Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/2Q0kx85pwBzfIMwLp9ldarIpih0.roa
File:                     2Q0kx85pwBzfIMwLp9ldarIpih0.roa (raw, json)
Hash identifier:          D6p/IFbJlNokn2XAUVSHhwdlOMDmGJADmbqv1d/nsjg=
Subject key identifier:   D9:0D:24:C7:CE:69:C0:1C:DF:20:CC:0B:A7:D9:5D:6A:B2:29:8A:1D
Certificate issuer:       /CN=a91fe2672c8f1c12b27ada0fccbaa7c212cbd71c
Certificate serial:       0194266B6E0210D3B0C5610FC05AA5BEEED3
Authority key identifier: A9:1F:E2:67:2C:8F:1C:12:B2:7A:DA:0F:CC:BA:A7:C2:12:CB:D7:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/2Q0kx85pwBzfIMwLp9ldarIpih0.roa
Signing time:             Thu 02 Jan 2025 09:49:22 +0000
ROA not before:           Thu 02 Jan 2025 09:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50133
IP address blocks:        109.71.128.0/21 maxlen: 24
                          185.182.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:6e:02:10:d3:b0:c5:61:0f:c0:5a:a5:be:ee:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a91fe2672c8f1c12b27ada0fccbaa7c212cbd71c
        Validity
            Not Before: Jan  2 09:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d90d24c7ce69c01cdf20cc0ba7d95d6ab2298a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cf:51:ef:aa:fc:56:f8:7f:9a:63:45:18:99:
                    f9:c2:41:7e:7a:40:47:34:ab:ec:95:0a:e4:f5:50:
                    e3:26:87:5b:66:d3:62:1f:59:3a:7c:af:5c:3c:a5:
                    e3:8c:32:ce:ba:d5:1c:b5:48:d4:54:2e:82:aa:69:
                    d7:13:d5:35:65:25:e9:9c:21:12:bf:7c:e4:34:66:
                    aa:ac:19:95:37:b5:18:65:cb:12:21:f0:cf:10:e6:
                    36:22:02:28:24:ff:9f:fa:ab:6d:a1:0c:39:8b:47:
                    c0:96:9f:b9:ba:86:f1:77:cc:6d:96:07:49:9d:3b:
                    13:2f:f6:c1:90:20:05:87:cc:ea:97:fc:14:05:16:
                    db:d1:53:88:fc:26:a8:63:61:c9:f0:67:f2:26:ff:
                    84:02:c4:ab:73:95:a1:6c:28:78:12:51:d0:6d:e6:
                    22:54:41:74:40:f1:cb:61:2e:24:01:34:80:c9:df:
                    c1:31:92:b7:4e:1b:ab:36:25:1c:9a:90:73:a9:4d:
                    65:71:9e:ee:2d:d1:a2:bd:a8:8c:87:1a:4b:da:d6:
                    fa:28:4c:b3:33:73:bb:2c:75:80:6f:53:31:98:52:
                    31:89:27:d9:2e:07:c8:e2:c5:f7:4c:81:6a:a6:6c:
                    15:ee:3e:b1:78:4b:ac:17:81:79:74:d0:b0:dd:ce:
                    ff:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:0D:24:C7:CE:69:C0:1C:DF:20:CC:0B:A7:D9:5D:6A:B2:29:8A:1D
            X509v3 Authority Key Identifier:
                keyid:A9:1F:E2:67:2C:8F:1C:12:B2:7A:DA:0F:CC:BA:A7:C2:12:CB:D7:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qR_iZyyPHBKyetoPzLqnwhLL1xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/2Q0kx85pwBzfIMwLp9ldarIpih0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6c06c9-3f46-4658-ae89-9bf226402fd4/1/qR_iZyyPHBKyetoPzLqnwhLL1xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.128.0/21
                  185.182.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:2d:03:f2:65:34:b6:b3:2e:88:ee:c7:2f:db:cc:8c:9a:98:
         00:ce:4f:4e:0a:da:c8:0f:e5:9a:d0:ef:13:63:f9:23:08:69:
         33:d7:6e:21:92:37:2f:e5:63:78:dd:2d:3e:47:cd:e9:fe:c4:
         7f:16:8d:02:fa:8f:00:72:87:59:20:ff:8c:38:43:21:25:9b:
         0f:d2:92:49:b5:13:ef:b9:c7:3d:a4:20:40:70:d0:00:94:0b:
         16:37:8a:d5:c5:b8:d2:49:e8:90:a5:17:7a:06:e1:64:e7:8a:
         f5:ce:a9:db:f0:10:cf:1b:b4:38:24:ba:9d:60:86:d6:97:99:
         a8:ad:54:46:ba:14:36:b1:d1:2e:7d:b7:96:16:19:6e:b0:ff:
         80:3f:80:33:bd:16:d0:0e:5d:0b:c3:2e:01:cb:06:8d:5b:83:
         ba:af:4a:f6:79:4d:01:9c:f2:a9:3c:18:83:b3:49:ea:05:fb:
         9f:45:06:73:fd:b7:92:e4:1b:1a:9d:ed:d5:21:59:66:d0:8a:
         91:45:af:57:57:0d:b1:58:4a:cf:15:1f:a6:b5:22:eb:89:fc:
         b4:10:a3:b8:0d:c3:50:31:1a:3b:64:25:d8:b3:8d:ef:50:f6:
         16:0c:e7:cc:0f:bf:64:bf:84:24:6d:3c:b2:62:31:36:7e:19:
         00:ef:be:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma24CENOwxWEPwFqlvu7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MWZlMjY3MmM4ZjFjMTJiMjdhZGEwZmNjYmFhN2MyMTJj
YmQ3MWMwHhcNMjUwMTAyMDk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTBkMjRjN2NlNjljMDFjZGYyMGNjMGJhN2Q5NWQ2YWIyMjk4YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc9R76r8Vvh/mmNFGJn5wkF+ekBH
NKvslQrk9VDjJodbZtNiH1k6fK9cPKXjjDLOutUctUjUVC6CqmnXE9U1ZSXpnCES
v3zkNGaqrBmVN7UYZcsSIfDPEOY2IgIoJP+f+qttoQw5i0fAlp+5uobxd8xtlgdJ
nTsTL/bBkCAFh8zql/wUBRbb0VOI/CaoY2HJ8GfyJv+EAsSrc5WhbCh4ElHQbeYi
VEF0QPHLYS4kATSAyd/BMZK3ThurNiUcmpBzqU1lcZ7uLdGivaiMhxpL2tb6KEyz
M3O7LHWAb1MxmFIxiSfZLgfI4sX3TIFqpmwV7j6xeEusF4F5dNCw3c7/jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkNJMfOacAc3yDMC6fZXWqyKYodMB8GA1UdIwQY
MBaAFKkf4mcsjxwSsnraD8y6p8ISy9ccMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVJfaVp5eVBIQkt5ZXRvUHpMcW53aExMMXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82YzA2YzktM2Y0Ni00NjU4LWFlODkt
OWJmMjI2NDAyZmQ0LzEvMlEwa3g4NXB3QnpmSU13THA5bGRhcklwaWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82YzA2YzktM2Y0Ni00NjU4LWFlODktOWJmMjI2NDAyZmQ0
LzEvcVJfaVp5eVBIQkt5ZXRvUHpMcW53aExMMXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUeAAwQC
ubYoMA0GCSqGSIb3DQEBCwUAA4IBAQB7LQPyZTS2sy6I7scv28yMmpgAzk9OCtrI
D+Wa0O8TY/kjCGkz124hkjcv5WN43S0+R83p/sR/Fo0C+o8AcodZIP+MOEMhJZsP
0pJJtRPvucc9pCBAcNAAlAsWN4rVxbjSSeiQpRd6BuFk54r1zqnb8BDPG7Q4JLqd
YIbWl5morVRGuhQ2sdEufbeWFhlusP+AP4AzvRbQDl0Lwy4BywaNW4O6r0r2eU0B
nPKpPBiDs0nqBfufRQZz/beS5Bsane3VIVlm0IqRRa9XVw2xWErPFR+mtSLrify0
EKO4DcNQMRo7ZCXYs43vUPYWDOfMD79kv4QkbTyyYjE2fhkA777P
-----END CERTIFICATE-----