Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/2XE1S5jPNshNL_VS5Kchyq2Dmzc.roa
File:                     2XE1S5jPNshNL_VS5Kchyq2Dmzc.roa (raw, json)
Hash identifier:          7oDzcnyspznt471bYizuFC0lBGXEbr+kmoCFj7/DZ/c=
Subject key identifier:   D9:71:35:4B:98:CF:36:C8:4D:2F:F5:52:E4:A7:21:CA:AD:83:9B:37
Certificate issuer:       /CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
Certificate serial:       018CC6B891FB14C16AF0725456BB4BFD7E3C
Authority key identifier: 7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/2XE1S5jPNshNL_VS5Kchyq2Dmzc.roa
Signing time:             Mon 01 Jan 2024 20:30:33 +0000
ROA not before:           Mon 01 Jan 2024 20:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        46.255.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/fiyz0KZBdpx4AcSBYSAVwsyztlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/fiyz0KZBdpx4AcSBYSAVwsyztlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:91:fb:14:c1:6a:f0:72:54:56:bb:4b:fd:7e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
        Validity
            Not Before: Jan  1 20:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d971354b98cf36c84d2ff552e4a721caad839b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d6:40:6a:34:7d:83:d9:7d:97:c2:60:c1:7f:
                    a8:4b:e4:ab:d8:46:c3:4a:ad:bb:b7:6f:93:40:dd:
                    85:a1:26:74:31:a5:09:76:48:88:3a:be:c3:3a:b3:
                    da:d6:b9:59:0e:4d:36:73:28:2b:5a:ec:66:e1:43:
                    14:21:b3:44:7c:6e:30:88:3d:a6:60:1f:d1:a7:57:
                    f9:39:79:03:76:9e:63:f1:97:09:19:49:ef:c9:09:
                    d6:78:aa:c1:e3:17:02:87:72:49:04:7f:a0:b2:3d:
                    bd:ef:f6:73:42:97:db:2d:0a:25:5f:2d:c3:fd:59:
                    10:7f:a6:c2:92:a6:9f:ae:22:a6:c6:9d:4e:30:54:
                    22:ec:91:e2:cb:0b:cc:29:f3:f4:ed:b1:6f:e4:07:
                    2f:b0:a0:d4:0a:d2:81:d4:d2:38:50:b7:c8:53:30:
                    cf:9a:46:9b:ea:6a:0b:2b:51:bb:50:b3:f5:68:17:
                    ba:46:da:c7:ef:16:4a:32:06:0c:7e:17:f7:fe:d2:
                    2f:31:f0:ac:6f:d6:69:ff:80:a4:8c:cb:64:f3:dc:
                    c9:c5:8a:59:82:71:b4:03:4a:6e:2b:9b:18:84:4a:
                    95:77:76:c5:6b:c9:33:4c:22:9f:ce:de:ad:c0:0d:
                    98:51:6f:2b:a3:4a:58:bb:e7:34:77:47:08:bd:f9:
                    60:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:71:35:4B:98:CF:36:C8:4D:2F:F5:52:E4:A7:21:CA:AD:83:9B:37
            X509v3 Authority Key Identifier:
                keyid:7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/2XE1S5jPNshNL_VS5Kchyq2Dmzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/fiyz0KZBdpx4AcSBYSAVwsyztlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4a:2d:09:bc:9c:51:80:17:26:a3:56:35:93:5b:14:ab:96:
         50:b5:a0:99:3e:b2:65:d1:2a:23:5e:08:d1:a2:08:79:7c:3e:
         df:f3:a0:96:fc:3f:f4:94:64:2d:37:25:df:fa:ec:03:a1:2e:
         66:69:44:dc:f7:60:ab:bd:6e:36:a9:eb:ed:cb:ee:9c:fb:ce:
         f9:ba:c0:ff:35:22:d4:7e:9f:64:fc:53:d9:40:32:d7:5f:f5:
         cb:9c:6b:d6:37:9c:93:48:5b:83:63:32:fa:df:e2:d6:e0:a4:
         70:64:bd:c8:b4:4a:8c:de:47:ae:0c:15:03:8c:b3:f7:a6:8b:
         68:93:90:b9:33:2e:7f:2a:3a:36:9e:73:b9:ff:9c:a4:92:da:
         28:bf:e2:bb:6c:d4:ca:98:35:23:f5:7b:0b:e4:eb:73:54:af:
         96:2f:44:33:23:cd:24:c6:7d:74:5c:f0:56:34:4e:b5:42:a4:
         a7:f3:10:0d:46:7e:bc:20:4b:69:d3:c5:e2:1c:51:3b:bc:fc:
         65:36:b7:58:bd:37:96:db:e0:ba:e0:f6:ed:22:d3:76:f4:77:
         75:ad:3e:27:4f:2d:1a:ae:38:73:b6:2c:4c:a0:b2:63:a5:62:
         f4:f5:f1:4f:1e:90:ab:c5:2b:a4:e6:6c:e3:da:6a:42:5c:2e:
         ce:65:9a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJH7FMFq8HJUVrtL/X48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmNiM2QwYTY0MTc2OWM3ODAxYzQ4MTYxMjAxNWMyY2Ni
M2I2NTUwHhcNMjQwMTAxMjAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTcxMzU0Yjk4Y2YzNmM4NGQyZmY1NTJlNGE3MjFjYWFkODM5YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9ZAajR9g9l9l8JgwX+oS+Sr2EbD
Sq27t2+TQN2FoSZ0MaUJdkiIOr7DOrPa1rlZDk02cygrWuxm4UMUIbNEfG4wiD2m
YB/Rp1f5OXkDdp5j8ZcJGUnvyQnWeKrB4xcCh3JJBH+gsj297/ZzQpfbLQolXy3D
/VkQf6bCkqafriKmxp1OMFQi7JHiywvMKfP07bFv5AcvsKDUCtKB1NI4ULfIUzDP
mkab6moLK1G7ULP1aBe6RtrH7xZKMgYMfhf3/tIvMfCsb9Zp/4CkjMtk89zJxYpZ
gnG0A0puK5sYhEqVd3bFa8kzTCKfzt6twA2YUW8ro0pYu+c0d0cIvflg3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlxNUuYzzbITS/1UuSnIcqtg5s3MB8GA1UdIwQY
MBaAFH4ss9CmQXaceAHEgWEgFcLMs7ZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml5ejBLWkJkcHg0QWNTQllTQVZ3c3l6dGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MzFkZjEtMDlmNC00NzVjLWEwNDUt
ZjViYjI4NDNjODllLzEvMlhFMVM1alBOc2hOTF9WUzVLY2h5cTJEbXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MzFkZjEtMDlmNC00NzVjLWEwNDUtZjViYjI4NDNjODll
LzEvZml5ejBLWkJkcHg0QWNTQllTQVZ3c3l6dGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv9MMA0G
CSqGSIb3DQEBCwUAA4IBAQAQSi0JvJxRgBcmo1Y1k1sUq5ZQtaCZPrJl0SojXgjR
ogh5fD7f86CW/D/0lGQtNyXf+uwDoS5maUTc92CrvW42qevty+6c+875usD/NSLU
fp9k/FPZQDLXX/XLnGvWN5yTSFuDYzL63+LW4KRwZL3ItEqM3keuDBUDjLP3poto
k5C5My5/Kjo2nnO5/5ykktoov+K7bNTKmDUj9XsL5OtzVK+WL0QzI80kxn10XPBW
NE61QqSn8xANRn68IEtp08XiHFE7vPxlNrdYvTeW2+C64PbtItN29Hd1rT4nTy0a
rjhztixMoLJjpWL09fFPHpCrxSuk5mzj2mpCXC7OZZqR
-----END CERTIFICATE-----