Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/2w2rR-CmGX2wa8X6bLMcwsFid84.roa
File:                     2w2rR-CmGX2wa8X6bLMcwsFid84.roa (raw, json)
Hash identifier:          nyh4AHIZ30SUgZh7tRDe0muzHgTVXa6XwQY+06ZgsHE=
Subject key identifier:   DB:0D:AB:47:E0:A6:19:7D:B0:6B:C5:FA:6C:B3:1C:C2:C1:62:77:CE
Certificate issuer:       /CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
Certificate serial:       018E5CC5EE34102768C957B9A0B3DFE21F70
Authority key identifier: 2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/2w2rR-CmGX2wa8X6bLMcwsFid84.roa
Signing time:             Wed 20 Mar 2024 16:50:59 +0000
ROA not before:           Wed 20 Mar 2024 16:50:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        193.178.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:c5:ee:34:10:27:68:c9:57:b9:a0:b3:df:e2:1f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
        Validity
            Not Before: Mar 20 16:50:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db0dab47e0a6197db06bc5fa6cb31cc2c16277ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:93:10:2e:bd:1c:b3:1b:0e:6b:02:38:1b:16:
                    72:0a:07:81:64:28:82:08:4e:73:38:29:2a:67:3f:
                    cc:1a:e5:43:1d:91:ea:fe:fc:f6:f4:a1:a2:6d:77:
                    5b:bc:0c:44:f6:02:6c:11:fa:6e:5d:e9:34:22:4c:
                    fb:f3:84:46:69:9f:3d:39:64:3a:b5:20:ee:31:37:
                    90:80:60:7e:53:b0:be:c5:0d:97:62:48:01:8b:b8:
                    bc:7f:df:88:67:b7:21:54:2a:16:bd:33:5d:1d:9c:
                    94:e7:16:9e:f8:b7:4b:4d:da:16:ce:17:60:16:d6:
                    09:02:bc:59:14:9e:f1:51:71:21:3b:53:2a:bf:1c:
                    f5:a2:87:05:cd:e3:b9:45:b6:84:1c:09:2e:6f:e2:
                    69:47:b6:84:3c:79:b2:ac:70:3a:7a:f3:d7:fc:61:
                    d0:0a:18:28:f9:a4:67:33:34:a0:50:de:bd:13:75:
                    4d:f5:0b:8e:ce:f5:f7:f4:e5:8b:d9:34:87:1b:4e:
                    b0:c6:0f:e9:ab:61:8e:1d:98:1a:59:da:a4:06:f9:
                    a3:ee:5c:88:88:2d:8e:08:a7:a2:6f:64:01:69:c3:
                    4f:da:0a:69:a9:4d:3d:51:fa:81:4d:ed:87:a4:fa:
                    89:b8:df:ee:59:1a:25:3a:11:4a:3c:13:3a:2c:9b:
                    db:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0D:AB:47:E0:A6:19:7D:B0:6B:C5:FA:6C:B3:1C:C2:C1:62:77:CE
            X509v3 Authority Key Identifier:
                keyid:2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/2w2rR-CmGX2wa8X6bLMcwsFid84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:58:e4:ae:e7:10:b2:ef:ae:74:60:60:82:5e:7b:55:0c:3f:
         27:ef:d9:91:36:23:53:91:ac:d8:6e:97:c1:9e:06:fb:b3:cd:
         cc:d4:7b:b4:0b:54:d7:5a:e6:73:24:15:d7:75:20:28:be:92:
         53:2a:55:38:0f:6e:8c:67:d4:54:ae:6d:a6:5f:02:3d:dd:df:
         6f:d3:2d:bb:1a:9c:16:f3:a0:48:ea:72:2d:fc:a1:20:6e:b7:
         ee:6b:62:fa:84:73:92:48:ab:07:fa:10:ae:98:ce:f1:ae:15:
         a6:28:71:2b:bd:ca:54:a9:6d:a1:fb:42:0e:17:cc:a1:c1:9a:
         6d:bf:64:9b:11:c7:e2:a2:9d:ec:cb:6f:87:a3:cc:73:b4:bb:
         50:dd:4b:ad:f7:d0:9c:26:0a:fc:d2:da:ad:00:11:f2:47:89:
         1a:03:83:cc:70:26:60:45:b6:2d:bb:26:f3:92:11:be:ae:df:
         70:db:d1:32:e3:46:8f:6e:ed:f9:6a:27:4f:df:93:a1:ba:4d:
         65:af:c6:2c:d8:e9:7d:7e:ef:3f:cc:7c:78:f5:dc:01:07:f5:
         8f:b4:b5:6d:db:bd:b3:ac:2b:1c:ad:c8:97:74:01:2a:c6:e8:
         01:1c:52:e7:4a:fe:08:a6:1b:f1:37:90:61:a4:d5:67:a3:db:
         c3:09:3b:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cxe40ECdoyVe5oLPf4h9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzQ4N2RhNjVlODVlODdiZGFjNGY1ZjY3NThkYzZjMjBl
Zjk3NjMwHhcNMjQwMzIwMTY1MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBkYWI0N2UwYTYxOTdkYjA2YmM1ZmE2Y2IzMWNjMmMxNjI3N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJMQLr0csxsOawI4GxZyCgeBZCiC
CE5zOCkqZz/MGuVDHZHq/vz29KGibXdbvAxE9gJsEfpuXek0Ikz784RGaZ89OWQ6
tSDuMTeQgGB+U7C+xQ2XYkgBi7i8f9+IZ7chVCoWvTNdHZyU5xae+LdLTdoWzhdg
FtYJArxZFJ7xUXEhO1Mqvxz1oocFzeO5RbaEHAkub+JpR7aEPHmyrHA6evPX/GHQ
Chgo+aRnMzSgUN69E3VN9QuOzvX39OWL2TSHG06wxg/pq2GOHZgaWdqkBvmj7lyI
iC2OCKeib2QBacNP2gppqU09UfqBTe2HpPqJuN/uWRolOhFKPBM6LJvbZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsNq0fgphl9sGvF+myzHMLBYnfOMB8GA1UdIwQY
MBaAFC40h9pl6F6HvaxPX2dY3Gwg75djMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAt
ZDBhZWNkNWQ3MDQyLzEvMncyclItQ21HWDJ3YThYNmJMTWN3c0ZpZDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAtZDBhZWNkNWQ3MDQy
LzEvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbLiMA0G
CSqGSIb3DQEBCwUAA4IBAQANWOSu5xCy7650YGCCXntVDD8n79mRNiNTkazYbpfB
ngb7s83M1Hu0C1TXWuZzJBXXdSAovpJTKlU4D26MZ9RUrm2mXwI93d9v0y27GpwW
86BI6nIt/KEgbrfua2L6hHOSSKsH+hCumM7xrhWmKHErvcpUqW2h+0IOF8yhwZpt
v2SbEcfiop3sy2+Ho8xztLtQ3Uut99CcJgr80tqtABHyR4kaA4PMcCZgRbYtuybz
khG+rt9w29Ey40aPbu35aidP35Ohuk1lr8Ys2Ol9fu8/zHx49dwBB/WPtLVt272z
rCscrciXdAEqxugBHFLnSv4IphvxN5BhpNVno9vDCTta
-----END CERTIFICATE-----