Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/2GfiHL2pskeBMTgDoVIeW4QyASs.roa
File:                     2GfiHL2pskeBMTgDoVIeW4QyASs.roa (raw, json)
Hash identifier:          PrGzOyMWfbJMM/GM/8ftIFj+Bq8Cn05OjGZ4xqcOWlk=
Subject key identifier:   D8:67:E2:1C:BD:A9:B2:47:81:31:38:03:A1:52:1E:5B:84:32:01:2B
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       018F54A8C2454E472A37FD699CC5C5DCC5D5
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/2GfiHL2pskeBMTgDoVIeW4QyASs.roa
Signing time:             Tue 07 May 2024 20:04:56 +0000
ROA not before:           Tue 07 May 2024 20:04:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269070
IP address blocks:        185.14.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:a8:c2:45:4e:47:2a:37:fd:69:9c:c5:c5:dc:c5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: May  7 20:04:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d867e21cbda9b24781313803a1521e5b8432012b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0b:df:c2:d8:43:b2:0f:c4:ca:e6:1c:6c:d5:
                    03:b4:a1:78:5d:0f:5e:67:d1:74:19:0f:52:5a:c0:
                    45:65:e6:6f:ee:ac:4d:6f:e3:a9:52:81:15:60:5d:
                    43:21:fc:1d:e4:9f:aa:89:a7:3e:a5:4e:9d:a4:d5:
                    ca:1f:41:9f:29:07:b8:e4:09:68:b8:f8:22:f3:64:
                    70:48:20:85:ee:08:ad:be:87:c4:53:36:d5:1d:fb:
                    ab:94:5b:af:85:94:c1:05:86:44:67:da:db:71:fd:
                    1a:90:1e:c8:1f:95:27:e4:42:b0:1f:af:09:d3:45:
                    e2:60:8e:cf:4d:c2:10:1d:64:8c:d2:36:59:7a:f8:
                    c8:66:06:a6:c9:5a:80:1d:db:49:6a:9a:79:bb:00:
                    a0:95:b3:dd:22:02:93:9f:41:b7:3e:02:ab:d5:4d:
                    d0:8d:86:8d:46:98:8a:69:13:37:7a:48:dc:4e:61:
                    17:4d:0a:3a:eb:fb:73:6e:f2:33:85:73:9e:2c:db:
                    0f:c2:55:b4:9d:7c:d7:40:cf:7f:3d:20:da:4e:52:
                    f3:86:64:7d:a6:4b:32:11:24:64:17:b5:45:c8:d0:
                    c2:20:38:c5:cf:ad:e0:39:4f:e6:18:f8:51:7b:4d:
                    34:16:0e:d4:04:3d:45:77:68:a8:d1:a5:54:8f:e5:
                    3c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:67:E2:1C:BD:A9:B2:47:81:31:38:03:A1:52:1E:5B:84:32:01:2B
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/2GfiHL2pskeBMTgDoVIeW4QyASs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:29:3c:93:65:3c:cb:a2:95:d2:4d:5c:ff:d1:e9:8c:7e:54:
         30:93:47:5d:e9:4d:cb:e2:42:46:e6:76:2e:18:d3:6e:35:85:
         44:0b:2d:a7:6e:9e:f0:a2:40:1a:5d:48:14:94:69:91:8c:d7:
         00:39:f3:66:47:6a:7e:b3:04:3a:64:23:e0:ad:36:b9:f0:66:
         16:69:58:c1:7e:df:fc:d0:41:03:c6:09:37:65:23:10:a8:74:
         9a:29:fe:92:4c:e2:ae:18:6d:55:a6:ed:c6:ff:bf:07:96:cb:
         01:2a:8f:a1:34:dd:e0:50:8a:78:ea:66:f2:92:3f:83:de:fc:
         e6:7c:95:43:0e:66:70:14:71:ae:b7:60:9f:45:3b:2e:3a:ac:
         37:0b:4a:df:54:32:09:68:39:5d:74:5b:38:48:e4:84:7a:98:
         61:21:86:6d:ff:72:33:a3:5a:21:f7:d8:33:72:26:c6:1d:53:
         05:f5:b6:3a:37:9e:b0:2b:06:60:c8:10:55:4b:b5:75:06:fe:
         f4:10:40:ab:31:05:b9:23:dd:98:72:c7:1d:f7:0e:07:25:01:
         85:91:e9:f2:3c:40:f5:ee:bd:ab:8f:39:94:4e:21:a9:55:48:
         ce:71:98:0d:2c:47:99:27:58:b6:44:b3:a1:ff:58:ac:be:ca:
         bf:fe:75:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9UqMJFTkcqN/1pnMXF3MXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjQwNTA3MjAwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY3ZTIxY2JkYTliMjQ3ODEzMTM4MDNhMTUyMWU1Yjg0MzIwMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQvfwthDsg/EyuYcbNUDtKF4XQ9e
Z9F0GQ9SWsBFZeZv7qxNb+OpUoEVYF1DIfwd5J+qiac+pU6dpNXKH0GfKQe45Alo
uPgi82RwSCCF7gitvofEUzbVHfurlFuvhZTBBYZEZ9rbcf0akB7IH5Un5EKwH68J
00XiYI7PTcIQHWSM0jZZevjIZgamyVqAHdtJapp5uwCglbPdIgKTn0G3PgKr1U3Q
jYaNRpiKaRM3ekjcTmEXTQo66/tzbvIzhXOeLNsPwlW0nXzXQM9/PSDaTlLzhmR9
pksyESRkF7VFyNDCIDjFz63gOU/mGPhRe000Fg7UBD1Fd2io0aVUj+U8kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhn4hy9qbJHgTE4A6FSHluEMgErMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvMkdmaUhMMnBza2VCTVRnRG9WSWVXNFF5QVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQA+KTyTZTzLopXSTVz/0emMflQwk0dd6U3L4kJG5nYu
GNNuNYVECy2nbp7wokAaXUgUlGmRjNcAOfNmR2p+swQ6ZCPgrTa58GYWaVjBft/8
0EEDxgk3ZSMQqHSaKf6STOKuGG1Vpu3G/78HlssBKo+hNN3gUIp46mbykj+D3vzm
fJVDDmZwFHGut2CfRTsuOqw3C0rfVDIJaDlddFs4SOSEephhIYZt/3Izo1oh99gz
cibGHVMF9bY6N56wKwZgyBBVS7V1Bv70EECrMQW5I92Ycscd9w4HJQGFkenyPED1
7r2rjzmUTiGpVUjOcZgNLEeZJ1i2RLOh/1isvsq//nU3
-----END CERTIFICATE-----