Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/2H-bW8UZI3iJgi7-SD7ICzn-6yE.roa
File:                     2H-bW8UZI3iJgi7-SD7ICzn-6yE.roa (raw, json)
Hash identifier:          6BFAD/kuUp8ggYQ5Z6VEt8Ffgu906xvZpM65LYf/A40=
Subject key identifier:   D8:7F:9B:5B:C5:19:23:78:89:82:2E:FE:48:3E:C8:0B:39:FE:EB:21
Certificate issuer:       /CN=4c81273dcb03c3457b79250be109e19a5e74f0fd
Certificate serial:       019427B63E0723607BC6BB8FAF6A44962B87
Authority key identifier: 4C:81:27:3D:CB:03:C3:45:7B:79:25:0B:E1:09:E1:9A:5E:74:F0:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIEnPcsDw0V7eSUL4Qnhml508P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/2H-bW8UZI3iJgi7-SD7ICzn-6yE.roa
Signing time:             Thu 02 Jan 2025 15:50:42 +0000
ROA not before:           Thu 02 Jan 2025 15:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216408
IP address blocks:        185.87.216.0/24 maxlen: 24
                          2a13:85c0:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/TIEnPcsDw0V7eSUL4Qnhml508P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/TIEnPcsDw0V7eSUL4Qnhml508P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TIEnPcsDw0V7eSUL4Qnhml508P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:3e:07:23:60:7b:c6:bb:8f:af:6a:44:96:2b:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c81273dcb03c3457b79250be109e19a5e74f0fd
        Validity
            Not Before: Jan  2 15:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d87f9b5bc519237889822efe483ec80b39feeb21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d8:0b:fc:59:0c:b5:e9:ad:f5:ca:c6:22:e0:
                    fa:69:f6:c3:a1:d7:2d:97:2f:61:66:ef:e6:c7:21:
                    c2:db:78:56:fc:bf:bc:e3:f3:ad:bc:35:bb:f4:50:
                    22:fd:91:91:58:5c:55:13:49:fe:94:d7:ab:b2:dd:
                    91:12:d5:6a:bf:a1:d1:0b:46:db:b8:ce:97:45:6b:
                    7a:aa:ef:8c:e5:a2:d3:95:fa:a3:df:7c:ad:5a:f6:
                    4e:ee:bc:97:42:d5:6d:0d:b4:2d:ed:6d:0a:d3:4a:
                    4c:90:ac:b5:fa:c1:b3:45:c5:f6:2e:30:08:35:89:
                    54:e5:e4:b5:a3:37:51:50:ab:80:23:9a:a9:89:5e:
                    fb:71:8c:39:17:4d:67:c6:b8:8e:70:93:76:ce:34:
                    07:7b:10:40:96:83:20:0a:89:56:d0:52:c6:5d:69:
                    86:a5:ff:38:3f:0c:5e:d2:2f:28:ce:ef:f4:d6:c3:
                    f6:4f:b3:bc:40:01:72:9e:ee:83:18:e3:c5:08:e8:
                    4b:20:c6:fc:f7:a1:e9:70:ec:63:42:56:a1:c6:25:
                    82:2e:ea:fd:70:28:50:db:2e:37:5b:86:45:b5:dc:
                    e2:1b:cd:33:e0:8f:b4:e9:1a:bc:6f:8a:c8:31:46:
                    9a:d8:df:cc:4c:07:65:0b:a8:b1:3a:2f:55:04:2c:
                    b3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7F:9B:5B:C5:19:23:78:89:82:2E:FE:48:3E:C8:0B:39:FE:EB:21
            X509v3 Authority Key Identifier:
                keyid:4C:81:27:3D:CB:03:C3:45:7B:79:25:0B:E1:09:E1:9A:5E:74:F0:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIEnPcsDw0V7eSUL4Qnhml508P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/2H-bW8UZI3iJgi7-SD7ICzn-6yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/18c7dd-241b-4b92-8ebf-77794fbfd2e4/1/TIEnPcsDw0V7eSUL4Qnhml508P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.216.0/24
                IPv6:
                  2a13:85c0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:98:73:4f:82:13:4c:60:98:5b:4f:e1:2f:35:be:6e:a6:79:
         dc:a0:6e:78:ed:fe:1b:08:9e:d7:f5:cf:c1:d6:e0:dc:68:0c:
         95:56:a4:e8:e9:17:bf:e8:18:26:9b:92:5b:ca:65:54:61:d9:
         e5:43:26:a5:fb:ad:5d:5b:a1:02:26:4d:35:0d:3a:43:d2:a1:
         aa:40:4b:09:12:a8:97:8c:32:37:a0:1f:93:f9:d5:02:a5:c8:
         09:f6:9a:d4:c8:90:e2:96:8c:96:46:34:13:da:81:7a:9d:6d:
         f3:a3:ec:46:3b:3f:d0:27:96:fb:d4:12:03:74:7d:13:69:ae:
         4b:af:0e:0d:a7:a8:50:a4:61:0d:87:3c:29:76:b7:58:dc:a7:
         24:b1:40:da:ac:d9:6b:18:5f:18:62:f6:51:58:c1:f4:75:2d:
         e2:95:53:0d:27:22:4a:b8:47:bf:fc:89:9a:ae:73:c8:ee:1e:
         38:4e:a0:70:d6:eb:cf:c0:0c:73:44:5d:a3:fc:f9:34:a2:74:
         15:1a:c2:01:eb:a9:67:6a:d0:45:d1:42:54:95:83:10:02:c1:
         ee:5b:58:a0:bf:53:82:4a:aa:a1:12:82:3c:1a:2e:a5:ae:ac:
         4f:36:45:28:81:4e:c1:cb:02:07:24:e0:b4:c5:29:9f:f3:c7:
         07:b2:97:8b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQntj4HI2B7xruPr2pEliuHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODEyNzNkY2IwM2MzNDU3Yjc5MjUwYmUxMDllMTlhNWU3
NGYwZmQwHhcNMjUwMTAyMTU1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdmOWI1YmM1MTkyMzc4ODk4MjJlZmU0ODNlYzgwYjM5ZmVlYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9gL/FkMtemt9crGIuD6afbDodct
ly9hZu/mxyHC23hW/L+84/OtvDW79FAi/ZGRWFxVE0n+lNerst2REtVqv6HRC0bb
uM6XRWt6qu+M5aLTlfqj33ytWvZO7ryXQtVtDbQt7W0K00pMkKy1+sGzRcX2LjAI
NYlU5eS1ozdRUKuAI5qpiV77cYw5F01nxriOcJN2zjQHexBAloMgColW0FLGXWmG
pf84Pwxe0i8ozu/01sP2T7O8QAFynu6DGOPFCOhLIMb896HpcOxjQlahxiWCLur9
cChQ2y43W4ZFtdziG80z4I+06Rq8b4rIMUaa2N/MTAdlC6ixOi9VBCyz1wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNh/m1vFGSN4iYIu/kg+yAs5/ushMB8GA1UdIwQY
MBaAFEyBJz3LA8NFe3klC+EJ4ZpedPD9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVElFblBjc0R3MFY3ZVNVTDRRbmhtbDUwOFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xOGM3ZGQtMjQxYi00YjkyLThlYmYt
Nzc3OTRmYmZkMmU0LzEvMkgtYlc4VVpJM2lKZ2k3LVNEN0lDem4tNnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xOGM3ZGQtMjQxYi00YjkyLThlYmYtNzc3OTRmYmZkMmU0
LzEvVElFblBjc0R3MFY3ZVNVTDRRbmhtbDUwOFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuVfYMA4E
AgACMAgDBgAqE4XAATANBgkqhkiG9w0BAQsFAAOCAQEABJhzT4ITTGCYW0/hLzW+
bqZ53KBueO3+Gwie1/XPwdbg3GgMlVak6OkXv+gYJpuSW8plVGHZ5UMmpfutXVuh
AiZNNQ06Q9KhqkBLCRKol4wyN6Afk/nVAqXICfaa1MiQ4paMlkY0E9qBep1t86Ps
Rjs/0CeW+9QSA3R9E2muS68ODaeoUKRhDYc8KXa3WNynJLFA2qzZaxhfGGL2UVjB
9HUt4pVTDSciSrhHv/yJmq5zyO4eOE6gcNbrz8AMc0Rdo/z5NKJ0FRrCAeupZ2rQ
RdFCVJWDEALB7ltYoL9TgkqqoRKCPBoupa6sTzZFKIFOwcsCByTgtMUpn/PHB7KX
iw==
-----END CERTIFICATE-----