Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/hc2McJqF4N3N5DqmfZVvhbBzlWQ.roa
File:                     hc2McJqF4N3N5DqmfZVvhbBzlWQ.roa (raw, json)
Hash identifier:          4sE06Tj9fahjIdQpeuoDI6eoz2VyIxEa5JczYP+Nyts=
Subject key identifier:   85:CD:8C:70:9A:85:E0:DD:CD:E4:3A:A6:7D:95:6F:85:B0:73:95:64
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F8EEF2B94C19EC30405C7E9EFBD82
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/hc2McJqF4N3N5DqmfZVvhbBzlWQ.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58065
IP address blocks:        176.103.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8e:ef:2b:94:c1:9e:c3:04:05:c7:e9:ef:bd:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85cd8c709a85e0ddcde43aa67d956f85b0739564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:58:aa:73:e0:a9:67:fb:55:02:05:bb:7b:53:
                    5d:5c:81:d1:87:4f:28:85:4e:ac:26:81:f0:3b:cd:
                    2b:35:2a:0a:8b:f5:a1:05:7b:b8:8f:a9:67:93:ab:
                    76:c3:9b:df:0b:86:a9:62:a6:b1:11:8d:ef:72:30:
                    67:ef:5a:f4:1c:54:c7:07:00:d4:73:c2:04:e6:e9:
                    57:bd:64:00:ae:17:d6:32:9a:48:00:16:cf:3c:c0:
                    39:59:f9:37:29:da:43:77:5d:4c:a2:3a:8f:95:11:
                    97:47:ae:40:e6:73:b4:56:0b:cc:75:dd:af:0a:b1:
                    10:d7:3b:62:25:a0:e1:7c:e5:06:63:a3:a3:db:2d:
                    ba:0b:c6:7e:97:0b:a2:e4:86:73:bb:0c:7e:e6:8f:
                    24:f6:c1:87:1b:f9:ff:eb:8b:ca:ca:67:aa:4c:a3:
                    0a:73:01:55:57:e2:17:6b:c3:79:98:e4:d3:c2:9d:
                    b1:07:3e:24:a7:8a:41:61:6a:c3:7e:7b:32:dc:f1:
                    9c:9f:37:2e:dc:06:ba:51:ef:58:cf:2f:98:90:d2:
                    5b:62:d1:fe:e4:b5:2b:20:d3:d7:3f:00:f0:10:36:
                    8e:c6:f1:ac:54:cc:8c:39:c0:b0:7b:8b:db:ed:84:
                    c3:60:59:37:e2:3b:0b:f0:d2:56:36:1c:81:51:b9:
                    c8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:CD:8C:70:9A:85:E0:DD:CD:E4:3A:A6:7D:95:6F:85:B0:73:95:64
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/hc2McJqF4N3N5DqmfZVvhbBzlWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:0d:99:db:5f:a0:7d:f0:fc:e5:e6:fc:fe:26:79:7f:7b:37:
         af:11:83:4f:dc:a6:ce:5b:bb:c4:9d:44:ec:c1:fe:d9:14:86:
         d2:0d:dd:d9:3f:5a:f3:71:8e:a7:e9:f3:db:d8:0b:c9:3f:bf:
         63:8e:52:69:03:70:c4:65:b6:6a:fa:ab:f7:c9:95:59:28:1b:
         d4:7d:7e:dd:c2:bb:7f:9f:3a:08:37:53:a2:67:06:97:11:c7:
         85:91:97:bf:5e:88:08:58:aa:c2:24:66:00:28:77:9c:dd:6d:
         c9:89:e6:2d:c6:dd:a5:a4:a8:50:23:25:ba:1b:80:72:70:09:
         6a:b8:c3:67:d0:0b:09:10:4c:cd:3b:25:8c:32:2f:28:a9:71:
         85:ff:cc:7c:27:47:a1:2a:19:7b:34:68:d0:59:a6:c4:84:07:
         10:53:d7:01:b6:49:b0:8f:68:49:05:c4:7d:f3:5a:74:2d:43:
         16:44:dd:47:c1:ef:06:4b:26:e1:00:0b:7b:8b:76:24:0b:e7:
         13:9b:8e:ca:28:a2:0b:75:e7:ac:d4:97:c2:b7:5a:3b:7d:59:
         4b:43:f1:dc:8c:0d:c1:0e:dc:3d:19:6c:7e:4d:ff:a3:45:ea:
         a8:bc:33:e8:91:c5:6e:88:80:6b:dd:f9:f5:54:4a:bb:59:c5:
         a0:09:e6:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj47vK5TBnsMEBcfp772CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWNkOGM3MDlhODVlMGRkY2RlNDNhYTY3ZDk1NmY4NWIwNzM5NTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1iqc+CpZ/tVAgW7e1NdXIHRh08o
hU6sJoHwO80rNSoKi/WhBXu4j6lnk6t2w5vfC4apYqaxEY3vcjBn71r0HFTHBwDU
c8IE5ulXvWQArhfWMppIABbPPMA5Wfk3KdpDd11MojqPlRGXR65A5nO0VgvMdd2v
CrEQ1ztiJaDhfOUGY6Oj2y26C8Z+lwui5IZzuwx+5o8k9sGHG/n/64vKymeqTKMK
cwFVV+IXa8N5mOTTwp2xBz4kp4pBYWrDfnsy3PGcnzcu3Aa6Ue9Yzy+YkNJbYtH+
5LUrINPXPwDwEDaOxvGsVMyMOcCwe4vb7YTDYFk34jsL8NJWNhyBUbnIsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXNjHCaheDdzeQ6pn2Vb4Wwc5VkMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvaGMyTWNKcUY0TjNONURxbWZaVnZoYkJ6bFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGd6MA0G
CSqGSIb3DQEBCwUAA4IBAQBFDZnbX6B98Pzl5vz+Jnl/ezevEYNP3KbOW7vEnUTs
wf7ZFIbSDd3ZP1rzcY6n6fPb2AvJP79jjlJpA3DEZbZq+qv3yZVZKBvUfX7dwrt/
nzoIN1OiZwaXEceFkZe/XogIWKrCJGYAKHec3W3JieYtxt2lpKhQIyW6G4BycAlq
uMNn0AsJEEzNOyWMMi8oqXGF/8x8J0ehKhl7NGjQWabEhAcQU9cBtkmwj2hJBcR9
81p0LUMWRN1Hwe8GSybhAAt7i3YkC+cTm47KKKILdees1JfCt1o7fVlLQ/HcjA3B
Dtw9GWx+Tf+jReqovDPokcVuiIBr3fn1VEq7WcWgCebv
-----END CERTIFICATE-----