Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/2WXmLCsyw8fMc90USjqmpJq_P0k.roa
File:                     2WXmLCsyw8fMc90USjqmpJq_P0k.roa (raw, json)
Hash identifier:          X6trTAm4sd1BCoRMyM8T/lu1+HYVfbsSp9+0QPBx8Ps=
Subject key identifier:   D9:65:E6:2C:2B:32:C3:C7:CC:73:DD:14:4A:3A:A6:A4:9A:BF:3F:49
Certificate issuer:       /CN=0a2d71c0d145ef27804710927b943c67e50ae7ab
Certificate serial:       01941FFA458352DC077102CAFD06ED43DA08
Authority key identifier: 0A:2D:71:C0:D1:45:EF:27:80:47:10:92:7B:94:3C:67:E5:0A:E7:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/2WXmLCsyw8fMc90USjqmpJq_P0k.roa
Signing time:             Wed 01 Jan 2025 03:48:03 +0000
ROA not before:           Wed 01 Jan 2025 03:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57609
IP address blocks:        193.222.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:45:83:52:dc:07:71:02:ca:fd:06:ed:43:da:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a2d71c0d145ef27804710927b943c67e50ae7ab
        Validity
            Not Before: Jan  1 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d965e62c2b32c3c7cc73dd144a3aa6a49abf3f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:69:e1:3e:71:fd:ed:27:ee:ae:ff:09:74:9e:
                    c4:4d:9f:e0:01:4b:69:1f:54:a9:8a:36:3d:c5:e2:
                    6d:e2:2c:0c:54:3f:7b:04:b7:f2:aa:e4:09:e4:32:
                    a0:e8:6b:d5:1c:96:be:2a:64:fd:7f:88:cd:f4:40:
                    86:e6:2b:9a:f6:62:55:ed:06:ea:62:7f:5c:0a:26:
                    6d:89:9f:59:4d:63:9b:c5:cf:f0:c8:b0:ed:8a:e3:
                    5b:7f:5d:2c:be:b1:34:bb:d7:54:f0:20:cc:93:e6:
                    d2:50:0b:d4:e8:0c:d3:a2:79:ca:bb:5f:ea:37:54:
                    20:9f:ae:6a:19:d3:ad:d1:4a:ff:21:a2:5b:7a:ce:
                    29:3f:d0:7d:4a:1e:b0:2e:af:60:f0:7e:0c:be:d8:
                    c2:85:7b:f7:63:a3:3c:3d:83:fb:4a:c7:cb:91:63:
                    cf:22:c6:44:11:d6:c1:38:4c:27:a0:91:5d:cf:f4:
                    3c:17:ca:81:de:b4:b2:f7:91:ef:f8:01:36:5f:4a:
                    90:f5:46:75:5e:75:93:a5:c5:82:19:35:26:45:fd:
                    39:b7:fa:23:ef:e3:dd:99:b6:64:3a:83:c9:82:9d:
                    8a:4e:7f:2e:d0:b9:45:de:02:91:d1:be:bd:d6:08:
                    57:fb:16:7e:25:86:c6:f2:e1:6a:16:3c:0b:20:53:
                    87:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:65:E6:2C:2B:32:C3:C7:CC:73:DD:14:4A:3A:A6:A4:9A:BF:3F:49
            X509v3 Authority Key Identifier:
                keyid:0A:2D:71:C0:D1:45:EF:27:80:47:10:92:7B:94:3C:67:E5:0A:E7:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/2WXmLCsyw8fMc90USjqmpJq_P0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b910f-dcc1-41db-96cd-092e89d59fa8/1/Ci1xwNFF7yeARxCSe5Q8Z-UK56s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f4:a4:4c:9a:61:2e:f0:94:79:4b:e9:98:d4:b1:e6:41:55:
         34:8e:53:25:cd:bd:20:03:7d:9f:aa:29:59:7c:99:db:db:58:
         65:c0:05:f9:20:43:6e:61:4f:d2:6b:7a:96:5a:10:c8:c6:e1:
         29:00:91:30:04:94:a9:3f:66:a9:2e:f7:33:2c:6c:ec:bb:73:
         30:03:4c:11:aa:5f:f7:c7:61:c0:8e:a8:af:22:79:d1:ce:d4:
         63:4d:fb:e0:10:e4:ea:4b:82:fb:73:41:e7:76:85:70:58:b7:
         50:8e:f6:1e:88:28:8a:41:4e:f9:54:4a:c0:06:80:71:59:4b:
         3e:06:d2:c9:fd:77:3a:45:d1:76:c8:88:fa:36:a0:06:05:e8:
         e4:5b:8d:a4:54:71:10:48:e1:cb:fd:cd:c7:27:17:f7:36:87:
         a0:1f:45:6d:4a:e2:7e:c3:bf:99:08:d1:1d:3a:69:bd:2f:7d:
         eb:65:8a:e0:ad:b5:c7:6f:53:95:7a:57:37:9e:f0:56:3e:fb:
         36:43:16:40:64:bb:0f:53:e4:d1:53:7d:09:d6:f2:45:3a:26:
         32:d9:a7:fe:e4:6d:98:e3:38:25:ef:e5:1b:97:45:ba:08:bc:
         28:a7:e6:36:75:3c:42:a9:42:0a:cf:20:2a:a7:0b:ba:4d:a3:
         b4:ae:03:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kWDUtwHcQLK/QbtQ9oIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMmQ3MWMwZDE0NWVmMjc4MDQ3MTA5MjdiOTQzYzY3ZTUw
YWU3YWIwHhcNMjUwMTAxMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY1ZTYyYzJiMzJjM2M3Y2M3M2RkMTQ0YTNhYTZhNDlhYmYzZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmnhPnH97Sfurv8JdJ7ETZ/gAUtp
H1SpijY9xeJt4iwMVD97BLfyquQJ5DKg6GvVHJa+KmT9f4jN9ECG5iua9mJV7Qbq
Yn9cCiZtiZ9ZTWObxc/wyLDtiuNbf10svrE0u9dU8CDMk+bSUAvU6AzTonnKu1/q
N1Qgn65qGdOt0Ur/IaJbes4pP9B9Sh6wLq9g8H4MvtjChXv3Y6M8PYP7SsfLkWPP
IsZEEdbBOEwnoJFdz/Q8F8qB3rSy95Hv+AE2X0qQ9UZ1XnWTpcWCGTUmRf05t/oj
7+PdmbZkOoPJgp2KTn8u0LlF3gKR0b691ghX+xZ+JYbG8uFqFjwLIFOHTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNll5iwrMsPHzHPdFEo6pqSavz9JMB8GA1UdIwQY
MBaAFAotccDRRe8ngEcQknuUPGflCuerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2kxeHdORkY3eWVBUnhDU2U1UThaLVVLNTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjkxMGYtZGNjMS00MWRiLTk2Y2Qt
MDkyZTg5ZDU5ZmE4LzEvMldYbUxDc3l3OGZNYzkwVVNqcW1wSnFfUDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjkxMGYtZGNjMS00MWRiLTk2Y2QtMDkyZTg5ZDU5ZmE4
LzEvQ2kxeHdORkY3eWVBUnhDU2U1UThaLVVLNTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd46MA0G
CSqGSIb3DQEBCwUAA4IBAQCR9KRMmmEu8JR5S+mY1LHmQVU0jlMlzb0gA32fqilZ
fJnb21hlwAX5IENuYU/Sa3qWWhDIxuEpAJEwBJSpP2apLvczLGzsu3MwA0wRql/3
x2HAjqivInnRztRjTfvgEOTqS4L7c0HndoVwWLdQjvYeiCiKQU75VErABoBxWUs+
BtLJ/Xc6RdF2yIj6NqAGBejkW42kVHEQSOHL/c3HJxf3NoegH0VtSuJ+w7+ZCNEd
Omm9L33rZYrgrbXHb1OVelc3nvBWPvs2QxZAZLsPU+TRU30J1vJFOiYy2af+5G2Y
4zgl7+Ubl0W6CLwop+Y2dTxCqUIKzyAqpwu6TaO0rgNf
-----END CERTIFICATE-----