Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/2W9zvahFVfeQWPDmSiCnMj2P9jc.roa
File:                     2W9zvahFVfeQWPDmSiCnMj2P9jc.roa (raw, json)
Hash identifier:          rV/wHq75YyvUq4eT9+GFA3dvxfhyBdTYodvgQcV/YRY=
Subject key identifier:   D9:6F:73:BD:A8:45:55:F7:90:58:F0:E6:4A:20:A7:32:3D:8F:F6:37
Certificate issuer:       /CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
Certificate serial:       018CC94E1900637344A8974792D8FA1BCD67
Authority key identifier: 12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/2W9zvahFVfeQWPDmSiCnMj2P9jc.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48988
IP address blocks:        213.148.0.0/20 maxlen: 24
                          213.148.24.0/22 maxlen: 24
                          2a13:8280::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/EpRi1FuKuV1MNcQCZbMbUr8ejb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/EpRi1FuKuV1MNcQCZbMbUr8ejb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:19:00:63:73:44:a8:97:47:92:d8:fa:1b:cd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d96f73bda84555f79058f0e64a20a7323d8ff637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:36:17:5d:5b:ff:f2:d5:c7:d0:56:fc:6e:56:
                    f4:d5:ab:ac:c5:53:37:17:cb:2a:b2:5a:ac:64:66:
                    18:72:6f:0c:8e:68:c9:11:fa:b7:3d:72:68:65:b1:
                    ba:35:f1:45:5c:bb:4b:41:e0:4f:1d:3a:45:56:f9:
                    8f:8e:39:36:18:f4:74:5f:b3:b9:e5:1a:f5:a7:d4:
                    38:96:6a:53:36:52:43:bd:31:12:3e:1f:3d:de:7b:
                    7c:20:90:f2:55:19:3b:e2:1d:d4:3e:ba:c9:82:c0:
                    12:d6:a3:0e:91:54:71:56:0d:6e:2e:c5:ae:78:8c:
                    ae:27:1f:d5:36:dc:99:26:f0:ef:2c:95:17:73:b8:
                    55:47:c2:b5:68:c3:06:94:b3:1c:2c:f0:30:40:65:
                    e4:07:13:d4:38:a6:81:f2:57:e7:fa:31:8d:bc:a4:
                    e5:08:b4:53:2e:1f:7c:51:79:3b:59:19:50:5e:88:
                    a5:e2:57:b6:ca:d1:59:17:f3:2d:e1:d6:b5:97:b3:
                    36:63:64:fa:67:9e:97:5c:6d:89:e0:39:8b:21:86:
                    67:27:59:1e:cb:05:e8:de:14:a2:0e:64:57:06:7a:
                    d2:b9:a7:83:93:77:e3:41:0f:a0:6a:41:10:ed:2b:
                    0d:62:31:7a:81:89:2a:d8:8a:05:b0:f6:11:51:db:
                    3b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6F:73:BD:A8:45:55:F7:90:58:F0:E6:4A:20:A7:32:3D:8F:F6:37
            X509v3 Authority Key Identifier:
                keyid:12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/2W9zvahFVfeQWPDmSiCnMj2P9jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/EpRi1FuKuV1MNcQCZbMbUr8ejb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.148.0.0/20
                  213.148.24.0/22
                IPv6:
                  2a13:8280::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:fc:5e:0c:aa:db:a7:b0:ee:bd:2b:91:60:10:24:6c:0e:ed:
         50:61:ae:19:16:13:55:f4:53:3b:0f:e0:ab:0e:a6:84:a0:5d:
         8b:10:34:8b:ea:85:51:6c:b6:bc:3b:e9:85:f6:e8:19:1c:da:
         3d:28:f8:a7:9c:46:69:61:13:03:5a:ff:4d:7b:43:2c:ee:de:
         60:e0:94:3a:39:56:d3:f0:ce:88:91:12:06:99:d2:d6:2d:ee:
         f3:aa:99:ba:7f:33:67:14:e1:b7:20:fc:53:e9:cc:04:a7:97:
         33:84:34:71:20:57:1c:82:62:4d:06:0d:14:c2:48:f3:d3:a3:
         1d:5f:48:e0:f7:ac:b3:c4:4f:7b:e5:a5:48:2a:37:6b:2c:0a:
         43:09:7d:61:ca:67:04:21:d2:16:c4:7b:33:dd:15:a6:41:8b:
         fc:8b:08:b9:25:3e:60:13:07:89:b4:16:93:ae:e2:6a:c3:4f:
         8e:c8:e8:e8:85:1a:25:45:7c:bd:0c:0b:16:0e:f8:f4:6a:7d:
         c5:31:6a:f1:b8:5f:17:25:f5:20:66:93:e6:68:7a:be:28:7a:
         54:5f:e6:bc:1f:eb:3f:99:be:ba:70:8d:bf:97:b1:d6:d5:3b:
         7f:6c:43:58:2f:db:65:69:54:83:8d:88:62:ee:d3:2c:fd:b3:
         7a:cd:2a:52
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJThkAY3NEqJdHktj6G81nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyOTQ2MmQ0NWI4YWI5NWQ0YzM1YzQwMjY1YjMxYjUyYmYx
ZThkYmQwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZmNzNiZGE4NDU1NWY3OTA1OGYwZTY0YTIwYTczMjNkOGZmNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTYXXVv/8tXH0Fb8blb01ausxVM3
F8sqslqsZGYYcm8MjmjJEfq3PXJoZbG6NfFFXLtLQeBPHTpFVvmPjjk2GPR0X7O5
5Rr1p9Q4lmpTNlJDvTESPh893nt8IJDyVRk74h3UPrrJgsAS1qMOkVRxVg1uLsWu
eIyuJx/VNtyZJvDvLJUXc7hVR8K1aMMGlLMcLPAwQGXkBxPUOKaB8lfn+jGNvKTl
CLRTLh98UXk7WRlQXoil4le2ytFZF/Mt4da1l7M2Y2T6Z56XXG2J4DmLIYZnJ1ke
ywXo3hSiDmRXBnrSuaeDk3fjQQ+gakEQ7SsNYjF6gYkq2IoFsPYRUds7EwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNlvc72oRVX3kFjw5kogpzI9j/Y3MB8GA1UdIwQY
MBaAFBKUYtRbirldTDXEAmWzG1K/Ho29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQt
M2EzODkzMzJmNzlmLzEvMlc5enZhaEZWZmVRV1BEbVNpQ25NajJQOWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQtM2EzODkzMzJmNzlm
LzEvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQE1ZQAAwQC
1ZQYMA0EAgACMAcDBQAqE4KAMA0GCSqGSIb3DQEBCwUAA4IBAQA8/F4MqtunsO69
K5FgECRsDu1QYa4ZFhNV9FM7D+CrDqaEoF2LEDSL6oVRbLa8O+mF9ugZHNo9KPin
nEZpYRMDWv9Ne0Ms7t5g4JQ6OVbT8M6IkRIGmdLWLe7zqpm6fzNnFOG3IPxT6cwE
p5czhDRxIFccgmJNBg0Uwkjz06MdX0jg96yzxE975aVIKjdrLApDCX1hymcEIdIW
xHsz3RWmQYv8iwi5JT5gEweJtBaTruJqw0+OyOjohRolRXy9DAsWDvj0an3FMWrx
uF8XJfUgZpPmaHq+KHpUX+a8H+s/mb66cI2/l7HW1Tt/bENYL9tlaVSDjYhi7tMs
/bN6zSpS
-----END CERTIFICATE-----