Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/2lhRfHkMgHjBgOEI871xwfstUps.roa
File:                     2lhRfHkMgHjBgOEI871xwfstUps.roa (raw, json)
Hash identifier:          pS6P1vzgUypkZeUsuXFw4LKxiNYTX5RfnQUo/ctpKhE=
Subject key identifier:   DA:58:51:7C:79:0C:80:78:C1:80:E1:08:F3:BD:71:C1:FB:2D:52:9B
Certificate issuer:       /CN=64e7553292af595426ee1d7dc919a2104894752b
Certificate serial:       01942747F1AFA8F052D0C5C212C7B62D08AE
Authority key identifier: 64:E7:55:32:92:AF:59:54:26:EE:1D:7D:C9:19:A2:10:48:94:75:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/2lhRfHkMgHjBgOEI871xwfstUps.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25003
IP address blocks:        141.226.250.0/23 maxlen: 24
                          185.223.0.0/22 maxlen: 24
                          2a0d:2800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f1:af:a8:f0:52:d0:c5:c2:12:c7:b6:2d:08:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64e7553292af595426ee1d7dc919a2104894752b
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da58517c790c8078c180e108f3bd71c1fb2d529b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:78:b8:6f:6e:48:7b:8f:99:89:12:7a:a6:
                    a7:20:2f:a7:fe:b6:10:9a:af:5f:b5:26:34:7a:bd:
                    80:85:ae:85:dd:25:3b:e9:1c:53:1f:11:bd:7f:00:
                    ea:f6:6f:4d:0e:0a:e2:80:4f:19:d7:b5:b3:70:a9:
                    fc:30:43:05:e3:d6:c3:4b:8b:81:a7:23:ed:03:80:
                    59:b7:6c:a7:a7:67:e4:e9:21:95:9d:6a:d5:cf:8a:
                    45:0e:bf:8a:87:8b:88:89:48:32:c9:ab:d4:62:a4:
                    e7:74:72:86:b8:10:48:16:02:3f:a5:d9:17:bd:fd:
                    05:63:d0:25:29:22:34:fa:70:8d:01:8a:75:55:b8:
                    4b:d4:3b:dc:e3:a9:95:ab:62:c0:8d:70:f0:2f:9a:
                    0d:17:f3:d8:99:a9:a9:c7:27:97:16:2e:ee:f3:93:
                    8b:06:56:4f:59:59:b2:9e:ed:31:9f:9b:ae:be:fc:
                    7e:3d:0d:48:88:e9:5f:2e:95:91:9e:bc:4c:f3:9c:
                    c4:7e:32:10:32:4a:60:21:a1:07:4d:21:ad:94:bb:
                    26:54:d2:71:13:26:23:3c:fd:93:69:7d:a3:61:10:
                    5d:19:36:40:57:63:0b:db:c2:f3:12:61:2f:a1:53:
                    27:0f:6a:bb:aa:20:db:82:ad:bc:bb:c3:6e:ec:12:
                    c7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:58:51:7C:79:0C:80:78:C1:80:E1:08:F3:BD:71:C1:FB:2D:52:9B
            X509v3 Authority Key Identifier:
                keyid:64:E7:55:32:92:AF:59:54:26:EE:1D:7D:C9:19:A2:10:48:94:75:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZOdVMpKvWVQm7h19yRmiEEiUdSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/2lhRfHkMgHjBgOEI871xwfstUps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e66a57-65ef-4644-8f50-c14faf43be14/1/ZOdVMpKvWVQm7h19yRmiEEiUdSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.250.0/23
                  185.223.0.0/22
                IPv6:
                  2a0d:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:66:e1:8b:70:21:47:4c:53:bb:6b:07:5c:ef:ac:42:4b:e6:
         eb:2a:98:94:19:44:46:88:db:29:1f:22:2f:32:74:ba:3c:47:
         61:52:cf:27:8f:3e:66:27:97:56:fd:46:02:63:7b:2a:ed:f6:
         0c:87:b1:ea:e1:ea:df:dc:9a:5a:15:54:97:3c:26:39:01:fe:
         7d:88:9b:cf:7e:76:d2:8a:29:3e:39:46:cf:ad:d7:3f:f5:24:
         a6:62:0a:f8:54:ce:1a:bb:a8:06:57:8f:4f:af:f5:0d:c6:4c:
         d2:48:bc:8d:97:d6:df:75:e6:44:4f:98:49:33:3b:35:51:a1:
         79:0b:10:8c:ff:fd:69:72:5c:8d:85:61:11:a6:ca:61:b1:62:
         c6:77:e0:b9:e7:28:1b:8e:e2:3f:59:62:df:8a:f6:d1:06:c9:
         bb:08:e8:d2:5d:43:97:fe:d1:fb:e5:32:fd:b9:71:ca:ed:b1:
         fa:32:aa:b9:17:e8:0e:8b:25:f8:9a:db:74:83:3f:84:d6:cb:
         6d:c3:5b:05:12:ad:9d:f5:9f:aa:7b:0c:df:e4:6d:80:c3:a4:
         45:4d:97:f1:ac:9b:ae:c0:f9:ae:2a:ea:c7:6d:0b:72:c4:54:
         ea:9c:a1:f7:27:f6:5b:57:4e:a1:00:8a:56:0d:38:c9:8c:6d:
         7d:3e:97:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnR/GvqPBS0MXCEse2LQiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZTc1NTMyOTJhZjU5NTQyNmVlMWQ3ZGM5MTlhMjEwNDg5
NDc1MmIwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU4NTE3Yzc5MGM4MDc4YzE4MGUxMDhmM2JkNzFjMWZiMmQ1MjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcF4uG9uSHuPmYkSeqanIC+n/rYQ
mq9ftSY0er2Aha6F3SU76RxTHxG9fwDq9m9NDgrigE8Z17WzcKn8MEMF49bDS4uB
pyPtA4BZt2ynp2fk6SGVnWrVz4pFDr+Kh4uIiUgyyavUYqTndHKGuBBIFgI/pdkX
vf0FY9AlKSI0+nCNAYp1VbhL1Dvc46mVq2LAjXDwL5oNF/PYmampxyeXFi7u85OL
BlZPWVmynu0xn5uuvvx+PQ1IiOlfLpWRnrxM85zEfjIQMkpgIaEHTSGtlLsmVNJx
EyYjPP2TaX2jYRBdGTZAV2ML28LzEmEvoVMnD2q7qiDbgq28u8Nu7BLHRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNpYUXx5DIB4wYDhCPO9ccH7LVKbMB8GA1UdIwQY
MBaAFGTnVTKSr1lUJu4dfckZohBIlHUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk9kVk1wS3ZXVlFtN2gxOXlSbWlFRWlVZFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lNjZhNTctNjVlZi00NjQ0LThmNTAt
YzE0ZmFmNDNiZTE0LzEvMmxoUmZIa01nSGpCZ09FSTg3MXh3ZnN0VXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lNjZhNTctNjVlZi00NjQ0LThmNTAtYzE0ZmFmNDNiZTE0
LzEvWk9kVk1wS3ZXVlFtN2gxOXlSbWlFRWlVZFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBjeL6AwQC
ud8AMA0EAgACMAcDBQMqDSgAMA0GCSqGSIb3DQEBCwUAA4IBAQBwZuGLcCFHTFO7
awdc76xCS+brKpiUGURGiNspHyIvMnS6PEdhUs8njz5mJ5dW/UYCY3sq7fYMh7Hq
4erf3JpaFVSXPCY5Af59iJvPfnbSiik+OUbPrdc/9SSmYgr4VM4au6gGV49Pr/UN
xkzSSLyNl9bfdeZET5hJMzs1UaF5CxCM//1pclyNhWERpsphsWLGd+C55ygbjuI/
WWLfivbRBsm7COjSXUOX/tH75TL9uXHK7bH6Mqq5F+gOiyX4mtt0gz+E1sttw1sF
Eq2d9Z+qewzf5G2Aw6RFTZfxrJuuwPmuKurHbQtyxFTqnKH3J/ZbV06hAIpWDTjJ
jG19Ppdr
-----END CERTIFICATE-----