Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/2LznWitOwJw0nrlmleIR1SjucLc.roa
File:                     2LznWitOwJw0nrlmleIR1SjucLc.roa (raw, json)
Hash identifier:          g0Tg/Ae6mIhD/x99yf7a4KS7V41tfypZQeh0BI6YDJI=
Subject key identifier:   D8:BC:E7:5A:2B:4E:C0:9C:34:9E:B9:66:95:E2:11:D5:28:EE:70:B7
Certificate issuer:       /CN=29878a2888c9ac3123c795ff9681f1957ca0f964
Certificate serial:       018CCA99A7B0A90725DEBB5F8587498AEEAD
Authority key identifier: 29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/2LznWitOwJw0nrlmleIR1SjucLc.roa
Signing time:             Tue 02 Jan 2024 14:35:16 +0000
ROA not before:           Tue 02 Jan 2024 14:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        185.97.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a7:b0:a9:07:25:de:bb:5f:85:87:49:8a:ee:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29878a2888c9ac3123c795ff9681f1957ca0f964
        Validity
            Not Before: Jan  2 14:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8bce75a2b4ec09c349eb96695e211d528ee70b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:30:2e:4e:56:2f:c7:2b:16:10:a2:3a:b9:d3:
                    54:66:72:51:f3:e7:46:33:dc:d8:eb:91:9f:94:db:
                    d8:29:59:27:02:c8:54:f2:a9:95:48:63:24:ba:7b:
                    8e:24:94:b2:86:cb:f6:41:07:b6:a3:67:60:47:b2:
                    00:55:3b:be:9e:fb:25:b9:1f:e4:86:e3:e5:dd:9e:
                    9b:62:aa:6a:0b:8e:b1:f1:c1:d8:9e:86:cd:36:47:
                    80:38:4a:5c:3b:63:22:e5:a3:15:9d:24:03:9c:9f:
                    39:9e:43:13:44:d6:63:14:f8:41:57:fc:2e:6b:c1:
                    9f:e5:d8:c7:24:81:43:38:47:ba:7c:d5:3d:0d:36:
                    61:58:97:f4:66:d2:08:d9:83:ff:79:7d:de:c0:7a:
                    63:33:15:f6:6c:2d:b9:91:95:e3:79:af:be:e9:8e:
                    70:33:7c:23:b9:27:0c:d7:b5:87:de:df:80:99:d7:
                    ec:cc:55:64:d4:1c:cb:82:55:07:c1:a0:24:5c:64:
                    24:fd:4e:8d:e2:7f:86:e6:a0:92:e7:da:cc:5c:7b:
                    5a:a3:fb:46:2d:44:c5:60:ea:99:31:66:a7:a1:26:
                    8f:7d:b9:f9:63:fd:d7:41:1d:5a:e4:aa:34:92:01:
                    b8:c0:c6:32:c9:53:90:41:58:9e:13:61:c8:ff:e9:
                    17:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:BC:E7:5A:2B:4E:C0:9C:34:9E:B9:66:95:E2:11:D5:28:EE:70:B7
            X509v3 Authority Key Identifier:
                keyid:29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/2LznWitOwJw0nrlmleIR1SjucLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ca:66:d9:89:88:b0:99:7b:72:8e:29:79:df:4e:1c:a4:fa:
         69:ab:65:d4:e5:b8:d2:b3:bc:2b:2c:d9:a4:1e:ee:40:b7:ce:
         21:80:48:ad:7f:d0:99:10:9b:21:4b:0d:36:5e:34:64:9e:6a:
         e8:78:92:22:ae:5d:44:ab:3c:a3:e5:9a:58:29:17:cd:b4:50:
         8b:c0:65:d0:6b:86:e6:5a:70:96:f5:02:2b:e0:94:0f:85:a0:
         60:62:60:5c:ce:f2:f6:59:fc:24:c3:36:47:24:f0:07:48:f1:
         18:99:cd:94:d9:bf:b4:d4:39:4b:03:5c:49:2a:05:7b:ce:70:
         b5:71:17:72:e4:a0:7f:25:71:d5:eb:72:da:7f:d0:7e:5e:b2:
         b5:d9:cd:5b:44:27:42:df:5c:53:96:2c:b0:fc:8f:c0:a7:91:
         41:67:8c:52:ce:58:a5:5f:72:87:a2:e7:f7:5c:ad:c5:c6:a3:
         d6:1d:7b:fe:4a:b7:90:52:d3:0c:75:d0:e9:dc:52:82:26:f0:
         7f:38:42:4c:7c:b1:fa:99:14:2b:c4:6c:e7:45:03:94:b9:bb:
         84:64:75:69:ec:ae:6a:68:58:cb:4f:da:a7:6b:44:22:a8:e4:
         ad:9f:df:c1:7c:f2:74:2e:60:35:9d:e8:1e:75:53:f9:26:ca:
         c5:6b:9d:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmaewqQcl3rtfhYdJiu6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODc4YTI4ODhjOWFjMzEyM2M3OTVmZjk2ODFmMTk1N2Nh
MGY5NjQwHhcNMjQwMTAyMTQzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGJjZTc1YTJiNGVjMDljMzQ5ZWI5NjY5NWUyMTFkNTI4ZWU3MGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzAuTlYvxysWEKI6udNUZnJR8+dG
M9zY65GflNvYKVknAshU8qmVSGMkunuOJJSyhsv2QQe2o2dgR7IAVTu+nvsluR/k
huPl3Z6bYqpqC46x8cHYnobNNkeAOEpcO2Mi5aMVnSQDnJ85nkMTRNZjFPhBV/wu
a8Gf5djHJIFDOEe6fNU9DTZhWJf0ZtII2YP/eX3ewHpjMxX2bC25kZXjea++6Y5w
M3wjuScM17WH3t+AmdfszFVk1BzLglUHwaAkXGQk/U6N4n+G5qCS59rMXHtao/tG
LUTFYOqZMWanoSaPfbn5Y/3XQR1a5Ko0kgG4wMYyyVOQQVieE2HI/+kXKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNi851orTsCcNJ65ZpXiEdUo7nC3MB8GA1UdIwQY
MBaAFCmHiiiIyawxI8eV/5aB8ZV8oPlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDIt
NTE3NTFiMjlmOGI0LzEvMkx6bldpdE93SncwbnJsbWxlSVIxU2p1Y0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDItNTE3NTFiMjlmOGI0
LzEvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWHXMA0G
CSqGSIb3DQEBCwUAA4IBAQA9ymbZiYiwmXtyjil5304cpPppq2XU5bjSs7wrLNmk
Hu5At84hgEitf9CZEJshSw02XjRknmroeJIirl1Eqzyj5ZpYKRfNtFCLwGXQa4bm
WnCW9QIr4JQPhaBgYmBczvL2WfwkwzZHJPAHSPEYmc2U2b+01DlLA1xJKgV7znC1
cRdy5KB/JXHV63Laf9B+XrK12c1bRCdC31xTliyw/I/Ap5FBZ4xSzlilX3KHouf3
XK3FxqPWHXv+SreQUtMMddDp3FKCJvB/OEJMfLH6mRQrxGznRQOUubuEZHVp7K5q
aFjLT9qna0QiqOStn9/BfPJ0LmA1negedVP5JsrFa50K
-----END CERTIFICATE-----