Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/2SOKJdtN9bMMMVnN7XnVjTb3ui0.roa
File:                     2SOKJdtN9bMMMVnN7XnVjTb3ui0.roa (raw, json)
Hash identifier:          72GA0BgMQTTnlKlYqdGi0oxjId4FdqmjlR9jbXjscag=
Subject key identifier:   D9:23:8A:25:DB:4D:F5:B3:0C:31:59:CD:ED:79:D5:8D:36:F7:BA:2D
Certificate issuer:       /CN=9ad6bf12ad5a29327bc6f7b66026f054686cd959
Certificate serial:       0194252197798F3CC75551DC8F9184446CB4
Authority key identifier: 9A:D6:BF:12:AD:5A:29:32:7B:C6:F7:B6:60:26:F0:54:68:6C:D9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/2SOKJdtN9bMMMVnN7XnVjTb3ui0.roa
Signing time:             Thu 02 Jan 2025 03:49:05 +0000
ROA not before:           Thu 02 Jan 2025 03:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60533
IP address blocks:        185.29.156.0/22 maxlen: 24
                          185.29.156.0/23 maxlen: 23
                          185.29.158.0/23 maxlen: 23
                          2a00:a8a0::/32 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:97:79:8f:3c:c7:55:51:dc:8f:91:84:44:6c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ad6bf12ad5a29327bc6f7b66026f054686cd959
        Validity
            Not Before: Jan  2 03:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9238a25db4df5b30c3159cded79d58d36f7ba2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:05:05:b2:69:c7:27:23:9c:2f:6a:ed:a1:92:
                    e1:d2:99:4f:88:87:b9:0d:a1:9c:48:a7:9a:8e:dd:
                    b2:4b:12:12:8a:05:31:5b:a7:3e:b4:96:fc:3a:90:
                    d3:d8:84:6b:57:88:7a:67:13:e4:be:4b:d4:95:21:
                    05:35:69:9b:1f:d3:1a:a3:a2:82:15:78:49:c5:8a:
                    9a:74:ba:c8:41:2a:5c:71:e7:a3:16:88:55:e1:c3:
                    3f:c6:6a:92:d9:39:bc:7c:52:30:e6:20:93:a5:71:
                    99:62:8a:c9:f4:3a:46:35:30:bc:34:ec:cf:0b:ac:
                    05:40:c6:a7:4d:67:25:59:79:49:57:ac:25:92:91:
                    f1:b1:8d:9a:00:dc:27:9d:88:7d:34:7f:2d:d2:31:
                    87:43:31:d5:f6:2f:c8:60:32:66:d9:93:f9:11:5a:
                    64:74:96:4b:b5:99:ab:92:3e:42:8c:18:9c:21:6f:
                    3c:e3:30:d9:1c:a9:f9:62:74:85:e8:28:19:a6:21:
                    42:c4:87:9b:7d:d5:01:06:5d:fb:d0:2a:6e:8d:1f:
                    b5:b2:9e:28:d5:65:04:be:a9:89:66:18:f8:64:57:
                    6a:59:80:8b:c9:c8:25:09:e8:56:8d:73:b1:30:1a:
                    6b:8f:d7:dc:41:85:7e:5b:08:98:b4:2f:66:86:1c:
                    a9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:23:8A:25:DB:4D:F5:B3:0C:31:59:CD:ED:79:D5:8D:36:F7:BA:2D
            X509v3 Authority Key Identifier:
                keyid:9A:D6:BF:12:AD:5A:29:32:7B:C6:F7:B6:60:26:F0:54:68:6C:D9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/2SOKJdtN9bMMMVnN7XnVjTb3ui0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/c0ea88-7592-4e84-9a9a-4335670f6b7e/1/mta_Eq1aKTJ7xve2YCbwVGhs2Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.156.0/22
                IPv6:
                  2a00:a8a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:47:1d:22:34:02:26:e1:0f:7d:b5:db:ab:90:df:f1:96:3f:
         9d:23:e3:43:41:fd:9b:5a:96:17:5a:c7:10:77:d0:37:48:3d:
         2f:cf:66:85:85:84:f9:c9:33:70:b2:a8:f9:91:ba:72:5e:47:
         f1:35:17:71:3f:0a:79:2b:1c:bf:b4:21:b9:18:b2:4f:30:34:
         5b:0a:0b:c9:e3:d8:ed:ed:0f:61:ff:a6:8d:09:5d:93:10:46:
         43:9a:e4:a5:9e:50:18:3f:4c:d5:fc:f6:91:f9:20:d0:3d:95:
         cc:d9:52:29:c7:73:80:4e:44:34:1f:e1:35:99:13:3f:e9:6f:
         70:32:a9:3d:ca:c6:93:12:e3:2f:0e:7f:08:16:9a:90:c9:03:
         72:5a:83:c9:b8:cc:62:fb:18:7b:20:a6:bd:c3:27:c3:dd:0b:
         b8:fa:fa:28:bd:c4:8d:0b:11:05:8c:c4:00:14:36:5b:e9:40:
         10:ed:86:45:98:b1:aa:65:37:0b:02:c2:08:ce:b6:01:9a:84:
         2d:ef:0b:ed:a6:b8:a1:ec:e4:4a:e9:46:23:42:d7:c2:a4:86:
         dc:0f:c1:c8:5a:f5:1b:12:b9:3d:2d:66:5f:a1:d3:4b:4f:ac:
         ef:da:d7:67:8d:74:fc:67:10:5a:72:d2:ee:71:52:44:e4:82:
         b4:8f:ab:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIZd5jzzHVVHcj5GERGy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZDZiZjEyYWQ1YTI5MzI3YmM2ZjdiNjYwMjZmMDU0Njg2
Y2Q5NTkwHhcNMjUwMTAyMDM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTIzOGEyNWRiNGRmNWIzMGMzMTU5Y2RlZDc5ZDU4ZDM2ZjdiYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQUFsmnHJyOcL2rtoZLh0plPiIe5
DaGcSKeajt2ySxISigUxW6c+tJb8OpDT2IRrV4h6ZxPkvkvUlSEFNWmbH9Mao6KC
FXhJxYqadLrIQSpcceejFohV4cM/xmqS2Tm8fFIw5iCTpXGZYorJ9DpGNTC8NOzP
C6wFQManTWclWXlJV6wlkpHxsY2aANwnnYh9NH8t0jGHQzHV9i/IYDJm2ZP5EVpk
dJZLtZmrkj5CjBicIW884zDZHKn5YnSF6CgZpiFCxIebfdUBBl370CpujR+1sp4o
1WUEvqmJZhj4ZFdqWYCLycglCehWjXOxMBprj9fcQYV+WwiYtC9mhhyplwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNkjiiXbTfWzDDFZze151Y0297otMB8GA1UdIwQY
MBaAFJrWvxKtWikye8b3tmAm8FRobNlZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXRhX0VxMWFLVEo3eHZlMllDYndWR2hzMlZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9jMGVhODgtNzU5Mi00ZTg0LTlhOWEt
NDMzNTY3MGY2YjdlLzEvMlNPS0pkdE45Yk1NTVZuTjdYblZqVGIzdWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9jMGVhODgtNzU5Mi00ZTg0LTlhOWEtNDMzNTY3MGY2Yjdl
LzEvbXRhX0VxMWFLVEo3eHZlMllDYndWR2hzMlZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR2cMA0E
AgACMAcDBQAqAKigMA0GCSqGSIb3DQEBCwUAA4IBAQBtRx0iNAIm4Q99tdurkN/x
lj+dI+NDQf2bWpYXWscQd9A3SD0vz2aFhYT5yTNwsqj5kbpyXkfxNRdxPwp5Kxy/
tCG5GLJPMDRbCgvJ49jt7Q9h/6aNCV2TEEZDmuSlnlAYP0zV/PaR+SDQPZXM2VIp
x3OATkQ0H+E1mRM/6W9wMqk9ysaTEuMvDn8IFpqQyQNyWoPJuMxi+xh7IKa9wyfD
3Qu4+voovcSNCxEFjMQAFDZb6UAQ7YZFmLGqZTcLAsIIzrYBmoQt7wvtprih7ORK
6UYjQtfCpIbcD8HIWvUbErk9LWZfodNLT6zv2tdnjXT8ZxBactLucVJE5IK0j6u8
-----END CERTIFICATE-----