Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/2tiVBKWJb3sKibII0w4_JEP8cX8.roa
File:                     2tiVBKWJb3sKibII0w4_JEP8cX8.roa (raw, json)
Hash identifier:          yXLW83i0e/6bCMs04Sj4WwVKDgNnsbMkg4zpZba2Js0=
Subject key identifier:   DA:D8:95:04:A5:89:6F:7B:0A:89:B2:08:D3:0E:3F:24:43:FC:71:7F
Certificate issuer:       /CN=c15ee2d909c9b75c6d2084e3379bf03274b776f4
Certificate serial:       01941F8C30E61D04E0C32DFDF4026F7DC8D9
Authority key identifier: C1:5E:E2:D9:09:C9:B7:5C:6D:20:84:E3:37:9B:F0:32:74:B7:76:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/2tiVBKWJb3sKibII0w4_JEP8cX8.roa
Signing time:             Wed 01 Jan 2025 01:47:48 +0000
ROA not before:           Wed 01 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        193.135.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:30:e6:1d:04:e0:c3:2d:fd:f4:02:6f:7d:c8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15ee2d909c9b75c6d2084e3379bf03274b776f4
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dad89504a5896f7b0a89b208d30e3f2443fc717f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4f:b1:30:71:7b:7b:90:a0:e0:6d:52:1e:8c:
                    1d:32:20:6f:84:42:cc:f9:e5:46:e0:65:4a:c0:42:
                    d3:3f:8d:32:05:4e:be:aa:a3:d5:b5:76:51:46:ed:
                    68:7a:bb:cc:21:4b:8d:9c:6d:e7:f7:38:9a:2f:df:
                    75:15:96:c7:ac:74:9e:ad:b4:b4:04:54:70:af:2c:
                    fa:82:31:eb:ea:20:2a:f2:ad:54:fa:98:eb:8d:ec:
                    bc:8c:9e:f7:f0:98:db:6e:49:42:bd:89:56:12:cf:
                    b8:37:d0:b5:98:0f:ef:a1:05:c5:69:55:8a:6f:ca:
                    8c:1a:57:b2:3c:7e:21:c5:98:d5:39:5c:d5:e0:e3:
                    22:6f:84:9e:ef:91:ca:de:41:70:95:8d:8d:e7:e9:
                    5d:3b:55:eb:27:2f:ca:76:40:2c:4c:55:f3:be:0a:
                    6f:61:72:b1:2c:dd:d3:da:e2:c2:89:28:54:a2:19:
                    34:6f:12:ff:92:4e:31:8f:1a:a2:4e:97:e3:5f:84:
                    c7:90:6c:bb:64:9d:e0:bc:63:d3:4b:be:a9:c5:ea:
                    06:87:ac:5a:fa:97:96:02:30:7f:d4:94:24:7b:7b:
                    4b:34:f4:06:44:16:4c:4a:98:a5:f4:0b:79:51:cc:
                    53:77:57:64:6c:17:2e:3c:a9:49:57:0e:47:45:8d:
                    cc:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D8:95:04:A5:89:6F:7B:0A:89:B2:08:D3:0E:3F:24:43:FC:71:7F
            X509v3 Authority Key Identifier:
                keyid:C1:5E:E2:D9:09:C9:B7:5C:6D:20:84:E3:37:9B:F0:32:74:B7:76:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV7i2QnJt1xtIITjN5vwMnS3dvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/2tiVBKWJb3sKibII0w4_JEP8cX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a765da-4aa1-47a2-8b5d-ebe43905eb81/1/wV7i2QnJt1xtIITjN5vwMnS3dvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:48:dd:32:f0:c9:3f:0a:19:f7:69:1f:10:74:e9:a1:a9:e9:
         86:98:62:16:07:a7:7f:f9:33:04:23:bc:8b:23:c9:d3:90:6c:
         15:32:5d:39:e6:51:c0:a5:b9:13:63:01:fe:5d:5e:6f:9e:79:
         dc:c6:c1:f3:10:b9:a6:66:85:e2:a1:0e:2f:4f:f0:85:61:d6:
         10:66:9f:1a:92:2a:3f:28:24:6a:0a:e0:c8:c2:d2:81:ab:74:
         27:e2:98:37:10:ce:92:f6:fc:2a:02:2b:20:99:47:6e:8e:19:
         21:e1:12:c4:11:54:a0:65:89:fc:f1:b7:dd:36:44:25:29:ad:
         62:79:f9:e8:86:42:44:fa:1b:2d:c2:a4:4f:b0:56:6b:cc:d4:
         4a:90:3c:b8:7f:d7:c0:dc:c8:92:09:c7:0f:51:8f:21:c7:e0:
         99:25:01:a9:8b:e8:9c:d6:17:ae:f8:55:88:76:0b:d6:88:51:
         c6:16:ee:65:e8:a8:87:37:0d:40:3e:c3:46:81:2c:61:42:ed:
         a4:5f:4f:3e:b5:6c:ef:05:c7:e0:f9:c7:04:7a:76:21:23:ac:
         83:de:d4:63:95:bc:b5:c1:88:5f:73:0c:bc:30:b4:9c:fe:1d:
         e7:41:24:68:67:61:16:14:9b:d0:8d:ce:67:73:43:38:57:8b:
         e9:a9:6d:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDDmHQTgwy399AJvfcjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWVlMmQ5MDljOWI3NWM2ZDIwODRlMzM3OWJmMDMyNzRi
Nzc2ZjQwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQ4OTUwNGE1ODk2ZjdiMGE4OWIyMDhkMzBlM2YyNDQzZmM3MTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk+xMHF7e5Cg4G1SHowdMiBvhELM
+eVG4GVKwELTP40yBU6+qqPVtXZRRu1oervMIUuNnG3n9ziaL991FZbHrHSerbS0
BFRwryz6gjHr6iAq8q1U+pjrjey8jJ738JjbbklCvYlWEs+4N9C1mA/voQXFaVWK
b8qMGleyPH4hxZjVOVzV4OMib4Se75HK3kFwlY2N5+ldO1XrJy/KdkAsTFXzvgpv
YXKxLN3T2uLCiShUohk0bxL/kk4xjxqiTpfjX4THkGy7ZJ3gvGPTS76pxeoGh6xa
+peWAjB/1JQke3tLNPQGRBZMSpil9At5UcxTd1dkbBcuPKlJVw5HRY3M7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrYlQSliW97ComyCNMOPyRD/HF/MB8GA1UdIwQY
MBaAFMFe4tkJybdcbSCE4zeb8DJ0t3b0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y3aTJRbkp0MXh0SUlUak41dndNblMzZHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hNzY1ZGEtNGFhMS00N2EyLThiNWQt
ZWJlNDM5MDVlYjgxLzEvMnRpVkJLV0piM3NLaWJJSTB3NF9KRVA4Y1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hNzY1ZGEtNGFhMS00N2EyLThiNWQtZWJlNDM5MDVlYjgx
LzEvd1Y3aTJRbkp0MXh0SUlUak41dndNblMzZHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwYfYMA0G
CSqGSIb3DQEBCwUAA4IBAQCmSN0y8Mk/Chn3aR8QdOmhqemGmGIWB6d/+TMEI7yL
I8nTkGwVMl055lHApbkTYwH+XV5vnnncxsHzELmmZoXioQ4vT/CFYdYQZp8akio/
KCRqCuDIwtKBq3Qn4pg3EM6S9vwqAisgmUdujhkh4RLEEVSgZYn88bfdNkQlKa1i
efnohkJE+hstwqRPsFZrzNRKkDy4f9fA3MiSCccPUY8hx+CZJQGpi+ic1heu+FWI
dgvWiFHGFu5l6KiHNw1APsNGgSxhQu2kX08+tWzvBcfg+ccEenYhI6yD3tRjlby1
wYhfcwy8MLSc/h3nQSRoZ2EWFJvQjc5nc0M4V4vpqW0a
-----END CERTIFICATE-----