Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/2_89ES0JWbMrk5tW9FsD8OACCs8.roa
File:                     2_89ES0JWbMrk5tW9FsD8OACCs8.roa (raw, json)
Hash identifier:          Srx4S4wo8j8tBfIufhbuptNTfAeNFvK2DS2sAiNDtxo=
Subject key identifier:   DB:FF:3D:11:2D:09:59:B3:2B:93:9B:56:F4:5B:03:F0:E0:02:0A:CF
Certificate issuer:       /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial:       018CC6B78E56BCA9D6C1A6958934ACBB01F0
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/2_89ES0JWbMrk5tW9FsD8OACCs8.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56621
IP address blocks:        213.171.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8e:56:bc:a9:d6:c1:a6:95:89:34:ac:bb:01:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbff3d112d0959b32b939b56f45b03f0e0020acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:39:ef:73:08:8d:40:d7:13:8f:2d:92:c3:2a:
                    cc:07:94:03:36:b3:66:a2:c7:2e:bc:2d:86:d2:0e:
                    b1:d5:ea:79:96:ba:78:de:69:ed:91:3a:b1:d6:94:
                    ce:6d:54:5d:3d:98:80:51:56:34:8d:66:e9:23:a5:
                    29:7c:8e:8a:c0:e6:99:81:24:f3:b5:83:18:dd:48:
                    ba:f7:1d:2c:9d:6f:ad:b9:6d:c3:05:4d:9e:2a:44:
                    ab:7b:92:90:9f:c8:58:2e:0a:1e:8a:cf:e1:91:03:
                    4b:77:01:45:4c:d9:f9:c4:51:97:7a:2d:ac:74:9a:
                    da:80:ea:37:93:28:77:de:51:a3:0e:29:ff:0c:22:
                    d7:25:12:25:49:d9:93:fd:e3:8f:71:91:45:20:c8:
                    70:45:ef:22:52:66:28:f7:fc:01:c5:39:ab:3a:b8:
                    af:c0:26:c9:f5:1d:5a:50:ac:43:32:27:ac:61:99:
                    19:32:65:26:cb:d5:13:95:12:32:87:85:81:7b:3f:
                    69:46:19:5e:dc:6d:ca:8c:90:86:9e:f8:61:d0:33:
                    39:be:10:e6:bd:0d:91:ab:0d:4e:fc:db:c6:ec:5b:
                    67:25:58:e7:80:8b:ab:ca:82:2f:ae:20:7f:0b:77:
                    b9:d3:4c:f4:3b:d6:1e:57:f1:92:21:46:a3:7d:5c:
                    9a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FF:3D:11:2D:09:59:B3:2B:93:9B:56:F4:5B:03:F0:E0:02:0A:CF
            X509v3 Authority Key Identifier:
                keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/2_89ES0JWbMrk5tW9FsD8OACCs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a4:55:40:9a:c2:53:02:cc:3e:fb:e8:ab:e5:1f:ab:ab:4a:
         b9:b3:a3:58:7f:6c:22:d9:e7:53:f3:da:4e:77:a7:61:49:9a:
         f1:9e:b7:52:be:db:ed:25:3a:83:c8:b9:79:5d:49:7c:3e:3b:
         3c:a0:63:43:52:5e:6c:6b:fb:c3:55:cb:6e:88:c7:3a:e0:4d:
         2d:26:93:fb:41:d3:e0:14:7c:d0:e2:7b:4d:c6:e7:2a:2f:05:
         77:5f:8b:86:0a:9c:dc:9d:b7:6e:b2:aa:c9:71:e4:44:dc:fe:
         78:e3:b9:c1:bb:25:20:a9:91:9c:f3:ec:45:26:03:24:d3:8c:
         ee:0e:e6:39:73:06:9c:50:92:24:4e:ca:75:a7:73:ad:f7:9e:
         57:90:52:23:5b:88:de:b1:48:f0:7b:81:bd:1b:72:44:e4:6e:
         b1:1c:d5:89:4e:bb:4b:78:2f:e5:d4:ae:63:37:ff:9a:75:26:
         e6:2c:88:43:0e:d7:a3:5d:c3:96:63:dd:13:39:77:58:19:c8:
         1e:ad:94:e3:fc:e5:7f:d1:f0:d5:6b:20:28:46:c2:2f:40:3e:
         fa:83:d8:2c:90:68:5b:0d:29:6a:78:60:cb:93:e3:20:49:c8:
         85:b9:7c:38:10:5f:2a:56:d3:7d:da:cb:7f:68:b0:70:9a:2d:
         bc:26:7b:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt45WvKnWwaaViTSsuwHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZmM2QxMTJkMDk1OWIzMmI5MzliNTZmNDViMDNmMGUwMDIwYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnznvcwiNQNcTjy2SwyrMB5QDNrNm
oscuvC2G0g6x1ep5lrp43mntkTqx1pTObVRdPZiAUVY0jWbpI6UpfI6KwOaZgSTz
tYMY3Ui69x0snW+tuW3DBU2eKkSre5KQn8hYLgoeis/hkQNLdwFFTNn5xFGXei2s
dJragOo3kyh33lGjDin/DCLXJRIlSdmT/eOPcZFFIMhwRe8iUmYo9/wBxTmrOriv
wCbJ9R1aUKxDMiesYZkZMmUmy9UTlRIyh4WBez9pRhle3G3KjJCGnvhh0DM5vhDm
vQ2Rqw1O/NvG7FtnJVjngIuryoIvriB/C3e500z0O9YeV/GSIUajfVyarwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv/PREtCVmzK5ObVvRbA/DgAgrPMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvMl84OUVTMEpXYk1yazV0VzlGc0Q4T0FDQ3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1asAMA0G
CSqGSIb3DQEBCwUAA4IBAQCcpFVAmsJTAsw+++ir5R+rq0q5s6NYf2wi2edT89pO
d6dhSZrxnrdSvtvtJTqDyLl5XUl8Pjs8oGNDUl5sa/vDVctuiMc64E0tJpP7QdPg
FHzQ4ntNxucqLwV3X4uGCpzcnbdusqrJceRE3P5447nBuyUgqZGc8+xFJgMk04zu
DuY5cwacUJIkTsp1p3Ot955XkFIjW4jesUjwe4G9G3JE5G6xHNWJTrtLeC/l1K5j
N/+adSbmLIhDDtejXcOWY90TOXdYGcgerZTj/OV/0fDVayAoRsIvQD76g9gskGhb
DSlqeGDLk+MgSciFuXw4EF8qVtN92st/aLBwmi28JnsV
-----END CERTIFICATE-----