Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/P2rIwR1CtoaVBqGPtk1uKZu6EAM.roa
File:                     P2rIwR1CtoaVBqGPtk1uKZu6EAM.roa (raw, json)
Hash identifier:          5tzkl0E5Oyrnj5xi/xWoXdn3cp0c7cD7Nd4Yhdv1uSk=
Subject key identifier:   3F:6A:C8:C1:1D:42:B6:86:95:06:A1:8F:B6:4D:6E:29:9B:BA:10:03
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       0194214469978A9BA6D1ACB93BC0973F0C48
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/P2rIwR1CtoaVBqGPtk1uKZu6EAM.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42168
IP address blocks:        194.230.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:69:97:8a:9b:a6:d1:ac:b9:3b:c0:97:3f:0c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f6ac8c11d42b6869506a18fb64d6e299bba1003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fd:af:55:b1:2f:9c:e9:0e:8e:f1:25:b1:af:
                    e6:c5:5e:6d:63:6c:51:ef:79:37:f9:97:50:7b:57:
                    a1:9b:d1:f2:3c:e7:6c:26:7c:04:d1:47:02:67:0d:
                    2e:d4:9a:a1:eb:5d:38:05:87:02:e0:ec:e7:96:4d:
                    2f:d4:0d:e6:6b:f9:98:46:72:38:c8:61:23:87:cf:
                    68:78:0b:f5:6c:bb:32:76:a6:1e:cd:a4:17:76:52:
                    1f:5c:7e:a1:b7:88:a2:bd:24:38:b6:25:06:14:25:
                    c1:f6:7d:37:95:5b:09:c5:88:51:94:03:33:5a:7d:
                    9a:e7:c5:55:3f:9d:e6:15:39:33:fa:9c:59:0c:11:
                    a4:50:28:d7:57:1b:73:7a:8a:f1:67:89:33:17:2f:
                    c5:ff:6d:7c:85:15:b6:3e:d8:70:58:57:4a:19:de:
                    9a:e7:23:67:ba:90:ff:87:09:87:7a:24:d8:0e:6f:
                    3f:af:f1:f1:8e:2b:14:3b:37:47:fa:8c:e5:7a:9b:
                    fe:b2:e8:a1:75:5c:2d:bd:a3:84:7d:5b:4d:6e:41:
                    b2:a2:a6:b4:81:c1:1c:c7:42:18:6f:59:a5:5b:ac:
                    a3:6e:55:42:01:cc:72:be:65:3f:fe:53:37:55:a6:
                    f4:21:32:60:a8:8b:27:59:d4:ef:60:ae:31:2a:03:
                    f1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6A:C8:C1:1D:42:B6:86:95:06:A1:8F:B6:4D:6E:29:9B:BA:10:03
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/P2rIwR1CtoaVBqGPtk1uKZu6EAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.230.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:1b:fe:fd:72:f2:ea:73:42:3a:04:12:a2:bb:e0:6f:78:50:
         3c:9d:48:7b:d1:b5:1f:75:d1:59:61:7b:76:1c:47:a5:b7:65:
         45:11:82:74:f0:a6:4f:75:83:80:ec:d2:97:98:4f:ec:8b:08:
         73:1d:a5:55:0d:47:84:c6:54:a7:8f:a1:e9:4e:e8:47:63:e9:
         12:06:cb:e5:28:76:b1:8a:30:1a:8c:0c:8e:a7:58:c3:80:9f:
         d5:15:cc:c9:5f:36:59:09:fd:a4:57:bd:8e:e6:2b:d5:ea:b3:
         4e:06:99:37:08:a1:b0:83:bd:81:d1:f8:e3:29:1e:96:03:47:
         52:89:2b:c6:1a:b6:c5:bc:27:11:42:f0:4a:7e:ca:75:4b:8c:
         f8:d9:c5:ac:e8:0c:12:13:d2:da:c3:c1:93:70:e3:7d:45:33:
         1b:4c:09:18:4e:e3:b0:4c:d4:89:73:79:3e:ae:a9:db:db:d3:
         1c:0d:a1:0d:eb:9d:53:a7:94:9d:4c:10:9e:e9:f5:ce:ca:94:
         ce:50:7e:6e:99:b5:4b:b7:ec:90:38:8e:50:ce:56:cb:06:bd:
         86:4f:a0:bd:88:f1:af:f5:d8:94:eb:6f:50:ff:22:96:2b:23:
         f1:42:7a:49:04:da:21:24:8d:30:4c:5f:9a:fe:94:95:30:e8:
         77:dd:7e:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGmXipum0ay5O8CXPwxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZhYzhjMTFkNDJiNjg2OTUwNmExOGZiNjRkNmUyOTliYmExMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP2vVbEvnOkOjvElsa/mxV5tY2xR
73k3+ZdQe1ehm9HyPOdsJnwE0UcCZw0u1Jqh6104BYcC4Oznlk0v1A3ma/mYRnI4
yGEjh89oeAv1bLsydqYezaQXdlIfXH6ht4iivSQ4tiUGFCXB9n03lVsJxYhRlAMz
Wn2a58VVP53mFTkz+pxZDBGkUCjXVxtzeorxZ4kzFy/F/218hRW2PthwWFdKGd6a
5yNnupD/hwmHeiTYDm8/r/HxjisUOzdH+ozlepv+suihdVwtvaOEfVtNbkGyoqa0
gcEcx0IYb1mlW6yjblVCAcxyvmU//lM3Vab0ITJgqIsnWdTvYK4xKgPxMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9qyMEdQraGlQahj7ZNbimbuhADMB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvUDJySXdSMUN0b2FWQnFHUHRrMXVLWnU2RUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuZuMA0G
CSqGSIb3DQEBCwUAA4IBAQAJG/79cvLqc0I6BBKiu+BveFA8nUh70bUfddFZYXt2
HEelt2VFEYJ08KZPdYOA7NKXmE/siwhzHaVVDUeExlSnj6HpTuhHY+kSBsvlKHax
ijAajAyOp1jDgJ/VFczJXzZZCf2kV72O5ivV6rNOBpk3CKGwg72B0fjjKR6WA0dS
iSvGGrbFvCcRQvBKfsp1S4z42cWs6AwSE9Law8GTcON9RTMbTAkYTuOwTNSJc3k+
rqnb29McDaEN651Tp5SdTBCe6fXOypTOUH5umbVLt+yQOI5QzlbLBr2GT6C9iPGv
9diU629Q/yKWKyPxQnpJBNohJI0wTF+a/pSVMOh33X7H
-----END CERTIFICATE-----