Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/2W4Y0bQNlvS93LoW6fNHPM7BKLQ.roa
File:                     2W4Y0bQNlvS93LoW6fNHPM7BKLQ.roa (raw, json)
Hash identifier:          I9C4k+xseXfObTJ4huNUkRHHI0jQTaqLFqDJffjcwOE=
Subject key identifier:   D9:6E:18:D1:B4:0D:96:F4:BD:DC:BA:16:E9:F3:47:3C:CE:C1:28:B4
Certificate issuer:       /CN=324c71046c549fb3c7d4ebc4cf9519d002e76df1
Certificate serial:       01942522094E15FF2EB4C8174606DA52830F
Authority key identifier: 32:4C:71:04:6C:54:9F:B3:C7:D4:EB:C4:CF:95:19:D0:02:E7:6D:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/2W4Y0bQNlvS93LoW6fNHPM7BKLQ.roa
Signing time:             Thu 02 Jan 2025 03:49:35 +0000
ROA not before:           Thu 02 Jan 2025 03:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208354
IP address blocks:        185.203.24.0/22 maxlen: 24
                          2a0c:8500::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:09:4e:15:ff:2e:b4:c8:17:46:06:da:52:83:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=324c71046c549fb3c7d4ebc4cf9519d002e76df1
        Validity
            Not Before: Jan  2 03:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d96e18d1b40d96f4bddcba16e9f3473ccec128b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:a1:3f:76:c5:14:82:1f:a2:67:54:53:e0:
                    ee:26:4d:7a:ef:4e:45:01:07:93:02:b3:31:b0:41:
                    15:55:a7:56:61:24:25:b1:c9:85:24:2a:93:07:cd:
                    82:bb:56:3c:52:70:ac:31:94:b6:49:8a:4a:81:f5:
                    35:67:46:2f:1a:5a:7e:ee:b8:38:bd:8a:be:29:ac:
                    30:1d:c8:28:1a:57:c3:01:5e:1e:02:18:6c:24:4d:
                    6a:52:02:0f:79:76:80:9b:1f:c0:d0:46:5c:b2:b8:
                    8b:29:91:68:71:3f:93:b0:e7:52:64:ec:27:5c:04:
                    af:63:d6:46:15:39:ef:b9:20:03:db:34:aa:92:d4:
                    d6:15:52:70:b3:10:15:26:b7:95:6c:68:51:ea:59:
                    ca:81:11:95:3b:67:24:d8:cc:8a:66:c0:d9:e7:b2:
                    95:e9:0e:39:99:b5:14:02:65:35:39:be:5f:0b:c7:
                    8d:42:da:7a:6d:89:a1:cf:16:8a:49:4e:dd:19:43:
                    e7:a5:b3:0c:5f:69:7e:90:65:cd:6d:c6:37:f3:39:
                    ab:b1:61:50:cf:aa:aa:9c:e7:4f:0d:e3:d4:c8:3a:
                    ba:99:27:72:0b:2a:22:fb:06:63:5a:a9:93:45:9f:
                    af:03:5e:cf:22:1c:17:ce:08:82:29:9e:30:05:c6:
                    df:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6E:18:D1:B4:0D:96:F4:BD:DC:BA:16:E9:F3:47:3C:CE:C1:28:B4
            X509v3 Authority Key Identifier:
                keyid:32:4C:71:04:6C:54:9F:B3:C7:D4:EB:C4:CF:95:19:D0:02:E7:6D:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/2W4Y0bQNlvS93LoW6fNHPM7BKLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.24.0/22
                IPv6:
                  2a0c:8500::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:98:56:36:08:4a:5c:9b:e5:f8:48:80:cd:fc:b8:45:83:66:
         90:28:83:3e:19:83:cf:83:0d:b0:f0:39:a8:94:5f:3c:f6:99:
         8c:a6:76:76:75:2e:66:18:08:9f:1f:3e:d0:7b:ca:2b:a5:8d:
         5b:d5:75:87:fe:8d:fc:03:30:73:77:4f:20:51:23:2b:86:7c:
         e8:26:40:dd:8d:73:ed:59:97:96:f6:96:b9:cc:23:d7:2c:da:
         3f:02:8f:89:a7:59:56:67:a2:bb:94:3b:bf:16:b1:0b:43:47:
         05:e8:1c:68:a8:a9:14:83:62:a1:93:7e:67:c9:60:4b:32:ea:
         5a:5f:a2:6f:15:14:d4:ca:77:db:11:30:07:70:3e:7a:c1:53:
         ab:8f:ed:a8:69:ed:13:3f:a9:d7:7a:d8:d2:32:e7:70:7c:f8:
         24:93:3e:c5:94:b2:e7:00:67:1a:19:8f:d8:de:f5:84:27:86:
         e2:23:a1:8c:fe:de:b2:41:ff:2c:6c:71:65:10:f4:0e:32:0a:
         f4:34:fa:fd:a7:fd:09:96:5e:87:09:23:72:39:13:82:43:fc:
         df:3e:95:3b:bd:d2:cd:0b:7b:48:df:df:76:4c:aa:01:43:e4:
         6d:d5:1a:0c:14:72:eb:cf:f6:ca:fb:6a:0b:9c:e6:1c:6b:8d:
         dc:d1:87:49
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIglOFf8utMgXRgbaUoMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNGM3MTA0NmM1NDlmYjNjN2Q0ZWJjNGNmOTUxOWQwMDJl
NzZkZjEwHhcNMjUwMTAyMDM0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZlMThkMWI0MGQ5NmY0YmRkY2JhMTZlOWYzNDczY2NlYzEyOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriKhP3bFFIIfomdUU+DuJk16705F
AQeTArMxsEEVVadWYSQlscmFJCqTB82Cu1Y8UnCsMZS2SYpKgfU1Z0YvGlp+7rg4
vYq+KawwHcgoGlfDAV4eAhhsJE1qUgIPeXaAmx/A0EZcsriLKZFocT+TsOdSZOwn
XASvY9ZGFTnvuSAD2zSqktTWFVJwsxAVJreVbGhR6lnKgRGVO2ck2MyKZsDZ57KV
6Q45mbUUAmU1Ob5fC8eNQtp6bYmhzxaKSU7dGUPnpbMMX2l+kGXNbcY38zmrsWFQ
z6qqnOdPDePUyDq6mSdyCyoi+wZjWqmTRZ+vA17PIhwXzgiCKZ4wBcbfawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNluGNG0DZb0vdy6FunzRzzOwSi0MB8GA1UdIwQY
MBaAFDJMcQRsVJ+zx9TrxM+VGdAC523xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWt4eEJHeFVuN1BIMU92RXo1VVowQUxuYmZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xMjViOWQtMmExZi00NjNhLTk2NWUt
N2NmZWFmMDg2ZTE0LzEvMlc0WTBiUU5sdlM5M0xvVzZmTkhQTTdCS0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xMjViOWQtMmExZi00NjNhLTk2NWUtN2NmZWFmMDg2ZTE0
LzEvTWt4eEJHeFVuN1BIMU92RXo1VVowQUxuYmZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucsYMA0E
AgACMAcDBQMqDIUAMA0GCSqGSIb3DQEBCwUAA4IBAQAQmFY2CEpcm+X4SIDN/LhF
g2aQKIM+GYPPgw2w8DmolF889pmMpnZ2dS5mGAifHz7Qe8orpY1b1XWH/o38AzBz
d08gUSMrhnzoJkDdjXPtWZeW9pa5zCPXLNo/Ao+Jp1lWZ6K7lDu/FrELQ0cF6Bxo
qKkUg2Khk35nyWBLMupaX6JvFRTUynfbETAHcD56wVOrj+2oae0TP6nXetjSMudw
fPgkkz7FlLLnAGcaGY/Y3vWEJ4biI6GM/t6yQf8sbHFlEPQOMgr0NPr9p/0Jll6H
CSNyOROCQ/zfPpU7vdLNC3tI3992TKoBQ+Rt1RoMFHLrz/bK+2oLnOYca43c0YdJ
-----END CERTIFICATE-----