Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/2NhKjFbuAMp_doRz4AUPYRbSyEU.roa
File:                     2NhKjFbuAMp_doRz4AUPYRbSyEU.roa (raw, json)
Hash identifier:          IgIsz5WqF9AXjPzeVD1tKo5xC9L3dTvcfnef5uQtbKI=
Subject key identifier:   D8:D8:4A:8C:56:EE:00:CA:7F:76:84:73:E0:05:0F:61:16:D2:C8:45
Certificate issuer:       /CN=bda3d0bb422b0bca706716c20f7ad58dd2765471
Certificate serial:       0194222004423015073F75CDB76D13B7B991
Authority key identifier: BD:A3:D0:BB:42:2B:0B:CA:70:67:16:C2:0F:7A:D5:8D:D2:76:54:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/2NhKjFbuAMp_doRz4AUPYRbSyEU.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61415
IP address blocks:        185.7.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:04:42:30:15:07:3f:75:cd:b7:6d:13:b7:b9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda3d0bb422b0bca706716c20f7ad58dd2765471
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8d84a8c56ee00ca7f768473e0050f6116d2c845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:be:13:70:84:fd:d4:59:20:b7:c8:cc:72:59:
                    4a:7f:bf:a1:59:d5:81:75:2b:df:b2:1e:ae:37:fd:
                    c0:dc:ed:6d:78:8f:0c:f0:b3:97:57:fe:4f:6c:bb:
                    63:82:3a:a0:67:29:47:28:bc:69:45:4c:90:e0:54:
                    47:b9:43:24:6c:8a:8d:eb:c1:95:18:d1:d6:e9:a7:
                    8a:fd:e5:31:b3:bb:6a:c9:f1:dd:3b:a3:34:ec:df:
                    14:d9:de:99:4b:ac:4c:ed:77:b2:a6:73:e9:02:4c:
                    68:5f:54:c1:e2:50:3d:11:11:3b:a9:00:ab:94:66:
                    ef:8f:dd:3b:42:40:66:17:ed:df:6e:a7:2d:2f:b4:
                    6c:af:c2:1f:8e:a7:a4:09:65:33:cb:c5:17:82:c2:
                    d0:40:4d:f3:84:d2:9c:43:cf:17:78:b5:40:56:33:
                    ed:3e:17:06:d8:be:9d:a2:f7:1d:c6:4c:5b:0d:d3:
                    b2:d6:18:69:66:64:5f:3c:bb:2a:3d:c5:82:27:0e:
                    df:23:a4:0c:17:c0:7b:25:b0:a2:22:4f:b6:38:ca:
                    07:7e:f6:02:89:30:36:68:77:ff:a7:d8:af:6d:7e:
                    4d:8c:8b:47:de:eb:02:10:3d:df:02:99:d8:f6:38:
                    90:37:8f:43:81:39:4b:0a:b3:63:16:14:a2:55:0d:
                    a3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D8:4A:8C:56:EE:00:CA:7F:76:84:73:E0:05:0F:61:16:D2:C8:45
            X509v3 Authority Key Identifier:
                keyid:BD:A3:D0:BB:42:2B:0B:CA:70:67:16:C2:0F:7A:D5:8D:D2:76:54:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/2NhKjFbuAMp_doRz4AUPYRbSyEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:57:51:ef:45:e9:32:39:cd:c0:ef:71:ca:90:03:7c:77:34:
         5e:2e:a4:e3:d1:09:e3:79:02:e8:ae:6b:b9:fe:fc:29:5d:2c:
         4d:cb:6f:7f:be:ed:73:47:ae:7e:f1:0b:1f:a0:14:cb:87:b7:
         8c:2b:e4:9e:b6:b4:3a:91:7e:de:67:78:8b:9e:23:97:a6:39:
         40:36:dd:54:3c:54:2b:50:88:13:f5:9c:f3:e4:22:04:33:d0:
         41:fd:72:3d:15:85:cc:73:d1:e7:1c:ab:01:c9:c1:a6:d6:7c:
         2d:ca:af:c7:c4:3d:fb:47:95:58:64:61:ba:e2:67:1a:4b:e1:
         f1:5b:95:5e:1f:49:04:a1:c6:0c:77:34:8d:20:3b:36:ae:6e:
         53:f5:5a:37:45:5a:07:78:d6:de:46:47:96:f3:9a:44:f9:bc:
         83:02:1c:b5:b9:ce:50:35:50:06:c4:e7:02:e5:bf:af:c1:25:
         be:5c:cc:d5:e6:56:3c:cb:0b:22:a8:27:3f:12:6c:23:29:4a:
         30:fe:53:80:ef:45:6e:ea:b4:1f:6d:ff:da:51:29:08:f4:ba:
         ae:1b:d4:27:22:e3:17:37:a0:d6:c4:f0:27:80:93:86:9e:51:
         e8:07:ce:c4:0d:7c:18:3c:97:d3:63:44:7a:20:fb:30:1b:c0:
         25:da:d1:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIARCMBUHP3XNt20Tt7mRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTNkMGJiNDIyYjBiY2E3MDY3MTZjMjBmN2FkNThkZDI3
NjU0NzEwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQ4NGE4YzU2ZWUwMGNhN2Y3Njg0NzNlMDA1MGY2MTE2ZDJjODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b4TcIT91Fkgt8jMcllKf7+hWdWB
dSvfsh6uN/3A3O1teI8M8LOXV/5PbLtjgjqgZylHKLxpRUyQ4FRHuUMkbIqN68GV
GNHW6aeK/eUxs7tqyfHdO6M07N8U2d6ZS6xM7XeypnPpAkxoX1TB4lA9ERE7qQCr
lGbvj907QkBmF+3fbqctL7Rsr8IfjqekCWUzy8UXgsLQQE3zhNKcQ88XeLVAVjPt
PhcG2L6dovcdxkxbDdOy1hhpZmRfPLsqPcWCJw7fI6QMF8B7JbCiIk+2OMoHfvYC
iTA2aHf/p9ivbX5NjItH3usCED3fApnY9jiQN49DgTlLCrNjFhSiVQ2jKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjYSoxW7gDKf3aEc+AFD2EW0shFMB8GA1UdIwQY
MBaAFL2j0LtCKwvKcGcWwg961Y3SdlRxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFQUXUwSXJDOHB3WnhiQ0QzclZqZEoyVkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mOGE0NmUtYmRmZC00ZGY2LTgyNjEt
ZjIzMjgzNjAxNzY0LzEvMk5oS2pGYnVBTXBfZG9SejRBVVBZUmJTeUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mOGE0NmUtYmRmZC00ZGY2LTgyNjEtZjIzMjgzNjAxNzY0
LzEvdmFQUXUwSXJDOHB3WnhiQ0QzclZqZEoyVkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQc4MA0G
CSqGSIb3DQEBCwUAA4IBAQAaV1HvRekyOc3A73HKkAN8dzReLqTj0QnjeQLormu5
/vwpXSxNy29/vu1zR65+8QsfoBTLh7eMK+SetrQ6kX7eZ3iLniOXpjlANt1UPFQr
UIgT9Zzz5CIEM9BB/XI9FYXMc9HnHKsBycGm1nwtyq/HxD37R5VYZGG64mcaS+Hx
W5VeH0kEocYMdzSNIDs2rm5T9Vo3RVoHeNbeRkeW85pE+byDAhy1uc5QNVAGxOcC
5b+vwSW+XMzV5lY8ywsiqCc/EmwjKUow/lOA70Vu6rQfbf/aUSkI9LquG9QnIuMX
N6DWxPAngJOGnlHoB87EDXwYPJfTY0R6IPswG8Al2tHx
-----END CERTIFICATE-----