Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/2-PCYSmoRYP78bU8-tuVZLZOhCE.roa
File:                     2-PCYSmoRYP78bU8-tuVZLZOhCE.roa (raw, json)
Hash identifier:          aSC0E7m4wW6P1G+DA0HfmnfnwGNL/CMWhL2kiTYQvoc=
Subject key identifier:   DB:E3:C2:61:29:A8:45:83:FB:F1:B5:3C:FA:DB:95:64:B6:4E:84:21
Certificate issuer:       /CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
Certificate serial:       019420682A043DD7EB49DDCAC31F883253CE
Authority key identifier: AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/2-PCYSmoRYP78bU8-tuVZLZOhCE.roa
Signing time:             Wed 01 Jan 2025 05:48:04 +0000
ROA not before:           Wed 01 Jan 2025 05:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211421
IP address blocks:        2a14:52c0:6868::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2a:04:3d:d7:eb:49:dd:ca:c3:1f:88:32:53:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
        Validity
            Not Before: Jan  1 05:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbe3c26129a84583fbf1b53cfadb9564b64e8421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b4:7b:0a:fc:0f:d2:f6:54:5c:e2:ba:b6:4f:
                    56:2b:b7:e9:6d:43:3e:cd:b6:b3:d8:0b:c6:a0:b3:
                    74:05:23:d3:bd:a5:c6:e0:ce:fd:7a:d7:41:9c:35:
                    2e:5d:4f:53:a5:80:7b:86:19:a3:b9:c3:7a:5a:24:
                    59:9c:47:9c:de:dc:77:e7:e2:13:54:0a:c3:dc:3e:
                    93:d5:7b:5a:78:8d:47:98:1b:61:c7:65:d4:dd:ec:
                    6d:29:d5:52:5e:8d:02:58:7f:04:bc:4d:00:a5:10:
                    61:dc:76:d6:cc:96:61:e2:31:7e:bf:47:9c:48:a3:
                    54:b9:0b:03:a6:89:66:c7:1e:ec:25:ec:fc:32:41:
                    57:bf:e1:df:20:e7:10:ee:a5:0c:37:45:83:e0:c7:
                    eb:63:fc:30:fc:36:b2:d1:9a:38:76:93:08:92:37:
                    58:99:0c:8b:ab:6a:2c:e5:bd:01:a7:06:bc:6e:47:
                    45:bd:51:cb:f9:03:9e:cf:ab:62:3b:ee:0d:80:09:
                    d8:9a:c4:16:5d:56:3b:bd:14:bc:70:f1:77:e8:35:
                    c6:82:7f:50:be:2b:1a:8b:10:04:2a:fb:2f:ba:43:
                    68:56:98:c8:6a:77:64:12:cd:3c:3b:7e:c5:8e:1d:
                    67:fb:5c:8a:90:d0:f9:0f:36:3e:32:5d:7d:9f:2a:
                    9b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E3:C2:61:29:A8:45:83:FB:F1:B5:3C:FA:DB:95:64:B6:4E:84:21
            X509v3 Authority Key Identifier:
                keyid:AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/2-PCYSmoRYP78bU8-tuVZLZOhCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:52c0:6868::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:7d:e9:28:71:c5:3a:b5:e6:ec:73:37:9a:84:c3:7f:21:78:
         a1:46:d1:93:54:50:e0:1e:d3:df:08:8d:57:7c:4b:25:83:8a:
         04:97:e4:b1:ea:30:a4:2c:4e:d2:cd:1e:16:bb:25:26:77:c1:
         d4:be:dd:8a:88:26:4f:1e:91:ef:a7:a8:34:b1:86:0e:70:e8:
         66:07:3a:1a:bb:f9:83:8d:cd:fa:1f:c7:94:94:35:94:bf:e5:
         23:f6:0e:fb:2b:8a:55:35:09:19:05:37:4e:b0:a9:db:22:37:
         90:ba:7c:2c:a3:fd:87:bd:31:5a:5a:50:58:51:70:3e:2d:2c:
         b0:38:34:7e:8d:62:2a:bf:d8:e5:eb:63:da:e2:13:e1:ce:20:
         5b:19:bc:38:9d:21:1f:40:e9:e5:2b:71:a6:5a:ef:21:5b:cb:
         ac:ec:65:81:c5:71:8e:f3:7e:d7:79:ab:da:08:e4:ff:a7:55:
         d9:00:8e:f3:31:57:b3:b9:94:b1:e1:1c:8c:33:93:0e:c8:65:
         bb:a7:18:48:35:73:b6:10:3c:dc:45:21:57:84:cb:c7:af:9f:
         51:19:a1:a4:04:11:a2:63:4f:eb:d5:4b:a3:75:da:d5:9f:ab:
         96:c6:d6:ec:17:73:8a:62:5b:97:54:1b:b5:ff:fd:6b:2c:67:
         39:90:38:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaCoEPdfrSd3Kwx+IMlPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzE5MThjMWY0NWU2ZWMxN2RhY2E2N2E3YWQxOTNjYWYw
NGI3YjIwHhcNMjUwMTAxMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUzYzI2MTI5YTg0NTgzZmJmMWI1M2NmYWRiOTU2NGI2NGU4NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrR7CvwP0vZUXOK6tk9WK7fpbUM+
zbaz2AvGoLN0BSPTvaXG4M79etdBnDUuXU9TpYB7hhmjucN6WiRZnEec3tx35+IT
VArD3D6T1XtaeI1HmBthx2XU3extKdVSXo0CWH8EvE0ApRBh3HbWzJZh4jF+v0ec
SKNUuQsDpolmxx7sJez8MkFXv+HfIOcQ7qUMN0WD4MfrY/ww/Day0Zo4dpMIkjdY
mQyLq2os5b0Bpwa8bkdFvVHL+QOez6tiO+4NgAnYmsQWXVY7vRS8cPF36DXGgn9Q
visaixAEKvsvukNoVpjIandkEs08O37Fjh1n+1yKkND5DzY+Ml19nyqb8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNvjwmEpqEWD+/G1PPrblWS2ToQhMB8GA1UdIwQY
MBaAFKvBkYwfRebsF9rKZ6etGTyvBLeyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEt
NmJiNWZlNjY1NzUwLzEvMi1QQ1lTbW9SWVA3OGJVOC10dVZaTFpPaENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEtNmJiNWZlNjY1NzUw
LzEvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRSwGho
MA0GCSqGSIb3DQEBCwUAA4IBAQCqfekoccU6tebsczeahMN/IXihRtGTVFDgHtPf
CI1XfEslg4oEl+Sx6jCkLE7SzR4WuyUmd8HUvt2KiCZPHpHvp6g0sYYOcOhmBzoa
u/mDjc36H8eUlDWUv+Uj9g77K4pVNQkZBTdOsKnbIjeQunwso/2HvTFaWlBYUXA+
LSywODR+jWIqv9jl62Pa4hPhziBbGbw4nSEfQOnlK3GmWu8hW8us7GWBxXGO837X
eavaCOT/p1XZAI7zMVezuZSx4RyMM5MOyGW7pxhINXO2EDzcRSFXhMvHr59RGaGk
BBGiY0/r1UujddrVn6uWxtbsF3OKYluXVBu1//1rLGc5kDgI
-----END CERTIFICATE-----