Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/2u65Jdfy1meP3-UzJxITH_HaB0I.roa
File:                     2u65Jdfy1meP3-UzJxITH_HaB0I.roa (raw, json)
Hash identifier:          GSn3vSNczK6ZpdwvGH948S/Jm3wgfMlxSG0nlQVl8dQ=
Subject key identifier:   DA:EE:B9:25:D7:F2:D6:67:8F:DF:E5:33:27:12:13:1F:F1:DA:07:42
Certificate issuer:       /CN=1bb45744a541285eea0e4e04e5de766a9c823b53
Certificate serial:       01941F8C56006677091D4FC82638494D68D6
Authority key identifier: 1B:B4:57:44:A5:41:28:5E:EA:0E:4E:04:E5:DE:76:6A:9C:82:3B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G7RXRKVBKF7qDk4E5d52apyCO1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/2u65Jdfy1meP3-UzJxITH_HaB0I.roa
Signing time:             Wed 01 Jan 2025 01:47:58 +0000
ROA not before:           Wed 01 Jan 2025 01:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45014
IP address blocks:        185.100.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/G7RXRKVBKF7qDk4E5d52apyCO1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/G7RXRKVBKF7qDk4E5d52apyCO1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G7RXRKVBKF7qDk4E5d52apyCO1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:56:00:66:77:09:1d:4f:c8:26:38:49:4d:68:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bb45744a541285eea0e4e04e5de766a9c823b53
        Validity
            Not Before: Jan  1 01:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daeeb925d7f2d6678fdfe5332712131ff1da0742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ee:1b:11:cf:b5:2f:c1:42:12:3a:11:b5:d2:
                    79:6a:c7:f1:4f:e6:1c:99:40:30:0c:21:99:d7:4c:
                    89:cf:7b:05:46:77:8d:66:ef:53:eb:04:a2:cb:0f:
                    fb:2b:c7:10:40:31:ef:ae:73:b1:8e:42:3a:23:f5:
                    d4:c6:39:42:5a:a8:53:d6:be:21:4c:cf:60:08:c7:
                    35:09:9d:55:7b:ae:6b:09:c4:6e:91:70:19:fe:bc:
                    12:85:da:78:38:99:3c:ec:6f:94:c9:04:32:b9:54:
                    58:c1:8c:57:dd:ef:11:3e:b4:bb:af:a6:14:34:16:
                    08:9b:ad:c5:14:55:40:aa:89:ac:8a:ea:0d:50:85:
                    c2:14:2d:93:dc:af:f2:34:c5:14:18:f4:3e:17:9b:
                    af:b2:f5:0a:56:dc:ba:f2:56:35:db:33:bf:44:fe:
                    99:80:1a:74:8a:47:f2:ba:e2:fe:6f:e7:e7:99:e0:
                    ca:31:fe:5d:12:b8:66:9e:db:60:16:42:1a:b7:0f:
                    e9:7c:e0:4a:58:2f:df:c7:e8:f6:1b:0f:e7:f0:ee:
                    ac:27:73:f0:ff:f6:25:7b:1a:07:f9:2d:16:e7:b2:
                    b4:7e:e2:5b:56:8a:ba:c4:42:14:99:39:50:ac:31:
                    e1:3a:11:58:8d:02:bb:63:cd:d9:bb:57:37:f0:9f:
                    1e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:EE:B9:25:D7:F2:D6:67:8F:DF:E5:33:27:12:13:1F:F1:DA:07:42
            X509v3 Authority Key Identifier:
                keyid:1B:B4:57:44:A5:41:28:5E:EA:0E:4E:04:E5:DE:76:6A:9C:82:3B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G7RXRKVBKF7qDk4E5d52apyCO1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/2u65Jdfy1meP3-UzJxITH_HaB0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c63f9e-9e7b-46dc-a402-879979d29e1e/1/G7RXRKVBKF7qDk4E5d52apyCO1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:77:68:73:2f:0d:b7:ba:60:3f:9a:a7:5f:98:00:bf:4d:05:
         7e:b8:15:a9:f2:b4:70:c0:57:08:3c:90:be:09:c1:db:ba:99:
         54:67:50:d0:86:8b:51:5f:05:81:e6:5e:92:81:91:ea:1b:5f:
         c2:bd:88:d6:2c:c4:b7:13:99:02:37:24:b4:8c:6a:30:03:97:
         71:92:3c:7b:54:ba:02:41:f0:d8:13:68:8a:72:5d:e5:51:46:
         22:5e:61:16:71:df:76:8c:f8:2f:90:c0:bd:2f:34:b6:05:f9:
         6e:7e:31:e4:96:bf:85:30:69:64:d9:09:f8:37:7a:9f:0a:4d:
         5f:9f:ce:9d:b6:60:46:e9:50:32:a5:74:74:c7:4c:30:70:91:
         8a:13:c4:2e:0a:39:07:28:ca:97:92:c3:6a:d7:24:d2:c3:0c:
         39:be:a2:2c:b1:a1:73:10:68:6d:76:34:1c:cb:9d:ff:19:b4:
         cc:40:d1:96:5d:7c:1b:99:d1:7f:68:b3:0d:e2:d8:fc:96:8f:
         00:b2:81:36:84:3b:d7:81:c6:36:59:30:0f:23:ff:cc:2b:e3:
         8c:03:1c:bd:e5:fc:97:25:fc:5e:a0:49:8b:3c:0e:97:7c:e1:
         8f:69:1d:70:92:09:01:62:d2:3f:24:e5:25:f5:04:af:4e:ab:
         fd:70:7d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFYAZncJHU/IJjhJTWjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYjQ1NzQ0YTU0MTI4NWVlYTBlNGUwNGU1ZGU3NjZhOWM4
MjNiNTMwHhcNMjUwMTAxMDE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWVlYjkyNWQ3ZjJkNjY3OGZkZmU1MzMyNzEyMTMxZmYxZGEwNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle4bEc+1L8FCEjoRtdJ5asfxT+Yc
mUAwDCGZ10yJz3sFRneNZu9T6wSiyw/7K8cQQDHvrnOxjkI6I/XUxjlCWqhT1r4h
TM9gCMc1CZ1Ve65rCcRukXAZ/rwShdp4OJk87G+UyQQyuVRYwYxX3e8RPrS7r6YU
NBYIm63FFFVAqomsiuoNUIXCFC2T3K/yNMUUGPQ+F5uvsvUKVty68lY12zO/RP6Z
gBp0ikfyuuL+b+fnmeDKMf5dErhmnttgFkIatw/pfOBKWC/fx+j2Gw/n8O6sJ3Pw
//YlexoH+S0W57K0fuJbVoq6xEIUmTlQrDHhOhFYjQK7Y83Zu1c38J8eKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNruuSXX8tZnj9/lMycSEx/x2gdCMB8GA1UdIwQY
MBaAFBu0V0SlQShe6g5OBOXedmqcgjtTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzdSWFJLVkJLRjdxRGs0RTVkNTJhcHlDTzFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jNjNmOWUtOWU3Yi00NmRjLWE0MDIt
ODc5OTc5ZDI5ZTFlLzEvMnU2NUpkZnkxbWVQMy1Vekp4SVRIX0hhQjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jNjNmOWUtOWU3Yi00NmRjLWE0MDItODc5OTc5ZDI5ZTFl
LzEvRzdSWFJLVkJLRjdxRGs0RTVkNTJhcHlDTzFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWT7MA0G
CSqGSIb3DQEBCwUAA4IBAQCyd2hzLw23umA/mqdfmAC/TQV+uBWp8rRwwFcIPJC+
CcHbuplUZ1DQhotRXwWB5l6SgZHqG1/CvYjWLMS3E5kCNyS0jGowA5dxkjx7VLoC
QfDYE2iKcl3lUUYiXmEWcd92jPgvkMC9LzS2BflufjHklr+FMGlk2Qn4N3qfCk1f
n86dtmBG6VAypXR0x0wwcJGKE8QuCjkHKMqXksNq1yTSwww5vqIssaFzEGhtdjQc
y53/GbTMQNGWXXwbmdF/aLMN4tj8lo8AsoE2hDvXgcY2WTAPI//MK+OMAxy95fyX
JfxeoEmLPA6XfOGPaR1wkgkBYtI/JOUl9QSvTqv9cH3g
-----END CERTIFICATE-----