Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/2hlTj7WU3AWqVblAoCBFtkmOPoU.roa
File:                     2hlTj7WU3AWqVblAoCBFtkmOPoU.roa (raw, json)
Hash identifier:          V9iJHKt77503S/z4r7FqqlcmWZJPg9vnjy7ix42foRg=
Subject key identifier:   DA:19:53:8F:B5:94:DC:05:AA:55:B9:40:A0:20:45:B6:49:8E:3E:85
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019249730AA368191F820F6B6076D1D8A34E
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/2hlTj7WU3AWqVblAoCBFtkmOPoU.roa
Signing time:             Tue 01 Oct 2024 18:58:49 +0000
ROA not before:           Tue 01 Oct 2024 18:58:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.21.253.0/24 maxlen: 24
                          185.21.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:49:73:0a:a3:68:19:1f:82:0f:6b:60:76:d1:d8:a3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Oct  1 18:58:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da19538fb594dc05aa55b940a02045b6498e3e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c8:c2:fb:89:e7:00:fa:e9:e5:54:26:d2:01:
                    b6:99:10:1f:5d:f3:fa:77:cb:e9:d5:bf:16:d1:a3:
                    fd:2e:fd:89:2d:ca:3d:78:5c:59:b7:c1:5c:91:35:
                    33:95:2a:f0:71:ea:1a:d5:fb:e3:43:1c:81:4a:a1:
                    10:a7:86:58:85:76:d5:6b:1e:07:a0:97:7f:ce:70:
                    a2:c5:43:8b:7a:65:4d:6a:4e:f1:4b:1a:56:4e:fd:
                    b5:9b:c7:2a:21:f1:91:0f:06:4f:5b:88:92:ee:d2:
                    95:87:0e:3d:2f:24:81:78:60:2b:0e:07:d2:52:b2:
                    93:ad:5e:2b:fb:99:69:82:b2:87:26:22:31:96:bc:
                    0e:fd:3d:44:3e:80:c1:d1:4d:89:fb:e1:85:10:08:
                    8f:fc:bb:63:27:89:e6:a4:fb:c6:61:5d:50:45:05:
                    99:02:7d:d1:14:4a:93:e1:35:ad:99:01:9a:10:42:
                    e0:86:03:00:0e:20:bc:c8:b0:86:46:81:54:ac:30:
                    31:22:68:61:9e:a4:c4:b8:34:79:f7:66:fd:de:02:
                    72:38:e2:17:6f:e1:4d:19:c4:80:f7:6d:5f:3a:37:
                    19:98:76:1d:de:11:13:e4:34:5c:75:3d:98:18:49:
                    38:88:93:a3:6e:b9:ca:c1:7b:53:8c:20:49:39:aa:
                    17:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:19:53:8F:B5:94:DC:05:AA:55:B9:40:A0:20:45:B6:49:8E:3E:85
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/2hlTj7WU3AWqVblAoCBFtkmOPoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0-185.21.254.255

    Signature Algorithm: sha256WithRSAEncryption
         c7:30:fa:ba:45:c7:a2:ff:df:25:d4:56:ac:52:dd:47:e2:94:
         07:8a:ee:ca:6c:68:a2:27:8f:f3:01:3d:8a:52:be:b9:ad:89:
         9f:7c:69:b3:87:e8:37:f9:a8:ec:73:4e:77:cc:c5:a0:ac:1b:
         22:5e:17:d9:69:c4:a0:25:f6:5d:e4:ff:6e:d3:b7:47:b4:c6:
         89:c8:b1:d3:d9:05:f1:d7:37:4d:be:ed:94:1e:86:18:ac:f2:
         84:fa:21:14:75:59:22:a0:df:39:73:35:93:82:95:10:f7:5c:
         76:0c:be:54:23:a6:29:49:24:a2:9a:18:22:60:c4:f0:86:16:
         8a:20:1c:40:ad:3a:41:6f:22:e5:fc:6d:e0:4a:5b:03:b2:17:
         2b:54:fe:ea:af:51:6c:ac:95:93:94:9d:f4:02:3f:70:b4:a8:
         c8:61:65:6b:7a:33:75:31:4c:1d:95:a2:c4:4a:aa:5f:4b:8c:
         f8:4a:81:7d:b3:3d:ce:a2:8d:bf:27:fd:df:57:f3:44:3d:00:
         92:4a:c3:33:c5:2c:55:e1:c6:d4:92:c3:ab:5f:ce:30:32:24:
         00:5a:3b:eb:1d:d1:08:f0:a0:a6:93:37:62:4d:a8:dd:da:fe:
         10:09:50:72:0b:f2:33:fb:66:29:09:54:8f:2e:09:24:cc:aa:
         22:f7:21:55
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJJcwqjaBkfgg9rYHbR2KNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQxMDAxMTg1ODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE5NTM4ZmI1OTRkYzA1YWE1NWI5NDBhMDIwNDViNjQ5OGUzZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysjC+4nnAPrp5VQm0gG2mRAfXfP6
d8vp1b8W0aP9Lv2JLco9eFxZt8FckTUzlSrwceoa1fvjQxyBSqEQp4ZYhXbVax4H
oJd/znCixUOLemVNak7xSxpWTv21m8cqIfGRDwZPW4iS7tKVhw49LySBeGArDgfS
UrKTrV4r+5lpgrKHJiIxlrwO/T1EPoDB0U2J++GFEAiP/LtjJ4nmpPvGYV1QRQWZ
An3RFEqT4TWtmQGaEELghgMADiC8yLCGRoFUrDAxImhhnqTEuDR592b93gJyOOIX
b+FNGcSA921fOjcZmHYd3hET5DRcdT2YGEk4iJOjbrnKwXtTjCBJOaoXCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNoZU4+1lNwFqlW5QKAgRbZJjj6FMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvMmhsVGo3V1UzQVdxVmJsQW9DQkZ0a21PUG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5Ff0D
BAC5Ff4wDQYJKoZIhvcNAQELBQADggEBAMcw+rpFx6L/3yXUVqxS3UfilAeK7sps
aKInj/MBPYpSvrmtiZ98abOH6Df5qOxzTnfMxaCsGyJeF9lpxKAl9l3k/27Tt0e0
xonIsdPZBfHXN02+7ZQehhis8oT6IRR1WSKg3zlzNZOClRD3XHYMvlQjpilJJKKa
GCJgxPCGFoogHECtOkFvIuX8beBKWwOyFytU/uqvUWyslZOUnfQCP3C0qMhhZWt6
M3UxTB2VosRKql9LjPhKgX2zPc6ijb8n/d9X80Q9AJJKwzPFLFXhxtSSw6tfzjAy
JABaO+sd0QjwoKaTN2JNqN3a/hAJUHIL8jP7ZikJVI8uCSTMqiL3IVU=
-----END CERTIFICATE-----