Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/2B-FwUEQx6Nr4Ray6DAMUlw7Mv8.roa
File:                     2B-FwUEQx6Nr4Ray6DAMUlw7Mv8.roa (raw, json)
Hash identifier:          BBGC/ULum47ycUnwMz9z0fK4GgKW3TWVfbzBiHksvmc=
Subject key identifier:   D8:1F:85:C1:41:10:C7:A3:6B:E1:16:B2:E8:30:0C:52:5C:3B:32:FF
Certificate issuer:       /CN=30683cffa061f28a9e1135c9fc30376a6474cbf4
Certificate serial:       019422FC267F9D5A10555C22EE7109F9DA11
Authority key identifier: 30:68:3C:FF:A0:61:F2:8A:9E:11:35:C9:FC:30:37:6A:64:74:CB:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/2B-FwUEQx6Nr4Ray6DAMUlw7Mv8.roa
Signing time:             Wed 01 Jan 2025 17:48:57 +0000
ROA not before:           Wed 01 Jan 2025 17:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        212.82.233.0/24 maxlen: 24
                          2a00:1798:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:26:7f:9d:5a:10:55:5c:22:ee:71:09:f9:da:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30683cffa061f28a9e1135c9fc30376a6474cbf4
        Validity
            Not Before: Jan  1 17:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d81f85c14110c7a36be116b2e8300c525c3b32ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:9a:5a:45:f7:73:68:2a:c9:47:a5:21:03:d4:
                    17:f1:5a:a4:b1:51:0e:ce:f0:55:97:cf:a4:0a:85:
                    4d:08:b1:c9:b5:09:a1:a7:f6:fa:61:32:b5:52:f6:
                    2e:be:28:ad:6c:3d:b5:80:a0:7c:62:86:2c:21:67:
                    b0:7e:7b:6f:68:a7:86:6f:71:f6:5a:0e:02:f9:39:
                    f6:08:ee:d9:ee:21:03:cd:d3:c5:94:10:33:99:3f:
                    30:4d:1a:b3:34:8b:d6:c2:35:17:f4:70:e0:0f:33:
                    9c:26:52:c8:44:71:90:d4:8a:4e:14:d6:44:0e:20:
                    12:e4:cd:3c:f1:67:d8:aa:d3:1a:a0:69:6d:04:ca:
                    31:0a:68:df:60:ec:4d:9d:9f:4b:a2:c9:f0:af:c2:
                    c8:1f:a6:e2:e2:4e:07:c1:c0:46:d1:02:6f:4f:30:
                    70:55:b7:62:4e:79:a8:50:4e:3b:96:33:f3:d7:2e:
                    bd:91:57:de:2d:50:8e:cf:18:c5:f0:81:6b:63:d0:
                    c3:89:89:16:05:3d:0a:e7:5b:4f:a9:7d:7c:c5:df:
                    85:e6:b5:d0:5f:d7:1e:cd:f3:3c:09:6d:63:75:4f:
                    72:d0:42:6e:0c:33:7c:12:9a:bc:c2:82:59:e3:db:
                    9e:ce:11:7a:f4:01:01:28:d7:74:31:ec:bf:88:ee:
                    92:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1F:85:C1:41:10:C7:A3:6B:E1:16:B2:E8:30:0C:52:5C:3B:32:FF
            X509v3 Authority Key Identifier:
                keyid:30:68:3C:FF:A0:61:F2:8A:9E:11:35:C9:FC:30:37:6A:64:74:CB:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/2B-FwUEQx6Nr4Ray6DAMUlw7Mv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01f6ed-7b86-4f76-828f-4e19239f0c35/1/MGg8_6Bh8oqeETXJ_DA3amR0y_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.82.233.0/24
                IPv6:
                  2a00:1798:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:b7:1c:65:8f:4d:97:ed:12:fb:bc:88:df:fb:9d:7a:ce:ca:
         b3:45:93:06:dd:1d:fc:36:1d:83:df:80:df:5b:b6:bd:b8:c7:
         03:22:75:fd:1c:9e:d6:53:f5:f1:8b:8f:22:fb:70:19:21:bc:
         f9:2a:f5:f5:fe:b3:05:1f:62:27:cb:a4:cc:ce:3a:8f:6a:56:
         70:5a:86:52:f0:d9:7f:be:52:5d:61:e7:4c:c7:d2:ed:e3:af:
         5e:2f:99:73:51:3a:db:4f:05:97:f6:29:ea:f6:66:5a:b8:74:
         73:7c:e0:3f:6a:86:7f:dd:e4:f4:be:14:4e:20:0e:5e:1e:76:
         c5:5a:0e:35:a9:89:52:15:49:35:99:56:ce:f9:07:72:0e:f9:
         17:d4:a1:7c:c7:51:a9:9a:48:83:98:f6:b6:1e:9a:74:9f:64:
         e8:ad:5a:94:79:2a:c8:e6:33:0c:2d:44:15:17:0e:d3:a2:4f:
         a9:69:d6:34:4e:e6:56:c6:88:11:b2:3b:2f:12:f1:58:7c:65:
         db:02:eb:0d:7b:63:56:05:09:d6:f3:82:af:9c:33:30:15:93:
         f2:8d:14:09:10:23:e4:66:76:c3:d1:b8:a3:1f:4e:35:99:fd:
         7e:96:7e:52:44:cd:33:87:cf:83:96:6d:02:08:3d:69:c9:e0:
         78:dd:10:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi/CZ/nVoQVVwi7nEJ+doRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjgzY2ZmYTA2MWYyOGE5ZTExMzVjOWZjMzAzNzZhNjQ3
NGNiZjQwHhcNMjUwMTAxMTc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFmODVjMTQxMTBjN2EzNmJlMTE2YjJlODMwMGM1MjVjM2IzMmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ZpaRfdzaCrJR6UhA9QX8VqksVEO
zvBVl8+kCoVNCLHJtQmhp/b6YTK1UvYuviitbD21gKB8YoYsIWewfntvaKeGb3H2
Wg4C+Tn2CO7Z7iEDzdPFlBAzmT8wTRqzNIvWwjUX9HDgDzOcJlLIRHGQ1IpOFNZE
DiAS5M088WfYqtMaoGltBMoxCmjfYOxNnZ9Losnwr8LIH6bi4k4HwcBG0QJvTzBw
VbdiTnmoUE47ljPz1y69kVfeLVCOzxjF8IFrY9DDiYkWBT0K51tPqX18xd+F5rXQ
X9cezfM8CW1jdU9y0EJuDDN8Epq8woJZ49uezhF69AEBKNd0Mey/iO6SeQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNgfhcFBEMeja+EWsugwDFJcOzL/MB8GA1UdIwQY
MBaAFDBoPP+gYfKKnhE1yfwwN2pkdMv0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdnOF82Qmg4b3FlRVRYSl9EQTNhbVIweV9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMWY2ZWQtN2I4Ni00Zjc2LTgyOGYt
NGUxOTIzOWYwYzM1LzEvMkItRndVRVF4Nk5yNFJheTZEQU1VbHc3TXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMWY2ZWQtN2I4Ni00Zjc2LTgyOGYtNGUxOTIzOWYwYzM1
LzEvTUdnOF82Qmg4b3FlRVRYSl9EQTNhbVIweV9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1FLpMA8E
AgACMAkDBwAqABeYAAYwDQYJKoZIhvcNAQELBQADggEBABq3HGWPTZftEvu8iN/7
nXrOyrNFkwbdHfw2HYPfgN9btr24xwMidf0cntZT9fGLjyL7cBkhvPkq9fX+swUf
YifLpMzOOo9qVnBahlLw2X++Ul1h50zH0u3jr14vmXNROttPBZf2Ker2Zlq4dHN8
4D9qhn/d5PS+FE4gDl4edsVaDjWpiVIVSTWZVs75B3IO+RfUoXzHUamaSIOY9rYe
mnSfZOitWpR5KsjmMwwtRBUXDtOiT6lp1jRO5lbGiBGyOy8S8Vh8ZdsC6w17Y1YF
Cdbzgq+cMzAVk/KNFAkQI+RmdsPRuKMfTjWZ/X6WflJEzTOHz4OWbQIIPWnJ4Hjd
EPY=
-----END CERTIFICATE-----