Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/2SfPU9lkGyHP2Va0ydjJ2Skicoo.roa
File:                     2SfPU9lkGyHP2Va0ydjJ2Skicoo.roa (raw, json)
Hash identifier:          Jc73RByjibrmNHRmndyNBdE50dNvEOD5VC9LHDIdTx8=
Subject key identifier:   D9:27:CF:53:D9:64:1B:21:CF:D9:56:B4:C9:D8:C9:D9:29:22:72:8A
Certificate issuer:       /CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
Certificate serial:       0191E90C14BD187DE1A06824FCBB37C1D975
Authority key identifier: C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/2SfPU9lkGyHP2Va0ydjJ2Skicoo.roa
Signing time:             Fri 13 Sep 2024 01:42:48 +0000
ROA not before:           Fri 13 Sep 2024 01:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        212.15.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e9:0c:14:bd:18:7d:e1:a0:68:24:fc:bb:37:c1:d9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
        Validity
            Not Before: Sep 13 01:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d927cf53d9641b21cfd956b4c9d8c9d92922728a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c9:b4:93:1d:42:3e:08:6b:fc:3f:2c:3b:b3:
                    6c:57:ec:24:53:3a:1c:d6:a8:9a:ae:1c:36:3d:ef:
                    89:94:46:1e:6e:1d:f1:28:7c:49:fb:74:8d:d4:f3:
                    20:47:6d:21:7a:8d:24:b0:31:83:85:89:ac:7d:19:
                    68:aa:71:3b:76:a0:a0:76:bf:f8:65:67:6c:af:ab:
                    99:ab:aa:2a:49:5a:64:70:d1:ba:cf:7b:e8:eb:96:
                    de:a8:1c:67:6f:7f:f3:06:16:3e:da:7c:92:de:7f:
                    d6:31:a3:95:03:75:77:15:6d:9d:9d:2e:5e:e6:db:
                    85:6c:2b:8c:bc:20:cb:f9:26:16:a7:d2:ba:84:77:
                    4b:85:aa:5c:41:4b:94:9e:6b:f4:a4:ea:11:19:15:
                    ec:67:d3:e1:7c:6a:20:8c:9e:12:fd:55:ec:40:3b:
                    b0:de:6d:97:70:88:fa:db:2b:b8:04:ac:e4:33:72:
                    42:49:5c:d9:6f:4d:92:44:22:eb:f0:65:3d:95:f4:
                    57:78:4d:84:92:05:c8:8e:3c:29:2e:f8:d3:f6:18:
                    fc:34:01:c2:65:7a:e5:09:c3:b6:d8:4a:6b:62:6d:
                    af:c5:aa:f9:6a:31:2d:43:14:07:8d:e2:5d:13:ce:
                    e1:a8:c6:75:df:18:5b:e8:f4:3b:91:51:3f:d5:e4:
                    dd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:27:CF:53:D9:64:1B:21:CF:D9:56:B4:C9:D8:C9:D9:29:22:72:8A
            X509v3 Authority Key Identifier:
                keyid:C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/2SfPU9lkGyHP2Va0ydjJ2Skicoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:53:6a:6b:88:49:1a:4f:f8:63:af:34:ed:b9:5e:12:50:b5:
         75:3e:96:70:87:3c:db:c8:9d:d1:cb:0a:15:fb:e3:be:fa:b6:
         38:1c:b0:83:b4:51:80:69:66:f7:6a:6a:f7:e4:1b:39:e3:7f:
         e8:ac:15:36:ce:23:3f:ff:88:0f:41:e5:d8:e4:3c:81:3e:1f:
         e2:a6:d9:52:18:5d:c7:2b:07:dd:1f:c7:ab:a2:ee:11:05:a7:
         b4:9d:72:27:3c:30:37:6a:ca:c1:22:64:17:0d:b4:9c:d1:8f:
         83:d4:8f:a1:f5:b9:f3:d7:4e:e9:8b:2d:c0:77:ab:f8:d9:61:
         28:bc:7e:52:44:a1:44:ae:e6:45:24:1b:18:54:7a:81:dc:8d:
         6a:7b:24:4b:88:4d:a7:a2:21:e1:9a:ad:af:5f:8e:a5:c6:17:
         20:8b:9c:6b:f2:6e:2c:15:25:96:31:f8:7b:b4:67:6e:52:28:
         b7:77:50:4d:6c:f5:03:65:f0:93:d3:da:cd:d3:65:48:63:59:
         73:f0:de:f0:ad:2b:87:a1:7d:00:7a:d3:2f:a8:34:44:5d:37:
         db:52:6e:60:d4:a8:33:cb:33:18:86:47:e5:ec:a1:c0:4c:23:
         2a:2e:72:cc:6c:15:27:dc:71:80:52:78:37:8f:17:58:4b:52:
         94:d1:27:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHpDBS9GH3hoGgk/Ls3wdl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWFmYWEzMGIzNDBlY2Y4MTBhNGNiOWFmM2I1MWM3MDI1
NjY1OTgwHhcNMjQwOTEzMDE0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTI3Y2Y1M2Q5NjQxYjIxY2ZkOTU2YjRjOWQ4YzlkOTI5MjI3MjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8m0kx1CPghr/D8sO7NsV+wkUzoc
1qiarhw2Pe+JlEYebh3xKHxJ+3SN1PMgR20heo0ksDGDhYmsfRloqnE7dqCgdr/4
ZWdsr6uZq6oqSVpkcNG6z3vo65beqBxnb3/zBhY+2nyS3n/WMaOVA3V3FW2dnS5e
5tuFbCuMvCDL+SYWp9K6hHdLhapcQUuUnmv0pOoRGRXsZ9PhfGogjJ4S/VXsQDuw
3m2XcIj62yu4BKzkM3JCSVzZb02SRCLr8GU9lfRXeE2EkgXIjjwpLvjT9hj8NAHC
ZXrlCcO22EprYm2vxar5ajEtQxQHjeJdE87hqMZ13xhb6PQ7kVE/1eTdIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNknz1PZZBshz9lWtMnYydkpInKKMB8GA1UdIwQY
MBaAFMLq+qMLNA7PgQpMua87UccCVmWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGIt
NWVjYWZkYTQ3MWY3LzEvMlNmUFU5bGtHeUhQMlZhMHlkakoyU2tpY29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGItNWVjYWZkYTQ3MWY3
LzEvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A8xMA0G
CSqGSIb3DQEBCwUAA4IBAQBCU2priEkaT/hjrzTtuV4SULV1PpZwhzzbyJ3RywoV
++O++rY4HLCDtFGAaWb3amr35Bs543/orBU2ziM//4gPQeXY5DyBPh/iptlSGF3H
KwfdH8erou4RBae0nXInPDA3asrBImQXDbSc0Y+D1I+h9bnz107piy3Ad6v42WEo
vH5SRKFEruZFJBsYVHqB3I1qeyRLiE2noiHhmq2vX46lxhcgi5xr8m4sFSWWMfh7
tGduUii3d1BNbPUDZfCT09rN02VIY1lz8N7wrSuHoX0AetMvqDREXTfbUm5g1Kgz
yzMYhkfl7KHATCMqLnLMbBUn3HGAUng3jxdYS1KU0Sc6
-----END CERTIFICATE-----