Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/2T5PZV0ykQrCqtWQsuyltR-_EP0.roa
File:                     2T5PZV0ykQrCqtWQsuyltR-_EP0.roa (raw, json)
Hash identifier:          adHBBG4DTLEXzzbMMTMmfqzyorTjLSxY7EK7i8wkAJ4=
Subject key identifier:   D9:3E:4F:65:5D:32:91:0A:C2:AA:D5:90:B2:EC:A5:B5:1F:BF:10:FD
Certificate issuer:       /CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
Certificate serial:       0194228DE43902BAD4F900E12351A0FDB9BD
Authority key identifier: B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/2T5PZV0ykQrCqtWQsuyltR-_EP0.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209093
IP address blocks:        185.243.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e4:39:02:ba:d4:f9:00:e1:23:51:a0:fd:b9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d93e4f655d32910ac2aad590b2eca5b51fbf10fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c2:63:08:b5:38:08:2d:26:61:4b:50:02:f0:
                    64:f4:83:12:eb:dd:71:a0:2d:2f:3c:a8:e1:38:df:
                    8f:55:8a:e2:7f:a3:0d:3e:1a:45:28:09:87:13:c9:
                    d2:f1:7d:1f:32:96:3a:b9:b6:c3:76:7a:bc:11:65:
                    7d:e2:ae:95:ca:88:9b:e4:8b:4c:1f:01:55:21:83:
                    c1:c0:e2:8d:85:d1:3c:b6:95:0b:7c:35:08:df:48:
                    c2:6f:87:68:43:4c:6f:a7:cf:b1:b8:d3:51:59:5f:
                    29:18:a8:31:3f:25:74:03:6d:20:12:45:2e:04:72:
                    36:35:d7:c3:4f:98:c1:0e:f1:5a:0a:21:83:e0:7e:
                    72:e9:ad:2f:44:da:75:f7:1c:a6:25:70:c6:96:7a:
                    14:57:d3:67:cc:ea:3e:0f:32:8b:31:d6:a3:83:54:
                    b0:64:9e:a1:c0:c7:cf:d1:fd:cc:9d:f4:58:9f:16:
                    da:8b:f2:07:25:cc:5f:7d:76:d6:5f:93:9c:be:86:
                    9d:c6:ea:4c:1c:d1:05:96:9f:51:30:71:c2:7e:38:
                    c8:a7:3e:31:87:2d:4d:78:f6:3c:e4:92:87:f9:5e:
                    97:bc:19:29:41:d5:c6:3e:d3:a5:e9:b3:ef:bf:b1:
                    21:60:c1:dd:b7:3d:b0:5f:9c:db:93:f7:aa:17:b9:
                    47:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3E:4F:65:5D:32:91:0A:C2:AA:D5:90:B2:EC:A5:B5:1F:BF:10:FD
            X509v3 Authority Key Identifier:
                keyid:B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/2T5PZV0ykQrCqtWQsuyltR-_EP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ea:8d:a6:55:d8:b7:6d:bd:63:eb:2b:7f:d3:c1:8b:3c:cf:
         be:b3:fd:73:f7:b4:85:fb:c4:41:03:09:8e:67:aa:99:2b:4f:
         0c:f3:ef:ef:3f:a0:2a:1b:bf:f4:3d:ae:e2:b1:d8:62:4a:8a:
         3d:05:3a:e8:40:4d:f4:01:3d:16:8b:d4:66:47:0b:e4:52:bd:
         62:b4:b8:8c:7e:15:a5:74:36:a3:71:da:63:52:96:05:3c:d5:
         b6:c0:44:39:2c:06:c0:6a:e0:93:13:c9:ae:26:b7:28:f8:64:
         8d:71:c4:8e:c7:4f:44:8d:5b:bd:96:01:8f:4b:44:f4:9f:8b:
         60:23:1a:d4:ac:84:3d:13:51:de:01:eb:cf:81:6c:7a:20:74:
         09:43:78:95:d7:13:3c:dc:03:5c:1b:e5:fb:ff:c5:25:33:b6:
         ef:c5:f2:b0:ab:2f:8e:22:11:56:01:18:c5:e3:06:07:80:f7:
         cc:fe:ee:cf:17:1d:a6:15:0c:eb:36:32:61:c3:4c:a7:37:57:
         26:ca:a0:0a:32:1b:e5:86:74:01:a4:cb:19:1b:40:bd:d6:ab:
         00:5c:87:0c:4c:de:8d:d3:c6:89:9d:85:74:16:02:d9:51:7e:
         0b:13:47:56:be:e5:73:3e:36:c8:2d:91:8c:2d:1f:55:f7:0b:
         d7:e4:e2:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeQ5ArrU+QDhI1Gg/bm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWEwNjA0ZTc2ODc2ZmEwM2U2YWQ4Njg3ZmExZGI2YzYz
ZDM5MDgwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNlNGY2NTVkMzI5MTBhYzJhYWQ1OTBiMmVjYTViNTFmYmYxMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcJjCLU4CC0mYUtQAvBk9IMS691x
oC0vPKjhON+PVYrif6MNPhpFKAmHE8nS8X0fMpY6ubbDdnq8EWV94q6Vyoib5ItM
HwFVIYPBwOKNhdE8tpULfDUI30jCb4doQ0xvp8+xuNNRWV8pGKgxPyV0A20gEkUu
BHI2NdfDT5jBDvFaCiGD4H5y6a0vRNp19xymJXDGlnoUV9NnzOo+DzKLMdajg1Sw
ZJ6hwMfP0f3MnfRYnxbai/IHJcxffXbWX5OcvoadxupMHNEFlp9RMHHCfjjIpz4x
hy1NePY85JKH+V6XvBkpQdXGPtOl6bPvv7EhYMHdtz2wX5zbk/eqF7lHHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNk+T2VdMpEKwqrVkLLspbUfvxD9MB8GA1UdIwQY
MBaAFLBaBgTnaHb6A+athof6HbbGPTkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1Nzgt
YTYwNTcxN2QzNGFlLzEvMlQ1UFpWMHlrUXJDcXRXUXN1eWx0Ui1fRVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1NzgtYTYwNTcxN2QzNGFl
LzEvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMVMA0G
CSqGSIb3DQEBCwUAA4IBAQCE6o2mVdi3bb1j6yt/08GLPM++s/1z97SF+8RBAwmO
Z6qZK08M8+/vP6AqG7/0Pa7isdhiSoo9BTroQE30AT0Wi9RmRwvkUr1itLiMfhWl
dDajcdpjUpYFPNW2wEQ5LAbAauCTE8muJrco+GSNccSOx09EjVu9lgGPS0T0n4tg
IxrUrIQ9E1HeAevPgWx6IHQJQ3iV1xM83ANcG+X7/8UlM7bvxfKwqy+OIhFWARjF
4wYHgPfM/u7PFx2mFQzrNjJhw0ynN1cmyqAKMhvlhnQBpMsZG0C91qsAXIcMTN6N
08aJnYV0FgLZUX4LE0dWvuVzPjbILZGMLR9V9wvX5OIp
-----END CERTIFICATE-----