Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/2CIwVa2guH9I9mE05PyNSk_zLJw.roa
File:                     2CIwVa2guH9I9mE05PyNSk_zLJw.roa (raw, json)
Hash identifier:          6WMXH3mPe6YH5cQJoRqeEOdgwx8H7f+4sGKrej+Vxnc=
Subject key identifier:   D8:22:30:55:AD:A0:B8:7F:48:F6:61:34:E4:FC:8D:4A:4F:F3:2C:9C
Certificate issuer:       /CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
Certificate serial:       019423D6D76642FEC820318E8CFF859BBC89
Authority key identifier: 07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/2CIwVa2guH9I9mE05PyNSk_zLJw.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48325
IP address blocks:        185.126.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d7:66:42:fe:c8:20:31:8e:8c:ff:85:9b:bc:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8223055ada0b87f48f66134e4fc8d4a4ff32c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:fc:83:44:a1:c4:df:d9:8f:c7:64:7b:30:
                    92:8e:7b:51:d9:b8:f4:fd:77:bf:44:ef:e6:c2:a6:
                    76:2c:b8:90:20:59:09:64:d2:8c:9d:87:21:cc:a9:
                    c2:90:d4:45:01:49:f0:6f:f9:35:9b:3c:7a:fb:64:
                    84:66:b8:41:de:4b:0d:e2:e4:44:c6:9b:35:f5:27:
                    23:67:c9:9a:ce:1a:4a:f8:f5:f5:51:b6:e0:35:4e:
                    36:14:a4:b0:1b:d2:99:51:5e:c1:79:7c:a3:7b:b2:
                    10:04:76:af:a9:35:d0:5b:c7:bf:92:76:1b:87:24:
                    d4:e2:2e:07:69:bc:e9:4b:9a:7a:0e:f0:45:b8:f6:
                    95:4a:7e:97:69:c0:ba:7a:75:b5:ee:8d:f8:ae:05:
                    85:e8:b8:32:5d:4c:76:d9:a9:9c:e1:6a:7b:48:6a:
                    af:da:e4:97:83:1f:08:14:61:75:1a:7b:f9:aa:d4:
                    94:96:34:76:cc:22:78:24:6a:0e:7b:26:2d:f4:8d:
                    ac:7a:d8:ee:8b:70:be:a2:c1:fc:ad:34:71:3b:d3:
                    40:ae:52:06:3c:2b:49:f6:46:2f:b0:1f:52:70:af:
                    60:b2:2b:d2:d6:f2:be:44:69:aa:24:b5:6f:0d:6d:
                    34:fe:0b:65:83:80:b4:b6:63:2e:83:17:d3:97:84:
                    2e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:22:30:55:AD:A0:B8:7F:48:F6:61:34:E4:FC:8D:4A:4F:F3:2C:9C
            X509v3 Authority Key Identifier:
                keyid:07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/2CIwVa2guH9I9mE05PyNSk_zLJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:3a:dd:ba:9f:fb:06:e4:50:dc:2c:12:32:ed:13:39:6c:b9:
         fd:40:b5:4d:78:2e:d7:eb:e7:4a:a1:18:6b:98:1a:09:11:dd:
         c5:1c:a3:38:5b:ca:90:28:4b:f7:f9:7e:b9:17:fd:f7:b8:a9:
         7a:b8:13:01:61:55:a3:68:34:de:46:fe:8c:54:33:31:49:10:
         d5:fd:64:fb:5a:80:b8:c5:c8:89:76:43:7a:9f:96:a9:b5:eb:
         e4:f0:d4:58:4d:32:82:12:85:23:db:d2:eb:89:4d:b0:5b:26:
         03:52:0d:07:42:9f:7a:66:b2:82:33:ea:65:98:5c:be:87:aa:
         c5:66:56:b1:25:74:0d:b5:7f:fe:ad:ac:9e:f6:35:e4:d0:24:
         e0:70:01:99:9c:c7:0c:a3:c1:ed:1a:cc:71:23:75:05:74:01:
         85:ff:ce:66:a5:5c:88:fe:7c:0c:85:31:bf:8d:0e:78:c8:5f:
         d8:b5:b2:a4:fc:ee:93:6c:58:a7:0f:9d:5c:09:08:3a:2f:b8:
         b9:8c:9c:2b:8f:82:97:b3:92:10:81:4c:5b:66:93:74:a5:c5:
         02:74:ed:43:51:6c:28:35:5a:f2:f3:b7:52:18:1f:5f:23:2f:
         7e:dc:0a:6b:ab:3b:50:93:0e:25:ec:0f:c6:89:f4:b8:fd:f2:
         65:71:8a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1tdmQv7IIDGOjP+Fm7yJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NDdhMzZkNzc2OGE3YjMwYTRlZWNiYjY5NjRjOGMyMzdk
NzQ0MDEwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODIyMzA1NWFkYTBiODdmNDhmNjYxMzRlNGZjOGQ0YTRmZjMyYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1r8g0ShxN/Zj8dkezCSjntR2bj0
/Xe/RO/mwqZ2LLiQIFkJZNKMnYchzKnCkNRFAUnwb/k1mzx6+2SEZrhB3ksN4uRE
xps19ScjZ8mazhpK+PX1UbbgNU42FKSwG9KZUV7BeXyje7IQBHavqTXQW8e/knYb
hyTU4i4HabzpS5p6DvBFuPaVSn6XacC6enW17o34rgWF6LgyXUx22amc4Wp7SGqv
2uSXgx8IFGF1Gnv5qtSUljR2zCJ4JGoOeyYt9I2setjui3C+osH8rTRxO9NArlIG
PCtJ9kYvsB9ScK9gsivS1vK+RGmqJLVvDW00/gtlg4C0tmMugxfTl4QuTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgiMFWtoLh/SPZhNOT8jUpP8yycMB8GA1UdIwQY
MBaAFAdHo213aKezCk7su2lkyMI310QBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEt
YWFiYWRkMDcxOWJhLzEvMkNJd1ZhMmd1SDlJOW1FMDVQeU5Ta196TEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEtYWFiYWRkMDcxOWJh
LzEvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX6tMA0G
CSqGSIb3DQEBCwUAA4IBAQBTOt26n/sG5FDcLBIy7RM5bLn9QLVNeC7X6+dKoRhr
mBoJEd3FHKM4W8qQKEv3+X65F/33uKl6uBMBYVWjaDTeRv6MVDMxSRDV/WT7WoC4
xciJdkN6n5aptevk8NRYTTKCEoUj29LriU2wWyYDUg0HQp96ZrKCM+plmFy+h6rF
ZlaxJXQNtX/+raye9jXk0CTgcAGZnMcMo8HtGsxxI3UFdAGF/85mpVyI/nwMhTG/
jQ54yF/YtbKk/O6TbFinD51cCQg6L7i5jJwrj4KXs5IQgUxbZpN0pcUCdO1DUWwo
NVry87dSGB9fIy9+3AprqztQkw4l7A/GifS4/fJlcYpS
-----END CERTIFICATE-----