Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/2IV1bBm-jP-2jVh24cTBD-F_aCY.roa
File:                     2IV1bBm-jP-2jVh24cTBD-F_aCY.roa (raw, json)
Hash identifier:          LoxyFwAORqX/gMob6dkhVaBmKh5ZSU1hWQKi2nkbQgw=
Subject key identifier:   D8:85:75:6C:19:BE:8C:FF:B6:8D:58:76:E1:C4:C1:0F:E1:7F:68:26
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       019426D99E53C50B058F7911A01846E6B681
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/2IV1bBm-jP-2jVh24cTBD-F_aCY.roa
Signing time:             Thu 02 Jan 2025 11:49:43 +0000
ROA not before:           Thu 02 Jan 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34965
IP address blocks:        85.235.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9e:53:c5:0b:05:8f:79:11:a0:18:46:e6:b6:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: Jan  2 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d885756c19be8cffb68d5876e1c4c10fe17f6826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:4c:5b:01:c5:2b:fd:3e:29:21:61:47:72:
                    ee:e6:13:61:a1:4e:3f:a8:9a:56:c0:06:dc:85:1c:
                    1e:6d:18:80:b2:fe:e2:67:a1:34:a6:30:7a:de:39:
                    95:7a:d0:11:5c:a1:08:9c:03:02:4f:dc:ed:1b:05:
                    4c:72:a0:b7:00:fb:c3:d9:f7:78:e9:61:ab:a0:ca:
                    9d:01:70:a6:06:be:1f:14:e5:60:8c:53:d7:89:72:
                    3c:30:9e:f3:d6:53:5a:be:4c:2f:8d:a2:f7:90:22:
                    c1:a2:07:39:4b:8f:7b:f8:60:04:31:3e:6a:37:77:
                    15:dc:a3:04:f3:22:1f:0f:1c:88:90:98:d1:81:44:
                    98:0e:82:c9:4d:fb:21:d2:6f:5d:17:1a:07:6e:5a:
                    10:4e:52:8e:32:f8:12:f3:e0:81:d7:40:77:7a:65:
                    40:58:7b:94:a2:0a:53:1d:89:c2:97:64:d9:23:51:
                    7a:b1:6a:5b:a4:42:c1:3e:9f:be:08:86:78:86:79:
                    6b:b4:db:59:5e:93:4c:3d:b8:a2:a5:aa:e8:96:62:
                    3b:5c:18:71:3d:f2:31:f6:60:72:83:60:7c:10:3a:
                    22:61:02:90:30:0e:f3:5f:e8:7f:22:e7:7d:dd:94:
                    c0:5c:4d:fd:b9:9d:71:eb:61:3e:80:58:43:c4:b9:
                    69:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:85:75:6C:19:BE:8C:FF:B6:8D:58:76:E1:C4:C1:0F:E1:7F:68:26
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/2IV1bBm-jP-2jVh24cTBD-F_aCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         29:0d:7f:f6:a1:13:7f:3e:27:49:08:8c:65:1a:a4:74:ff:51:
         22:8d:da:38:35:02:4a:a0:02:15:45:e3:07:1a:5c:47:c1:8f:
         56:0d:00:9c:f9:9b:ec:df:6e:99:14:dd:c1:ad:96:d5:ab:98:
         5f:ed:aa:ad:82:a3:a0:96:99:1e:84:31:df:d2:75:fb:fd:93:
         5e:0b:f7:ba:fb:e4:18:1e:73:81:b2:4a:9e:ca:2d:98:fe:c8:
         93:20:b3:98:cf:f4:62:a6:59:50:f8:09:c1:d5:e1:57:0f:53:
         72:ad:3e:a3:75:2b:ce:29:4a:f2:6f:80:6e:51:c0:02:0d:30:
         38:de:c2:7c:c2:d9:38:8d:29:d5:c5:01:f7:b2:db:30:70:d8:
         f2:29:ce:2c:f2:19:6b:d4:6b:b0:44:3d:2d:8b:67:8c:dc:c6:
         0b:92:ec:75:3b:7c:60:5f:45:5d:29:f2:3f:69:53:88:48:00:
         61:bd:30:07:72:05:eb:b1:73:40:47:25:27:fb:79:c9:5f:85:
         c4:a1:0b:ae:19:0c:02:b8:b9:7d:d1:bb:17:bc:45:f6:a4:2e:
         63:7f:7e:4b:3c:f8:50:27:93:e5:99:3e:03:6b:3e:2e:22:76:
         10:a0:44:e6:29:b0:69:30:37:a3:ab:9c:dc:f8:13:8f:36:55:
         09:95:c8:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Z5TxQsFj3kRoBhG5raBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjUwMTAyMTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg1NzU2YzE5YmU4Y2ZmYjY4ZDU4NzZlMWM0YzEwZmUxN2Y2ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv9MWwHFK/0+KSFhR3Lu5hNhoU4/
qJpWwAbchRwebRiAsv7iZ6E0pjB63jmVetARXKEInAMCT9ztGwVMcqC3APvD2fd4
6WGroMqdAXCmBr4fFOVgjFPXiXI8MJ7z1lNavkwvjaL3kCLBogc5S497+GAEMT5q
N3cV3KME8yIfDxyIkJjRgUSYDoLJTfsh0m9dFxoHbloQTlKOMvgS8+CB10B3emVA
WHuUogpTHYnCl2TZI1F6sWpbpELBPp++CIZ4hnlrtNtZXpNMPbiiparolmI7XBhx
PfIx9mByg2B8EDoiYQKQMA7zX+h/Iud93ZTAXE39uZ1x62E+gFhDxLlp+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiFdWwZvoz/to1YduHEwQ/hf2gmMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvMklWMWJCbS1qUC0yalZoMjRjVEJELUZfYUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVesAMA0G
CSqGSIb3DQEBCwUAA4IBAQApDX/2oRN/PidJCIxlGqR0/1Eijdo4NQJKoAIVReMH
GlxHwY9WDQCc+Zvs326ZFN3BrZbVq5hf7aqtgqOglpkehDHf0nX7/ZNeC/e6++QY
HnOBskqeyi2Y/siTILOYz/RipllQ+AnB1eFXD1NyrT6jdSvOKUryb4BuUcACDTA4
3sJ8wtk4jSnVxQH3stswcNjyKc4s8hlr1GuwRD0ti2eM3MYLkux1O3xgX0VdKfI/
aVOISABhvTAHcgXrsXNARyUn+3nJX4XEoQuuGQwCuLl90bsXvEX2pC5jf35LPPhQ
J5PlmT4Daz4uInYQoETmKbBpMDejq5zc+BOPNlUJlcgv
-----END CERTIFICATE-----