Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/1LjZlnRBJt_qRKMuzNTKcoTDPVg.roa
File:                     1LjZlnRBJt_qRKMuzNTKcoTDPVg.roa (raw, json)
Hash identifier:          uQEaVATrxncZCByVj7FOPBy+k/KEvq9+fzzZSw1GL2k=
Subject key identifier:   D4:B8:D9:96:74:41:26:DF:EA:44:A3:2E:CC:D4:CA:72:84:C3:3D:58
Certificate issuer:       /CN=79bd5372e1e19d05beda353bd6a15bdd39291fa4
Certificate serial:       019499112A0BE1765CB49B602A5BE74A9EF2
Authority key identifier: 79:BD:53:72:E1:E1:9D:05:BE:DA:35:3B:D6:A1:5B:DD:39:29:1F:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/1LjZlnRBJt_qRKMuzNTKcoTDPVg.roa
Signing time:             Fri 24 Jan 2025 16:07:06 +0000
ROA not before:           Fri 24 Jan 2025 16:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216293
IP address blocks:        185.208.202.0/24 maxlen: 24
                          212.46.60.0/24 maxlen: 24
                          2a13:d9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:99:11:2a:0b:e1:76:5c:b4:9b:60:2a:5b:e7:4a:9e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79bd5372e1e19d05beda353bd6a15bdd39291fa4
        Validity
            Not Before: Jan 24 16:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4b8d996744126dfea44a32eccd4ca7284c33d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8a:2e:04:74:51:b7:c8:9c:89:55:ab:3b:71:
                    74:7b:26:b3:13:12:c8:20:ec:a4:d9:7f:46:78:2b:
                    56:f5:28:c3:db:2e:70:14:55:d8:cf:88:16:c2:4d:
                    78:76:48:36:31:8a:8c:5c:c8:cf:da:2f:1a:fe:18:
                    3d:2b:58:6b:5c:70:e0:8c:82:fc:f9:bf:21:6d:da:
                    3d:58:98:dc:9a:40:e3:dc:f6:0b:6d:62:94:15:42:
                    fa:f9:0c:2f:f4:48:e9:19:77:5a:31:fe:c3:bb:73:
                    4c:cd:c8:cb:8a:4f:17:63:b4:c3:06:5d:ee:2b:e4:
                    29:c1:91:3b:9b:5a:27:60:2f:18:fd:6f:24:ae:9b:
                    97:98:ee:3f:47:05:23:01:02:36:80:f3:e4:93:99:
                    c4:c3:6b:bd:ac:64:3d:d0:7e:e9:3b:f6:2e:56:29:
                    ee:1e:17:70:51:f9:d6:57:17:90:1d:6d:a6:de:6e:
                    55:93:10:15:46:8f:b3:f9:0b:2f:5d:a9:50:fc:23:
                    00:4e:de:f6:52:b5:01:3c:33:21:88:ee:fe:25:bc:
                    5a:95:17:4d:72:39:d9:9d:5c:c1:95:69:e7:f2:4e:
                    6c:4e:b4:2e:73:b3:95:46:d6:69:ff:9f:37:73:fd:
                    0c:fb:79:71:c5:35:cc:26:20:38:97:0c:4a:48:24:
                    88:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B8:D9:96:74:41:26:DF:EA:44:A3:2E:CC:D4:CA:72:84:C3:3D:58
            X509v3 Authority Key Identifier:
                keyid:79:BD:53:72:E1:E1:9D:05:BE:DA:35:3B:D6:A1:5B:DD:39:29:1F:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/1LjZlnRBJt_qRKMuzNTKcoTDPVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.202.0/24
                  212.46.60.0/24
                IPv6:
                  2a13:d9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:4b:cd:c2:64:0f:e5:88:13:0f:11:e2:2e:98:f9:9f:88:79:
         5f:1c:0b:73:8d:f0:bf:9f:7e:f9:7d:85:eb:48:ee:2e:07:38:
         c6:51:2f:14:b1:a3:14:5a:3a:77:72:12:02:57:ec:db:d2:89:
         e2:24:6d:ef:e7:25:47:1e:6a:1b:a3:d3:88:74:49:c7:08:9a:
         a7:3a:5f:43:49:85:f4:c9:29:bf:b6:77:b8:b8:ee:41:6b:3a:
         46:3a:75:7e:c1:38:ab:33:77:b3:68:f5:b3:b5:5b:e7:76:6d:
         40:fa:4c:80:8e:1b:e1:68:2b:12:02:43:a3:da:f8:76:14:da:
         f6:9f:bc:16:49:a4:33:65:a8:ae:34:c1:9e:7d:b3:fd:47:9b:
         e8:b6:f2:be:63:a3:d1:56:35:f5:55:08:6f:28:16:87:28:4a:
         5b:cf:ce:02:c0:9b:38:ed:46:9c:b9:c5:54:83:b0:cf:15:55:
         ce:41:86:c8:1c:2b:3a:26:b9:e8:ec:67:70:71:e6:5f:da:1b:
         6b:48:5a:96:f3:3c:9f:2d:9f:25:6b:34:a8:3b:55:35:cd:ba:
         4f:b8:20:1a:94:a6:d4:10:3c:f4:df:ad:80:61:03:d2:b1:c1:
         22:f9:be:3a:88:1f:a1:7b:79:89:e6:ee:12:b8:e9:cf:4e:d0:
         ac:8d:78:00
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSZESoL4XZctJtgKlvnSp7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YmQ1MzcyZTFlMTlkMDViZWRhMzUzYmQ2YTE1YmRkMzky
OTFmYTQwHhcNMjUwMTI0MTYwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGI4ZDk5Njc0NDEyNmRmZWE0NGEzMmVjY2Q0Y2E3Mjg0YzMzZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4ouBHRRt8iciVWrO3F0eyazExLI
IOyk2X9GeCtW9SjD2y5wFFXYz4gWwk14dkg2MYqMXMjP2i8a/hg9K1hrXHDgjIL8
+b8hbdo9WJjcmkDj3PYLbWKUFUL6+Qwv9EjpGXdaMf7Du3NMzcjLik8XY7TDBl3u
K+QpwZE7m1onYC8Y/W8krpuXmO4/RwUjAQI2gPPkk5nEw2u9rGQ90H7pO/YuVinu
HhdwUfnWVxeQHW2m3m5VkxAVRo+z+QsvXalQ/CMATt72UrUBPDMhiO7+JbxalRdN
cjnZnVzBlWnn8k5sTrQuc7OVRtZp/583c/0M+3lxxTXMJiA4lwxKSCSIDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNS42ZZ0QSbf6kSjLszUynKEwz1YMB8GA1UdIwQY
MBaAFHm9U3Lh4Z0Fvto1O9ahW905KR+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWIxVGN1SGhuUVctMmpVNzFxRmIzVGtwSDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mYmUzNTAtNjlkYS00OTVkLTk2ZTIt
YWJmYTgzZmNmZjY3LzEvMUxqWmxuUkJKdF9xUktNdXpOVEtjb1REUFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mYmUzNTAtNjlkYS00OTVkLTk2ZTItYWJmYTgzZmNmZjY3
LzEvZWIxVGN1SGhuUVctMmpVNzFxRmIzVGtwSDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAudDKAwQA
1C48MA0EAgACMAcDBQMqE9nAMA0GCSqGSIb3DQEBCwUAA4IBAQAiS83CZA/liBMP
EeIumPmfiHlfHAtzjfC/n375fYXrSO4uBzjGUS8UsaMUWjp3chICV+zb0oniJG3v
5yVHHmobo9OIdEnHCJqnOl9DSYX0ySm/tne4uO5BazpGOnV+wTirM3ezaPWztVvn
dm1A+kyAjhvhaCsSAkOj2vh2FNr2n7wWSaQzZaiuNMGefbP9R5votvK+Y6PRVjX1
VQhvKBaHKEpbz84CwJs47UacucVUg7DPFVXOQYbIHCs6Jrno7GdwceZf2htrSFqW
8zyfLZ8lazSoO1U1zbpPuCAalKbUEDz0362AYQPSscEi+b46iB+he3mJ5u4SuOnP
TtCsjXgA
-----END CERTIFICATE-----