Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/2coQ0IzDBpJuVPUwoymYN8CDq88.roa
File:                     2coQ0IzDBpJuVPUwoymYN8CDq88.roa (raw, json)
Hash identifier:          r8qr7V6HewmipWvJwfrm4YeaQlhXXmf59ZUk/LGRg5Y=
Subject key identifier:   D9:CA:10:D0:8C:C3:06:92:6E:54:F5:30:A3:29:98:37:C0:83:AB:CF
Certificate issuer:       /CN=b5c2ccf27b3b5824ede2ffc977229987b9b1694c
Certificate serial:       018CC3489EBD9359BCC60FBBAA56A88BC005
Authority key identifier: B5:C2:CC:F2:7B:3B:58:24:ED:E2:FF:C9:77:22:99:87:B9:B1:69:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcLM8ns7WCTt4v_JdyKZh7mxaUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/2coQ0IzDBpJuVPUwoymYN8CDq88.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209080
IP address blocks:        185.239.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/tcLM8ns7WCTt4v_JdyKZh7mxaUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/tcLM8ns7WCTt4v_JdyKZh7mxaUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcLM8ns7WCTt4v_JdyKZh7mxaUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9e:bd:93:59:bc:c6:0f:bb:aa:56:a8:8b:c0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c2ccf27b3b5824ede2ffc977229987b9b1694c
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9ca10d08cc306926e54f530a3299837c083abcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d7:5d:0e:71:55:4c:e4:84:73:0c:54:61:2b:
                    6f:b4:aa:46:36:db:3c:de:b1:9e:81:f8:b5:42:d5:
                    ef:ae:2a:0a:5a:bd:81:95:03:d1:65:00:eb:55:f4:
                    fb:4a:38:5c:99:aa:63:71:72:92:2b:20:e6:22:23:
                    fd:5a:a2:16:bc:ae:35:f5:14:45:16:56:eb:ca:4e:
                    0f:04:8c:00:a3:e1:8d:10:d1:86:8a:81:04:2b:e7:
                    a0:48:9e:50:47:53:79:54:9a:f6:a1:93:57:7c:f7:
                    53:2b:2c:1f:8b:46:1f:2b:8e:26:8f:d0:0a:ac:a5:
                    a3:da:e0:ab:d6:b8:33:01:1e:5b:ef:1a:2b:ba:48:
                    ba:75:b7:9e:d3:61:d6:a1:b8:03:05:6b:48:e3:a4:
                    da:f8:b0:66:e4:20:e9:28:fc:25:8c:6e:e6:ec:5a:
                    1d:b1:35:48:47:c9:18:f7:27:38:60:da:73:48:cf:
                    ab:89:b9:56:4f:55:98:fd:2b:30:42:23:48:92:fa:
                    bd:bb:b0:e0:91:80:0a:71:d9:a2:79:57:22:12:fb:
                    c5:66:27:88:d9:3c:f6:29:a2:a1:ab:97:ef:0e:eb:
                    c2:b3:ce:15:54:71:6d:40:54:7f:c5:76:5e:3a:fd:
                    48:02:16:34:9c:eb:1e:67:6b:8a:67:2b:10:f3:9a:
                    90:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:CA:10:D0:8C:C3:06:92:6E:54:F5:30:A3:29:98:37:C0:83:AB:CF
            X509v3 Authority Key Identifier:
                keyid:B5:C2:CC:F2:7B:3B:58:24:ED:E2:FF:C9:77:22:99:87:B9:B1:69:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcLM8ns7WCTt4v_JdyKZh7mxaUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/2coQ0IzDBpJuVPUwoymYN8CDq88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/262b26-dca1-495e-a7a2-abc9886d96f2/1/tcLM8ns7WCTt4v_JdyKZh7mxaUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ad:61:bc:70:ca:1b:18:ec:b3:49:4d:36:3a:9b:a4:a7:37:
         6c:4d:bf:de:6f:d0:32:c3:a7:48:97:09:c8:05:8a:98:75:8a:
         48:66:a5:00:46:0c:15:9c:2a:7d:ec:25:d7:72:62:2a:e0:a2:
         c0:02:1b:ef:99:43:53:2c:4e:46:0f:51:35:ba:2d:c6:13:26:
         34:44:ad:4b:37:1c:20:3e:9e:34:fb:57:87:64:e2:a0:89:11:
         4d:66:55:5e:54:c6:b5:39:37:71:94:a4:2d:47:20:cb:6f:0a:
         b2:c9:56:a8:bd:b3:8c:2e:c2:b2:96:5c:47:5a:23:a6:a7:db:
         3a:2f:29:b6:8c:19:9c:f9:64:95:a3:1c:26:44:42:86:d6:7c:
         53:95:6a:1f:fd:77:fe:0d:58:59:c3:b2:35:18:8e:1a:cb:d2:
         bd:cf:22:32:81:78:f4:1e:d6:49:c8:f2:ef:59:fa:4a:5a:9d:
         fe:c4:3b:0f:37:11:30:4d:56:a3:d8:26:ae:46:c8:d7:1a:14:
         d7:d6:f2:c2:50:e3:96:2c:3c:cb:2b:c6:67:5e:11:df:cf:36:
         95:49:4a:7e:4b:2a:6b:ac:c3:e5:2f:37:d5:90:81:13:eb:54:
         44:5b:bf:38:fb:5b:dc:9a:38:aa:ea:f5:d0:a2:ce:a7:4f:21:
         fc:a2:8d:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJ69k1m8xg+7qlaoi8AFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzJjY2YyN2IzYjU4MjRlZGUyZmZjOTc3MjI5OTg3Yjli
MTY5NGMwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNhMTBkMDhjYzMwNjkyNmU1NGY1MzBhMzI5OTgzN2MwODNhYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtddDnFVTOSEcwxUYStvtKpGNts8
3rGegfi1QtXvrioKWr2BlQPRZQDrVfT7SjhcmapjcXKSKyDmIiP9WqIWvK419RRF
Flbryk4PBIwAo+GNENGGioEEK+egSJ5QR1N5VJr2oZNXfPdTKywfi0YfK44mj9AK
rKWj2uCr1rgzAR5b7xoruki6dbee02HWobgDBWtI46Ta+LBm5CDpKPwljG7m7Fod
sTVIR8kY9yc4YNpzSM+riblWT1WY/SswQiNIkvq9u7DgkYAKcdmieVciEvvFZieI
2Tz2KaKhq5fvDuvCs84VVHFtQFR/xXZeOv1IAhY0nOseZ2uKZysQ85qQJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnKENCMwwaSblT1MKMpmDfAg6vPMB8GA1UdIwQY
MBaAFLXCzPJ7O1gk7eL/yXcimYe5sWlMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNMTThuczdXQ1R0NHZfSmR5S1poN214YVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yNjJiMjYtZGNhMS00OTVlLWE3YTIt
YWJjOTg4NmQ5NmYyLzEvMmNvUTBJekRCcEp1VlBVd295bVlOOENEcTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yNjJiMjYtZGNhMS00OTVlLWE3YTItYWJjOTg4NmQ5NmYy
LzEvdGNMTThuczdXQ1R0NHZfSmR5S1poN214YVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue9wMA0G
CSqGSIb3DQEBCwUAA4IBAQBGrWG8cMobGOyzSU02OpukpzdsTb/eb9Ayw6dIlwnI
BYqYdYpIZqUARgwVnCp97CXXcmIq4KLAAhvvmUNTLE5GD1E1ui3GEyY0RK1LNxwg
Pp40+1eHZOKgiRFNZlVeVMa1OTdxlKQtRyDLbwqyyVaovbOMLsKyllxHWiOmp9s6
Lym2jBmc+WSVoxwmREKG1nxTlWof/Xf+DVhZw7I1GI4ay9K9zyIygXj0HtZJyPLv
WfpKWp3+xDsPNxEwTVaj2CauRsjXGhTX1vLCUOOWLDzLK8ZnXhHfzzaVSUp+Sypr
rMPlLzfVkIET61REW784+1vcmjiq6vXQos6nTyH8oo3K
-----END CERTIFICATE-----