Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/L8DObnrkTpmOHWA7_OFC0zfG2Oc.roa
File:                     L8DObnrkTpmOHWA7_OFC0zfG2Oc.roa (raw, json)
Hash identifier:          rHrF5qnGm7rN7/qNwXeMYbmaflNMMX4VmfDwfOlCcJE=
Subject key identifier:   2F:C0:CE:6E:7A:E4:4E:99:8E:1D:60:3B:FC:E1:42:D3:37:C6:D8:E7
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       018CC49305942DC90A6BE7B09ECD38BE670E
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/L8DObnrkTpmOHWA7_OFC0zfG2Oc.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2089
IP address blocks:        193.48.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:05:94:2d:c9:0a:6b:e7:b0:9e:cd:38:be:67:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc0ce6e7ae44e998e1d603bfce142d337c6d8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:dc:24:8d:b7:63:13:c4:a9:5b:b9:85:f1:a6:
                    7f:98:1d:1a:be:1c:93:6f:4f:2c:ec:f1:ff:84:f2:
                    88:71:ba:18:c6:84:bf:b1:57:2d:67:6a:74:de:1f:
                    8a:84:43:f4:dd:f2:6a:a3:ba:36:08:0a:98:fd:4b:
                    ef:79:3b:62:0c:88:d6:72:72:f1:7f:11:84:ba:d5:
                    0f:db:5a:28:f9:52:c6:16:32:63:df:60:0d:b8:fc:
                    6e:7f:db:91:31:4a:64:6d:ac:eb:70:d0:4c:e4:10:
                    e4:89:eb:4e:20:a3:4f:cb:c7:d1:4e:0d:ef:30:e9:
                    e4:40:d5:71:3e:05:2c:68:51:69:23:7c:70:82:0b:
                    4c:b7:0b:bf:c7:30:00:30:43:5b:0a:fb:16:a6:9f:
                    b2:53:68:65:60:08:64:64:55:c3:8f:80:6e:57:17:
                    fb:49:b4:c8:03:ba:3e:76:cf:aa:1f:0d:9a:db:95:
                    a2:d7:85:50:c3:01:90:90:f2:6a:f6:de:31:0e:e5:
                    c9:f4:f5:41:6b:0c:a9:d5:1a:0a:cd:b6:ab:03:e6:
                    8d:c5:f3:41:84:2b:d8:1f:73:d5:b6:f0:c2:26:c5:
                    74:56:c6:d8:b2:5a:f9:e3:01:24:8a:5a:49:73:da:
                    21:6c:79:e3:1c:8a:1c:5d:1c:29:c6:76:5f:b7:d5:
                    ba:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C0:CE:6E:7A:E4:4E:99:8E:1D:60:3B:FC:E1:42:D3:37:C6:D8:E7
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/L8DObnrkTpmOHWA7_OFC0zfG2Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.48.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ae:61:bf:98:16:e8:3c:4c:b3:94:ea:cd:9c:54:b9:68:b9:
         5d:e5:36:bf:7a:d0:08:a9:5b:37:09:57:d3:43:3e:3d:de:70:
         cc:54:4e:57:01:04:74:6e:d0:a2:0c:1e:91:d2:cd:c9:23:58:
         5e:23:1d:21:d0:41:ef:b7:ac:3f:b9:3a:23:13:d7:5a:67:6b:
         20:49:d7:79:35:fa:5a:9d:0e:5c:c3:4b:83:d8:36:c7:3e:19:
         20:e9:23:63:4c:77:21:e0:70:10:cb:ba:83:bb:40:43:3b:29:
         ff:67:4b:f6:ae:55:71:ef:ef:88:3d:08:b1:be:1e:17:12:a9:
         98:60:c1:84:bd:89:89:06:90:5c:da:8b:0d:9f:44:1f:ee:67:
         32:87:05:c6:b4:06:2c:f3:a5:39:2e:09:60:35:5d:64:2a:6d:
         0a:ba:42:a6:ec:84:fa:96:0c:21:37:02:76:13:7a:ef:61:73:
         26:1f:4f:47:3e:a6:9e:3e:84:8d:a8:89:e3:17:bb:d8:74:7c:
         dd:bb:cc:64:d5:55:a0:32:30:f8:9a:8b:bf:fb:25:3c:91:45:
         de:4b:cd:82:30:03:90:67:6f:6a:a8:68:13:ce:b1:80:f9:b1:
         b8:4b:50:23:e9:ec:6f:4d:0d:11:25:7d:1c:0b:26:3d:89:92:
         85:05:9f:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwWULckKa+ewns04vmcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMwY2U2ZTdhZTQ0ZTk5OGUxZDYwM2JmY2UxNDJkMzM3YzZkOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtwkjbdjE8SpW7mF8aZ/mB0avhyT
b08s7PH/hPKIcboYxoS/sVctZ2p03h+KhEP03fJqo7o2CAqY/UvveTtiDIjWcnLx
fxGEutUP21oo+VLGFjJj32ANuPxuf9uRMUpkbazrcNBM5BDkietOIKNPy8fRTg3v
MOnkQNVxPgUsaFFpI3xwggtMtwu/xzAAMENbCvsWpp+yU2hlYAhkZFXDj4BuVxf7
SbTIA7o+ds+qHw2a25Wi14VQwwGQkPJq9t4xDuXJ9PVBawyp1RoKzbarA+aNxfNB
hCvYH3PVtvDCJsV0VsbYslr54wEkilpJc9ohbHnjHIocXRwpxnZft9W6yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/Azm565E6Zjh1gO/zhQtM3xtjnMB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvTDhET2JucmtUcG1PSFdBN19PRkMwemZHMk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTBcMA0G
CSqGSIb3DQEBCwUAA4IBAQAermG/mBboPEyzlOrNnFS5aLld5Ta/etAIqVs3CVfT
Qz493nDMVE5XAQR0btCiDB6R0s3JI1heIx0h0EHvt6w/uTojE9daZ2sgSdd5Nfpa
nQ5cw0uD2DbHPhkg6SNjTHch4HAQy7qDu0BDOyn/Z0v2rlVx7++IPQixvh4XEqmY
YMGEvYmJBpBc2osNn0Qf7mcyhwXGtAYs86U5LglgNV1kKm0KukKm7IT6lgwhNwJ2
E3rvYXMmH09HPqaePoSNqInjF7vYdHzdu8xk1VWgMjD4mou/+yU8kUXeS82CMAOQ
Z29qqGgTzrGA+bG4S1Aj6exvTQ0RJX0cCyY9iZKFBZ9c
-----END CERTIFICATE-----