Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2mR5XJM5LrYDZGVcubbLp9z9mZY.roa
File:                     2mR5XJM5LrYDZGVcubbLp9z9mZY.roa (raw, json)
Hash identifier:          EuQxIpZO0qFCZhL2ClxvLOJhKQDZsHqs5wudD54Am90=
Subject key identifier:   DA:64:79:5C:93:39:2E:B6:03:64:65:5C:B9:B6:CB:A7:DC:FD:99:96
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F8F218BE677F8571E89B9670C9588
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2mR5XJM5LrYDZGVcubbLp9z9mZY.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133296
IP address blocks:        93.120.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8f:21:8b:e6:77:f8:57:1e:89:b9:67:0c:95:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da64795c93392eb60364655cb9b6cba7dcfd9996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d5:99:a6:c9:33:4d:d9:ae:6e:a0:fa:28:1e:
                    6c:b0:5d:d1:cf:73:8d:d9:6d:44:05:0b:25:28:ce:
                    fc:dd:5c:b2:c0:45:be:61:72:e2:0b:68:ab:53:51:
                    22:9d:36:fa:8c:d8:c3:e6:5c:18:77:df:ff:75:f6:
                    c4:fe:64:55:08:4b:5e:05:c3:54:14:a3:0e:04:4c:
                    08:fd:fb:03:0f:55:89:33:92:db:29:85:a1:c6:82:
                    6d:e2:c0:98:ee:3f:a6:b4:af:ca:f5:45:7e:1f:85:
                    e9:4e:d3:90:df:dc:91:93:71:79:53:a8:02:45:f8:
                    a8:f9:4c:7a:57:3e:bb:88:21:d3:3a:89:ae:d8:8d:
                    41:b8:a7:63:06:f0:dc:47:ec:f4:03:41:37:e6:d2:
                    32:73:67:3f:22:17:64:ba:60:3a:ce:bc:bc:16:1a:
                    2e:84:85:74:f1:39:ed:28:ee:cc:1e:90:4a:f1:e5:
                    33:8a:05:91:a1:85:0d:f0:78:0b:12:2d:b8:6b:c1:
                    ba:8e:07:3a:a3:04:bd:5a:94:4c:0d:72:df:45:37:
                    0a:96:b5:72:ef:46:6a:7a:14:df:9e:fd:12:85:62:
                    da:55:36:cd:e2:5d:0f:87:ad:1f:d7:5b:7d:4f:8c:
                    32:e6:2c:b1:36:18:aa:67:ee:1c:1c:d0:d7:10:9c:
                    c1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:64:79:5C:93:39:2E:B6:03:64:65:5C:B9:B6:CB:A7:DC:FD:99:96
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2mR5XJM5LrYDZGVcubbLp9z9mZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.120.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:17:cf:d1:54:1a:57:4e:4e:42:69:30:8e:55:4c:60:d8:05:
         af:cf:a7:d1:2d:43:0d:97:14:94:91:0d:0d:84:8a:da:31:75:
         95:14:17:be:4e:3b:86:dc:09:ff:fb:81:4b:e5:b9:4a:b0:24:
         3d:53:ec:70:33:9e:8c:80:de:8a:3f:ee:04:56:30:2a:c2:51:
         b3:7b:ca:d4:85:45:61:cb:22:54:a8:89:83:cc:35:dc:43:5f:
         a0:b3:5a:60:95:7f:cc:6b:05:77:ee:ca:48:ce:47:35:98:0a:
         75:37:24:cb:04:98:c6:b4:fc:dc:7c:15:9f:0e:f9:3c:ae:03:
         b5:cf:bf:85:04:67:b1:4b:a9:fa:a0:83:fd:ad:75:21:e7:34:
         4c:43:ce:87:52:72:34:08:a3:dd:81:c0:95:6f:23:39:27:d7:
         4f:77:09:a7:0d:67:0d:37:d4:1a:f5:b9:11:b5:53:d3:e7:37:
         ab:24:01:94:a4:07:0c:3e:02:7a:ed:98:92:38:d4:60:75:6b:
         b0:9d:fc:2b:08:af:02:1a:0e:95:1b:4a:b6:f3:c7:80:1d:0d:
         bc:7c:55:fe:54:a6:a3:dd:bc:01:c3:41:a4:f5:e5:20:4d:c7:
         54:93:cb:a8:8a:12:90:86:4c:59:c0:e9:ae:3a:2c:2b:5d:99:
         a5:48:64:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj48hi+Z3+FceiblnDJWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY0Nzk1YzkzMzkyZWI2MDM2NDY1NWNiOWI2Y2JhN2RjZmQ5OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9WZpskzTdmubqD6KB5ssF3Rz3ON
2W1EBQslKM783VyywEW+YXLiC2irU1EinTb6jNjD5lwYd9//dfbE/mRVCEteBcNU
FKMOBEwI/fsDD1WJM5LbKYWhxoJt4sCY7j+mtK/K9UV+H4XpTtOQ39yRk3F5U6gC
Rfio+Ux6Vz67iCHTOomu2I1BuKdjBvDcR+z0A0E35tIyc2c/IhdkumA6zry8Fhou
hIV08TntKO7MHpBK8eUzigWRoYUN8HgLEi24a8G6jgc6owS9WpRMDXLfRTcKlrVy
70ZqehTfnv0ShWLaVTbN4l0Ph60f11t9T4wy5iyxNhiqZ+4cHNDXEJzBpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpkeVyTOS62A2RlXLm2y6fc/ZmWMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvMm1SNVhKTTVMcllEWkdWY3ViYkxwOXo5bVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXgnMA0G
CSqGSIb3DQEBCwUAA4IBAQAGF8/RVBpXTk5CaTCOVUxg2AWvz6fRLUMNlxSUkQ0N
hIraMXWVFBe+TjuG3An/+4FL5blKsCQ9U+xwM56MgN6KP+4EVjAqwlGze8rUhUVh
yyJUqImDzDXcQ1+gs1pglX/MawV37spIzkc1mAp1NyTLBJjGtPzcfBWfDvk8rgO1
z7+FBGexS6n6oIP9rXUh5zRMQ86HUnI0CKPdgcCVbyM5J9dPdwmnDWcNN9Qa9bkR
tVPT5zerJAGUpAcMPgJ67ZiSONRgdWuwnfwrCK8CGg6VG0q288eAHQ28fFX+VKaj
3bwBw0Gk9eUgTcdUk8uoihKQhkxZwOmuOiwrXZmlSGR5
-----END CERTIFICATE-----