Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/RZ2oQsVxTwx3MIQfYeVhhvSMHTw.roa
File:                     RZ2oQsVxTwx3MIQfYeVhhvSMHTw.roa (raw, json)
Hash identifier:          MWCKJJIodfLU30L2ZNFe5fWR48U3yaN6vAGel+uNxsw=
Subject key identifier:   45:9D:A8:42:C5:71:4F:0C:77:30:84:1F:61:E5:61:86:F4:8C:1D:3C
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3AF83DB8A5C4054C6BDACC4278E03
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/RZ2oQsVxTwx3MIQfYeVhhvSMHTw.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51395
IP address blocks:        94.131.3.0/24 maxlen: 24
                          94.131.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:af:83:db:8a:5c:40:54:c6:bd:ac:c4:27:8e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=459da842c5714f0c7730841f61e56186f48c1d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4b:ae:bf:23:82:4b:13:da:21:4a:34:b3:53:
                    cc:35:34:d2:40:b8:74:59:3f:49:b9:9f:92:35:5a:
                    9e:79:a6:78:c5:77:b7:90:bd:5f:15:bd:55:58:11:
                    17:21:72:01:cb:84:80:8f:af:0c:bc:06:d0:66:64:
                    46:85:e7:f1:03:e5:9a:85:2a:e6:58:28:73:89:4f:
                    96:fa:d5:c7:ec:c7:f0:94:92:29:a9:b7:d9:2e:d8:
                    a6:fa:6d:32:93:22:6e:3b:68:29:04:d0:67:b2:ff:
                    04:9c:41:0c:8e:e0:7d:3f:4f:c0:f7:cc:31:9f:e5:
                    47:21:63:2e:d8:e0:02:f0:7b:e7:2a:95:9c:5a:73:
                    8c:3e:cc:dc:58:53:4a:de:24:a3:07:fe:31:8c:0e:
                    9b:1c:0a:90:a0:c9:45:17:44:e9:d5:56:8f:34:5d:
                    39:60:67:93:20:c8:78:75:eb:53:91:7a:8b:82:f7:
                    8c:4b:12:32:77:f6:92:f3:47:c8:c3:72:49:85:45:
                    df:c7:56:35:9f:13:62:45:8b:da:5c:35:eb:84:d1:
                    ba:1b:3d:2e:1b:7f:4a:8e:85:c3:ec:66:33:2a:2c:
                    37:05:da:e2:13:16:f5:2b:21:82:58:90:4c:1b:c6:
                    2c:50:77:5b:f7:16:6d:52:a6:2f:1b:fc:00:8e:b4:
                    27:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9D:A8:42:C5:71:4F:0C:77:30:84:1F:61:E5:61:86:F4:8C:1D:3C
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/RZ2oQsVxTwx3MIQfYeVhhvSMHTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.3.0/24
                  94.131.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:4f:7a:f4:92:b7:7d:ca:91:fb:1c:bb:7c:6a:fe:18:0f:d4:
         fd:3b:32:12:7c:1b:bc:40:7b:7a:04:e6:90:cf:06:43:01:c4:
         6b:22:bf:01:cd:0d:66:8f:de:b6:89:17:b8:71:71:6b:36:f9:
         5b:15:54:1c:ca:da:1d:a3:ca:3d:71:ac:ff:f7:45:8c:f9:2f:
         d7:a0:a6:13:c5:7b:51:55:d5:ce:37:61:9d:a0:ad:11:15:94:
         8d:cc:46:60:6e:24:a2:45:dc:fd:b8:72:b9:6b:d2:b3:ab:7f:
         05:60:61:a6:93:88:83:72:5f:5d:4a:6b:af:8a:6d:27:e5:f3:
         da:58:65:47:51:99:d0:e4:22:e2:9c:2d:f8:a6:77:8d:80:53:
         38:af:67:cf:f6:df:4b:46:16:f8:0b:e8:b4:41:05:c8:cc:51:
         3e:c3:68:7a:32:40:86:03:38:33:30:02:46:71:7b:4e:fa:89:
         ac:52:9c:4e:aa:01:f4:a2:c2:a2:58:eb:23:64:a6:b0:0a:24:
         0e:1e:f6:51:c3:29:eb:2c:4b:51:ba:1b:7f:84:a7:81:cc:0f:
         47:eb:e0:99:60:17:59:6a:bf:59:97:2e:fb:fa:fa:b1:20:a0:
         70:52:34:ee:a4:6e:00:e5:0f:d8:92:e6:e4:39:9c:9c:00:a3:
         df:3a:f0:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks6+D24pcQFTGvazEJ44DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTlkYTg0MmM1NzE0ZjBjNzczMDg0MWY2MWU1NjE4NmY0OGMxZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EuuvyOCSxPaIUo0s1PMNTTSQLh0
WT9JuZ+SNVqeeaZ4xXe3kL1fFb1VWBEXIXIBy4SAj68MvAbQZmRGhefxA+WahSrm
WChziU+W+tXH7MfwlJIpqbfZLtim+m0ykyJuO2gpBNBnsv8EnEEMjuB9P0/A98wx
n+VHIWMu2OAC8HvnKpWcWnOMPszcWFNK3iSjB/4xjA6bHAqQoMlFF0Tp1VaPNF05
YGeTIMh4detTkXqLgveMSxIyd/aS80fIw3JJhUXfx1Y1nxNiRYvaXDXrhNG6Gz0u
G39KjoXD7GYzKiw3BdriExb1KyGCWJBMG8YsUHdb9xZtUqYvG/wAjrQnfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEWdqELFcU8MdzCEH2HlYYb0jB08MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvUloyb1FzVnhUd3gzTUlRZlllVmhodlNNSFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXoMDAwQA
XoNjMA0GCSqGSIb3DQEBCwUAA4IBAQAJT3r0krd9ypH7HLt8av4YD9T9OzISfBu8
QHt6BOaQzwZDAcRrIr8BzQ1mj962iRe4cXFrNvlbFVQcytodo8o9caz/90WM+S/X
oKYTxXtRVdXON2GdoK0RFZSNzEZgbiSiRdz9uHK5a9Kzq38FYGGmk4iDcl9dSmuv
im0n5fPaWGVHUZnQ5CLinC34pneNgFM4r2fP9t9LRhb4C+i0QQXIzFE+w2h6MkCG
AzgzMAJGcXtO+omsUpxOqgH0osKiWOsjZKawCiQOHvZRwynrLEtRuht/hKeBzA9H
6+CZYBdZar9Zly77+vqxIKBwUjTupG4A5Q/YkubkOZycAKPfOvCN
-----END CERTIFICATE-----