Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/2ruUNINuI6uV8MYI78EZQWS_RIg.roa
File:                     2ruUNINuI6uV8MYI78EZQWS_RIg.roa (raw, json)
Hash identifier:          VHS2lsqC+IJ5oxkyfws5q9amIcBNw+9L6nwp+Qj/0vY=
Subject key identifier:   DA:BB:94:34:83:6E:23:AB:95:F0:C6:08:EF:C1:19:41:64:BF:44:88
Certificate issuer:       /CN=0f21521a7127157f7daf0ad091394ad5a1cce779
Certificate serial:       01942368D7BA7D51A65554B14310E81C8215
Authority key identifier: 0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/2ruUNINuI6uV8MYI78EZQWS_RIg.roa
Signing time:             Wed 01 Jan 2025 19:47:41 +0000
ROA not before:           Wed 01 Jan 2025 19:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9033
IP address blocks:        194.59.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 04:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:d7:ba:7d:51:a6:55:54:b1:43:10:e8:1c:82:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21521a7127157f7daf0ad091394ad5a1cce779
        Validity
            Not Before: Jan  1 19:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dabb9434836e23ab95f0c608efc1194164bf4488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:38:85:31:f6:ce:2e:03:81:2b:26:8b:6f:
                    c9:25:8c:41:42:74:ec:90:1d:4e:e8:b3:00:7b:b3:
                    2a:17:d3:ee:c7:c3:86:f6:8c:7c:41:93:ae:42:f1:
                    98:0c:c2:84:16:ca:a1:53:b8:90:a9:2b:a9:9c:7c:
                    49:5e:8b:05:e3:dd:c7:e0:51:58:be:6d:58:84:5b:
                    25:9e:0f:48:32:a9:43:f2:93:d3:4e:da:7f:dd:5d:
                    cc:c9:77:33:b1:30:f4:87:62:68:1d:6d:d2:f6:cd:
                    48:77:38:30:02:da:06:27:dd:c9:e1:df:45:62:b8:
                    9a:af:5a:41:d6:28:3d:1d:c0:18:c9:cd:1f:0e:5c:
                    13:a1:41:7e:77:fb:ce:b2:33:cd:f1:6a:06:54:ae:
                    88:f0:8b:40:c1:f5:07:83:fb:7d:50:d8:80:23:4f:
                    a3:a3:06:08:c2:43:7b:28:40:5c:59:e8:97:4c:8c:
                    c2:47:a4:79:0a:48:b4:c8:39:3a:9c:74:ca:06:8b:
                    a9:dd:be:f0:9e:03:17:36:72:96:a6:b5:76:2c:ea:
                    22:dd:a4:95:11:9c:b1:e5:11:16:51:59:da:00:1e:
                    5e:18:9f:be:86:22:cf:65:d2:5b:a9:61:3e:6f:c6:
                    15:5f:7a:ba:db:fa:cf:4b:d6:64:fc:e1:4f:8d:c3:
                    8d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:BB:94:34:83:6E:23:AB:95:F0:C6:08:EF:C1:19:41:64:BF:44:88
            X509v3 Authority Key Identifier:
                keyid:0F:21:52:1A:71:27:15:7F:7D:AF:0A:D0:91:39:4A:D5:A1:CC:E7:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyFSGnEnFX99rwrQkTlK1aHM53k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/2ruUNINuI6uV8MYI78EZQWS_RIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e831b1-9ec0-46f2-860d-fad5fd7970ba/1/DyFSGnEnFX99rwrQkTlK1aHM53k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:de:ad:5b:eb:c8:b6:16:2b:81:a2:94:9e:5e:7a:ba:10:78:
         c0:cf:93:11:01:b6:b7:e2:a9:37:19:29:f2:39:5f:28:2b:c0:
         02:3e:6f:1f:fe:30:af:5a:c8:38:67:46:77:0a:24:65:e3:8d:
         23:68:ec:38:89:36:65:e0:c0:2e:a0:4b:ad:db:43:8b:e8:61:
         f7:d0:cf:67:69:ab:88:f0:ad:89:ad:3c:f0:1a:9f:8e:4f:7c:
         ea:ff:72:91:2e:7a:62:db:3d:33:4b:04:6c:74:66:de:da:b5:
         2d:f1:df:0e:d1:9d:0c:fa:ba:3a:da:c9:45:56:22:e5:1e:b7:
         7b:18:b3:61:4a:e8:6b:87:4c:49:fa:d8:ea:2b:19:39:05:59:
         55:0a:be:a5:fc:00:92:e3:aa:60:34:cf:59:27:c9:e7:de:fc:
         1a:23:1c:cf:59:d0:e4:23:4e:86:1b:74:3e:a4:96:11:a8:58:
         82:47:a7:10:c8:ac:bd:8d:9c:f5:c9:98:28:8c:09:68:10:6d:
         0d:08:9f:3f:7e:28:50:7b:03:c4:f1:36:69:67:22:69:c3:a8:
         b6:28:b4:5e:3f:8d:c9:ed:cb:5c:9e:9b:01:b5:55:9c:ec:3b:
         a4:b2:5b:9a:3b:68:b1:61:06:4f:8d:0f:f7:98:48:72:b8:8d:
         70:0f:3a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaNe6fVGmVVSxQxDoHIIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjE1MjFhNzEyNzE1N2Y3ZGFmMGFkMDkxMzk0YWQ1YTFj
Y2U3NzkwHhcNMjUwMTAxMTk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWJiOTQzNDgzNmUyM2FiOTVmMGM2MDhlZmMxMTk0MTY0YmY0NDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMQ4hTH2zi4DgSsmi2/JJYxBQnTs
kB1O6LMAe7MqF9Pux8OG9ox8QZOuQvGYDMKEFsqhU7iQqSupnHxJXosF493H4FFY
vm1YhFslng9IMqlD8pPTTtp/3V3MyXczsTD0h2JoHW3S9s1IdzgwAtoGJ93J4d9F
Yriar1pB1ig9HcAYyc0fDlwToUF+d/vOsjPN8WoGVK6I8ItAwfUHg/t9UNiAI0+j
owYIwkN7KEBcWeiXTIzCR6R5Cki0yDk6nHTKBoup3b7wngMXNnKWprV2LOoi3aSV
EZyx5REWUVnaAB5eGJ++hiLPZdJbqWE+b8YVX3q62/rPS9Zk/OFPjcONPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNq7lDSDbiOrlfDGCO/BGUFkv0SIMB8GA1UdIwQY
MBaAFA8hUhpxJxV/fa8K0JE5StWhzOd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQt
ZmFkNWZkNzk3MGJhLzEvMnJ1VU5JTnVJNnVWOE1ZSTc4RVpRV1NfUklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lODMxYjEtOWVjMC00NmYyLTg2MGQtZmFkNWZkNzk3MGJh
LzEvRHlGU0duRW5GWDk5cndyUWtUbEsxYUhNNTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwju/MA0G
CSqGSIb3DQEBCwUAA4IBAQBp3q1b68i2FiuBopSeXnq6EHjAz5MRAba34qk3GSny
OV8oK8ACPm8f/jCvWsg4Z0Z3CiRl440jaOw4iTZl4MAuoEut20OL6GH30M9naauI
8K2JrTzwGp+OT3zq/3KRLnpi2z0zSwRsdGbe2rUt8d8O0Z0M+ro62slFViLlHrd7
GLNhSuhrh0xJ+tjqKxk5BVlVCr6l/ACS46pgNM9ZJ8nn3vwaIxzPWdDkI06GG3Q+
pJYRqFiCR6cQyKy9jZz1yZgojAloEG0NCJ8/fihQewPE8TZpZyJpw6i2KLReP43J
7ctcnpsBtVWc7DuksluaO2ixYQZPjQ/3mEhyuI1wDzrx
-----END CERTIFICATE-----