Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/2AJ5u6pz4jtFShLxvs45vUGzNfY.roa
File:                     2AJ5u6pz4jtFShLxvs45vUGzNfY.roa (raw, json)
Hash identifier:          82kj5GnXT4EesPdtWL1em8tQnSC3UBJhWgNfn9O7H6U=
Subject key identifier:   D8:02:79:BB:AA:73:E2:3B:45:4A:12:F1:BE:CE:39:BD:41:B3:35:F6
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       018F3091BCEC81D8DCE3F25A54B0A3A29B26
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/2AJ5u6pz4jtFShLxvs45vUGzNfY.roa
Signing time:             Tue 30 Apr 2024 19:53:28 +0000
ROA not before:           Tue 30 Apr 2024 19:53:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205800
IP address blocks:        122.102.119.0/24 maxlen: 24
                          202.164.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:91:bc:ec:81:d8:dc:e3:f2:5a:54:b0:a3:a2:9b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Apr 30 19:53:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d80279bbaa73e23b454a12f1bece39bd41b335f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3b:38:bf:9e:a5:a5:99:6f:ab:85:0c:0a:ee:
                    d1:7e:9c:31:35:08:5c:0d:46:a7:a6:f7:77:96:e5:
                    2c:76:a4:12:f1:a0:21:32:49:1c:ea:0b:94:69:07:
                    ae:2b:4f:1b:65:21:89:1a:c5:cd:39:e7:07:e5:4a:
                    44:a2:a5:f0:ab:1a:00:7c:a2:d4:b4:24:7d:8b:68:
                    23:3c:9b:cb:59:a7:08:10:6f:f9:51:06:4f:cc:dd:
                    4a:8a:1f:d9:10:52:d9:ad:df:15:9e:a8:ef:97:8c:
                    e5:a6:36:93:82:7e:4a:8e:d3:b4:64:34:c9:db:1e:
                    08:4c:ae:e7:c3:03:22:4a:5d:9c:b7:6b:0b:fd:9c:
                    c6:af:8b:93:bc:b2:d2:e3:fa:8f:de:6b:d6:aa:d5:
                    83:4d:8f:87:9e:37:00:57:7c:5b:53:0e:6c:77:c6:
                    f5:d1:3b:a2:27:f4:a9:b4:88:6e:46:67:23:b1:47:
                    a9:c8:bd:40:aa:99:59:2d:15:c8:b6:58:a2:f4:3d:
                    a1:50:53:71:27:38:6c:95:d2:9b:30:d5:7f:cb:a6:
                    9a:90:7e:10:d9:a9:92:dc:e8:e1:53:e3:40:82:b5:
                    af:34:a8:dd:84:6c:6c:71:3c:ba:90:17:dd:44:db:
                    a3:85:22:8f:fe:6f:2c:b6:be:11:61:91:a4:02:72:
                    a9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:02:79:BB:AA:73:E2:3B:45:4A:12:F1:BE:CE:39:BD:41:B3:35:F6
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/2AJ5u6pz4jtFShLxvs45vUGzNfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.102.119.0/24
                  202.164.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d4:6f:c9:d9:c4:07:4b:2c:60:fe:0a:1e:4e:95:a9:8f:2d:
         60:c4:cf:97:a9:6d:88:1c:86:59:20:00:9e:db:d5:40:03:16:
         8b:6f:7d:5a:06:2a:00:55:6c:84:7c:a8:36:d4:db:0a:2b:ab:
         f8:19:ef:83:94:f5:42:78:20:8d:f7:fa:cc:c0:a6:3c:4d:a1:
         96:69:94:f1:b1:74:fa:2f:00:45:00:28:82:ae:78:bb:77:6f:
         0c:6e:88:24:13:79:59:de:da:64:5a:3a:28:44:51:73:b2:1c:
         ab:d5:ca:8e:a4:a0:80:7f:f3:95:d4:a9:70:63:f7:3c:d5:c2:
         f6:e3:d6:ff:3b:28:c6:12:ed:b6:40:7a:16:89:2a:45:4e:04:
         e1:5f:ed:7a:3a:fd:bd:79:03:d8:38:4e:8a:28:ac:75:ce:e1:
         60:ce:21:02:99:b6:d9:f7:76:82:5e:ae:a0:7f:74:ec:c7:81:
         af:80:ae:81:c7:92:a4:27:77:38:3c:b2:ed:ec:27:3c:78:30:
         ba:be:82:a5:6d:db:66:82:b9:47:e5:44:6a:39:34:e2:13:3b:
         d4:a6:e1:5e:0a:67:b1:94:b5:d6:fb:79:8e:36:4d:fc:2b:26:
         30:56:44:0f:e2:74:b2:12:5d:7d:9b:3c:32:dc:59:e1:45:07:
         c8:b7:9a:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8wkbzsgdjc4/JaVLCjopsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjQwNDMwMTk1MzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAyNzliYmFhNzNlMjNiNDU0YTEyZjFiZWNlMzliZDQxYjMzNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjs4v56lpZlvq4UMCu7RfpwxNQhc
DUanpvd3luUsdqQS8aAhMkkc6guUaQeuK08bZSGJGsXNOecH5UpEoqXwqxoAfKLU
tCR9i2gjPJvLWacIEG/5UQZPzN1Kih/ZEFLZrd8Vnqjvl4zlpjaTgn5KjtO0ZDTJ
2x4ITK7nwwMiSl2ct2sL/ZzGr4uTvLLS4/qP3mvWqtWDTY+HnjcAV3xbUw5sd8b1
0TuiJ/SptIhuRmcjsUepyL1AqplZLRXItlii9D2hUFNxJzhsldKbMNV/y6aakH4Q
2amS3OjhU+NAgrWvNKjdhGxscTy6kBfdRNujhSKP/m8str4RYZGkAnKpDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNgCebuqc+I7RUoS8b7OOb1BszX2MB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvMkFKNXU2cHo0anRGU2hMeHZzNDV2VUd6TmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAemZ3AwQA
yqTPMA0GCSqGSIb3DQEBCwUAA4IBAQA41G/J2cQHSyxg/goeTpWpjy1gxM+XqW2I
HIZZIACe29VAAxaLb31aBioAVWyEfKg21NsKK6v4Ge+DlPVCeCCN9/rMwKY8TaGW
aZTxsXT6LwBFACiCrni7d28MbogkE3lZ3tpkWjooRFFzshyr1cqOpKCAf/OV1Klw
Y/c81cL249b/OyjGEu22QHoWiSpFTgThX+16Ov29eQPYOE6KKKx1zuFgziECmbbZ
93aCXq6gf3Tsx4GvgK6Bx5KkJ3c4PLLt7Cc8eDC6voKlbdtmgrlH5URqOTTiEzvU
puFeCmexlLXW+3mONk38KyYwVkQP4nSyEl19mzwy3FnhRQfIt5pW
-----END CERTIFICATE-----