Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/2b_nuwk5o0O1Zhj88K3TfNHlA2Q.roa
File:                     2b_nuwk5o0O1Zhj88K3TfNHlA2Q.roa (raw, json)
Hash identifier:          zcdIxn071lfoO1ri0vIJGk69bBw0Ypwxb3kXKwrwiOY=
Subject key identifier:   D9:BF:E7:BB:09:39:A3:43:B5:66:18:FC:F0:AD:D3:7C:D1:E5:03:64
Certificate issuer:       /CN=78b0b19d50d61a7e333f3d300f1149cefde7b64f
Certificate serial:       018CFD6CC78BEA9729CF179D61C17C2B2CD8
Authority key identifier: 78:B0:B1:9D:50:D6:1A:7E:33:3F:3D:30:0F:11:49:CE:FD:E7:B6:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eLCxnVDWGn4zPz0wDxFJzv3ntk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/2b_nuwk5o0O1Zhj88K3TfNHlA2Q.roa
Signing time:             Fri 12 Jan 2024 11:26:53 +0000
ROA not before:           Fri 12 Jan 2024 11:26:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15962
IP address blocks:        193.193.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/eLCxnVDWGn4zPz0wDxFJzv3ntk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/eLCxnVDWGn4zPz0wDxFJzv3ntk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eLCxnVDWGn4zPz0wDxFJzv3ntk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:6c:c7:8b:ea:97:29:cf:17:9d:61:c1:7c:2b:2c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78b0b19d50d61a7e333f3d300f1149cefde7b64f
        Validity
            Not Before: Jan 12 11:26:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9bfe7bb0939a343b56618fcf0add37cd1e50364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:de:8b:eb:a9:e4:c6:d7:8e:ae:39:0b:a9:e1:
                    5e:f3:ec:c0:ac:f2:86:64:0f:04:e7:0a:30:28:49:
                    2c:89:0f:11:8c:4b:29:c3:17:0c:f4:3b:af:fc:30:
                    1c:22:7c:60:4c:57:98:27:0f:4d:69:b2:ac:7b:c3:
                    bf:6b:97:c6:6b:dd:1b:6b:2a:bb:8b:ab:ef:d0:17:
                    54:a5:6a:46:b6:49:1b:21:f6:0b:e6:5c:c8:4e:38:
                    bb:5b:d5:b7:3c:a6:4f:e5:d4:d7:35:73:66:91:20:
                    df:84:21:2d:bd:02:52:30:e6:d1:29:77:f2:4f:21:
                    e6:d3:77:ba:6d:5d:e4:2c:e2:8e:4d:d6:11:73:4c:
                    ef:2f:f2:9b:9b:e1:b3:00:96:75:62:48:8d:78:fc:
                    b9:47:b7:cc:93:55:c2:18:29:fa:47:99:03:75:cc:
                    9e:b1:cb:f2:2a:70:44:15:08:8e:ad:06:af:2f:f9:
                    61:fd:de:e2:df:73:4c:2f:00:67:19:d4:2e:93:3a:
                    5b:69:59:0b:f7:f5:30:ef:18:22:4d:64:7e:43:54:
                    3e:5a:a6:40:fb:b5:92:cf:9c:ee:21:cb:a2:2d:59:
                    86:83:7d:2e:ba:c4:32:ba:c4:07:b9:58:39:aa:31:
                    7d:96:da:df:32:3c:d3:89:10:9a:34:03:5c:a0:6a:
                    f7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BF:E7:BB:09:39:A3:43:B5:66:18:FC:F0:AD:D3:7C:D1:E5:03:64
            X509v3 Authority Key Identifier:
                keyid:78:B0:B1:9D:50:D6:1A:7E:33:3F:3D:30:0F:11:49:CE:FD:E7:B6:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eLCxnVDWGn4zPz0wDxFJzv3ntk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/2b_nuwk5o0O1Zhj88K3TfNHlA2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/e8cfb0-9568-4157-b802-f0ed9a2ab654/1/eLCxnVDWGn4zPz0wDxFJzv3ntk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.193.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:8f:52:fa:3a:31:1d:0f:fb:5c:32:f4:f2:30:67:72:e2:92:
         12:99:aa:23:a0:44:f0:a4:d0:d3:cf:2e:e8:91:7f:aa:e2:5d:
         1e:0f:fe:90:b9:f9:1a:37:52:fa:25:d2:76:54:b0:d7:59:5e:
         6e:54:8a:d3:d0:d4:ae:45:2f:bc:37:7b:be:9f:cf:11:41:49:
         a4:ca:06:63:21:25:be:f0:33:40:3b:b1:99:44:50:a5:e3:aa:
         0f:b6:39:a9:6f:48:b1:83:b6:16:76:3d:56:0c:b3:a5:0a:e6:
         90:ee:d2:f8:65:31:b0:e0:55:53:81:c0:81:fa:7a:1c:cb:28:
         4d:ef:0a:8e:08:ce:55:15:96:0c:6e:7c:74:29:ad:3f:4a:ce:
         9c:6d:7a:85:cc:39:71:99:fa:03:b7:32:8e:02:fd:e9:81:c3:
         1f:50:37:e6:52:3c:d3:e0:3c:62:ae:9c:fe:0b:f1:63:46:22:
         9f:6c:b1:01:33:83:6d:6e:c5:dd:08:2c:07:6a:33:b1:03:c4:
         fe:22:9d:5b:43:09:b2:40:56:c5:13:00:2a:8c:84:29:33:9c:
         7f:01:4f:1c:8d:5d:9c:a7:40:87:bf:39:9e:0a:b7:6a:6e:fc:
         c2:13:74:bf:88:73:e7:72:50:c2:0e:a6:a3:b1:45:7c:60:cd:
         ab:a3:d6:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz9bMeL6pcpzxedYcF8KyzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YjBiMTlkNTBkNjFhN2UzMzNmM2QzMDBmMTE0OWNlZmRl
N2I2NGYwHhcNMjQwMTEyMTEyNjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWJmZTdiYjA5MzlhMzQzYjU2NjE4ZmNmMGFkZDM3Y2QxZTUwMzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt6L66nkxteOrjkLqeFe8+zArPKG
ZA8E5wowKEksiQ8RjEspwxcM9Duv/DAcInxgTFeYJw9NabKse8O/a5fGa90bayq7
i6vv0BdUpWpGtkkbIfYL5lzITji7W9W3PKZP5dTXNXNmkSDfhCEtvQJSMObRKXfy
TyHm03e6bV3kLOKOTdYRc0zvL/Kbm+GzAJZ1YkiNePy5R7fMk1XCGCn6R5kDdcye
scvyKnBEFQiOrQavL/lh/d7i33NMLwBnGdQukzpbaVkL9/Uw7xgiTWR+Q1Q+WqZA
+7WSz5zuIcuiLVmGg30uusQyusQHuVg5qjF9ltrfMjzTiRCaNANcoGr3WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm/57sJOaNDtWYY/PCt03zR5QNkMB8GA1UdIwQY
MBaAFHiwsZ1Q1hp+Mz89MA8RSc7957ZPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUxDeG5WRFdHbjR6UHowd0R4Rkp6djNudGs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lOGNmYjAtOTU2OC00MTU3LWI4MDIt
ZjBlZDlhMmFiNjU0LzEvMmJfbnV3azVvME8xWmhqODhLM1RmTkhsQTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lOGNmYjAtOTU2OC00MTU3LWI4MDItZjBlZDlhMmFiNjU0
LzEvZUxDeG5WRFdHbjR6UHowd0R4Rkp6djNudGs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcGqMA0G
CSqGSIb3DQEBCwUAA4IBAQC8j1L6OjEdD/tcMvTyMGdy4pISmaojoETwpNDTzy7o
kX+q4l0eD/6QufkaN1L6JdJ2VLDXWV5uVIrT0NSuRS+8N3u+n88RQUmkygZjISW+
8DNAO7GZRFCl46oPtjmpb0ixg7YWdj1WDLOlCuaQ7tL4ZTGw4FVTgcCB+nocyyhN
7wqOCM5VFZYMbnx0Ka0/Ss6cbXqFzDlxmfoDtzKOAv3pgcMfUDfmUjzT4Dxirpz+
C/FjRiKfbLEBM4NtbsXdCCwHajOxA8T+Ip1bQwmyQFbFEwAqjIQpM5x/AU8cjV2c
p0CHvzmeCrdqbvzCE3S/iHPnclDCDqajsUV8YM2ro9Yg
-----END CERTIFICATE-----