Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/2VDjJz9n7fNb41CHgZLbe3-QdD0.roa
File:                     2VDjJz9n7fNb41CHgZLbe3-QdD0.roa (raw, json)
Hash identifier:          NTSasPJavqqAm1Q5mw/3+6GrzCofhHPMKBh40Uo0ZUU=
Subject key identifier:   D9:50:E3:27:3F:67:ED:F3:5B:E3:50:87:81:92:DB:7B:7F:90:74:3D
Certificate issuer:       /CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
Certificate serial:       0194236A336BF2BED67A5C35D9AE5EC03219
Authority key identifier: 33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/2VDjJz9n7fNb41CHgZLbe3-QdD0.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.95.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:33:6b:f2:be:d6:7a:5c:35:d9:ae:5e:c0:32:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d950e3273f67edf35be350878192db7b7f90743d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:3e:7d:38:35:f7:49:dc:95:5b:6b:52:29:
                    ae:29:f4:35:23:5d:7c:5a:73:02:9e:d8:d5:15:cb:
                    a0:68:f7:7e:7c:15:61:98:51:71:0d:0f:04:c8:a6:
                    92:c7:20:f3:eb:2b:8d:e9:ae:36:43:d4:9a:cb:ad:
                    49:0e:7e:c4:5f:09:78:12:26:3a:3f:59:06:74:bf:
                    ab:cc:c8:99:a0:78:4c:3d:44:0c:93:9c:01:e5:c0:
                    64:57:a8:6e:d7:70:9a:4b:aa:99:3a:8d:4e:69:04:
                    f4:84:ba:38:6b:88:6c:88:66:15:7c:f6:96:84:a0:
                    66:66:3e:e4:69:a7:85:82:17:df:2a:42:78:1c:b9:
                    31:5e:16:08:a9:df:88:7a:c6:f4:45:8c:f9:29:40:
                    03:e8:89:72:fa:83:1f:64:17:9b:e1:55:1f:79:70:
                    34:27:56:63:6a:16:6d:b6:11:c6:69:15:58:5a:62:
                    32:c3:85:fc:2b:06:24:14:c9:07:fc:1d:62:ff:cc:
                    aa:a0:39:4d:d9:32:12:ef:33:2b:d8:e8:17:16:cb:
                    a0:c0:3a:0e:5c:fc:66:43:05:d1:19:f2:f6:07:a7:
                    da:51:12:55:29:3d:da:c9:b2:d3:82:e0:fc:4b:ba:
                    63:99:1b:02:19:38:2d:9b:01:2c:0d:f1:39:ca:f7:
                    46:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:50:E3:27:3F:67:ED:F3:5B:E3:50:87:81:92:DB:7B:7F:90:74:3D
            X509v3 Authority Key Identifier:
                keyid:33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/2VDjJz9n7fNb41CHgZLbe3-QdD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:50:a6:c8:f3:51:03:f1:65:9e:c4:e5:77:9a:43:af:ab:6c:
         32:c0:fb:a0:7a:20:1d:98:19:5a:d7:fe:1f:46:47:9b:2c:e6:
         88:18:86:1c:61:95:56:82:0e:ac:49:a5:0a:e9:76:44:27:b0:
         45:71:ba:d6:c2:bc:b8:33:95:09:a3:b8:ef:c7:5a:4f:ad:97:
         d0:c8:39:8f:8e:a3:50:67:70:e0:04:76:0f:5e:55:4f:e2:a7:
         9a:0d:56:a2:25:86:a5:20:17:22:47:04:0b:1e:78:d3:08:fa:
         f0:4a:61:eb:d2:7e:05:18:94:57:6a:fd:6a:31:ce:26:5d:7c:
         b8:a9:31:b2:b3:06:d6:db:7a:5b:61:e8:04:61:5f:8b:a4:f9:
         6c:00:b4:4b:3e:74:7f:45:82:c4:78:d7:f1:37:e1:6a:98:05:
         8d:76:9c:04:5c:b2:06:8f:5e:20:90:28:1f:d4:30:cc:34:15:
         d2:af:4c:15:b4:fb:71:cc:92:24:3f:28:02:ee:f9:50:2f:24:
         64:53:5e:25:63:de:4a:09:0d:2b:e1:1f:a2:70:52:59:7c:f4:
         99:b4:db:e2:cb:ff:25:13:cc:8c:3a:7f:3b:7b:8c:d0:58:68:
         bd:c4:c4:0b:8f:48:f8:c3:7e:5a:11:97:1e:08:fe:4d:06:6a:
         7a:77:3c:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajNr8r7Welw12a5ewDIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOGQ0MmZiYjNmNDNmNTZkZGI4NzgyZTY1NDkwYTIzZDg1
YjcyZTEwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTUwZTMyNzNmNjdlZGYzNWJlMzUwODc4MTkyZGI3YjdmOTA3NDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu90+fTg190nclVtrUimuKfQ1I118
WnMCntjVFcugaPd+fBVhmFFxDQ8EyKaSxyDz6yuN6a42Q9Say61JDn7EXwl4EiY6
P1kGdL+rzMiZoHhMPUQMk5wB5cBkV6hu13CaS6qZOo1OaQT0hLo4a4hsiGYVfPaW
hKBmZj7kaaeFghffKkJ4HLkxXhYIqd+Iesb0RYz5KUAD6Ily+oMfZBeb4VUfeXA0
J1ZjahZtthHGaRVYWmIyw4X8KwYkFMkH/B1i/8yqoDlN2TIS7zMr2OgXFsugwDoO
XPxmQwXRGfL2B6faURJVKT3aybLTguD8S7pjmRsCGTgtmwEsDfE5yvdG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlQ4yc/Z+3zW+NQh4GS23t/kHQ9MB8GA1UdIwQY
MBaAFDONQvuz9D9W3bh4LmVJCiPYW3LhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzIt
NTU3YTdkMTFlMmFlLzEvMlZEakp6OW43Zk5iNDFDSGdaTGJlMy1RZEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzItNTU3YTdkMTFlMmFl
LzEvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9eMA0G
CSqGSIb3DQEBCwUAA4IBAQBjUKbI81ED8WWexOV3mkOvq2wywPugeiAdmBla1/4f
RkebLOaIGIYcYZVWgg6sSaUK6XZEJ7BFcbrWwry4M5UJo7jvx1pPrZfQyDmPjqNQ
Z3DgBHYPXlVP4qeaDVaiJYalIBciRwQLHnjTCPrwSmHr0n4FGJRXav1qMc4mXXy4
qTGyswbW23pbYegEYV+LpPlsALRLPnR/RYLEeNfxN+FqmAWNdpwEXLIGj14gkCgf
1DDMNBXSr0wVtPtxzJIkPygC7vlQLyRkU14lY95KCQ0r4R+icFJZfPSZtNviy/8l
E8yMOn87e4zQWGi9xMQLj0j4w35aEZceCP5NBmp6dzz2
-----END CERTIFICATE-----