Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/D9kReuUfnqK0y7nk-I74tRESYYU.roa
File:                     D9kReuUfnqK0y7nk-I74tRESYYU.roa (raw, json)
Hash identifier:          onEFa0+ErZ1aSjQk8E05b4+s3hg4ZO35purvDEgyF2w=
Subject key identifier:   0F:D9:11:7A:E5:1F:9E:A2:B4:CB:B9:E4:F8:8E:F8:B5:11:12:61:85
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       01942747A632EEA7D16CFC5BAB38497E3BCE
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/D9kReuUfnqK0y7nk-I74tRESYYU.roa
Signing time:             Thu 02 Jan 2025 13:49:54 +0000
ROA not before:           Thu 02 Jan 2025 13:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212161
IP address blocks:        2.188.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a6:32:ee:a7:d1:6c:fc:5b:ab:38:49:7e:3b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fd9117ae51f9ea2b4cbb9e4f88ef8b511126185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9b:e0:f9:0e:89:95:4d:28:12:a4:8c:d5:59:
                    4d:20:df:a5:48:97:4e:cd:e4:58:50:a8:7a:fd:4c:
                    a7:10:0e:58:2a:16:bc:6c:9c:5e:82:77:90:9b:44:
                    21:de:6d:fb:c5:8c:32:a2:8a:88:f3:71:f5:c1:e8:
                    89:04:94:34:b4:32:52:46:55:48:b9:0f:31:d9:82:
                    92:28:2d:49:75:7c:23:94:8e:db:4e:1c:5d:dc:e1:
                    5b:68:ec:5f:5b:74:20:e2:48:fd:c1:68:0b:96:4b:
                    c7:3d:31:9d:c8:3d:2d:c0:c1:40:53:d3:75:d7:1a:
                    d2:af:0d:cc:af:e4:a5:77:21:94:cb:3f:57:b3:f4:
                    d7:8e:fb:16:46:d0:51:b3:3e:5d:16:b4:5e:14:08:
                    59:6a:42:5c:1f:73:4a:71:d9:9a:42:d9:51:0f:46:
                    3a:96:f3:7d:74:c2:1b:7b:df:bc:cd:6e:16:00:c9:
                    f4:29:ca:b0:c7:9f:28:b9:1d:9c:0b:17:ae:ba:f5:
                    26:98:37:01:24:8f:ad:64:1c:4c:03:03:b8:dd:95:
                    d6:15:f8:c7:fd:82:f1:c0:79:b2:94:d9:32:b7:5b:
                    fb:1f:fb:3e:3f:d0:6b:ed:00:95:ed:38:0a:64:20:
                    b5:96:59:4a:07:f9:7b:36:21:65:ff:c5:b3:b0:dd:
                    76:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:D9:11:7A:E5:1F:9E:A2:B4:CB:B9:E4:F8:8E:F8:B5:11:12:61:85
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/D9kReuUfnqK0y7nk-I74tRESYYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:b7:20:8c:45:2b:67:b6:22:d7:c5:21:43:31:3f:8d:6b:39:
         37:20:90:1d:ca:bd:b7:32:de:b0:fd:50:9f:64:81:e1:65:d4:
         fa:38:b4:03:f8:39:31:0e:72:b2:47:ca:a2:62:1b:20:1b:4a:
         57:9f:c6:0d:14:b0:bb:41:38:e7:81:90:59:2d:ca:1e:b1:68:
         71:2e:1b:10:16:02:eb:12:b9:58:a3:c4:b6:0b:5e:0c:95:d7:
         09:70:9f:07:b9:3f:52:e8:55:0c:ec:84:c7:27:b2:a9:60:6e:
         a3:ee:1e:37:98:ff:31:24:51:43:12:47:58:c7:5c:0a:e6:2a:
         30:c4:d4:51:77:27:6d:5b:c7:b0:c5:53:e7:22:3f:5a:80:53:
         16:98:99:54:b7:24:41:4a:46:5b:a1:64:d3:97:3d:f8:2d:e3:
         61:d1:35:85:2c:74:0a:b8:2a:b2:81:93:64:a8:b8:63:73:b5:
         a1:2f:46:86:df:ea:72:72:86:8b:df:8c:f5:b9:71:17:27:ea:
         66:8a:b2:bd:c3:d6:96:4a:21:53:3d:dd:db:c5:6b:e9:ec:fc:
         aa:44:ce:2f:82:64:1e:ff:e2:d2:2a:2d:e1:c3:0a:b2:11:f7:
         00:cd:28:bb:48:6c:a2:71:da:f3:af:d7:b0:1b:a5:8e:49:cf:
         cd:1b:39:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6Yy7qfRbPxbqzhJfjvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmQ5MTE3YWU1MWY5ZWEyYjRjYmI5ZTRmODhlZjhiNTExMTI2MTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJvg+Q6JlU0oEqSM1VlNIN+lSJdO
zeRYUKh6/UynEA5YKha8bJxegneQm0Qh3m37xYwyooqI83H1weiJBJQ0tDJSRlVI
uQ8x2YKSKC1JdXwjlI7bThxd3OFbaOxfW3Qg4kj9wWgLlkvHPTGdyD0twMFAU9N1
1xrSrw3Mr+SldyGUyz9Xs/TXjvsWRtBRsz5dFrReFAhZakJcH3NKcdmaQtlRD0Y6
lvN9dMIbe9+8zW4WAMn0Kcqwx58ouR2cCxeuuvUmmDcBJI+tZBxMAwO43ZXWFfjH
/YLxwHmylNkyt1v7H/s+P9Br7QCV7TgKZCC1lllKB/l7NiFl/8WzsN12DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/ZEXrlH56itMu55PiO+LUREmGFMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvRDlrUmV1VWZucUsweTduay1JNzR0UkVTWVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAArzlMA0G
CSqGSIb3DQEBCwUAA4IBAQCltyCMRStntiLXxSFDMT+Nazk3IJAdyr23Mt6w/VCf
ZIHhZdT6OLQD+DkxDnKyR8qiYhsgG0pXn8YNFLC7QTjngZBZLcoesWhxLhsQFgLr
ErlYo8S2C14MldcJcJ8HuT9S6FUM7ITHJ7KpYG6j7h43mP8xJFFDEkdYx1wK5iow
xNRRdydtW8ewxVPnIj9agFMWmJlUtyRBSkZboWTTlz34LeNh0TWFLHQKuCqygZNk
qLhjc7WhL0aG3+pycoaL34z1uXEXJ+pmirK9w9aWSiFTPd3bxWvp7PyqRM4vgmQe
/+LSKi3hwwqyEfcAzSi7SGyicdrzr9ewG6WOSc/NGzmS
-----END CERTIFICATE-----