Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/Kp9T4yQ0BWzmIgTW27o6VMb8qh4.roa
File:                     Kp9T4yQ0BWzmIgTW27o6VMb8qh4.roa (raw, json)
Hash identifier:          8tmSpbSEt6oRRtmXjjT27qxLy0bdW3q5K1nXAwi0cxU=
Subject key identifier:   2A:9F:53:E3:24:34:05:6C:E6:22:04:D6:DB:BA:3A:54:C6:FC:AA:1E
Certificate issuer:       /CN=ba2d5fd309dd6cc6cf7886041e5e9c2c1a26ceab
Certificate serial:       019426D932BA5F802B81D1091D0544943D0D
Authority key identifier: BA:2D:5F:D3:09:DD:6C:C6:CF:78:86:04:1E:5E:9C:2C:1A:26:CE:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ui1f0wndbMbPeIYEHl6cLBomzqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/Kp9T4yQ0BWzmIgTW27o6VMb8qh4.roa
Signing time:             Thu 02 Jan 2025 11:49:15 +0000
ROA not before:           Thu 02 Jan 2025 11:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        194.39.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/ui1f0wndbMbPeIYEHl6cLBomzqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/ui1f0wndbMbPeIYEHl6cLBomzqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ui1f0wndbMbPeIYEHl6cLBomzqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:32:ba:5f:80:2b:81:d1:09:1d:05:44:94:3d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba2d5fd309dd6cc6cf7886041e5e9c2c1a26ceab
        Validity
            Not Before: Jan  2 11:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a9f53e32434056ce62204d6dbba3a54c6fcaa1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8c:73:66:c7:1f:61:be:7e:f4:3d:13:3e:7d:
                    4b:b6:1f:65:ae:c5:ff:dc:37:3f:5c:d0:fe:6e:05:
                    32:c8:d7:83:7b:4e:fb:e3:53:ae:f1:74:fd:68:c7:
                    e1:10:48:65:e5:3c:66:bc:1f:a8:cf:4f:68:d7:23:
                    a2:60:f1:11:a0:85:fd:e5:87:99:f7:27:7a:3e:8d:
                    ae:59:19:2d:e5:9d:7a:87:56:82:46:f0:ac:39:c3:
                    33:80:5d:0a:58:af:45:13:1e:28:22:cb:87:e2:1d:
                    af:7a:cf:fc:76:d0:9f:ef:c4:c6:64:90:4c:fb:c2:
                    f0:91:47:ea:25:3b:c2:df:06:68:3a:8a:ac:de:e2:
                    28:89:89:21:c3:74:59:cb:b3:6b:15:57:3e:e8:9f:
                    26:af:5f:a5:11:df:08:ce:12:12:4e:47:47:a6:b8:
                    c4:da:e4:05:d5:de:b2:6c:66:59:c9:fe:11:44:b5:
                    11:e0:48:46:12:70:98:70:c1:a7:de:2e:18:1e:f9:
                    db:35:f9:c8:de:23:89:d8:af:0e:ec:99:35:a7:c8:
                    09:da:43:9d:92:c3:01:1a:eb:8a:93:f5:76:3a:b9:
                    bf:ac:5b:7c:9b:df:11:c3:f2:a8:fb:ee:1b:19:76:
                    a8:99:da:60:22:ff:41:50:4e:5a:28:da:eb:90:ea:
                    07:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9F:53:E3:24:34:05:6C:E6:22:04:D6:DB:BA:3A:54:C6:FC:AA:1E
            X509v3 Authority Key Identifier:
                keyid:BA:2D:5F:D3:09:DD:6C:C6:CF:78:86:04:1E:5E:9C:2C:1A:26:CE:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ui1f0wndbMbPeIYEHl6cLBomzqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/Kp9T4yQ0BWzmIgTW27o6VMb8qh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/ui1f0wndbMbPeIYEHl6cLBomzqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:2f:49:ad:0f:20:5c:85:ba:7a:b7:40:ec:76:6b:ae:4f:f0:
         7c:0f:89:54:37:61:05:23:d9:65:bd:7e:d0:fc:da:f9:77:8e:
         36:ad:cf:9e:7e:95:87:c3:0c:d1:89:c2:4d:5a:76:7a:09:37:
         d2:52:e6:6b:5a:9c:0b:33:cc:9d:27:3a:93:d3:54:07:bf:6a:
         b3:3a:95:aa:d8:ee:bf:21:dc:75:79:bc:51:c9:81:b8:44:46:
         59:3a:e9:84:4b:a0:a4:b9:75:69:33:fa:cc:f0:70:eb:bc:87:
         0e:46:06:26:6f:82:9d:90:d4:b6:17:d0:4c:d8:00:94:fe:19:
         4b:1d:30:76:c3:b7:80:17:49:01:1c:ea:b6:66:23:9d:f3:73:
         8d:9f:50:1b:bb:b7:8c:f2:a6:f5:06:dc:85:51:84:94:0b:29:
         f6:ba:52:5a:ce:c6:97:3d:3e:47:b8:09:e9:6b:a1:54:2b:f4:
         b8:96:2f:f9:80:a4:26:13:40:92:06:52:84:a9:70:ea:df:82:
         19:49:66:28:c5:35:45:bd:86:52:c2:20:42:55:95:cb:72:f2:
         51:80:33:19:c2:7f:70:c9:3d:20:32:e5:1b:67:50:38:46:89:
         ab:a1:9d:d1:1b:af:6b:ba:a2:44:be:63:8b:d7:23:5e:1e:b3:
         ba:a6:57:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2TK6X4ArgdEJHQVElD0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMmQ1ZmQzMDlkZDZjYzZjZjc4ODYwNDFlNWU5YzJjMWEy
NmNlYWIwHhcNMjUwMTAyMTE0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlmNTNlMzI0MzQwNTZjZTYyMjA0ZDZkYmJhM2E1NGM2ZmNhYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoxzZscfYb5+9D0TPn1Lth9lrsX/
3Dc/XND+bgUyyNeDe07741Ou8XT9aMfhEEhl5TxmvB+oz09o1yOiYPERoIX95YeZ
9yd6Po2uWRkt5Z16h1aCRvCsOcMzgF0KWK9FEx4oIsuH4h2ves/8dtCf78TGZJBM
+8LwkUfqJTvC3wZoOoqs3uIoiYkhw3RZy7NrFVc+6J8mr1+lEd8IzhISTkdHprjE
2uQF1d6ybGZZyf4RRLUR4EhGEnCYcMGn3i4YHvnbNfnI3iOJ2K8O7Jk1p8gJ2kOd
ksMBGuuKk/V2Orm/rFt8m98Rw/Ko++4bGXaomdpgIv9BUE5aKNrrkOoHVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqfU+MkNAVs5iIE1tu6OlTG/KoeMB8GA1UdIwQY
MBaAFLotX9MJ3WzGz3iGBB5enCwaJs6rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWkxZjB3bmRiTWJQZUlZRUhsNmNMQm9tenFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yY2JkZTktODQ4MC00NDBkLWFiY2Yt
NmQ3NTUwNTJiYjI0LzEvS3A5VDR5UTBCV3ptSWdUVzI3bzZWTWI4cWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yY2JkZTktODQ4MC00NDBkLWFiY2YtNmQ3NTUwNTJiYjI0
LzEvdWkxZjB3bmRiTWJQZUlZRUhsNmNMQm9tenFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwie0MA0G
CSqGSIb3DQEBCwUAA4IBAQB/L0mtDyBchbp6t0DsdmuuT/B8D4lUN2EFI9llvX7Q
/Nr5d442rc+efpWHwwzRicJNWnZ6CTfSUuZrWpwLM8ydJzqT01QHv2qzOpWq2O6/
Idx1ebxRyYG4REZZOumES6CkuXVpM/rM8HDrvIcORgYmb4KdkNS2F9BM2ACU/hlL
HTB2w7eAF0kBHOq2ZiOd83ONn1Abu7eM8qb1BtyFUYSUCyn2ulJazsaXPT5HuAnp
a6FUK/S4li/5gKQmE0CSBlKEqXDq34IZSWYoxTVFvYZSwiBCVZXLcvJRgDMZwn9w
yT0gMuUbZ1A4RomroZ3RG69ruqJEvmOL1yNeHrO6pleJ
-----END CERTIFICATE-----