00:
                    b9:59:7b:5a:75:6e:2f:d8:43:3b:cc:76:66:82:ce:
                    77:a3:b4:3a:f8:dd:6c:3a:3b:fe:8d:9c:cd:2a:9f:
                    db:ca:fe:fc:5c:f8:f0:14:18:9d:d1:fc:30:4b:43:
                    32:f1:e4:c9:e8:cf:13:9b:6c:61:44:fc:ea:e8:69:
                    84:be:ee:f1:e6:7c:f1:49:36:a3:73:29:3b:63:c4:
                    2c:2a:50:6c:f8:50:b5:b4:e8:7a:79:29:30:30:6d:
                    69:fe:69:ab:2d:4d:1e:f9:fe:1b:ab:d0:35:57:b0:
                    dc:9f:02:e6:52:0b:1a:c0:c1:c9:9e:db:67:00:4e:
                    6b:32:70:1c:3e:e4:32:e4:1a:2c:df:eb:dd:7e:24:
                    2a:90:8c:16:cf:19:b3:fe:17:44:e0:3d:6b:34:86:
                    cc:09:95:f6:c2:ba:ae:23:8e:73:c2:96:b5:da:5a:
                    78:2b:ed:5f:f8:f4:7e:d7:e9:3d:fb:05:be:b8:4d:
                    05:20:fb:97:7d:28:98:63:52:3e:c3:bf:e1:cd:6c:
                    a5:d5:fa:5c:79:50:d5:46:3c:c9:e7:92:8b:0d:0f:
                    bc:55:27:b7:d8:94:44:f2:20:63:59:5e:a5:1a:1f:
                    b3:da:72:e5:68:95:fb:3b:cb:8b:83:99:25:93:9c:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:15:54:F3:CB:C1:4C:8A:09:16:81:A6:18:AC:B8:DF:E3:BA:7B:22
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/2BVU88vBTIoJFoGmGKy43-O6eyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.146.7.0/24
                IPv6:
                  2a05:8900:36::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:f7:57:1a:1a:36:1a:ef:ee:19:99:7f:70:8c:4f:0d:e1:ff:
         a2:e4:24:79:57:eb:9e:ed:6e:ec:d8:d9:95:3b:90:fe:f1:2c:
         49:37:0c:e7:2b:41:cf:dc:06:75:16:7f:0e:3e:ef:2c:57:c3:
         44:3d:5a:45:07:58:af:92:6f:00:a4:19:f6:aa:30:21:7f:a8:
         ff:81:54:75:3b:51:89:b5:cc:ac:20:bc:89:fb:5c:62:33:d2:
         51:44:6f:b9:e6:c8:77:2c:b1:11:1b:a9:12:dc:3f:2d:88:d5:
         50:f6:30:be:7d:36:75:0c:e2:9a:56:6b:b8:f6:6e:a8:79:fd:
         8b:69:48:26:df:bc:78:e1:8f:c0:25:2a:cf:97:f6:90:fe:be:
         8e:14:16:ce:03:0a:e9:77:b1:39:7e:90:1f:32:c7:f9:3b:82:
         c4:58:fc:2a:10:35:63:07:6f:48:53:25:ff:a9:97:31:1f:8a:
         ff:9d:fe:21:68:e3:78:0f:67:2f:ad:83:d3:57:a3:4a:8f:a1:
         01:ff:6b:65:fb:48:0a:c5:d2:c2:23:a6:78:87:01:0a:40:7d:
         02:ca:55:10:44:72:d6:34:5c:82:37:10:76:b6:0f:18:5d:8b:
         0a:b3:f9:55:05:fd:c4:5e:6e:68:ac:c2:01:1d:f3:12:86:94:
         bd:a4:ff:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3qe1i9ZKVepAbJ3G8ziekkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMjI3MTIxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE1NTRmM2NiYzE0YzhhMDkxNjgxYTYxOGFjYjhkZmUzYmE3YjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8+KWyug6Dcpw8k0/QC5WXtadW4v
2EM7zHZmgs53o7Q6+N1sOjv+jZzNKp/byv78XPjwFBid0fwwS0My8eTJ6M8Tm2xh
RPzq6GmEvu7x5nzxSTajcyk7Y8QsKlBs+FC1tOh6eSkwMG1p/mmrLU0e+f4bq9A1
V7DcnwLmUgsawMHJnttnAE5rMnAcPuQy5Bos3+vdfiQqkIwWzxmz/hdE4D1rNIbM
CZX2wrquI45zwpa12lp4K+1f+PR+1+k9+wW+uE0FIPuXfSiYY1I+w7/hzWyl1fpc
eVDVRjzJ55KLDQ+8VSe32JRE8iBjWV6lGh+z2nLlaJX7O8uLg5klk5yHuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNgVVPPLwUyKCRaBphisuN/junsiMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvMkJWVTg4dkJUSW9KRm9HbUdLeTQzLU82ZXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2ZIHMA8E
AgACMAkDBwAqBYkAADYwDQYJKoZIhvcNAQELBQADggEBAFb3VxoaNhrv7hmZf3CM
Tw3h/6LkJHlX657tbuzY2ZU7kP7xLEk3DOcrQc/cBnUWfw4+7yxXw0Q9WkUHWK+S
bwCkGfaqMCF/qP+BVHU7UYm1zKwgvIn7XGIz0lFEb7nmyHcssREbqRLcPy2I1VD2
ML59NnUM4ppWa7j2bqh5/YtpSCbfvHjhj8AlKs+X9pD+vo4UFs4DCul3sTl+kB8y
x/k7gsRY/CoQNWMHb0hTJf+plzEfiv+d/iFo43gPZy+tg9NXo0qPoQH/a2X7SArF
0sIjpniHAQpAfQLKVRBEctY0XII3EHa2Dxhdiwqz+VUF/cRebmiswgEd8xKGlL2k
/1o=
-----END CERTIFICATE-----