Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2uqfE3wlu2mK8kTtPAOG6IwmpWU.roa
File:                     2uqfE3wlu2mK8kTtPAOG6IwmpWU.roa (raw, json)
Hash identifier:          MjeX99ohxCy7M0QvdKUOqgv644yAnOfDxHeyEhtyZA4=
Subject key identifier:   DA:EA:9F:13:7C:25:BB:69:8A:F2:44:ED:3C:03:86:E8:8C:26:A5:65
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D8F210CFBB39647DB3E721DB32D97
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2uqfE3wlu2mK8kTtPAOG6IwmpWU.roa
Signing time:             Wed 01 Jan 2025 15:48:10 +0000
ROA not before:           Wed 01 Jan 2025 15:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12480
IP address blocks:        194.120.43.0/24 maxlen: 24
                          194.121.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8f:21:0c:fb:b3:96:47:db:3e:72:1d:b3:2d:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daea9f137c25bb698af244ed3c0386e88c26a565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8a:4f:90:de:08:54:cf:75:ec:57:66:2d:eb:
                    f2:59:b1:bb:56:84:9e:3a:a7:b2:d3:f6:5d:a9:f8:
                    66:cb:bb:3b:34:5f:36:55:08:40:02:05:98:55:6b:
                    47:95:c5:5f:fa:c5:55:dc:08:75:60:40:ee:27:f8:
                    42:91:ef:9a:d2:e3:2c:66:1e:a7:e4:53:ab:2b:ce:
                    b9:94:ca:02:75:50:08:86:d4:85:f4:25:54:66:c9:
                    1d:58:46:44:0a:5b:2e:e7:82:22:de:f2:ac:0a:b2:
                    e2:6d:46:ab:44:08:25:6f:40:31:48:56:25:2a:2c:
                    63:2c:0f:76:66:4e:ed:88:5f:d6:95:07:01:ef:be:
                    30:87:47:67:69:27:07:65:5a:e5:58:5d:14:39:07:
                    2f:63:c9:fe:eb:74:67:8d:d2:59:8b:2f:ef:f7:4b:
                    f5:74:41:ed:69:62:9f:03:dc:13:51:dc:21:19:1d:
                    43:68:f5:22:d8:b7:e5:64:d1:fe:7f:97:5c:c0:ed:
                    53:4e:00:6a:f8:73:10:9a:5b:1c:a2:c2:5b:84:2e:
                    dd:70:41:29:ad:3a:8f:95:57:38:29:fd:88:d4:2e:
                    58:c5:e2:50:c4:36:14:54:2a:09:0a:33:b5:9f:84:
                    c8:d4:10:d6:ca:91:df:7b:0a:6f:bf:3b:35:4b:0d:
                    c8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:EA:9F:13:7C:25:BB:69:8A:F2:44:ED:3C:03:86:E8:8C:26:A5:65
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/2uqfE3wlu2mK8kTtPAOG6IwmpWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.43.0/24
                  194.121.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:9c:5f:cc:7f:28:6f:b2:8a:34:e1:b6:52:4c:01:ad:c9:89:
         83:65:b8:83:e1:24:95:e6:6f:6e:5d:b9:13:a8:9c:14:25:14:
         eb:10:20:fe:f7:bf:b9:e2:5d:fa:bd:ca:d0:8d:6f:77:2f:94:
         65:c4:4b:19:49:03:26:9b:43:42:e2:c3:6b:01:0a:80:53:2c:
         e3:f4:a9:6c:ae:1e:01:19:2a:69:b9:c1:d9:7b:8f:c2:d9:8e:
         a6:1a:f5:0c:12:46:43:55:01:fc:a9:38:d5:dd:4f:33:14:10:
         e0:b8:bd:71:43:32:20:28:90:0b:7e:ca:83:49:c1:20:6f:28:
         9b:5b:a9:fc:4c:eb:7b:55:f9:e5:bb:73:ee:d1:86:0f:8e:e6:
         1a:7d:db:de:3b:a0:52:5c:0f:90:c4:4d:33:5a:f8:c0:d7:8e:
         1c:a4:10:c2:bd:dc:d5:e3:21:6f:b3:46:fc:3e:04:76:ac:ee:
         09:70:82:5a:a7:79:6e:93:01:56:b5:18:23:e3:ca:37:02:13:
         50:77:57:b8:26:ec:4c:40:c4:c8:7f:d7:46:3a:91:7e:4a:a3:
         84:b4:1b:64:a8:a2:f9:2b:91:2d:b8:d0:90:9b:ad:44:31:3b:
         a3:8a:8f:64:bd:3b:5b:37:12:a1:9c:1f:b7:11:9a:25:84:dd:
         53:bf:1a:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijY8hDPuzlkfbPnIdsy2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWVhOWYxMzdjMjViYjY5OGFmMjQ0ZWQzYzAzODZlODhjMjZhNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4pPkN4IVM917FdmLevyWbG7VoSe
Oqey0/Zdqfhmy7s7NF82VQhAAgWYVWtHlcVf+sVV3Ah1YEDuJ/hCke+a0uMsZh6n
5FOrK865lMoCdVAIhtSF9CVUZskdWEZEClsu54Ii3vKsCrLibUarRAglb0AxSFYl
KixjLA92Zk7tiF/WlQcB774wh0dnaScHZVrlWF0UOQcvY8n+63RnjdJZiy/v90v1
dEHtaWKfA9wTUdwhGR1DaPUi2LflZNH+f5dcwO1TTgBq+HMQmlscosJbhC7dcEEp
rTqPlVc4Kf2I1C5YxeJQxDYUVCoJCjO1n4TI1BDWypHfewpvvzs1Sw3IJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNrqnxN8JbtpivJE7TwDhuiMJqVlMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMnVxZkUzd2x1Mm1LOGtUdFBBT0c2SXdtcFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwngrAwQA
wnnLMA0GCSqGSIb3DQEBCwUAA4IBAQARnF/Mfyhvsoo04bZSTAGtyYmDZbiD4SSV
5m9uXbkTqJwUJRTrECD+97+54l36vcrQjW93L5RlxEsZSQMmm0NC4sNrAQqAUyzj
9Klsrh4BGSppucHZe4/C2Y6mGvUMEkZDVQH8qTjV3U8zFBDguL1xQzIgKJALfsqD
ScEgbyibW6n8TOt7Vfnlu3Pu0YYPjuYafdveO6BSXA+QxE0zWvjA144cpBDCvdzV
4yFvs0b8PgR2rO4JcIJap3lukwFWtRgj48o3AhNQd1e4JuxMQMTIf9dGOpF+SqOE
tBtkqKL5K5EtuNCQm61EMTujio9kvTtbNxKhnB+3EZolhN1Tvxqu
-----END CERTIFICATE-----