Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/PxE0dP6xcqVNoXMtC1a5Dmb6n-s.roa
File:                     PxE0dP6xcqVNoXMtC1a5Dmb6n-s.roa (raw, json)
Hash identifier:          Ybvp2SkTVaVfqhDzUmHlRC82UcW4sX3toG9HthgZ+Es=
Subject key identifier:   3F:11:34:74:FE:B1:72:A5:4D:A1:73:2D:0B:56:B9:0E:66:FA:9F:EB
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       0194214407D508CE67E3912F56A79F4AB95A
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/PxE0dP6xcqVNoXMtC1a5Dmb6n-s.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25151
IP address blocks:        2.57.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:07:d5:08:ce:67:e3:91:2f:56:a7:9f:4a:b9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f113474feb172a54da1732d0b56b90e66fa9feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b0:6f:c7:d7:1d:4d:70:72:53:f5:aa:f8:c9:
                    86:04:07:fc:5b:70:61:fb:8f:f1:60:96:c7:b9:1f:
                    c5:3b:4e:f8:56:ac:90:f5:19:60:1b:aa:eb:85:78:
                    22:67:30:9c:64:bb:11:32:45:66:53:7b:b5:a9:55:
                    8b:ec:64:ca:a4:6c:5f:cf:e3:e6:88:8e:a8:87:2f:
                    10:dd:b3:62:d7:79:4c:64:26:12:a0:00:1d:07:9a:
                    d9:37:0d:ed:b8:24:4c:37:c2:b4:bf:cc:d2:7c:0d:
                    cf:1a:97:a4:e5:9f:46:ec:0c:24:92:bc:70:bb:06:
                    b0:ff:dd:fa:23:69:63:33:a8:c5:b5:81:82:04:45:
                    ab:e6:47:ec:72:d8:09:59:65:f2:a5:72:8e:bc:bc:
                    ce:1c:fb:9a:70:36:6b:84:d7:7c:45:9d:c6:d8:07:
                    64:72:dc:8c:8a:eb:9f:43:d9:0c:8b:c3:e6:43:6f:
                    ea:66:66:72:db:ca:d4:f5:50:e0:7a:9b:7b:e7:3a:
                    45:96:86:0e:5b:01:d3:8d:2f:9c:ed:39:6d:76:43:
                    b5:65:af:b0:96:05:b5:86:7b:b4:fd:79:22:6e:99:
                    44:d1:de:27:5b:03:a5:ff:2c:cf:67:5a:f4:12:1d:
                    cc:14:7f:68:0d:cc:b8:d9:41:73:db:28:ef:e0:cb:
                    1d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:11:34:74:FE:B1:72:A5:4D:A1:73:2D:0B:56:B9:0E:66:FA:9F:EB
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/PxE0dP6xcqVNoXMtC1a5Dmb6n-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:d6:ee:82:57:73:09:d0:54:de:8d:bd:67:b5:07:d7:cb:
         0f:fd:52:c1:05:91:a0:d6:41:5b:d6:03:a2:21:38:65:c9:70:
         eb:7b:8f:f3:a7:57:5c:03:6d:ff:99:87:26:2a:1c:7c:c1:16:
         0b:10:cb:ac:63:ae:61:9a:27:6d:4d:71:0f:49:7e:df:62:d2:
         29:e7:f5:72:77:c8:0b:89:f1:68:2c:93:12:58:23:f9:04:32:
         a0:0a:88:55:53:eb:cf:20:b6:cc:00:f8:91:94:1b:8d:f0:14:
         20:d0:ef:dc:a9:97:0a:24:f1:81:38:9f:2a:fa:02:10:97:7a:
         3e:49:33:4d:ea:77:5e:97:00:b0:d5:77:05:79:96:f2:10:65:
         7f:38:81:ab:d0:f2:e6:7a:6d:f5:7c:72:aa:fb:cd:00:ba:bc:
         98:2f:61:c7:20:ec:50:33:3f:7e:7b:33:73:b9:c2:c6:07:54:
         7d:74:da:8c:c2:4a:af:44:18:21:fc:a8:7e:cc:a9:36:8f:e1:
         a2:6a:cd:bb:f5:19:d1:a5:19:0a:a6:a1:ca:ff:a6:76:ef:5c:
         99:94:a4:fa:04:e3:75:5a:fd:3b:de:d8:4c:10:f6:85:f1:d1:
         50:38:5c:77:d8:6c:7d:12:71:c3:99:a3:c3:66:c7:44:8a:3b:
         ed:a3:07:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAfVCM5n45EvVqefSrlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjExMzQ3NGZlYjE3MmE1NGRhMTczMmQwYjU2YjkwZTY2ZmE5ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLBvx9cdTXByU/Wq+MmGBAf8W3Bh
+4/xYJbHuR/FO074VqyQ9RlgG6rrhXgiZzCcZLsRMkVmU3u1qVWL7GTKpGxfz+Pm
iI6ohy8Q3bNi13lMZCYSoAAdB5rZNw3tuCRMN8K0v8zSfA3PGpek5Z9G7Awkkrxw
uwaw/936I2ljM6jFtYGCBEWr5kfsctgJWWXypXKOvLzOHPuacDZrhNd8RZ3G2Adk
ctyMiuufQ9kMi8PmQ2/qZmZy28rU9VDgept75zpFloYOWwHTjS+c7TltdkO1Za+w
lgW1hnu0/XkibplE0d4nWwOl/yzPZ1r0Eh3MFH9oDcy42UFz2yjv4MsdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8RNHT+sXKlTaFzLQtWuQ5m+p/rMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvUHhFMGRQNnhjcVZOb1hNdEMxYTVEbWI2bi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAF+tbugldzCdBU3o29Z7UH18sP/VLBBZGg1kFb1gOi
IThlyXDre4/zp1dcA23/mYcmKhx8wRYLEMusY65hmidtTXEPSX7fYtIp5/Vyd8gL
ifFoLJMSWCP5BDKgCohVU+vPILbMAPiRlBuN8BQg0O/cqZcKJPGBOJ8q+gIQl3o+
STNN6ndelwCw1XcFeZbyEGV/OIGr0PLmem31fHKq+80AuryYL2HHIOxQMz9+ezNz
ucLGB1R9dNqMwkqvRBgh/Kh+zKk2j+Gias279RnRpRkKpqHK/6Z271yZlKT6BON1
Wv073thMEPaF8dFQOFx32Gx9EnHDmaPDZsdEijvtowe5
-----END CERTIFICATE-----