Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/2bzVPZyO8vistXfx3PCF3YdDowM.roa
File:                     2bzVPZyO8vistXfx3PCF3YdDowM.roa (raw, json)
Hash identifier:          Hk0DUFVnHFZsNk7s3eyLbbXd7WWqibgXK7H6CcWmKmg=
Subject key identifier:   D9:BC:D5:3D:9C:8E:F2:F8:AC:B5:77:F1:DC:F0:85:DD:87:43:A3:03
Certificate issuer:       /CN=500596ce6073e8ededc5105f814ec97191b5e1d5
Certificate serial:       0194258FAB4B50FB7DA0689138FF066595BE
Authority key identifier: 50:05:96:CE:60:73:E8:ED:ED:C5:10:5F:81:4E:C9:71:91:B5:E1:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/2bzVPZyO8vistXfx3PCF3YdDowM.roa
Signing time:             Thu 02 Jan 2025 05:49:19 +0000
ROA not before:           Thu 02 Jan 2025 05:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42473
IP address blocks:        185.140.140.0/22 maxlen: 23
                          2a07:1b80::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ab:4b:50:fb:7d:a0:68:91:38:ff:06:65:95:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500596ce6073e8ededc5105f814ec97191b5e1d5
        Validity
            Not Before: Jan  2 05:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9bcd53d9c8ef2f8acb577f1dcf085dd8743a303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fe:ab:db:be:b1:d9:1e:3b:11:f1:b5:73:87:
                    6a:5d:9c:a6:33:21:17:28:a9:2a:b8:6b:18:95:6f:
                    4d:2e:da:19:98:d6:59:0e:ba:eb:bd:28:4d:ce:39:
                    da:b1:ab:8e:4c:48:10:69:e4:5f:c1:46:81:1f:4f:
                    18:94:0c:90:c0:82:ca:c5:83:05:79:8d:f1:fe:b2:
                    2c:80:c4:cb:2e:1c:7b:9a:f0:52:be:dd:63:0a:b0:
                    39:db:70:3f:f3:e1:1e:35:3a:f6:c8:f6:7b:5d:e0:
                    64:5b:eb:ea:1d:59:66:5c:14:fc:9c:68:8b:34:c0:
                    18:9f:ca:bc:e9:64:82:80:62:e6:84:67:39:7c:7b:
                    b4:84:25:bc:8e:68:60:c8:72:b9:7c:fe:6d:13:b4:
                    33:31:eb:d4:9d:52:52:da:56:1f:e9:34:8f:82:a3:
                    df:e2:61:57:7c:7f:da:8a:28:80:ad:8a:c9:0c:9a:
                    1c:ec:1d:f5:0f:97:37:d8:f5:0a:b6:3b:aa:fa:23:
                    bc:d0:9f:1e:fd:c7:a2:b8:9b:13:b7:e6:6d:24:50:
                    1a:a7:ac:c6:50:e0:36:2a:b1:ff:4e:fb:3a:50:bb:
                    76:c4:19:86:0c:ca:3b:2d:bb:b3:73:58:9f:32:6f:
                    62:85:39:60:b0:49:c9:f4:62:e2:a6:80:29:83:4f:
                    98:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BC:D5:3D:9C:8E:F2:F8:AC:B5:77:F1:DC:F0:85:DD:87:43:A3:03
            X509v3 Authority Key Identifier:
                keyid:50:05:96:CE:60:73:E8:ED:ED:C5:10:5F:81:4E:C9:71:91:B5:E1:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAWWzmBz6O3txRBfgU7JcZG14dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/2bzVPZyO8vistXfx3PCF3YdDowM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4a2604-66b6-4cb0-9d1e-1e167fa113b2/1/UAWWzmBz6O3txRBfgU7JcZG14dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.140.0/22
                IPv6:
                  2a07:1b80::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:c5:fb:ed:65:30:fd:b5:eb:a6:35:d9:67:4e:30:b9:ca:17:
         44:92:0c:c0:a6:28:4b:89:d8:ff:ba:18:28:cf:59:fe:bd:6a:
         68:79:e7:27:29:b6:5e:b5:43:70:90:e0:dd:3f:80:f9:c7:10:
         f1:fd:57:63:60:1e:e3:5a:ca:cd:9a:08:9f:f5:64:c8:17:11:
         4a:1f:72:cc:ca:0f:68:34:e2:b2:9b:f1:dc:57:0a:77:ba:22:
         13:6c:4c:25:25:2b:4d:b3:97:52:f4:7f:7c:91:35:9f:05:db:
         4a:85:d7:13:c9:a5:e6:5d:61:6a:66:2b:6f:37:42:7e:d4:28:
         30:5c:15:5a:a8:37:aa:25:3a:2b:2e:a9:da:10:a5:88:3c:46:
         0a:01:e3:ca:df:2b:44:b9:d3:12:74:d5:ca:f3:45:b6:00:c2:
         06:7b:92:d3:88:61:d5:51:b5:28:6d:5d:db:57:d4:da:9b:79:
         7a:d7:97:36:1a:63:9a:27:8d:f3:1d:71:ee:11:93:ca:22:a2:
         16:cf:4b:8f:60:2f:00:0c:5a:2d:0a:ba:56:04:d6:92:ea:c3:
         fd:17:c8:66:ca:18:60:b8:c6:bc:19:6b:14:32:67:14:e1:4c:
         13:bd:14:cf:c1:3c:14:9a:a8:1a:43:ab:c5:3a:4b:ee:7f:6d:
         11:a8:f6:41
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQlj6tLUPt9oGiROP8GZZW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDU5NmNlNjA3M2U4ZWRlZGM1MTA1ZjgxNGVjOTcxOTFi
NWUxZDUwHhcNMjUwMTAyMDU0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWJjZDUzZDljOGVmMmY4YWNiNTc3ZjFkY2YwODVkZDg3NDNhMzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf6r276x2R47EfG1c4dqXZymMyEX
KKkquGsYlW9NLtoZmNZZDrrrvShNzjnasauOTEgQaeRfwUaBH08YlAyQwILKxYMF
eY3x/rIsgMTLLhx7mvBSvt1jCrA523A/8+EeNTr2yPZ7XeBkW+vqHVlmXBT8nGiL
NMAYn8q86WSCgGLmhGc5fHu0hCW8jmhgyHK5fP5tE7QzMevUnVJS2lYf6TSPgqPf
4mFXfH/aiiiArYrJDJoc7B31D5c32PUKtjuq+iO80J8e/ceiuJsTt+ZtJFAap6zG
UOA2KrH/Tvs6ULt2xBmGDMo7Lbuzc1ifMm9ihTlgsEnJ9GLipoApg0+YNQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNm81T2cjvL4rLV38dzwhd2HQ6MDMB8GA1UdIwQY
MBaAFFAFls5gc+jt7cUQX4FOyXGRteHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFXV3ptQno2TzN0eFJCZmdVN0pjWkcxNGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80YTI2MDQtNjZiNi00Y2IwLTlkMWUt
MWUxNjdmYTExM2IyLzEvMmJ6VlBaeU84dmlzdFhmeDNQQ0YzWWREb3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80YTI2MDQtNjZiNi00Y2IwLTlkMWUtMWUxNjdmYTExM2Iy
LzEvVUFXV3ptQno2TzN0eFJCZmdVN0pjWkcxNGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuYyMMA4E
AgACMAgDBgAqBxuAADANBgkqhkiG9w0BAQsFAAOCAQEAiMX77WUw/bXrpjXZZ04w
ucoXRJIMwKYoS4nY/7oYKM9Z/r1qaHnnJym2XrVDcJDg3T+A+ccQ8f1XY2Ae41rK
zZoIn/VkyBcRSh9yzMoPaDTispvx3FcKd7oiE2xMJSUrTbOXUvR/fJE1nwXbSoXX
E8ml5l1hamYrbzdCftQoMFwVWqg3qiU6Ky6p2hCliDxGCgHjyt8rRLnTEnTVyvNF
tgDCBnuS04hh1VG1KG1d21fU2pt5eteXNhpjmieN8x1x7hGTyiKiFs9Lj2AvAAxa
LQq6VgTWkurD/RfIZsoYYLjGvBlrFDJnFOFME70Uz8E8FJqoGkOrxTpL7n9tEaj2
QQ==
-----END CERTIFICATE-----