Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/2mRuof242mnAxA1NsqFDYEgtgJM.roa
File:                     2mRuof242mnAxA1NsqFDYEgtgJM.roa (raw, json)
Hash identifier:          akdIvn73z9cElZ4t2Siuwk2b/j8pZVxISmUUe1lFLvI=
Subject key identifier:   DA:64:6E:A1:FD:B8:DA:69:C0:C4:0D:4D:B2:A1:43:60:48:2D:80:93
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       018CC80156544B807552FFB5B0423FEC1B75
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/2mRuof242mnAxA1NsqFDYEgtgJM.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205459
IP address blocks:        195.64.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:54:4b:80:75:52:ff:b5:b0:42:3f:ec:1b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da646ea1fdb8da69c0c40d4db2a14360482d8093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:79:9c:fe:7f:2a:56:bb:ba:e0:d8:91:56:d7:
                    61:7f:0e:ad:d2:c9:46:48:8b:06:f4:18:ec:b5:9b:
                    b9:74:1e:8c:ad:f2:85:7c:1a:1b:83:55:95:ea:08:
                    59:c7:7c:50:b6:3a:de:39:b4:6a:fc:73:2f:0f:61:
                    ee:e5:4b:32:0f:d6:3d:65:d0:d8:03:78:19:01:9d:
                    9a:de:f2:f6:18:f1:53:2b:d0:b5:40:ab:89:0f:56:
                    84:9d:47:52:4b:95:fa:41:1d:ff:d7:37:d0:c2:54:
                    d5:6b:eb:df:4c:55:5d:f4:85:d6:38:83:90:f0:14:
                    5f:58:d1:a6:da:2d:ee:b3:4b:12:12:d9:c0:17:e5:
                    c9:77:8f:7f:79:7e:a1:05:ce:60:f4:20:a2:84:a5:
                    b2:8e:c0:39:8d:bd:b0:77:3e:c8:d8:08:d0:9b:25:
                    8e:e4:e8:ad:f6:0f:80:8e:77:2f:e3:63:7c:02:e4:
                    a9:cb:14:5a:ae:f5:5b:66:9e:97:9e:03:0a:ce:66:
                    2e:d3:90:65:e1:99:49:28:ad:59:18:43:1e:da:b2:
                    50:6f:c2:2c:38:34:6d:fe:88:54:a4:ec:4a:75:14:
                    e1:4b:fd:81:5f:f0:78:bc:3b:25:16:d7:b8:80:96:
                    5c:50:61:13:c0:6a:92:5e:a5:41:08:fc:f3:95:ac:
                    6b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:64:6E:A1:FD:B8:DA:69:C0:C4:0D:4D:B2:A1:43:60:48:2D:80:93
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/2mRuof242mnAxA1NsqFDYEgtgJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:2a:d8:e2:fc:cd:ed:8b:23:b3:5d:58:4b:3b:a0:cb:01:ec:
         69:7d:cb:a3:b7:41:9b:a6:b9:04:31:41:e1:42:5a:f0:3b:ae:
         6a:87:91:5e:d2:57:3f:7c:27:c8:26:e7:4a:68:79:cf:bd:bf:
         d4:b2:0a:7a:a3:56:de:f0:0d:45:9c:23:c0:37:07:2a:e8:5e:
         c8:0e:0c:76:e2:55:c2:75:60:6e:bc:63:c1:ea:5d:07:92:f4:
         0b:9e:ae:ed:07:1e:d2:48:46:1c:c5:8b:8f:bd:20:dc:9c:89:
         42:b2:51:0f:4d:7e:3a:36:30:d5:94:3f:79:96:28:57:75:2e:
         8b:6c:75:a9:1a:c5:07:2b:7b:2b:76:97:79:e1:81:bd:80:44:
         5f:ed:d4:86:f4:91:84:79:b0:14:07:b0:05:2e:a6:9c:33:de:
         2d:b9:cd:62:e6:85:30:d3:6b:29:67:db:e8:70:1e:1f:2b:ea:
         aa:ab:d9:db:6d:12:db:6f:a6:2e:23:90:e2:48:31:37:07:37:
         18:2e:4b:70:35:0c:d9:e0:33:23:d8:14:aa:bf:03:0f:0d:eb:
         73:ef:4a:86:9a:4c:23:b4:23:78:5f:ad:8c:5d:7b:3f:21:6b:
         f5:9d:08:0a:9e:af:54:7b:46:cb:a4:c1:3e:be:ec:42:f3:7e:
         3d:9c:86:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVZUS4B1Uv+1sEI/7Bt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY0NmVhMWZkYjhkYTY5YzBjNDBkNGRiMmExNDM2MDQ4MmQ4MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3mc/n8qVru64NiRVtdhfw6t0slG
SIsG9BjstZu5dB6MrfKFfBobg1WV6ghZx3xQtjreObRq/HMvD2Hu5UsyD9Y9ZdDY
A3gZAZ2a3vL2GPFTK9C1QKuJD1aEnUdSS5X6QR3/1zfQwlTVa+vfTFVd9IXWOIOQ
8BRfWNGm2i3us0sSEtnAF+XJd49/eX6hBc5g9CCihKWyjsA5jb2wdz7I2AjQmyWO
5Oit9g+Ajncv42N8AuSpyxRarvVbZp6XngMKzmYu05Bl4ZlJKK1ZGEMe2rJQb8Is
ODRt/ohUpOxKdRThS/2BX/B4vDslFte4gJZcUGETwGqSXqVBCPzzlaxr0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpkbqH9uNppwMQNTbKhQ2BILYCTMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvMm1SdW9mMjQybW5BeEExTnNxRkRZRWd0Z0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0DmMA0G
CSqGSIb3DQEBCwUAA4IBAQCGKtji/M3tiyOzXVhLO6DLAexpfcujt0GbprkEMUHh
QlrwO65qh5Fe0lc/fCfIJudKaHnPvb/Usgp6o1be8A1FnCPANwcq6F7IDgx24lXC
dWBuvGPB6l0HkvQLnq7tBx7SSEYcxYuPvSDcnIlCslEPTX46NjDVlD95lihXdS6L
bHWpGsUHK3srdpd54YG9gERf7dSG9JGEebAUB7AFLqacM94tuc1i5oUw02spZ9vo
cB4fK+qqq9nbbRLbb6YuI5DiSDE3BzcYLktwNQzZ4DMj2BSqvwMPDetz70qGmkwj
tCN4X62MXXs/IWv1nQgKnq9Ue0bLpME+vuxC8349nIaC
-----END CERTIFICATE-----