Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/2s-v2XiHlqNz2EhVL1n3h7_kVyk.roa
File:                     2s-v2XiHlqNz2EhVL1n3h7_kVyk.roa (raw, json)
Hash identifier:          ouBAsIrt7MP6msy5WX/yDw+wW1sS3Jhzk6HRjiHyDaY=
Subject key identifier:   DA:CF:AF:D9:78:87:96:A3:73:D8:48:55:2F:59:F7:87:BF:E4:57:29
Certificate issuer:       /CN=7a0a06564d3c717d2d6daa1e833c495976b0bada
Certificate serial:       018CC56E4E3A2C91CA805D019140EE910E05
Authority key identifier: 7A:0A:06:56:4D:3C:71:7D:2D:6D:AA:1E:83:3C:49:59:76:B0:BA:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egoGVk08cX0tbaoegzxJWXawuto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/2s-v2XiHlqNz2EhVL1n3h7_kVyk.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        149.249.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/egoGVk08cX0tbaoegzxJWXawuto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/egoGVk08cX0tbaoegzxJWXawuto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egoGVk08cX0tbaoegzxJWXawuto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4e:3a:2c:91:ca:80:5d:01:91:40:ee:91:0e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a0a06564d3c717d2d6daa1e833c495976b0bada
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dacfafd9788796a373d848552f59f787bfe45729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:15:d6:dc:ab:f5:6f:f5:5d:88:f7:5e:1e:
                    51:95:ad:ff:5d:de:71:51:dc:a4:84:23:dd:1c:78:
                    37:d2:69:67:3a:a7:88:51:74:17:51:63:a6:b3:23:
                    2b:4d:7b:c2:bf:a7:1b:2f:b6:b9:89:0f:5d:b2:40:
                    8a:14:c3:2b:91:b4:81:be:09:76:b1:76:99:87:31:
                    65:12:dc:ed:ca:76:fb:9b:1e:dd:7a:c8:9f:32:a5:
                    5f:95:f6:9c:d4:3c:d7:c6:53:01:1d:64:96:4a:0c:
                    e8:fc:1d:bd:b6:dd:4e:70:66:5a:3f:3d:a5:39:88:
                    2f:93:48:64:d6:a3:16:d4:63:09:f4:4f:42:7e:39:
                    1c:d8:eb:81:5f:28:e4:52:66:46:ef:fc:4b:54:63:
                    96:09:92:9d:88:b6:e2:f0:a3:7f:a0:4b:25:9f:2c:
                    97:98:ad:e6:1e:88:d3:81:7c:19:06:9d:87:68:82:
                    ec:1a:75:75:79:2f:45:97:8e:22:fe:af:ce:40:b1:
                    f7:c2:0f:83:1d:42:9b:9d:23:73:5e:75:44:ab:6f:
                    77:52:f9:de:f1:cf:9a:fb:cf:f9:97:99:da:91:96:
                    b0:ab:95:d4:86:5d:8e:01:62:b8:e7:23:6a:df:df:
                    fd:d1:df:0d:42:82:12:f3:39:a6:bd:af:9d:e0:cf:
                    b9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CF:AF:D9:78:87:96:A3:73:D8:48:55:2F:59:F7:87:BF:E4:57:29
            X509v3 Authority Key Identifier:
                keyid:7A:0A:06:56:4D:3C:71:7D:2D:6D:AA:1E:83:3C:49:59:76:B0:BA:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egoGVk08cX0tbaoegzxJWXawuto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/2s-v2XiHlqNz2EhVL1n3h7_kVyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6f598d-a5c5-4c99-a1f0-548263eb6fb4/1/egoGVk08cX0tbaoegzxJWXawuto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.249.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:2e:5f:a0:95:82:d8:0d:6a:62:89:0b:6f:ce:1c:53:71:b9:
         6b:a0:ef:21:fc:ca:a0:4c:84:f1:c5:f7:ba:4f:8b:54:a8:44:
         06:98:05:32:01:65:e1:12:1d:6c:89:4d:ef:81:38:b1:53:63:
         1a:43:40:d5:82:a5:1a:de:53:ad:ad:a9:b7:47:69:e5:50:b3:
         35:c7:90:b0:ab:f8:d7:4d:68:35:0d:a7:d8:7b:bd:e4:09:d1:
         ca:ee:03:19:a8:a5:b3:13:6e:d9:9a:4b:16:3f:8c:9e:77:6b:
         f0:bf:d4:8c:4a:69:56:f4:79:29:11:f7:92:67:60:96:44:62:
         dc:08:55:cd:a5:f2:13:c3:d7:d7:aa:c8:4b:b5:ea:a8:c5:4c:
         e3:cb:24:12:ed:43:48:fc:a3:24:5f:23:1f:23:62:06:1b:64:
         6d:12:7d:e1:ba:8c:44:1e:83:ae:e3:f6:a4:56:b9:4d:35:f2:
         2b:1f:7b:88:a2:a0:ff:1c:91:4e:b8:91:41:d5:4e:e9:ef:2c:
         65:ec:2b:7b:6f:90:8f:14:e1:e2:48:40:01:7a:e8:18:87:42:
         4c:4b:26:ac:86:c1:f9:26:12:8f:64:d4:a1:22:6f:d2:f6:a2:
         94:8d:f7:4f:90:65:60:c3:b3:8e:7a:47:7a:55:31:5b:8d:bd:
         56:53:f0:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbk46LJHKgF0BkUDukQ4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGEwNjU2NGQzYzcxN2QyZDZkYWExZTgzM2M0OTU5NzZi
MGJhZGEwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNmYWZkOTc4ODc5NmEzNzNkODQ4NTUyZjU5Zjc4N2JmZTQ1NzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli4V1tyr9W/1XYj3Xh5Rla3/Xd5x
UdykhCPdHHg30mlnOqeIUXQXUWOmsyMrTXvCv6cbL7a5iQ9dskCKFMMrkbSBvgl2
sXaZhzFlEtztynb7mx7desifMqVflfac1DzXxlMBHWSWSgzo/B29tt1OcGZaPz2l
OYgvk0hk1qMW1GMJ9E9Cfjkc2OuBXyjkUmZG7/xLVGOWCZKdiLbi8KN/oEslnyyX
mK3mHojTgXwZBp2HaILsGnV1eS9Fl44i/q/OQLH3wg+DHUKbnSNzXnVEq293Uvne
8c+a+8/5l5nakZawq5XUhl2OAWK45yNq39/90d8NQoIS8zmmva+d4M+58wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrPr9l4h5ajc9hIVS9Z94e/5FcpMB8GA1UdIwQY
MBaAFHoKBlZNPHF9LW2qHoM8SVl2sLraMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWdvR1ZrMDhjWDB0YmFvZWd6eEpXWGF3dXRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82ZjU5OGQtYTVjNS00Yzk5LWExZjAt
NTQ4MjYzZWI2ZmI0LzEvMnMtdjJYaUhscU56MkVoVkwxbjNoN19rVnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82ZjU5OGQtYTVjNS00Yzk5LWExZjAtNTQ4MjYzZWI2ZmI0
LzEvZWdvR1ZrMDhjWDB0YmFvZWd6eEpXWGF3dXRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDlfkAMA0G
CSqGSIb3DQEBCwUAA4IBAQCZLl+glYLYDWpiiQtvzhxTcblroO8h/MqgTITxxfe6
T4tUqEQGmAUyAWXhEh1siU3vgTixU2MaQ0DVgqUa3lOtram3R2nlULM1x5Cwq/jX
TWg1DafYe73kCdHK7gMZqKWzE27ZmksWP4yed2vwv9SMSmlW9HkpEfeSZ2CWRGLc
CFXNpfITw9fXqshLteqoxUzjyyQS7UNI/KMkXyMfI2IGG2RtEn3huoxEHoOu4/ak
VrlNNfIrH3uIoqD/HJFOuJFB1U7p7yxl7Ct7b5CPFOHiSEABeugYh0JMSyashsH5
JhKPZNShIm/S9qKUjfdPkGVgw7OOekd6VTFbjb1WU/Cw
-----END CERTIFICATE-----