Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/2Cx8NesV2FgXdhnelF2G7i5Bybw.roa
File:                     2Cx8NesV2FgXdhnelF2G7i5Bybw.roa (raw, json)
Hash identifier:          8z2f0ixyt/V0YgUez4ATct6QO89AWHzLa+ZNoGbwCzI=
Subject key identifier:   D8:2C:7C:35:EB:15:D8:58:17:76:19:DE:94:5D:86:EE:2E:41:C9:BC
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       0194266BAAC1B6C8D43A282FD6DBA3A4DAE3
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/2Cx8NesV2FgXdhnelF2G7i5Bybw.roa
Signing time:             Thu 02 Jan 2025 09:49:37 +0000
ROA not before:           Thu 02 Jan 2025 09:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60729
IP address blocks:        185.177.207.0/24 maxlen: 24
                          2a0a:4587:2010::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:aa:c1:b6:c8:d4:3a:28:2f:d6:db:a3:a4:da:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Jan  2 09:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d82c7c35eb15d858177619de945d86ee2e41c9bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2d:59:84:28:4a:77:8d:37:40:96:47:a8:fb:
                    df:07:1c:38:27:1b:16:3e:24:2d:3d:85:62:7a:86:
                    55:76:33:1f:c4:8f:f1:9c:9f:dc:3b:ad:69:5d:af:
                    9c:c3:66:33:12:be:c8:d6:1e:93:38:2c:5f:02:05:
                    4e:65:ec:0e:30:64:dd:4c:bc:5d:4c:ab:68:99:75:
                    63:a8:6b:fb:96:12:7d:44:b3:72:57:62:44:cf:56:
                    b6:5e:3a:68:71:08:b3:4d:96:2f:77:be:02:d0:34:
                    6b:a8:86:9e:02:e4:89:3b:53:c0:4f:aa:80:ce:32:
                    37:ce:cf:ba:36:ea:79:0f:d9:f4:c9:71:9b:9c:dc:
                    b1:07:4f:3c:60:00:10:82:7a:97:c2:80:33:0e:12:
                    ae:9e:3e:fc:bf:59:42:d7:e6:64:b3:2c:b9:5e:a3:
                    2b:f2:8c:87:19:18:c8:63:a0:d7:ba:b8:03:6a:5e:
                    9a:83:33:90:d2:70:2c:5d:7b:da:11:e5:76:5a:36:
                    52:15:c8:95:3b:2d:d7:fd:a7:1b:4b:49:a3:ee:b2:
                    71:40:01:b7:10:ac:d8:b4:cc:93:7a:50:11:cc:ee:
                    d0:a4:fd:ed:d8:da:93:61:2f:0e:fa:e7:63:b9:1a:
                    00:c2:43:92:c7:1d:a1:7c:cf:28:6c:80:1a:18:d2:
                    98:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2C:7C:35:EB:15:D8:58:17:76:19:DE:94:5D:86:EE:2E:41:C9:BC
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/2Cx8NesV2FgXdhnelF2G7i5Bybw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.207.0/24
                IPv6:
                  2a0a:4587:2010::/46

    Signature Algorithm: sha256WithRSAEncryption
         10:30:58:6e:31:9b:99:1e:8f:5f:2c:bd:e8:49:86:b4:cf:2a:
         16:25:40:ab:fd:90:d4:e7:fa:60:24:fd:e6:95:78:3a:e7:1e:
         23:bb:5f:1e:2d:3e:a1:96:a1:48:04:a8:c0:90:3f:ea:de:6f:
         a4:c2:04:52:df:4d:0b:b1:97:1c:79:3a:c3:23:2d:35:ad:00:
         3b:d4:bc:4e:45:e2:40:40:2f:3d:83:d3:58:23:f4:be:54:cd:
         fa:eb:2e:3a:88:31:75:c7:8a:fb:fa:5c:f8:b7:ac:76:73:5b:
         31:e7:c0:5c:34:ab:98:23:3e:93:86:fb:c2:b5:6b:30:c2:82:
         43:d8:1d:fd:04:d8:9e:a4:86:73:02:d2:6b:34:57:9c:93:ff:
         f4:c7:f0:05:0e:c4:90:c3:08:f7:d1:ce:b0:b4:14:e7:9f:ab:
         b5:7e:73:f8:df:d3:00:97:40:03:8c:96:49:ff:e1:0c:3e:c4:
         1a:1b:e3:bf:33:aa:93:b8:a7:4b:68:ab:2f:d1:15:6c:d7:7b:
         0d:0e:79:32:8e:42:b9:51:59:d2:49:b8:8c:a4:4b:5d:80:e4:
         e0:30:1f:48:15:ed:68:f3:77:3e:ba:4f:60:c9:47:bb:08:79:
         85:4e:77:61:84:2d:b2:06:07:bd:7c:c9:aa:24:8f:68:08:b1:
         96:31:22:6b
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQma6rBtsjUOigv1tujpNrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjUwMTAyMDk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJjN2MzNWViMTVkODU4MTc3NjE5ZGU5NDVkODZlZTJlNDFjOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki1ZhChKd403QJZHqPvfBxw4JxsW
PiQtPYVieoZVdjMfxI/xnJ/cO61pXa+cw2YzEr7I1h6TOCxfAgVOZewOMGTdTLxd
TKtomXVjqGv7lhJ9RLNyV2JEz1a2XjpocQizTZYvd74C0DRrqIaeAuSJO1PAT6qA
zjI3zs+6Nup5D9n0yXGbnNyxB088YAAQgnqXwoAzDhKunj78v1lC1+Zksyy5XqMr
8oyHGRjIY6DXurgDal6agzOQ0nAsXXvaEeV2WjZSFciVOy3X/acbS0mj7rJxQAG3
EKzYtMyTelARzO7QpP3t2NqTYS8O+udjuRoAwkOSxx2hfM8obIAaGNKY3QIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFNgsfDXrFdhYF3YZ3pRdhu4uQcm8MB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xLzJDeDhOZXNWMkZnWGRobmVsRjJHN2k1Qnlidy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAC5sc8w
DwQCAAIwCQMHAioKRYcgEDANBgkqhkiG9w0BAQsFAAOCAQEAEDBYbjGbmR6PXyy9
6EmGtM8qFiVAq/2Q1Of6YCT95pV4OuceI7tfHi0+oZahSASowJA/6t5vpMIEUt9N
C7GXHHk6wyMtNa0AO9S8TkXiQEAvPYPTWCP0vlTN+usuOogxdceK+/pc+LesdnNb
MefAXDSrmCM+k4b7wrVrMMKCQ9gd/QTYnqSGcwLSazRXnJP/9MfwBQ7EkMMI99HO
sLQU55+rtX5z+N/TAJdAA4yWSf/hDD7EGhvjvzOqk7inS2irL9EVbNd7DQ55Mo5C
uVFZ0km4jKRLXYDk4DAfSBXtaPN3PrpPYMlHuwh5hU53YYQtsgYHvXzJqiSPaAix
ljEiaw==
-----END CERTIFICATE-----