Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/2gIu41L4PuKzr_x4newfIIIII6k.roa
File:                     2gIu41L4PuKzr_x4newfIIIII6k.roa (raw, json)
Hash identifier:          ITatL4+owyrE44woTOUuhsXkdwUfmnmwwMecOqsogS0=
Subject key identifier:   DA:02:2E:E3:52:F8:3E:E2:B3:AF:FC:78:9D:EC:1F:20:82:08:23:A9
Certificate issuer:       /CN=65f0120ee3b6f0f8db52d0db81c01e4447d8e4ba
Certificate serial:       018CC7948F024565F0DD14FE66DF38520BC6
Authority key identifier: 65:F0:12:0E:E3:B6:F0:F8:DB:52:D0:DB:81:C0:1E:44:47:D8:E4:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZfASDuO28PjbUtDbgcAeREfY5Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/2gIu41L4PuKzr_x4newfIIIII6k.roa
Signing time:             Tue 02 Jan 2024 00:30:50 +0000
ROA not before:           Tue 02 Jan 2024 00:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34784
IP address blocks:        80.81.208.0/20 maxlen: 20
                          2a02:698::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZfASDuO28PjbUtDbgcAeREfY5Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZfASDuO28PjbUtDbgcAeREfY5Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZfASDuO28PjbUtDbgcAeREfY5Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 06:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8f:02:45:65:f0:dd:14:fe:66:df:38:52:0b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65f0120ee3b6f0f8db52d0db81c01e4447d8e4ba
        Validity
            Not Before: Jan  2 00:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da022ee352f83ee2b3affc789dec1f20820823a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:46:cb:43:29:4a:03:11:b5:4b:d3:36:bd:f7:
                    1b:7e:61:7b:5d:2b:41:27:16:f2:85:f3:04:78:1c:
                    5f:3c:8e:8a:2c:6f:f9:07:bf:94:4d:9a:82:cc:ce:
                    ea:8b:19:22:6c:e0:17:6e:b1:4b:7a:08:58:fd:72:
                    6e:25:94:5c:db:a4:1f:ee:bc:d6:9c:d1:9f:7d:57:
                    75:46:88:22:52:75:ed:e4:ae:d8:7f:b0:96:e4:21:
                    bf:b9:c8:c7:74:b7:85:e3:8b:0c:19:49:cd:c0:e5:
                    cb:a3:43:9a:63:76:f8:ad:a9:cb:5e:3a:02:49:32:
                    29:b4:1a:96:63:b1:65:7d:3a:42:8e:45:b4:3a:09:
                    b4:b7:5e:68:0c:d6:cc:19:c1:1c:ef:31:60:bf:e7:
                    f2:59:f4:20:7e:fc:6c:ab:e4:1f:bd:bb:de:a3:10:
                    55:30:ed:4e:00:c5:82:86:56:1c:5a:0e:8b:ac:ce:
                    df:39:5b:8b:8d:6c:0d:9b:06:0c:f1:22:b2:1d:bc:
                    57:77:29:66:63:34:22:00:ab:e1:c4:ae:1b:91:66:
                    3e:a3:6b:14:52:a4:15:67:ce:36:5e:3d:7a:53:05:
                    86:0f:54:04:af:b6:35:ee:84:30:65:b7:af:6b:9a:
                    85:e0:07:a2:8a:71:fb:84:0d:b4:97:bd:24:14:77:
                    de:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:02:2E:E3:52:F8:3E:E2:B3:AF:FC:78:9D:EC:1F:20:82:08:23:A9
            X509v3 Authority Key Identifier:
                keyid:65:F0:12:0E:E3:B6:F0:F8:DB:52:D0:DB:81:C0:1E:44:47:D8:E4:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZfASDuO28PjbUtDbgcAeREfY5Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/2gIu41L4PuKzr_x4newfIIIII6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/d1418c-7cd8-4af9-8166-577c03910701/1/ZfASDuO28PjbUtDbgcAeREfY5Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.81.208.0/20
                IPv6:
                  2a02:698::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:dc:76:96:8b:0f:46:b7:ff:9f:00:5c:67:4d:dd:cd:b2:5f:
         67:3c:80:2d:70:0f:8b:39:59:85:66:36:00:10:60:b7:7a:22:
         e5:a1:4e:ee:fe:72:9c:ae:48:0f:d4:8f:80:d3:36:41:c5:45:
         33:5f:9f:24:bf:ef:c2:6d:07:a9:08:ac:c3:0d:b9:e7:4f:48:
         2f:78:8e:42:f2:ce:05:d8:4d:62:c4:96:e0:1f:7d:4a:4b:96:
         08:1e:36:3e:02:56:ea:e1:74:36:8d:61:fb:29:dd:1f:22:cb:
         da:05:06:ab:cf:08:de:a3:7f:b5:49:61:44:ab:f5:ed:98:3f:
         9d:79:46:9d:b5:da:e9:27:35:8e:20:3d:9e:0b:35:00:e0:81:
         60:e8:5d:69:a7:b8:ba:dc:05:fa:fd:38:73:94:67:64:f7:f3:
         98:60:f9:7f:24:84:2e:6f:9a:f7:28:8e:7b:54:9f:b3:f5:aa:
         d8:6b:f0:c5:13:78:82:83:99:2e:80:fa:a2:e1:a6:d9:14:23:
         0e:3d:01:b9:14:8b:0b:c0:eb:75:bb:35:44:b7:20:b6:66:6b:
         ff:73:9b:ee:54:ae:c6:b1:e4:5d:0d:52:4a:c2:e9:f8:c6:8a:
         1f:d2:6d:1c:72:12:05:56:ff:c7:4d:67:94:b9:da:e7:91:67:
         34:29:f0:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlI8CRWXw3RT+Zt84UgvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZjAxMjBlZTNiNmYwZjhkYjUyZDBkYjgxYzAxZTQ0NDdk
OGU0YmEwHhcNMjQwMTAyMDAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTAyMmVlMzUyZjgzZWUyYjNhZmZjNzg5ZGVjMWYyMDgyMDgyM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0bLQylKAxG1S9M2vfcbfmF7XStB
JxbyhfMEeBxfPI6KLG/5B7+UTZqCzM7qixkibOAXbrFLeghY/XJuJZRc26Qf7rzW
nNGffVd1RogiUnXt5K7Yf7CW5CG/ucjHdLeF44sMGUnNwOXLo0OaY3b4ranLXjoC
STIptBqWY7FlfTpCjkW0Ogm0t15oDNbMGcEc7zFgv+fyWfQgfvxsq+QfvbveoxBV
MO1OAMWChlYcWg6LrM7fOVuLjWwNmwYM8SKyHbxXdylmYzQiAKvhxK4bkWY+o2sU
UqQVZ842Xj16UwWGD1QEr7Y17oQwZbeva5qF4AeiinH7hA20l70kFHfeMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNoCLuNS+D7is6/8eJ3sHyCCCCOpMB8GA1UdIwQY
MBaAFGXwEg7jtvD421LQ24HAHkRH2OS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmZBU0R1TzI4UGpiVXREYmdjQWVSRWZZNUxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9kMTQxOGMtN2NkOC00YWY5LTgxNjYt
NTc3YzAzOTEwNzAxLzEvMmdJdTQxTDRQdUt6cl94NG5ld2ZJSUlJSTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9kMTQxOGMtN2NkOC00YWY5LTgxNjYtNTc3YzAzOTEwNzAx
LzEvWmZBU0R1TzI4UGpiVXREYmdjQWVSRWZZNUxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUFHQMA0E
AgACMAcDBQAqAgaYMA0GCSqGSIb3DQEBCwUAA4IBAQAH3HaWiw9Gt/+fAFxnTd3N
sl9nPIAtcA+LOVmFZjYAEGC3eiLloU7u/nKcrkgP1I+A0zZBxUUzX58kv+/CbQep
CKzDDbnnT0gveI5C8s4F2E1ixJbgH31KS5YIHjY+Albq4XQ2jWH7Kd0fIsvaBQar
zwjeo3+1SWFEq/XtmD+deUadtdrpJzWOID2eCzUA4IFg6F1pp7i63AX6/ThzlGdk
9/OYYPl/JIQub5r3KI57VJ+z9arYa/DFE3iCg5kugPqi4abZFCMOPQG5FIsLwOt1
uzVEtyC2Zmv/c5vuVK7GseRdDVJKwun4xoof0m0cchIFVv/HTWeUudrnkWc0KfBk
-----END CERTIFICATE-----