Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/2CUF8fkBOk7BwaT2x7tRMW9KGPA.roa
File:                     2CUF8fkBOk7BwaT2x7tRMW9KGPA.roa (raw, json)
Hash identifier:          czarYHJez6qAV6nXVQK9tcHYXpAXKKAJjoacYgptlzg=
Subject key identifier:   D8:25:05:F1:F9:01:3A:4E:C1:C1:A4:F6:C7:BB:51:31:6F:4A:18:F0
Certificate issuer:       /CN=a0947039d9f080a427f7525c5d066f6cf62134f3
Certificate serial:       019426D9CF4204CCBA80437488C5F215469D
Authority key identifier: A0:94:70:39:D9:F0:80:A4:27:F7:52:5C:5D:06:6F:6C:F6:21:34:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/2CUF8fkBOk7BwaT2x7tRMW9KGPA.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213099
IP address blocks:        94.124.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:cf:42:04:cc:ba:80:43:74:88:c5:f2:15:46:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0947039d9f080a427f7525c5d066f6cf62134f3
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d82505f1f9013a4ec1c1a4f6c7bb51316f4a18f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8b:62:83:9f:50:62:ef:72:f1:96:fc:21:bd:
                    2b:1e:78:76:79:c1:f4:23:45:e4:ac:da:78:b6:57:
                    c5:c6:3c:f6:53:eb:e4:49:0b:8f:23:e8:e6:57:21:
                    5e:2b:44:72:84:9e:48:73:a9:69:5b:26:9f:f5:e2:
                    c0:23:45:0d:ed:90:40:7b:9b:31:03:28:f4:71:49:
                    11:7a:07:75:93:36:bd:40:3a:c2:76:84:db:f2:26:
                    12:ea:f9:4e:9a:f5:57:86:4f:8a:0c:d9:8f:d1:22:
                    d6:5d:9c:1b:86:47:af:64:bb:89:24:20:d5:6b:aa:
                    b2:ac:ea:31:96:f8:92:37:a6:ac:8c:b5:15:33:e2:
                    ac:4d:8b:04:9b:f9:fa:69:6f:b4:83:93:4c:64:7d:
                    bf:aa:34:70:b3:0b:6b:05:e1:66:6f:75:74:15:91:
                    65:fe:7a:32:05:18:a8:58:43:d0:4a:46:5b:9e:67:
                    1b:05:16:54:6a:68:16:65:fe:16:c4:42:e8:c8:fa:
                    87:c8:97:db:86:10:07:5f:27:e9:3b:05:00:0e:39:
                    fb:a4:53:dd:a6:d3:0b:80:b5:22:a8:dc:16:7c:16:
                    b4:d2:43:04:b3:27:c1:bf:1a:13:3e:e9:a6:05:8c:
                    b3:79:2f:bd:2d:17:f8:24:f6:98:6f:df:52:28:ec:
                    0c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:25:05:F1:F9:01:3A:4E:C1:C1:A4:F6:C7:BB:51:31:6F:4A:18:F0
            X509v3 Authority Key Identifier:
                keyid:A0:94:70:39:D9:F0:80:A4:27:F7:52:5C:5D:06:6F:6C:F6:21:34:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJRwOdnwgKQn91JcXQZvbPYhNPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/2CUF8fkBOk7BwaT2x7tRMW9KGPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e3b921-a76b-41f0-b244-c8b3ac0befcb/1/oJRwOdnwgKQn91JcXQZvbPYhNPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:e9:db:0a:7d:ee:25:e9:d2:79:b3:7f:f4:da:7d:35:67:67:
         72:2f:84:16:31:d7:fc:05:26:6c:2b:c6:02:c4:61:d4:b5:68:
         09:b8:e5:78:b4:9b:ef:a4:26:60:06:10:d4:5f:28:11:8f:0d:
         4b:c4:e3:db:fd:d1:4f:75:32:7f:dd:97:71:e3:47:ad:54:ed:
         82:21:cd:45:70:6e:57:7b:f6:ce:33:5b:1f:e6:b2:ea:ef:a2:
         ab:71:0a:bf:10:1c:8d:37:f2:a5:99:df:94:1f:f6:2b:fb:73:
         a3:5e:aa:14:1d:ca:d3:a5:35:58:3a:b5:9f:4c:ed:67:ac:1d:
         b8:59:e1:ca:4f:04:a5:85:a2:f7:bd:8e:32:18:fb:03:47:65:
         20:55:23:87:79:d7:8a:a9:5b:28:c5:a6:8b:c9:26:26:ad:80:
         94:e4:e8:bd:c2:92:3c:dd:d7:f1:4d:c1:8e:aa:ec:03:22:f9:
         38:2f:a1:a9:93:b2:82:31:b6:0a:72:49:42:73:9d:8f:39:06:
         81:bc:ee:e0:69:98:81:80:72:31:ad:9b:cf:61:b0:d3:89:03:
         e6:d5:7d:d6:dd:65:46:6c:1c:94:86:76:ea:4f:80:11:3f:42:
         16:c5:75:5f:bb:df:1f:14:9c:92:d4:b6:c4:c4:9c:be:e5:c0:
         ef:03:74:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2c9CBMy6gEN0iMXyFUadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOTQ3MDM5ZDlmMDgwYTQyN2Y3NTI1YzVkMDY2ZjZjZjYy
MTM0ZjMwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI1MDVmMWY5MDEzYTRlYzFjMWE0ZjZjN2JiNTEzMTZmNGExOGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Itig59QYu9y8Zb8Ib0rHnh2ecH0
I0XkrNp4tlfFxjz2U+vkSQuPI+jmVyFeK0RyhJ5Ic6lpWyaf9eLAI0UN7ZBAe5sx
Ayj0cUkRegd1kza9QDrCdoTb8iYS6vlOmvVXhk+KDNmP0SLWXZwbhkevZLuJJCDV
a6qyrOoxlviSN6asjLUVM+KsTYsEm/n6aW+0g5NMZH2/qjRwswtrBeFmb3V0FZFl
/noyBRioWEPQSkZbnmcbBRZUamgWZf4WxELoyPqHyJfbhhAHXyfpOwUADjn7pFPd
ptMLgLUiqNwWfBa00kMEsyfBvxoTPummBYyzeS+9LRf4JPaYb99SKOwMOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNglBfH5ATpOwcGk9se7UTFvShjwMB8GA1UdIwQY
MBaAFKCUcDnZ8ICkJ/dSXF0Gb2z2ITTzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0pSd09kbndnS1FuOTFKY1hRWnZiUFloTlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lM2I5MjEtYTc2Yi00MWYwLWIyNDQt
YzhiM2FjMGJlZmNiLzEvMkNVRjhma0JPazdCd2FUMng3dFJNVzlLR1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lM2I5MjEtYTc2Yi00MWYwLWIyNDQtYzhiM2FjMGJlZmNi
LzEvb0pSd09kbndnS1FuOTFKY1hRWnZiUFloTlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXnxxMA0G
CSqGSIb3DQEBCwUAA4IBAQAh6dsKfe4l6dJ5s3/02n01Z2dyL4QWMdf8BSZsK8YC
xGHUtWgJuOV4tJvvpCZgBhDUXygRjw1LxOPb/dFPdTJ/3Zdx40etVO2CIc1FcG5X
e/bOM1sf5rLq76KrcQq/EByNN/Klmd+UH/Yr+3OjXqoUHcrTpTVYOrWfTO1nrB24
WeHKTwSlhaL3vY4yGPsDR2UgVSOHedeKqVsoxaaLySYmrYCU5Oi9wpI83dfxTcGO
quwDIvk4L6Gpk7KCMbYKcklCc52POQaBvO7gaZiBgHIxrZvPYbDTiQPm1X3W3WVG
bByUhnbqT4ARP0IWxXVfu98fFJyS1LbExJy+5cDvA3Su
-----END CERTIFICATE-----