Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/2dLH0vNFJnWg2lZelybNLzc06cc.roa
File:                     2dLH0vNFJnWg2lZelybNLzc06cc.roa (raw, json)
Hash identifier:          r/Z+8xB7CHc6LECAv+vBuRY+QqUaeEKJ5DtFzihx2Zs=
Subject key identifier:   D9:D2:C7:D2:F3:45:26:75:A0:DA:56:5E:97:26:CD:2F:37:34:E9:C7
Certificate issuer:       /CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
Certificate serial:       019425FDA3A02897AD13A6E795719BECFD21
Authority key identifier: 3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/2dLH0vNFJnWg2lZelybNLzc06cc.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201470
IP address blocks:        155.133.24.0/23 maxlen: 23
                          2a02:28e9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 01:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a3:a0:28:97:ad:13:a6:e7:95:71:9b:ec:fd:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ef325ef4cbaa66cc71ffcc6880877e76e149afd
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9d2c7d2f3452675a0da565e9726cd2f3734e9c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:67:f0:f6:e3:52:d5:3b:84:d5:85:60:2d:be:
                    cf:9f:19:77:cf:d3:e6:a8:23:e5:61:de:e2:c9:83:
                    ad:12:1b:9f:1d:86:fa:19:d1:c9:62:5c:8c:f8:05:
                    6b:7a:39:14:f3:c9:a8:ab:cb:9d:68:1e:73:44:eb:
                    4c:cf:25:59:38:e1:82:f8:0a:c8:75:c6:f5:25:55:
                    13:0f:a0:21:36:0b:2c:77:03:3d:0b:cd:b4:95:7c:
                    d0:e9:9d:fc:45:ad:be:54:ea:a5:3d:0b:b9:e8:5a:
                    ea:29:56:4c:98:fb:77:f9:f7:02:52:99:d1:4a:fc:
                    32:d0:06:a9:e2:03:08:84:37:1c:fd:90:b5:76:51:
                    7d:48:e6:71:f1:20:91:93:53:0b:4a:fc:aa:75:7e:
                    ba:6d:03:6c:8a:b0:b5:70:63:5e:b4:3e:6c:81:ed:
                    a4:9e:41:b0:a0:a2:90:22:7e:31:a4:48:bf:1f:5e:
                    f1:55:e7:e4:74:8f:ab:77:a6:5d:a8:79:8d:73:f5:
                    fb:f7:25:fc:d0:43:fa:44:c5:f3:72:18:96:e9:66:
                    71:67:c9:48:b2:e3:cf:f0:09:dc:9e:be:b7:94:6e:
                    52:16:71:8b:c2:3f:4b:cb:a3:7f:91:f9:85:80:c4:
                    78:5b:43:7e:79:94:f2:e8:7b:8a:c2:3a:b5:0c:84:
                    b5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:D2:C7:D2:F3:45:26:75:A0:DA:56:5E:97:26:CD:2F:37:34:E9:C7
            X509v3 Authority Key Identifier:
                keyid:3E:F3:25:EF:4C:BA:A6:6C:C7:1F:FC:C6:88:08:77:E7:6E:14:9A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PvMl70y6pmzHH_zGiAh3524Umv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/2dLH0vNFJnWg2lZelybNLzc06cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4fd090-6fae-4a6a-8f9e-34d71485c547/1/PvMl70y6pmzHH_zGiAh3524Umv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.24.0/23
                IPv6:
                  2a02:28e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:3c:22:28:fb:cb:47:4e:97:d9:bc:cb:8b:a8:bb:ef:b6:2e:
         b1:25:ab:cd:f9:06:6d:e3:fd:c7:e8:d1:28:1a:7a:7c:3f:d1:
         c7:2f:8f:64:82:d2:8e:1d:e6:c3:8c:5d:3f:e7:9a:a6:41:5b:
         41:cb:00:78:d1:c6:37:55:ec:22:45:02:93:cd:a6:0d:3e:dd:
         2d:2d:dd:8e:12:a6:83:05:8b:47:05:50:e0:50:f0:ad:1b:d6:
         1c:2e:7a:6d:88:20:c2:ca:a1:78:c3:65:26:fb:bf:97:65:63:
         d5:5e:22:e4:a6:25:a8:35:e1:cc:25:25:44:47:de:d0:63:3c:
         b7:b0:03:df:d3:c0:91:cb:91:77:7f:9d:62:30:f0:0c:3c:da:
         10:06:2c:12:34:eb:61:73:66:72:d5:4a:ce:5c:78:50:25:82:
         d6:b5:26:b9:2c:c7:48:2e:4e:81:15:31:56:e4:11:df:ae:88:
         af:5a:c1:65:49:ad:2c:01:eb:43:b0:a1:b9:ff:16:53:4a:bc:
         df:b6:65:35:5b:f9:b5:58:8e:00:49:fe:11:9e:7e:6f:9e:ee:
         ee:e4:a0:a8:a3:0e:31:90:d4:82:d7:4e:af:06:c7:fa:f2:b4:
         31:2f:71:69:f5:1a:be:d1:ba:f2:58:ec:01:a5:59:4b:60:b5:
         d6:86:19:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/aOgKJetE6bnlXGb7P0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZjMyNWVmNGNiYWE2NmNjNzFmZmNjNjg4MDg3N2U3NmUx
NDlhZmQwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQyYzdkMmYzNDUyNjc1YTBkYTU2NWU5NzI2Y2QyZjM3MzRlOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2fw9uNS1TuE1YVgLb7Pnxl3z9Pm
qCPlYd7iyYOtEhufHYb6GdHJYlyM+AVrejkU88moq8udaB5zROtMzyVZOOGC+ArI
dcb1JVUTD6AhNgssdwM9C820lXzQ6Z38Ra2+VOqlPQu56FrqKVZMmPt3+fcCUpnR
Svwy0Aap4gMIhDcc/ZC1dlF9SOZx8SCRk1MLSvyqdX66bQNsirC1cGNetD5sge2k
nkGwoKKQIn4xpEi/H17xVefkdI+rd6ZdqHmNc/X79yX80EP6RMXzchiW6WZxZ8lI
suPP8Ancnr63lG5SFnGLwj9Ly6N/kfmFgMR4W0N+eZTy6HuKwjq1DIS1SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNnSx9LzRSZ1oNpWXpcmzS83NOnHMB8GA1UdIwQY
MBaAFD7zJe9MuqZsxx/8xogId+duFJr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUt
MzRkNzE0ODVjNTQ3LzEvMmRMSDB2TkZKbldnMmxaZWx5Yk5MemMwNmNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80ZmQwOTAtNmZhZS00YTZhLThmOWUtMzRkNzE0ODVjNTQ3
LzEvUHZNbDcweTZwbXpISF96R2lBaDM1MjRVbXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBm4UYMA0E
AgACMAcDBQAqAijpMA0GCSqGSIb3DQEBCwUAA4IBAQCIPCIo+8tHTpfZvMuLqLvv
ti6xJavN+QZt4/3H6NEoGnp8P9HHL49kgtKOHebDjF0/55qmQVtBywB40cY3Vewi
RQKTzaYNPt0tLd2OEqaDBYtHBVDgUPCtG9YcLnptiCDCyqF4w2Um+7+XZWPVXiLk
piWoNeHMJSVER97QYzy3sAPf08CRy5F3f51iMPAMPNoQBiwSNOthc2Zy1UrOXHhQ
JYLWtSa5LMdILk6BFTFW5BHfroivWsFlSa0sAetDsKG5/xZTSrzftmU1W/m1WI4A
Sf4Rnn5vnu7u5KCoow4xkNSC106vBsf68rQxL3Fp9Rq+0bryWOwBpVlLYLXWhhnD
-----END CERTIFICATE-----