Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/z2xve1ci0Or7sU8KAdiQtaOnJUc.roa
File:                     z2xve1ci0Or7sU8KAdiQtaOnJUc.roa (raw, json)
Hash identifier:          aXiZyOUl5Wtuvc0cC75XMCsm46a+z2umitxZiRu6KFc=
Subject key identifier:   CF:6C:6F:7B:57:22:D0:EA:FB:B1:4F:0A:01:D8:90:B5:A3:A7:25:47
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018CC56EDA54D95F2F2EB29F36439FA59272
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/z2xve1ci0Or7sU8KAdiQtaOnJUc.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208290
IP address blocks:        81.2.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 22:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:da:54:d9:5f:2f:2e:b2:9f:36:43:9f:a5:92:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf6c6f7b5722d0eafbb14f0a01d890b5a3a72547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:40:2c:27:3f:bb:a9:69:33:30:0b:6f:2e:1f:
                    6a:a9:20:8d:1f:c4:f8:a2:35:dc:a4:4d:95:4e:81:
                    1b:2c:0f:7b:3a:e2:44:1f:2b:b9:80:e1:99:dc:5e:
                    9d:cd:f2:66:f7:61:81:a8:95:4d:d1:12:10:4c:6a:
                    6f:0a:fc:5c:41:87:57:64:06:f6:89:10:2d:72:61:
                    b2:b6:d8:87:7e:68:71:c3:6f:db:0b:d7:35:37:d6:
                    36:67:76:6d:26:e9:84:74:88:08:e3:9f:a5:46:7c:
                    95:b7:b0:6d:0e:a0:a7:c0:ef:e9:0b:21:ed:95:87:
                    19:8e:27:17:63:50:8a:57:12:0c:19:5b:42:7b:96:
                    f5:7e:1d:fc:e1:1a:fa:39:c5:81:0f:47:1e:b8:de:
                    0a:fa:9e:c6:e7:79:0c:2b:74:0a:8c:93:b5:78:12:
                    d9:2d:2a:2c:82:04:0a:1c:41:d0:b6:6c:0e:48:71:
                    39:1a:9a:59:65:8f:23:8c:dc:71:10:2b:18:72:6b:
                    03:64:48:15:52:e9:c7:94:62:3d:df:2b:df:a4:0f:
                    64:c9:09:de:1d:67:c1:6f:d5:f0:50:35:a8:92:00:
                    41:d1:17:2d:12:52:48:2b:04:77:08:2e:8a:d3:06:
                    92:6c:91:79:5c:63:43:3a:65:b9:fd:93:d7:d3:8a:
                    5d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6C:6F:7B:57:22:D0:EA:FB:B1:4F:0A:01:D8:90:B5:A3:A7:25:47
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/z2xve1ci0Or7sU8KAdiQtaOnJUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.2.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:9d:8d:ac:c7:7a:73:d6:6e:0c:6f:00:35:36:9e:1e:d1:eb:
         27:2d:24:13:91:66:cb:e4:23:bf:00:cd:34:8c:18:19:3c:7e:
         7f:c4:ce:df:1f:3f:24:8a:6a:13:9a:9b:5d:85:59:fd:79:34:
         bf:0a:9f:ad:54:4a:e6:59:3b:5e:12:19:ce:09:0b:2e:9c:0c:
         b6:32:66:de:70:0e:b6:21:fb:5b:61:35:27:bf:4d:62:37:a9:
         ce:f3:29:69:0f:f2:42:d1:8f:fa:4b:ff:07:03:c0:e7:7a:0a:
         27:5a:4b:72:bd:29:42:98:ad:90:61:a5:9c:d5:36:89:05:47:
         7b:e7:22:cd:5b:c3:a8:92:f7:d4:8a:87:68:7a:3e:ee:3c:8a:
         7b:a5:18:1f:9c:f4:d2:18:87:da:7e:05:95:8e:24:c2:4e:cb:
         d1:a3:5f:14:dc:6b:54:2e:46:77:93:c0:80:2b:d2:67:0c:35:
         0b:f4:41:15:94:94:ed:fc:a2:53:87:ae:03:e5:3e:e6:c6:5d:
         6d:3b:97:1a:15:24:18:0d:1d:f8:39:43:fd:37:57:b2:ec:69:
         07:e8:9b:a9:1b:23:3a:0a:ea:c7:4e:d7:37:f8:6c:37:b8:67:
         16:11:59:aa:14:78:2d:60:8e:46:44:8a:ec:3a:cf:0a:41:49:
         d0:2c:d4:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtpU2V8vLrKfNkOfpZJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZjNmY3YjU3MjJkMGVhZmJiMTRmMGEwMWQ4OTBiNWEzYTcyNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0AsJz+7qWkzMAtvLh9qqSCNH8T4
ojXcpE2VToEbLA97OuJEHyu5gOGZ3F6dzfJm92GBqJVN0RIQTGpvCvxcQYdXZAb2
iRAtcmGyttiHfmhxw2/bC9c1N9Y2Z3ZtJumEdIgI45+lRnyVt7BtDqCnwO/pCyHt
lYcZjicXY1CKVxIMGVtCe5b1fh384Rr6OcWBD0ceuN4K+p7G53kMK3QKjJO1eBLZ
LSosggQKHEHQtmwOSHE5GppZZY8jjNxxECsYcmsDZEgVUunHlGI93yvfpA9kyQne
HWfBb9XwUDWokgBB0RctElJIKwR3CC6K0waSbJF5XGNDOmW5/ZPX04pdZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9sb3tXItDq+7FPCgHYkLWjpyVHMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvejJ4dmUxY2kwT3I3c1U4S0FkaVF0YU9uSlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQK7MA0G
CSqGSIb3DQEBCwUAA4IBAQAanY2sx3pz1m4MbwA1Np4e0esnLSQTkWbL5CO/AM00
jBgZPH5/xM7fHz8kimoTmptdhVn9eTS/Cp+tVErmWTteEhnOCQsunAy2MmbecA62
IftbYTUnv01iN6nO8ylpD/JC0Y/6S/8HA8DnegonWktyvSlCmK2QYaWc1TaJBUd7
5yLNW8OokvfUiodoej7uPIp7pRgfnPTSGIfafgWVjiTCTsvRo18U3GtULkZ3k8CA
K9JnDDUL9EEVlJTt/KJTh64D5T7mxl1tO5caFSQYDR34OUP9N1ey7GkH6JupGyM6
CurHTtc3+Gw3uGcWEVmqFHgtYI5GRIrsOs8KQUnQLNSC
-----END CERTIFICATE-----