Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/2Gebd9LuUSgIFGazk2B8jeGpGzM.roa
File:                     2Gebd9LuUSgIFGazk2B8jeGpGzM.roa (raw, json)
Hash identifier:          lhcVXwCnPTOWkOSNYveyHZ5XywyRvkxiUOosibMUqpo=
Subject key identifier:   D8:67:9B:77:D2:EE:51:28:08:14:66:B3:93:60:7C:8D:E1:A9:1B:33
Certificate issuer:       /CN=78167dd9603b9fb7af501559cb3737d47a2d5437
Certificate serial:       019421B221C7E849F29A5CACDBD945F4DA73
Authority key identifier: 78:16:7D:D9:60:3B:9F:B7:AF:50:15:59:CB:37:37:D4:7A:2D:54:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eBZ92WA7n7evUBVZyzc31HotVDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/2Gebd9LuUSgIFGazk2B8jeGpGzM.roa
Signing time:             Wed 01 Jan 2025 11:48:29 +0000
ROA not before:           Wed 01 Jan 2025 11:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9044
IP address blocks:        185.110.100.0/22 maxlen: 22
                          2a01:bf00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/eBZ92WA7n7evUBVZyzc31HotVDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/eBZ92WA7n7evUBVZyzc31HotVDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eBZ92WA7n7evUBVZyzc31HotVDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:21:c7:e8:49:f2:9a:5c:ac:db:d9:45:f4:da:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78167dd9603b9fb7af501559cb3737d47a2d5437
        Validity
            Not Before: Jan  1 11:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8679b77d2ee5128081466b393607c8de1a91b33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ea:36:c3:96:e6:89:bf:da:b0:b5:b7:6a:03:
                    4a:83:0c:ff:c4:14:2c:ca:3b:47:bc:72:92:40:f6:
                    82:a7:d1:4d:a0:f1:e7:32:87:ad:8b:2d:a1:f8:a6:
                    7a:50:15:1c:62:3f:27:c8:2c:90:dd:b4:5f:dd:1c:
                    cd:ef:d9:66:c5:fa:0c:aa:3a:1c:74:17:d5:ad:90:
                    3f:41:a8:af:bc:8b:1b:8c:94:d7:d2:ef:ef:13:c1:
                    eb:24:ab:29:34:06:66:1e:fa:ab:b9:d2:61:a4:4d:
                    12:a4:06:34:a7:2a:44:6f:6c:70:59:2b:82:0d:2a:
                    a8:26:e5:ad:6a:49:d3:31:7d:fc:20:52:25:68:13:
                    31:f6:d8:ce:13:1f:17:77:3d:78:76:02:52:89:66:
                    c3:74:08:ae:29:a3:88:18:24:0b:d4:e6:bc:31:06:
                    6b:3f:ac:9d:2e:73:78:2f:89:82:f5:97:4c:df:4d:
                    67:72:3d:e5:f5:ec:3c:b2:7b:e5:2d:1a:f2:6f:21:
                    17:d0:46:18:d2:b4:a0:0f:b0:7e:f4:72:c7:10:33:
                    6e:9d:ef:3d:0c:4c:34:e3:3c:fd:ad:66:00:e2:1b:
                    dd:bb:b9:5f:c2:9c:70:ef:85:40:8e:76:14:94:c1:
                    66:5f:49:c7:79:6d:28:68:36:d2:61:0e:29:d6:cc:
                    4b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:67:9B:77:D2:EE:51:28:08:14:66:B3:93:60:7C:8D:E1:A9:1B:33
            X509v3 Authority Key Identifier:
                keyid:78:16:7D:D9:60:3B:9F:B7:AF:50:15:59:CB:37:37:D4:7A:2D:54:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eBZ92WA7n7evUBVZyzc31HotVDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/2Gebd9LuUSgIFGazk2B8jeGpGzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/30f69c-410e-46d4-b6db-ff8658e1356c/1/eBZ92WA7n7evUBVZyzc31HotVDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.100.0/22
                IPv6:
                  2a01:bf00::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:3f:c2:62:ae:e7:6c:8c:5a:c1:fd:cb:61:34:fe:0f:5f:0f:
         40:ab:17:38:da:fd:57:4c:f6:61:71:4f:05:dd:34:72:d4:b5:
         d6:34:23:9e:e1:1d:f6:5f:4d:d8:25:56:bb:2d:27:6e:2c:d3:
         a3:63:61:bc:37:75:15:25:80:fd:58:7d:ce:57:d9:53:1d:74:
         c1:23:1b:b4:6f:6d:bf:d1:b4:83:f8:a8:9d:86:0a:a1:ac:49:
         59:31:65:0f:9e:22:ce:cd:96:56:1a:38:88:0c:c2:86:f2:04:
         6a:f6:c9:da:20:b3:6b:b5:51:a8:21:59:e9:8f:24:14:ec:d7:
         fb:2d:4e:21:5d:df:68:19:dc:42:e7:bd:8d:90:cc:b1:11:84:
         01:04:74:7c:f0:0d:ad:92:51:4a:d8:44:c5:7f:3e:86:22:d0:
         2e:64:74:be:a2:a8:1d:3b:d0:ea:2a:1e:2a:8b:ff:81:f6:fa:
         8d:4f:3f:9a:51:52:e8:14:cd:4c:08:c6:d7:96:47:da:88:e0:
         eb:69:80:89:ef:3d:99:fe:69:56:ce:fd:ff:3e:5d:83:14:8d:
         ec:07:a5:b1:54:eb:d4:3f:d7:20:99:2c:c0:d4:7e:98:2e:cc:
         04:17:ae:cd:e2:a4:bf:4c:f9:84:ac:fc:6a:7b:25:f5:3d:0e:
         88:6c:49:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsiHH6Enymlys29lF9NpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MTY3ZGQ5NjAzYjlmYjdhZjUwMTU1OWNiMzczN2Q0N2Ey
ZDU0MzcwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY3OWI3N2QyZWU1MTI4MDgxNDY2YjM5MzYwN2M4ZGUxYTkxYjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuo2w5bmib/asLW3agNKgwz/xBQs
yjtHvHKSQPaCp9FNoPHnMoetiy2h+KZ6UBUcYj8nyCyQ3bRf3RzN79lmxfoMqjoc
dBfVrZA/QaivvIsbjJTX0u/vE8HrJKspNAZmHvqrudJhpE0SpAY0pypEb2xwWSuC
DSqoJuWtaknTMX38IFIlaBMx9tjOEx8Xdz14dgJSiWbDdAiuKaOIGCQL1Oa8MQZr
P6ydLnN4L4mC9ZdM301ncj3l9ew8snvlLRrybyEX0EYY0rSgD7B+9HLHEDNune89
DEw04zz9rWYA4hvdu7lfwpxw74VAjnYUlMFmX0nHeW0oaDbSYQ4p1sxLWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNhnm3fS7lEoCBRms5NgfI3hqRszMB8GA1UdIwQY
MBaAFHgWfdlgO5+3r1AVWcs3N9R6LVQ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUJaOTJXQTduN2V2VUJWWnl6YzMxSG90VkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zMGY2OWMtNDEwZS00NmQ0LWI2ZGIt
ZmY4NjU4ZTEzNTZjLzEvMkdlYmQ5THVVU2dJRkdhemsyQjhqZUdwR3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zMGY2OWMtNDEwZS00NmQ0LWI2ZGItZmY4NjU4ZTEzNTZj
LzEvZUJaOTJXQTduN2V2VUJWWnl6YzMxSG90VkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW5kMA0E
AgACMAcDBQAqAb8AMA0GCSqGSIb3DQEBCwUAA4IBAQDBP8JirudsjFrB/cthNP4P
Xw9Aqxc42v1XTPZhcU8F3TRy1LXWNCOe4R32X03YJVa7LSduLNOjY2G8N3UVJYD9
WH3OV9lTHXTBIxu0b22/0bSD+KidhgqhrElZMWUPniLOzZZWGjiIDMKG8gRq9sna
ILNrtVGoIVnpjyQU7Nf7LU4hXd9oGdxC572NkMyxEYQBBHR88A2tklFK2ETFfz6G
ItAuZHS+oqgdO9DqKh4qi/+B9vqNTz+aUVLoFM1MCMbXlkfaiODraYCJ7z2Z/mlW
zv3/Pl2DFI3sB6WxVOvUP9cgmSzA1H6YLswEF67N4qS/TPmErPxqeyX1PQ6IbEli
-----END CERTIFICATE-----