Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/2mA9oJ3ejOWgdJjYgfXkHnMZSOY.roa
File:                     2mA9oJ3ejOWgdJjYgfXkHnMZSOY.roa (raw, json)
Hash identifier:          rFBnJEg4/3ovWS1Mn/GxMWwNkECurmsywX62nk463FU=
Subject key identifier:   DA:60:3D:A0:9D:DE:8C:E5:A0:74:98:D8:81:F5:E4:1E:73:19:48:E6
Certificate issuer:       /CN=babc1ecc17f660d5bd89e16167b9d5031bf6a0cb
Certificate serial:       0194266B882E37F29F06FE363FD7E2E434B7
Authority key identifier: BA:BC:1E:CC:17:F6:60:D5:BD:89:E1:61:67:B9:D5:03:1B:F6:A0:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/2mA9oJ3ejOWgdJjYgfXkHnMZSOY.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199697
IP address blocks:        193.37.158.0/24 maxlen: 24
                          2a12:6040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:88:2e:37:f2:9f:06:fe:36:3f:d7:e2:e4:34:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=babc1ecc17f660d5bd89e16167b9d5031bf6a0cb
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da603da09dde8ce5a07498d881f5e41e731948e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:78:1f:33:14:97:ff:06:25:de:0c:ae:bb:4e:
                    93:a5:88:b8:3d:b2:9d:88:a7:57:43:ea:5a:ee:32:
                    a5:f1:e5:da:e4:a6:08:f1:33:9a:e1:42:82:9a:7e:
                    78:8e:37:c9:58:5e:76:77:a9:05:b3:96:fa:62:bc:
                    aa:94:a8:d8:3d:77:d1:d7:07:33:e0:72:d5:72:f1:
                    43:19:72:aa:c9:28:95:a4:7c:73:19:be:fe:55:33:
                    30:16:d5:db:4c:b1:50:75:3f:81:19:9d:cb:74:d1:
                    83:0b:f6:1b:ee:b2:c4:55:ec:57:67:66:29:3d:d6:
                    8f:72:5c:77:52:15:7d:0e:bd:09:43:f5:09:24:55:
                    a6:09:62:54:8d:c0:1d:fe:7d:d3:a6:5c:81:6e:2b:
                    1a:a5:d4:4e:66:41:c5:b4:57:6d:83:01:aa:b4:dc:
                    f0:1b:8e:4e:9c:a9:4c:cb:a9:e8:8e:2c:e4:57:35:
                    56:8a:ea:03:1e:f7:54:02:91:19:67:93:05:b0:b1:
                    aa:d4:d4:e2:7a:e5:bc:ad:ce:1b:a1:43:51:f0:90:
                    b1:0f:e4:90:48:49:56:15:cf:e0:37:3e:8a:8c:a4:
                    1a:ef:b5:74:ab:30:73:ba:9f:49:31:07:88:67:fc:
                    21:60:dc:f8:ae:b8:8b:91:0b:9d:41:77:7d:e9:bf:
                    8c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:60:3D:A0:9D:DE:8C:E5:A0:74:98:D8:81:F5:E4:1E:73:19:48:E6
            X509v3 Authority Key Identifier:
                keyid:BA:BC:1E:CC:17:F6:60:D5:BD:89:E1:61:67:B9:D5:03:1B:F6:A0:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/2mA9oJ3ejOWgdJjYgfXkHnMZSOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.158.0/24
                IPv6:
                  2a12:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:65:74:be:0c:8d:79:7b:08:1b:21:d5:df:02:33:18:df:5e:
         24:93:82:37:10:62:ba:db:79:b3:56:c2:f8:4a:9f:20:63:b9:
         0b:3d:e4:89:6e:75:84:78:cf:13:ae:ca:10:ca:0d:5c:56:03:
         d3:d8:a5:c1:84:34:3d:e6:98:6d:1a:35:be:66:1e:65:f2:3b:
         08:19:4d:13:bd:47:75:76:f4:62:96:ee:2a:cf:7a:8f:d8:90:
         bf:9c:cf:94:ef:7a:fe:7c:43:bc:ed:3c:df:be:57:c9:1d:bc:
         b6:8c:0a:5e:03:4c:fa:19:00:25:e8:e4:0f:d4:5f:29:5b:6b:
         13:71:6b:cc:a9:a1:58:6c:a0:6f:44:47:b4:0f:5d:65:5f:0d:
         60:ab:59:fb:3c:df:c1:44:f6:85:0e:22:39:69:5e:6f:c9:01:
         7e:9f:c3:9d:0c:b7:b1:11:e7:ae:de:dc:5b:e6:53:8e:62:b3:
         32:50:7d:b0:5a:7d:53:21:11:7e:aa:bc:e6:00:9c:f6:30:2b:
         d4:0c:32:9f:56:81:9c:bc:62:8a:b7:bb:96:f7:c7:2e:d3:56:
         04:ee:27:fb:56:7f:e5:4c:9f:15:54:c3:4a:0d:4a:a3:db:bd:
         80:c7:b4:e4:14:d4:c1:a5:bd:01:96:8c:47:8e:3b:46:25:64:
         b4:4c:1c:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma4guN/KfBv42P9fi5DS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYmMxZWNjMTdmNjYwZDViZDg5ZTE2MTY3YjlkNTAzMWJm
NmEwY2IwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTYwM2RhMDlkZGU4Y2U1YTA3NDk4ZDg4MWY1ZTQxZTczMTk0OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtngfMxSX/wYl3gyuu06TpYi4PbKd
iKdXQ+pa7jKl8eXa5KYI8TOa4UKCmn54jjfJWF52d6kFs5b6YryqlKjYPXfR1wcz
4HLVcvFDGXKqySiVpHxzGb7+VTMwFtXbTLFQdT+BGZ3LdNGDC/Yb7rLEVexXZ2Yp
PdaPclx3UhV9Dr0JQ/UJJFWmCWJUjcAd/n3TplyBbisapdROZkHFtFdtgwGqtNzw
G45OnKlMy6nojizkVzVWiuoDHvdUApEZZ5MFsLGq1NTieuW8rc4boUNR8JCxD+SQ
SElWFc/gNz6KjKQa77V0qzBzup9JMQeIZ/whYNz4rriLkQudQXd96b+MCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNpgPaCd3ozloHSY2IH15B5zGUjmMB8GA1UdIwQY
MBaAFLq8HswX9mDVvYnhYWe51QMb9qDLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJ3ZXpCZjJZTlc5aWVGaFo3blZBeHYyb01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jZjEwZGItNzU4Mi00NTUzLWJmMWIt
MTc5MTE1OTRhZTUxLzEvMm1BOW9KM2VqT1dnZEpqWWdmWGtIbk1aU09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jZjEwZGItNzU4Mi00NTUzLWJmMWItMTc5MTE1OTRhZTUx
LzEvdXJ3ZXpCZjJZTlc5aWVGaFo3blZBeHYyb01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSWeMA0E
AgACMAcDBQMqEmBAMA0GCSqGSIb3DQEBCwUAA4IBAQBcZXS+DI15ewgbIdXfAjMY
314kk4I3EGK623mzVsL4Sp8gY7kLPeSJbnWEeM8TrsoQyg1cVgPT2KXBhDQ95pht
GjW+Zh5l8jsIGU0TvUd1dvRilu4qz3qP2JC/nM+U73r+fEO87TzfvlfJHby2jApe
A0z6GQAl6OQP1F8pW2sTcWvMqaFYbKBvREe0D11lXw1gq1n7PN/BRPaFDiI5aV5v
yQF+n8OdDLexEeeu3txb5lOOYrMyUH2wWn1TIRF+qrzmAJz2MCvUDDKfVoGcvGKK
t7uW98cu01YE7if7Vn/lTJ8VVMNKDUqj272Ax7TkFNTBpb0BloxHjjtGJWS0TBxB
-----END CERTIFICATE-----