Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2YDpGlb85Y0B3UH_SPABkYLwtdQ.roa
File:                     2YDpGlb85Y0B3UH_SPABkYLwtdQ.roa (raw, json)
Hash identifier:          QPWUocA76Z5UzbYjqNVViSp6W2KYqM6syIyvYYqrKhA=
Subject key identifier:   D9:80:E9:1A:56:FC:E5:8D:01:DD:41:FF:48:F0:01:91:82:F0:B5:D4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBFD2B80C05E8D5A07D9458E15196
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2YDpGlb85Y0B3UH_SPABkYLwtdQ.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210837
IP address blocks:        193.30.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:bf:d2:b8:0c:05:e8:d5:a0:7d:94:58:e1:51:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d980e91a56fce58d01dd41ff48f0019182f0b5d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e3:c1:27:b8:79:c0:b9:02:25:dc:3b:7e:e9:
                    11:3e:e4:f2:28:72:ef:6e:d3:c9:7a:62:6b:f7:36:
                    17:50:09:cf:d2:4e:a4:38:6e:98:08:61:37:1a:3f:
                    ce:56:1c:81:39:85:91:fa:f2:6b:d3:11:b8:0c:c2:
                    04:c8:75:f2:0b:bb:6c:0e:e0:d1:17:63:10:db:39:
                    d6:de:fd:4e:6b:05:a7:18:0f:b6:1d:61:6c:38:56:
                    32:23:31:61:09:99:a0:59:07:e8:4a:ec:9e:a1:28:
                    62:08:fc:8a:6b:cb:04:2e:bd:61:7b:67:4c:22:6f:
                    aa:cf:64:49:f1:4d:dc:47:58:e2:79:3f:17:46:dd:
                    a5:da:96:d8:41:7d:2e:58:34:1c:43:b0:6e:a0:95:
                    8d:9d:b3:88:2d:f7:f8:10:ae:25:48:50:1e:41:54:
                    b3:fa:ef:e9:4d:70:44:72:85:4e:ac:8d:17:36:bb:
                    70:68:17:8f:91:03:a1:05:4d:1e:22:ff:51:fd:64:
                    05:7d:a7:79:49:a2:77:09:60:c8:6c:a6:42:8d:74:
                    cb:c6:6c:8d:4f:ea:20:1d:e1:99:2a:09:66:0d:be:
                    c9:2d:32:cd:c8:ed:9b:f1:35:6e:01:8d:72:1c:37:
                    b3:7b:b8:5b:20:d6:0c:92:53:3e:20:eb:9b:12:cd:
                    14:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:80:E9:1A:56:FC:E5:8D:01:DD:41:FF:48:F0:01:91:82:F0:B5:D4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2YDpGlb85Y0B3UH_SPABkYLwtdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0e:36:8c:70:ef:66:67:32:35:3e:ab:66:b5:d6:f8:10:27:
         71:21:55:30:3d:3f:c1:38:d3:73:14:64:0c:11:4c:0b:d9:ee:
         e3:86:6a:47:03:79:54:7b:9d:30:58:4e:3a:b8:ee:43:8e:43:
         4f:d1:f9:7e:47:6b:da:86:59:86:39:21:1d:b5:2f:e7:f3:cc:
         44:59:7a:d2:06:47:6b:e6:6d:28:1d:83:af:dc:56:07:b1:af:
         c4:f8:a5:10:f9:34:f6:15:1d:e3:9e:2f:bc:d2:0f:b8:18:1c:
         4d:99:44:bc:4d:db:97:6b:50:85:71:d4:8f:61:36:1e:bc:03:
         2e:98:65:11:c6:cd:a8:97:b2:78:6c:f4:e3:b2:88:7e:3d:82:
         50:fa:60:68:dc:ff:e0:46:b9:60:54:78:45:4b:93:97:84:13:
         e2:db:4a:8a:5a:33:5a:12:26:c1:98:ca:ba:06:56:2b:2f:25:
         31:59:e9:2e:45:c2:08:22:15:12:b6:a5:4f:37:a7:10:d8:ed:
         e0:d8:f5:9a:30:14:1a:6f:bb:fb:09:cc:d1:44:c3:ec:2a:a9:
         63:01:9f:0c:ff:b9:d0:e8:33:23:db:71:06:e3:b5:6c:bf:4e:
         a2:1f:8c:e4:4e:0e:eb:9d:09:82:ed:86:e6:fe:11:d4:05:17:
         60:29:52:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7/SuAwF6NWgfZRY4VGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTgwZTkxYTU2ZmNlNThkMDFkZDQxZmY0OGYwMDE5MTgyZjBiNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwePBJ7h5wLkCJdw7fukRPuTyKHLv
btPJemJr9zYXUAnP0k6kOG6YCGE3Gj/OVhyBOYWR+vJr0xG4DMIEyHXyC7tsDuDR
F2MQ2znW3v1OawWnGA+2HWFsOFYyIzFhCZmgWQfoSuyeoShiCPyKa8sELr1he2dM
Im+qz2RJ8U3cR1jieT8XRt2l2pbYQX0uWDQcQ7BuoJWNnbOILff4EK4lSFAeQVSz
+u/pTXBEcoVOrI0XNrtwaBePkQOhBU0eIv9R/WQFfad5SaJ3CWDIbKZCjXTLxmyN
T+ogHeGZKglmDb7JLTLNyO2b8TVuAY1yHDeze7hbINYMklM+IOubEs0UfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmA6RpW/OWNAd1B/0jwAZGC8LXUMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMllEcEdsYjg1WTBCM1VIX1NQQUJrWUx3dGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR7xMA0G
CSqGSIb3DQEBCwUAA4IBAQB2DjaMcO9mZzI1Pqtmtdb4ECdxIVUwPT/BONNzFGQM
EUwL2e7jhmpHA3lUe50wWE46uO5DjkNP0fl+R2vahlmGOSEdtS/n88xEWXrSBkdr
5m0oHYOv3FYHsa/E+KUQ+TT2FR3jni+80g+4GBxNmUS8TduXa1CFcdSPYTYevAMu
mGURxs2ol7J4bPTjsoh+PYJQ+mBo3P/gRrlgVHhFS5OXhBPi20qKWjNaEibBmMq6
BlYrLyUxWekuRcIIIhUStqVPN6cQ2O3g2PWaMBQab7v7CczRRMPsKqljAZ8M/7nQ
6DMj23EG47Vsv06iH4zkTg7rnQmC7Ybm/hHUBRdgKVIG
-----END CERTIFICATE-----