Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/M2T_h-HT-LjV3MxmhC3AaCL7DR0.roa
File:                     M2T_h-HT-LjV3MxmhC3AaCL7DR0.roa (raw, json)
Hash identifier:          JUe0w/L/a5YNGKCvQ5Od3tGqP8OCxA0GZG5F9koR5ws=
Subject key identifier:   33:64:FF:87:E1:D3:F8:B8:D5:DC:CC:66:84:2D:C0:68:22:FB:0D:1D
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       01941FFAB28476AA72DB7C53CC625182D1F0
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/M2T_h-HT-LjV3MxmhC3AaCL7DR0.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203363
IP address blocks:        185.140.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b2:84:76:aa:72:db:7c:53:cc:62:51:82:d1:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3364ff87e1d3f8b8d5dccc66842dc06822fb0d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2e:46:1e:77:d2:db:ee:d8:d6:77:37:f4:b9:
                    12:45:a7:88:4d:c3:d2:e5:49:28:1a:a7:87:06:cf:
                    bf:4e:dd:0f:06:b4:eb:13:6a:cc:0a:31:b0:3c:6a:
                    60:02:f2:41:2b:fb:e9:d7:83:dc:ec:86:8c:15:80:
                    cd:37:59:f0:01:43:81:86:01:cb:98:73:41:50:7b:
                    11:7a:41:32:e5:37:66:fa:11:f5:84:13:ff:c0:65:
                    d2:62:aa:c5:5b:87:76:71:3a:14:b8:ba:ba:0d:9e:
                    41:bd:26:f4:a7:47:ca:8a:fc:b3:7b:e1:40:31:47:
                    8f:08:e3:af:1b:71:8a:3c:21:88:be:3f:92:20:df:
                    21:fc:27:3d:b7:0a:7a:b2:87:6c:d0:d3:e6:be:ac:
                    27:91:40:e5:f8:7e:ea:cd:42:a1:66:a4:75:c8:9b:
                    22:0c:ba:8d:32:09:d9:e6:60:02:6a:79:0f:9b:51:
                    8f:77:25:50:1f:e9:6f:b0:45:fc:8d:6b:6a:28:d7:
                    05:40:72:4d:92:e5:3b:24:a2:cc:81:d5:8b:86:55:
                    74:8d:38:e8:03:5c:59:9d:27:ca:af:27:24:3b:2b:
                    11:b5:d9:07:c7:1f:fe:73:79:c8:23:03:2e:b2:6a:
                    36:9d:f6:12:e7:3d:40:61:56:d8:92:77:c4:52:61:
                    36:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:64:FF:87:E1:D3:F8:B8:D5:DC:CC:66:84:2D:C0:68:22:FB:0D:1D
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/M2T_h-HT-LjV3MxmhC3AaCL7DR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:61:60:e0:d1:4f:7e:93:78:9f:1d:37:e5:4f:3b:dc:33:70:
         71:37:6e:1f:15:f4:e2:5a:26:5e:bc:79:30:45:57:0b:c8:65:
         bb:b5:4a:03:f2:50:31:6e:eb:5c:05:aa:1f:72:7d:55:6f:29:
         1e:1c:8d:dd:72:99:51:73:0b:f5:1b:4c:2a:a3:ee:96:8b:1a:
         ed:27:d4:c0:ac:49:61:28:8d:da:22:02:26:11:aa:0b:d4:80:
         3b:01:11:4c:4c:a3:3b:72:e2:ea:92:7a:28:ad:48:4b:65:24:
         aa:d7:67:57:4c:b4:c2:ad:4a:cd:54:1a:b6:57:5c:a4:ab:54:
         7e:f0:4f:c0:19:7f:6e:2b:35:df:81:5f:d2:44:01:ab:95:65:
         3e:8a:0a:41:0f:86:eb:bd:54:19:fc:43:00:97:10:e7:c4:3f:
         c8:44:09:93:8e:9c:f1:20:ce:31:2a:6e:9a:97:9c:f1:5b:da:
         39:73:2e:bb:ce:d7:a1:f6:26:71:d0:f2:74:e4:47:5e:d4:1a:
         b5:23:25:bb:ff:63:14:74:28:f4:30:22:79:2d:a6:c0:dc:0b:
         38:06:ca:c0:ca:98:03:66:47:46:01:b3:2e:b1:6b:56:f7:ba:
         87:90:69:03:7b:65:71:bd:6f:af:f5:03:60:47:17:90:ae:f6:
         b4:d5:ed:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rKEdqpy23xTzGJRgtHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzY0ZmY4N2UxZDNmOGI4ZDVkY2NjNjY4NDJkYzA2ODIyZmIwZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y5GHnfS2+7Y1nc39LkSRaeITcPS
5UkoGqeHBs+/Tt0PBrTrE2rMCjGwPGpgAvJBK/vp14Pc7IaMFYDNN1nwAUOBhgHL
mHNBUHsRekEy5Tdm+hH1hBP/wGXSYqrFW4d2cToUuLq6DZ5BvSb0p0fKivyze+FA
MUePCOOvG3GKPCGIvj+SIN8h/Cc9twp6sods0NPmvqwnkUDl+H7qzUKhZqR1yJsi
DLqNMgnZ5mACankPm1GPdyVQH+lvsEX8jWtqKNcFQHJNkuU7JKLMgdWLhlV0jTjo
A1xZnSfKryckOysRtdkHxx/+c3nIIwMusmo2nfYS5z1AYVbYknfEUmE2ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNk/4fh0/i41dzMZoQtwGgi+w0dMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvTTJUX2gtSFQtTGpWM014bWhDM0FhQ0w3RFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYw1MA0G
CSqGSIb3DQEBCwUAA4IBAQB7YWDg0U9+k3ifHTflTzvcM3BxN24fFfTiWiZevHkw
RVcLyGW7tUoD8lAxbutcBaofcn1VbykeHI3dcplRcwv1G0wqo+6WixrtJ9TArElh
KI3aIgImEaoL1IA7ARFMTKM7cuLqknoorUhLZSSq12dXTLTCrUrNVBq2V1ykq1R+
8E/AGX9uKzXfgV/SRAGrlWU+igpBD4brvVQZ/EMAlxDnxD/IRAmTjpzxIM4xKm6a
l5zxW9o5cy67zteh9iZx0PJ05Ede1Bq1IyW7/2MUdCj0MCJ5LabA3As4BsrAypgD
ZkdGAbMusWtW97qHkGkDe2VxvW+v9QNgRxeQrva01e3u
-----END CERTIFICATE-----