Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/2_kYM8UycXt919TcX5mOTsnEKUg.roa
File:                     2_kYM8UycXt919TcX5mOTsnEKUg.roa (raw, json)
Hash identifier:          cMsfqDbPwYb+rHnoDfg7qTFNioii1dihoosr5nyhOCI=
Subject key identifier:   DB:F9:18:33:C5:32:71:7B:7D:D7:D4:DC:5F:99:8E:4E:C9:C4:29:48
Certificate issuer:       /CN=91d8c32a703972aaea093a01f8dedf57f9675575
Certificate serial:       018CC3B6FCA7B97F8F7A6BC07008A42751B2
Authority key identifier: 91:D8:C3:2A:70:39:72:AA:EA:09:3A:01:F8:DE:DF:57:F9:67:55:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdjDKnA5cqrqCToB-N7fV_lnVXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/2_kYM8UycXt919TcX5mOTsnEKUg.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41887
IP address blocks:        81.23.231.0/24 maxlen: 24
                          81.23.230.0/24 maxlen: 24
                          81.23.230.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/kdjDKnA5cqrqCToB-N7fV_lnVXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/kdjDKnA5cqrqCToB-N7fV_lnVXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdjDKnA5cqrqCToB-N7fV_lnVXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fc:a7:b9:7f:8f:7a:6b:c0:70:08:a4:27:51:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d8c32a703972aaea093a01f8dedf57f9675575
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbf91833c532717b7dd7d4dc5f998e4ec9c42948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:35:f1:74:c6:00:88:13:7b:97:0c:fa:13:ad:
                    ba:b6:67:26:69:ec:10:eb:6f:d1:71:a0:1a:da:79:
                    ce:f6:53:71:74:12:ad:74:2a:44:ee:b0:b0:ab:c9:
                    58:67:cc:08:73:96:8a:de:e2:de:35:09:e2:e1:fb:
                    08:ea:be:25:0a:a8:22:28:bf:c5:6c:8e:fe:49:93:
                    34:62:ab:02:ba:79:46:c5:89:d2:2e:36:9a:ba:f0:
                    ab:d1:37:93:e5:41:92:b8:b7:8b:85:97:31:f6:95:
                    64:f5:42:e0:49:f8:03:62:8e:d4:2b:00:6e:f8:c0:
                    a7:83:26:a8:27:48:05:27:b7:17:4f:ad:ec:e1:8e:
                    2a:cf:e0:c5:63:a6:bb:35:a5:e4:78:e5:51:8e:1e:
                    1a:72:4b:62:d9:78:1f:a4:0b:b5:86:2a:d4:6a:1e:
                    9d:5c:c8:7f:a6:cb:9c:53:c8:3f:70:c2:3d:89:e6:
                    c0:81:44:70:a2:8f:38:ba:69:2a:41:66:0d:10:7d:
                    07:70:08:3b:63:52:09:1f:dc:d8:a5:24:9d:17:a2:
                    34:f8:ea:e9:dc:c3:64:a0:8b:87:80:f3:c6:91:01:
                    76:0f:ea:9c:ca:a6:5d:c5:ae:be:4d:7f:0c:78:18:
                    27:ea:5a:09:20:f4:d6:ee:7a:2a:98:51:49:07:bf:
                    97:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F9:18:33:C5:32:71:7B:7D:D7:D4:DC:5F:99:8E:4E:C9:C4:29:48
            X509v3 Authority Key Identifier:
                keyid:91:D8:C3:2A:70:39:72:AA:EA:09:3A:01:F8:DE:DF:57:F9:67:55:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdjDKnA5cqrqCToB-N7fV_lnVXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/2_kYM8UycXt919TcX5mOTsnEKUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/kdjDKnA5cqrqCToB-N7fV_lnVXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.23.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:ae:a3:a8:2f:be:d9:e6:12:a8:0c:e9:6f:15:4d:a3:43:5e:
         c1:5b:a5:1b:f9:3d:56:b1:94:8c:61:f2:a9:d2:4e:1f:70:bd:
         65:e3:01:64:d6:63:5e:25:d4:d7:86:66:42:c7:97:ee:a8:2c:
         55:36:7b:6a:50:32:ee:6a:b2:e8:7f:a3:5c:3c:c5:0d:1a:00:
         55:8a:e7:eb:8e:31:98:0e:40:37:5d:26:b9:d3:84:a8:a9:7e:
         02:99:0e:4a:5e:d8:27:44:6b:dd:a3:de:30:32:9c:dd:4e:d5:
         77:90:d9:9c:5a:0c:94:9f:11:ab:66:e7:26:87:15:06:41:31:
         c1:e0:2d:f6:89:86:2e:b2:3e:59:5a:a0:26:b2:96:8d:5b:47:
         12:c3:30:8b:5b:b2:26:6a:07:62:42:98:99:75:df:05:93:60:
         e8:d1:2b:46:bc:f5:16:99:f9:98:72:85:89:e9:d3:88:5b:a4:
         c7:70:dd:8f:b6:52:04:87:0f:e3:44:4a:16:4f:41:23:b5:15:
         14:b5:49:cd:17:8f:da:17:4a:9f:c8:e7:27:65:71:f5:6b:80:
         64:d7:f4:bc:bf:06:cd:7c:79:9d:a9:c1:1e:34:db:24:54:46:
         84:89:af:3c:28:39:81:47:d7:e8:7e:1d:06:c9:90:e4:11:f7:
         35:f3:83:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvynuX+PemvAcAikJ1GyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDhjMzJhNzAzOTcyYWFlYTA5M2EwMWY4ZGVkZjU3Zjk2
NzU1NzUwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY5MTgzM2M1MzI3MTdiN2RkN2Q0ZGM1Zjk5OGU0ZWM5YzQyOTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTXxdMYAiBN7lwz6E626tmcmaewQ
62/RcaAa2nnO9lNxdBKtdCpE7rCwq8lYZ8wIc5aK3uLeNQni4fsI6r4lCqgiKL/F
bI7+SZM0YqsCunlGxYnSLjaauvCr0TeT5UGSuLeLhZcx9pVk9ULgSfgDYo7UKwBu
+MCngyaoJ0gFJ7cXT63s4Y4qz+DFY6a7NaXkeOVRjh4ackti2XgfpAu1hirUah6d
XMh/psucU8g/cMI9iebAgURwoo84umkqQWYNEH0HcAg7Y1IJH9zYpSSdF6I0+Orp
3MNkoIuHgPPGkQF2D+qcyqZdxa6+TX8MeBgn6loJIPTW7noqmFFJB7+X6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv5GDPFMnF7fdfU3F+Zjk7JxClIMB8GA1UdIwQY
MBaAFJHYwypwOXKq6gk6Afje31f5Z1V1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RqREtuQTVjcXJxQ1RvQi1ON2ZWX2xuVlhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80ZTgxNmQtZDhlYy00MzdjLTk4NmEt
M2MxMjc4MWUyMDJkLzEvMl9rWU04VXljWHQ5MTlUY1g1bU9Uc25FS1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80ZTgxNmQtZDhlYy00MzdjLTk4NmEtM2MxMjc4MWUyMDJk
LzEva2RqREtuQTVjcXJxQ1RvQi1ON2ZWX2xuVlhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBURfmMA0G
CSqGSIb3DQEBCwUAA4IBAQBorqOoL77Z5hKoDOlvFU2jQ17BW6Ub+T1WsZSMYfKp
0k4fcL1l4wFk1mNeJdTXhmZCx5fuqCxVNntqUDLuarLof6NcPMUNGgBViufrjjGY
DkA3XSa504SoqX4CmQ5KXtgnRGvdo94wMpzdTtV3kNmcWgyUnxGrZucmhxUGQTHB
4C32iYYusj5ZWqAmspaNW0cSwzCLW7ImagdiQpiZdd8Fk2Do0StGvPUWmfmYcoWJ
6dOIW6THcN2PtlIEhw/jREoWT0EjtRUUtUnNF4/aF0qfyOcnZXH1a4Bk1/S8vwbN
fHmdqcEeNNskVEaEia88KDmBR9fofh0GyZDkEfc184NI
-----END CERTIFICATE-----