Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/2IPuE496IrAKVAV_ioNRxObuZ-0.roa
File:                     2IPuE496IrAKVAV_ioNRxObuZ-0.roa (raw, json)
Hash identifier:          MeqL7N2Smtgjq8M1rFwvtqg4C97sysU02IPX3jdtjOU=
Subject key identifier:   D8:83:EE:13:8F:7A:22:B0:0A:54:05:7F:8A:83:51:C4:E6:EE:67:ED
Certificate issuer:       /CN=2f883bd4ea4e3deb28b894b190f8e08baf06f1cc
Certificate serial:       018D59B1F4825D85E455E18997822C8BF4AD
Authority key identifier: 2F:88:3B:D4:EA:4E:3D:EB:28:B8:94:B1:90:F8:E0:8B:AF:06:F1:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/2IPuE496IrAKVAV_ioNRxObuZ-0.roa
Signing time:             Tue 30 Jan 2024 09:27:31 +0000
ROA not before:           Tue 30 Jan 2024 09:27:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.230.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:b1:f4:82:5d:85:e4:55:e1:89:97:82:2c:8b:f4:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f883bd4ea4e3deb28b894b190f8e08baf06f1cc
        Validity
            Not Before: Jan 30 09:27:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d883ee138f7a22b00a54057f8a8351c4e6ee67ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fd:75:f4:3f:d0:61:0a:43:4c:b6:a5:4e:5c:
                    e5:f1:61:24:e2:79:ef:7c:8e:b9:da:21:f4:77:6b:
                    c0:0a:b2:4a:de:77:04:44:ad:80:81:b1:e2:14:29:
                    5d:0e:fc:77:27:74:67:5f:44:79:b3:5d:2a:3f:d8:
                    e0:0a:49:63:4c:a5:cc:3d:6b:33:53:fb:3c:bb:60:
                    a2:1c:a9:82:69:b6:cd:f1:29:92:8b:67:e6:d2:d9:
                    12:e4:dc:6e:e0:68:88:d3:03:a2:a0:be:9f:df:ef:
                    da:49:dd:a0:a3:bc:f1:ce:cb:be:6a:60:74:66:1e:
                    8e:cb:5f:1c:06:a8:40:d4:c5:87:7d:03:6c:3f:bf:
                    87:c2:2a:c1:d5:54:69:c0:a1:e3:da:4b:80:28:58:
                    33:24:6b:80:2b:1c:25:0f:16:7c:b1:b2:87:d0:29:
                    a9:70:ed:39:b0:49:b0:ee:27:c0:67:05:bb:06:ba:
                    ec:64:cb:07:4d:b2:3e:a8:c6:47:07:c0:44:6a:8b:
                    6e:3d:a2:46:43:26:5b:b5:79:7b:86:52:c4:5b:ad:
                    9d:da:a1:75:87:2f:df:41:e3:2f:1d:05:87:ce:b2:
                    a6:f4:81:65:59:0c:83:14:c9:3e:fd:3c:f0:a3:5c:
                    7e:60:7e:be:d4:99:8a:75:1b:9b:15:82:be:34:4f:
                    3d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:83:EE:13:8F:7A:22:B0:0A:54:05:7F:8A:83:51:C4:E6:EE:67:ED
            X509v3 Authority Key Identifier:
                keyid:2F:88:3B:D4:EA:4E:3D:EB:28:B8:94:B1:90:F8:E0:8B:AF:06:F1:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/2IPuE496IrAKVAV_ioNRxObuZ-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:44:38:a0:6a:7c:cd:86:c0:9d:68:04:be:d6:8b:0a:2c:bc:
         21:68:8f:e4:68:12:4f:b8:83:14:11:6f:48:7c:5f:3b:72:08:
         f6:9b:99:0d:e1:06:7d:e9:a6:8b:ce:ef:ee:81:7e:68:5c:e7:
         a5:91:c5:2a:94:16:b9:6c:dc:1e:9a:d3:4b:b0:dc:93:f4:29:
         53:b9:ba:99:56:9a:7e:b1:0f:8f:3f:4d:7b:e6:ba:51:b0:8e:
         2f:f1:3f:f5:ac:c0:0d:23:f3:71:7e:41:ed:d8:0a:a5:e2:5d:
         19:ac:c4:1d:da:eb:16:86:03:42:3b:7a:2e:45:85:5a:65:59:
         39:22:70:a7:61:25:ed:49:93:11:8e:bc:b3:78:4d:0b:3d:4b:
         c1:92:58:a3:46:d7:ae:ac:90:0d:42:73:83:53:44:b8:0c:ab:
         42:c0:fb:b5:a9:42:8a:8c:a7:6b:93:1b:02:43:ff:05:19:2f:
         38:6a:94:61:cf:9c:14:ae:0b:2a:db:c2:77:4c:8c:7e:10:dc:
         fa:aa:9f:7e:53:35:90:11:5a:69:60:54:7f:9b:42:bb:1d:99:
         82:6b:97:0d:5f:29:bb:69:75:77:ee:63:49:7a:e5:c4:55:9e:
         48:96:20:17:de:19:69:bf:f3:9f:e3:29:91:d9:8c:e0:6c:aa:
         b1:21:f7:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ZsfSCXYXkVeGJl4Isi/StMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODgzYmQ0ZWE0ZTNkZWIyOGI4OTRiMTkwZjhlMDhiYWYw
NmYxY2MwHhcNMjQwMTMwMDkyNzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODgzZWUxMzhmN2EyMmIwMGE1NDA1N2Y4YTgzNTFjNGU2ZWU2N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP119D/QYQpDTLalTlzl8WEk4nnv
fI652iH0d2vACrJK3ncERK2AgbHiFCldDvx3J3RnX0R5s10qP9jgCkljTKXMPWsz
U/s8u2CiHKmCabbN8SmSi2fm0tkS5Nxu4GiI0wOioL6f3+/aSd2go7zxzsu+amB0
Zh6Oy18cBqhA1MWHfQNsP7+HwirB1VRpwKHj2kuAKFgzJGuAKxwlDxZ8sbKH0Cmp
cO05sEmw7ifAZwW7BrrsZMsHTbI+qMZHB8BEaotuPaJGQyZbtXl7hlLEW62d2qF1
hy/fQeMvHQWHzrKm9IFlWQyDFMk+/Tzwo1x+YH6+1JmKdRubFYK+NE89TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiD7hOPeiKwClQFf4qDUcTm7mftMB8GA1UdIwQY
MBaAFC+IO9TqTj3rKLiUsZD44IuvBvHMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRnNzFPcE9QZXNvdUpTeGtQamdpNjhHOGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iMzRkNmYtNjZkYy00NDk4LWIyMDUt
NzliNjczM2JjNWU2LzEvMklQdUU0OTZJckFLVkFWX2lvTlJ4T2J1Wi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iMzRkNmYtNjZkYy00NDk4LWIyMDUtNzliNjczM2JjNWU2
LzEvTDRnNzFPcE9QZXNvdUpTeGtQamdpNjhHOGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueZpMA0G
CSqGSIb3DQEBCwUAA4IBAQBvRDiganzNhsCdaAS+1osKLLwhaI/kaBJPuIMUEW9I
fF87cgj2m5kN4QZ96aaLzu/ugX5oXOelkcUqlBa5bNwemtNLsNyT9ClTubqZVpp+
sQ+PP0175rpRsI4v8T/1rMANI/NxfkHt2Aql4l0ZrMQd2usWhgNCO3ouRYVaZVk5
InCnYSXtSZMRjryzeE0LPUvBklijRteurJANQnODU0S4DKtCwPu1qUKKjKdrkxsC
Q/8FGS84apRhz5wUrgsq28J3TIx+ENz6qp9+UzWQEVppYFR/m0K7HZmCa5cNXym7
aXV37mNJeuXEVZ5IliAX3hlpv/Of4ymR2YzgbKqxIfcD
-----END CERTIFICATE-----