Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/2KQvHEjDwPVipXRixpb-69LSYjI.roa
File:                     2KQvHEjDwPVipXRixpb-69LSYjI.roa (raw, json)
Hash identifier:          umFh++hMqtfUkinUjOsedL2JD00xG5j8sp7QqKC3S5U=
Subject key identifier:   D8:A4:2F:1C:48:C3:C0:F5:62:A5:74:62:C6:96:FE:EB:D2:D2:62:32
Certificate issuer:       /CN=787054b167aa98841cdc2c4ba2b86139ab988e7d
Certificate serial:       018CCA2A3DE4E90E481B0CCF8BC29D11F431
Authority key identifier: 78:70:54:B1:67:AA:98:84:1C:DC:2C:4B:A2:B8:61:39:AB:98:8E:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHBUsWeqmIQc3CxLorhhOauYjn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/2KQvHEjDwPVipXRixpb-69LSYjI.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30742
IP address blocks:        2.59.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/eHBUsWeqmIQc3CxLorhhOauYjn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/eHBUsWeqmIQc3CxLorhhOauYjn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHBUsWeqmIQc3CxLorhhOauYjn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3d:e4:e9:0e:48:1b:0c:cf:8b:c2:9d:11:f4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=787054b167aa98841cdc2c4ba2b86139ab988e7d
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8a42f1c48c3c0f562a57462c696feebd2d26232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4f:dc:d3:20:79:78:f6:f3:b3:08:e0:88:91:
                    5e:c7:4b:19:cb:ba:ec:cb:63:36:fa:a5:59:5d:9d:
                    62:bc:45:8f:4c:9e:56:99:e7:1f:a9:b3:43:b2:37:
                    3d:2b:ff:d8:93:38:39:18:0d:3a:f6:f1:40:10:64:
                    24:97:a8:f3:08:e0:9e:a7:ae:4d:8f:b0:c3:a8:ad:
                    e7:d7:67:c2:3c:dd:ce:01:47:b9:3f:f0:0c:2d:51:
                    e3:b2:cd:a1:d5:1f:24:fa:05:df:5a:66:5b:3e:f3:
                    f2:6a:bb:d0:e7:c1:1e:88:1d:50:d5:7d:05:66:ed:
                    ae:8e:97:1e:c9:8b:44:85:59:ed:92:f1:73:13:a3:
                    99:0b:64:bd:2f:32:c6:c7:09:7b:55:3c:78:b0:59:
                    0f:fe:d3:c3:23:2d:63:fc:86:47:07:1c:d2:a3:cc:
                    92:98:ae:38:a8:ff:78:4a:00:54:70:0b:bd:40:da:
                    6b:c3:96:34:83:1f:5c:bd:b7:d4:e3:34:07:7b:f5:
                    82:6f:3d:27:f6:81:d7:8d:b9:83:9d:38:16:a0:12:
                    b8:b3:45:57:28:ea:0c:65:7a:65:07:80:04:cb:84:
                    bd:4c:7a:bf:a1:5c:4f:f8:a2:8d:62:c9:42:c2:25:
                    7b:8c:4d:11:69:6e:db:a5:9b:0c:04:47:c2:aa:6b:
                    81:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A4:2F:1C:48:C3:C0:F5:62:A5:74:62:C6:96:FE:EB:D2:D2:62:32
            X509v3 Authority Key Identifier:
                keyid:78:70:54:B1:67:AA:98:84:1C:DC:2C:4B:A2:B8:61:39:AB:98:8E:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHBUsWeqmIQc3CxLorhhOauYjn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/2KQvHEjDwPVipXRixpb-69LSYjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/ffa703-b462-4022-9e1e-6d704cda0eb9/1/eHBUsWeqmIQc3CxLorhhOauYjn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:c9:c8:28:28:cb:18:33:5b:0e:ba:fb:94:1f:6b:80:10:66:
         91:6a:97:60:b0:23:26:60:44:b9:51:ef:83:cf:5f:71:bd:b6:
         d6:82:ec:b5:62:52:c7:aa:73:e1:cf:5d:0b:3d:1e:76:bb:0c:
         80:5e:6a:63:3b:17:be:b4:3a:77:34:53:03:b7:ea:43:c6:1b:
         34:82:8a:07:74:f5:31:df:80:c9:f8:0a:92:05:a1:6b:7f:00:
         97:49:7b:99:de:c2:68:c0:1f:ef:09:09:da:fa:69:a6:d8:fb:
         a9:b2:7b:df:b0:7e:a7:00:03:f0:61:10:c0:2d:1e:c2:3c:b2:
         14:38:4a:db:00:36:83:ae:f9:07:65:bf:ca:41:69:9b:e4:16:
         37:b3:28:69:12:7a:9a:51:58:f5:37:05:83:f3:ac:1f:0e:33:
         0c:ab:08:42:64:2d:67:4e:71:03:2c:8e:f1:f4:e4:94:a6:10:
         06:8f:1c:77:5e:4f:fa:5f:2b:cc:07:d2:ec:3c:b3:8a:db:38:
         da:c2:b0:1a:12:b9:23:52:4d:20:4c:52:45:e8:e7:bd:27:8a:
         2f:5b:54:d8:ac:81:ab:1a:35:b3:f7:77:6d:41:5f:a8:cd:eb:
         68:c9:39:d2:2e:c2:b3:83:d2:54:49:d9:61:e3:4c:b0:94:3d:
         18:a3:5c:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKj3k6Q5IGwzPi8KdEfQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NzA1NGIxNjdhYTk4ODQxY2RjMmM0YmEyYjg2MTM5YWI5
ODhlN2QwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE0MmYxYzQ4YzNjMGY1NjJhNTc0NjJjNjk2ZmVlYmQyZDI2MjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0/c0yB5ePbzswjgiJFex0sZy7rs
y2M2+qVZXZ1ivEWPTJ5WmecfqbNDsjc9K//Ykzg5GA069vFAEGQkl6jzCOCep65N
j7DDqK3n12fCPN3OAUe5P/AMLVHjss2h1R8k+gXfWmZbPvPyarvQ58EeiB1Q1X0F
Zu2ujpceyYtEhVntkvFzE6OZC2S9LzLGxwl7VTx4sFkP/tPDIy1j/IZHBxzSo8yS
mK44qP94SgBUcAu9QNprw5Y0gx9cvbfU4zQHe/WCbz0n9oHXjbmDnTgWoBK4s0VX
KOoMZXplB4AEy4S9THq/oVxP+KKNYslCwiV7jE0RaW7bpZsMBEfCqmuB0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNikLxxIw8D1YqV0YsaW/uvS0mIyMB8GA1UdIwQY
MBaAFHhwVLFnqpiEHNwsS6K4YTmrmI59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhCVXNXZXFtSVFjM0N4TG9yaGhPYXVZam4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mZmE3MDMtYjQ2Mi00MDIyLTllMWUt
NmQ3MDRjZGEwZWI5LzEvMktRdkhFakR3UFZpcFhSaXhwYi02OUxTWWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mZmE3MDMtYjQ2Mi00MDIyLTllMWUtNmQ3MDRjZGEwZWI5
LzEvZUhCVXNXZXFtSVFjM0N4TG9yaGhPYXVZam4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjsgMA0G
CSqGSIb3DQEBCwUAA4IBAQAxycgoKMsYM1sOuvuUH2uAEGaRapdgsCMmYES5Ue+D
z19xvbbWguy1YlLHqnPhz10LPR52uwyAXmpjOxe+tDp3NFMDt+pDxhs0gooHdPUx
34DJ+AqSBaFrfwCXSXuZ3sJowB/vCQna+mmm2PupsnvfsH6nAAPwYRDALR7CPLIU
OErbADaDrvkHZb/KQWmb5BY3syhpEnqaUVj1NwWD86wfDjMMqwhCZC1nTnEDLI7x
9OSUphAGjxx3Xk/6XyvMB9LsPLOK2zjawrAaErkjUk0gTFJF6Oe9J4ovW1TYrIGr
GjWz93dtQV+ozetoyTnSLsKzg9JUSdlh40ywlD0Yo1xV
-----END CERTIFICATE-----