Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/2JB6yJzAXRjmDaPc_-zGrtOj0sw.roa
File:                     2JB6yJzAXRjmDaPc_-zGrtOj0sw.roa (raw, json)
Hash identifier:          XmoSyLZ/MaxT9qKEONTUF0F8ypHWV7yEGXyvMtLkJLU=
Subject key identifier:   D8:90:7A:C8:9C:C0:5D:18:E6:0D:A3:DC:FF:EC:C6:AE:D3:A3:D2:CC
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018E86047E399AB066778C7D9A2BEE87E9F8
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/2JB6yJzAXRjmDaPc_-zGrtOj0sw.roa
Signing time:             Thu 28 Mar 2024 17:03:45 +0000
ROA not before:           Thu 28 Mar 2024 17:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25502
IP address blocks:        94.131.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:04:7e:39:9a:b0:66:77:8c:7d:9a:2b:ee:87:e9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Mar 28 17:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8907ac89cc05d18e60da3dcffecc6aed3a3d2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:48:c6:ba:56:e8:73:1d:b0:52:75:b3:8d:5f:
                    b0:77:6d:0d:35:a5:24:30:ae:27:08:09:97:17:ba:
                    8a:1c:14:d7:ed:fe:25:68:9f:1a:5d:2e:22:8d:39:
                    b5:20:af:03:55:a3:cf:ee:de:72:00:5f:a5:0e:7c:
                    8d:55:57:ad:6c:50:54:ec:28:c7:a0:ab:2a:c3:74:
                    11:ae:92:d7:bc:5f:04:62:b2:0c:53:47:c6:25:ad:
                    1c:4f:b5:ed:ac:93:91:ba:1c:55:8c:2a:b9:c4:c2:
                    d1:e5:b5:ab:78:05:5f:55:29:f7:5b:a0:41:b6:c6:
                    b5:f9:94:14:77:c8:74:9e:47:6a:43:a3:d1:4c:66:
                    a2:0e:72:56:3c:a7:dc:b9:e3:55:1c:1d:6b:17:cc:
                    1e:39:c6:fe:80:16:80:af:de:0c:51:fe:be:66:aa:
                    d0:b5:59:04:54:bc:1e:84:01:e1:a2:0b:d8:78:4e:
                    c2:15:61:8d:20:30:2a:6e:7d:3d:82:37:4a:78:d0:
                    50:70:6a:0b:8d:66:9e:91:40:61:d5:a3:58:22:85:
                    62:77:fa:7f:22:80:4b:ac:21:cb:79:00:99:01:1c:
                    ca:95:92:c9:79:2a:c8:a6:7d:14:03:a4:c2:71:49:
                    33:9e:3a:ad:54:08:3a:a9:c3:27:0a:95:ab:ec:29:
                    d0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:90:7A:C8:9C:C0:5D:18:E6:0D:A3:DC:FF:EC:C6:AE:D3:A3:D2:CC
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/2JB6yJzAXRjmDaPc_-zGrtOj0sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:97:cf:63:59:80:a5:a6:41:21:df:3f:81:db:df:a3:2a:75:
         f6:47:56:31:cb:47:d7:ef:9c:c2:a9:b9:9c:1b:af:77:a6:d2:
         6e:59:c3:a9:71:33:35:2c:ae:09:d2:07:d1:bb:49:56:35:86:
         e6:47:e2:66:1f:55:c8:3f:bd:29:c3:c1:48:65:ef:78:89:a0:
         e1:15:37:5c:08:da:db:de:e0:06:8f:5a:e6:bf:cf:fd:1b:2d:
         5a:6d:9f:5e:10:be:0f:17:f5:ec:63:5b:27:db:2d:35:19:67:
         ed:48:56:f2:cf:8c:c8:0a:59:80:1c:56:13:9e:1e:33:0c:67:
         17:f4:9f:ef:19:95:47:7d:96:88:d5:f6:a5:22:46:6d:d6:74:
         32:0f:82:d3:ee:79:33:15:13:9c:77:81:10:88:be:86:27:5d:
         96:1d:1c:87:55:88:87:ce:8b:0d:b2:bf:31:ce:78:74:d1:8e:
         16:37:9b:9d:6c:4f:d2:7e:0c:63:57:2b:7a:31:63:d6:51:0e:
         e2:ff:d8:ef:97:49:33:3b:6e:24:69:d7:58:5e:25:dd:34:28:
         0b:b4:22:b2:a8:78:d8:82:f8:ef:45:c3:b9:be:69:21:d1:41:
         74:19:d2:c5:2e:86:be:9a:24:38:a5:0f:ad:0f:00:c0:81:14:
         6f:5d:e1:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6GBH45mrBmd4x9mivuh+n4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwMzI4MTcwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODkwN2FjODljYzA1ZDE4ZTYwZGEzZGNmZmVjYzZhZWQzYTNkMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUjGulbocx2wUnWzjV+wd20NNaUk
MK4nCAmXF7qKHBTX7f4laJ8aXS4ijTm1IK8DVaPP7t5yAF+lDnyNVVetbFBU7CjH
oKsqw3QRrpLXvF8EYrIMU0fGJa0cT7XtrJORuhxVjCq5xMLR5bWreAVfVSn3W6BB
tsa1+ZQUd8h0nkdqQ6PRTGaiDnJWPKfcueNVHB1rF8weOcb+gBaAr94MUf6+ZqrQ
tVkEVLwehAHhogvYeE7CFWGNIDAqbn09gjdKeNBQcGoLjWaekUBh1aNYIoVid/p/
IoBLrCHLeQCZARzKlZLJeSrIpn0UA6TCcUkznjqtVAg6qcMnCpWr7CnQ6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiQesicwF0Y5g2j3P/sxq7To9LMMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvMkpCNnlKekFYUmptRGFQY18tekdydE9qMHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAZl89jWYClpkEh3z+B29+jKnX2R1Yxy0fX75zCqbmc
G693ptJuWcOpcTM1LK4J0gfRu0lWNYbmR+JmH1XIP70pw8FIZe94iaDhFTdcCNrb
3uAGj1rmv8/9Gy1abZ9eEL4PF/XsY1sn2y01GWftSFbyz4zIClmAHFYTnh4zDGcX
9J/vGZVHfZaI1falIkZt1nQyD4LT7nkzFROcd4EQiL6GJ12WHRyHVYiHzosNsr8x
znh00Y4WN5udbE/SfgxjVyt6MWPWUQ7i/9jvl0kzO24kaddYXiXdNCgLtCKyqHjY
gvjvRcO5vmkh0UF0GdLFLoa+miQ4pQ+tDwDAgRRvXeHE
-----END CERTIFICATE-----