Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/2-vgpJwDsEY_VoNu8cnFA12khB8.roa
File:                     2-vgpJwDsEY_VoNu8cnFA12khB8.roa (raw, json)
Hash identifier:          iUnRP/l7HzWTkjMJX+R7OEZ9+tX6NbtdM3UPohuBzqw=
Subject key identifier:   DB:EB:E0:A4:9C:03:B0:46:3F:56:83:6E:F1:C9:C5:03:5D:A4:84:1F
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       0194F9E6D84847642D044A50ED76053D6386
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/2-vgpJwDsEY_VoNu8cnFA12khB8.roa
Signing time:             Wed 12 Feb 2025 11:24:02 +0000
ROA not before:           Wed 12 Feb 2025 11:24:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213550
IP address blocks:        45.152.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 19:14:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f9:e6:d8:48:47:64:2d:04:4a:50:ed:76:05:3d:63:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Feb 12 11:24:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbebe0a49c03b0463f56836ef1c9c5035da4841f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:85:fd:ba:27:2e:98:e3:ee:43:de:b3:e5:2e:
                    ed:05:64:86:96:f8:c3:6a:31:7a:b9:54:81:04:39:
                    c6:a2:27:22:56:08:56:83:61:ba:c3:cf:2e:1b:45:
                    cd:b2:72:6c:f2:87:9a:69:e7:8c:26:e7:b6:27:e3:
                    e6:85:65:79:a1:33:25:e1:fa:c4:1f:37:e5:d4:75:
                    b8:4b:48:56:d8:ed:82:4e:ed:a5:c1:f9:ca:47:6f:
                    69:7b:4e:5c:a7:6f:18:75:c6:05:80:65:5e:21:df:
                    c6:9d:76:b9:08:35:a8:5f:c5:88:0d:77:57:13:31:
                    75:86:f4:fd:cf:ab:78:fd:db:ad:eb:e8:39:e3:25:
                    54:c7:58:93:5c:a3:d3:a8:c1:7f:f0:fe:aa:f2:d6:
                    30:fb:ca:4c:de:62:48:7d:0d:8b:55:13:1b:68:28:
                    9f:6f:12:d8:47:48:6e:8e:db:67:af:f6:86:b2:e5:
                    70:25:73:64:96:31:0f:d7:1c:97:c0:73:9d:63:2f:
                    ff:18:da:23:30:3c:44:31:c0:99:c1:04:d6:19:91:
                    df:2c:e1:85:93:ee:b9:64:c2:25:69:5e:05:e5:50:
                    7d:04:e5:11:38:e0:9b:02:41:b2:d6:48:73:56:80:
                    3d:91:85:fb:15:14:0f:c4:14:96:44:b0:54:3c:41:
                    62:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:EB:E0:A4:9C:03:B0:46:3F:56:83:6E:F1:C9:C5:03:5D:A4:84:1F
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/2-vgpJwDsEY_VoNu8cnFA12khB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:02:fe:99:4c:f6:c3:a9:da:56:33:db:92:8a:1f:74:71:41:
         e1:78:f4:cb:e0:e5:1a:46:25:8b:77:0b:36:b7:4c:87:85:d8:
         94:cb:eb:22:d0:c6:c5:45:94:7c:8c:a1:7c:d4:a7:8b:bf:d2:
         f1:1b:18:11:0c:8f:b1:71:e9:a2:30:3e:16:44:47:b0:50:91:
         54:aa:71:38:9f:a9:6d:f6:36:3a:4e:93:b5:cb:5c:f9:e0:34:
         c3:d8:ba:1e:e8:21:ff:4c:3f:53:c5:f7:b4:20:16:32:3d:25:
         67:54:d3:72:45:89:89:2e:96:7f:b1:ae:85:17:89:0b:44:dd:
         e9:a5:a6:c9:8f:eb:c2:2e:b7:ed:f7:98:fb:fd:12:90:e7:30:
         31:41:74:a3:57:47:31:49:22:61:4d:31:31:6a:46:d1:78:81:
         29:27:ca:fa:af:f7:ec:0a:2c:4d:c5:6b:8b:04:78:51:3b:3c:
         84:fd:3a:d0:2d:1d:78:94:e1:13:6a:65:58:3a:09:7d:40:58:
         b6:5d:ef:b1:f2:ab:c2:ae:05:8e:3c:68:59:68:3e:4b:ed:57:
         8e:8c:9c:e9:1b:a8:5b:4f:56:57:3c:45:3b:4d:61:c3:66:9e:
         37:b0:da:56:1b:af:4d:95:a5:d5:e8:aa:84:65:18:34:1e:ae:
         d8:9d:41:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT55thIR2QtBEpQ7XYFPWOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjUwMjEyMTEyNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmViZTBhNDljMDNiMDQ2M2Y1NjgzNmVmMWM5YzUwMzVkYTQ4NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4X9uicumOPuQ96z5S7tBWSGlvjD
ajF6uVSBBDnGoiciVghWg2G6w88uG0XNsnJs8oeaaeeMJue2J+PmhWV5oTMl4frE
Hzfl1HW4S0hW2O2CTu2lwfnKR29pe05cp28YdcYFgGVeId/GnXa5CDWoX8WIDXdX
EzF1hvT9z6t4/dut6+g54yVUx1iTXKPTqMF/8P6q8tYw+8pM3mJIfQ2LVRMbaCif
bxLYR0hujttnr/aGsuVwJXNkljEP1xyXwHOdYy//GNojMDxEMcCZwQTWGZHfLOGF
k+65ZMIlaV4F5VB9BOUROOCbAkGy1khzVoA9kYX7FRQPxBSWRLBUPEFiAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvr4KScA7BGP1aDbvHJxQNdpIQfMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvMi12Z3BKd0RzRVlfVm9OdThjbkZBMTJraEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZhEMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Av6ZTPbDqdpWM9uSih90cUHhePTL4OUaRiWLdws2
t0yHhdiUy+si0MbFRZR8jKF81KeLv9LxGxgRDI+xcemiMD4WREewUJFUqnE4n6lt
9jY6TpO1y1z54DTD2Loe6CH/TD9Txfe0IBYyPSVnVNNyRYmJLpZ/sa6FF4kLRN3p
pabJj+vCLrft95j7/RKQ5zAxQXSjV0cxSSJhTTExakbReIEpJ8r6r/fsCixNxWuL
BHhROzyE/TrQLR14lOETamVYOgl9QFi2Xe+x8qvCrgWOPGhZaD5L7VeOjJzpG6hb
T1ZXPEU7TWHDZp43sNpWG69NlaXV6KqEZRg0Hq7YnUF9
-----END CERTIFICATE-----