Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/2sZ2V8s4s8oJeihBykdPvKr9BQg.roa
File:                     2sZ2V8s4s8oJeihBykdPvKr9BQg.roa (raw, json)
Hash identifier:          SaLJUrsWpM7QdagwlPteW928tTqR5Tre2Qrgzn52n7M=
Subject key identifier:   DA:C6:76:57:CB:38:B3:CA:09:7A:28:41:CA:47:4F:BC:AA:FD:05:08
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0194F568F0123BB574EEB83C9B78664506FA
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/2sZ2V8s4s8oJeihBykdPvKr9BQg.roa
Signing time:             Tue 11 Feb 2025 14:28:02 +0000
ROA not before:           Tue 11 Feb 2025 14:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        87.229.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:68:f0:12:3b:b5:74:ee:b8:3c:9b:78:66:45:06:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb 11 14:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dac67657cb38b3ca097a2841ca474fbcaafd0508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a6:39:4e:0b:9d:71:3c:61:eb:1a:73:a6:a9:
                    35:39:c5:98:87:d4:10:22:5a:0b:aa:90:d9:0a:82:
                    b7:4d:ae:66:cc:6e:75:4a:cc:a6:2c:f9:1f:6e:06:
                    67:18:5c:32:23:7a:04:c7:cc:4e:94:31:4c:37:e9:
                    be:7a:2d:f0:4f:2f:dc:d3:75:99:32:3b:13:1a:c1:
                    5b:cd:b8:32:e5:3f:78:97:0b:71:e9:76:d0:61:9b:
                    52:58:cc:c3:eb:68:8e:93:28:02:3d:a1:f7:6e:18:
                    e8:40:20:81:d8:60:77:71:1b:8b:62:ad:90:2d:63:
                    78:56:b9:bd:a2:16:ba:4d:2c:e1:90:79:3b:2e:0c:
                    aa:f0:d9:94:29:92:ed:b1:ae:e1:9d:50:37:7f:f2:
                    20:ac:8e:b4:b5:1b:21:65:af:15:d2:14:89:47:cd:
                    eb:6e:a2:db:eb:fa:23:a1:e7:3c:8e:53:81:e7:9d:
                    56:f6:3b:2a:39:8c:dc:10:63:68:83:b9:0d:e8:5b:
                    eb:e7:4e:cd:0e:fc:b8:f7:ce:5b:3a:9b:d3:9f:8b:
                    bb:04:c5:37:6d:80:bc:ab:0c:55:ea:19:7b:82:b9:
                    14:fe:8b:b8:57:ca:03:ff:e5:19:58:f3:52:78:2a:
                    08:66:58:3b:a8:c4:89:46:5c:df:5e:46:26:d5:52:
                    13:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C6:76:57:CB:38:B3:CA:09:7A:28:41:CA:47:4F:BC:AA:FD:05:08
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/2sZ2V8s4s8oJeihBykdPvKr9BQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c5:f9:92:ba:fa:5d:a3:69:6f:ed:aa:cf:5d:19:92:41:7e:
         35:24:b8:13:d7:f6:4c:4d:70:47:69:06:1b:64:fa:5c:21:07:
         1c:e0:a2:5d:8b:5e:1b:ef:f3:f5:b2:d3:c6:45:e3:c9:00:48:
         6c:8f:d9:21:2f:6b:d8:49:c1:d1:0e:93:5b:b1:7a:cb:58:5b:
         63:7f:72:2a:2f:b0:66:a4:f2:81:d1:52:69:17:c8:e1:e8:08:
         64:38:ac:ce:2b:e2:be:2d:53:b2:a4:91:6a:77:8f:77:35:56:
         69:5e:e6:6b:1a:ee:1a:23:6f:39:cc:0d:90:79:55:bc:08:71:
         21:86:82:8b:d1:0c:08:ef:eb:3f:3d:05:03:f5:82:3b:98:77:
         76:e8:df:b9:1e:81:7f:97:82:bb:cf:35:3a:4b:57:4c:f0:06:
         58:d1:74:28:2e:55:cd:0b:54:99:21:e7:17:50:df:88:7b:42:
         16:d6:d5:40:36:2f:48:dd:72:4e:9b:79:a0:91:a1:a4:c7:5e:
         fa:b3:45:b8:3d:8e:ee:74:e3:3f:be:a8:cf:d2:c4:46:cb:d7:
         b6:52:28:58:a3:de:6e:d8:b6:be:3c:67:e9:36:fd:14:7d:74:
         75:9a:ea:ff:52:1f:e7:8f:33:be:ae:a6:12:eb:97:c5:ab:03:
         f6:25:fa:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1aPASO7V07rg8m3hmRQb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMjExMTQyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM2NzY1N2NiMzhiM2NhMDk3YTI4NDFjYTQ3NGZiY2FhZmQwNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6Y5TgudcTxh6xpzpqk1OcWYh9QQ
IloLqpDZCoK3Ta5mzG51SsymLPkfbgZnGFwyI3oEx8xOlDFMN+m+ei3wTy/c03WZ
MjsTGsFbzbgy5T94lwtx6XbQYZtSWMzD62iOkygCPaH3bhjoQCCB2GB3cRuLYq2Q
LWN4Vrm9oha6TSzhkHk7Lgyq8NmUKZLtsa7hnVA3f/IgrI60tRshZa8V0hSJR83r
bqLb6/ojoec8jlOB551W9jsqOYzcEGNog7kN6Fvr507NDvy4985bOpvTn4u7BMU3
bYC8qwxV6hl7grkU/ou4V8oD/+UZWPNSeCoIZlg7qMSJRlzfXkYm1VITtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrGdlfLOLPKCXooQcpHT7yq/QUIMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMnNaMlY4czRzOG9KZWloQnlrZFB2S3I5QlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UiMA0G
CSqGSIb3DQEBCwUAA4IBAQBTxfmSuvpdo2lv7arPXRmSQX41JLgT1/ZMTXBHaQYb
ZPpcIQcc4KJdi14b7/P1stPGRePJAEhsj9khL2vYScHRDpNbsXrLWFtjf3IqL7Bm
pPKB0VJpF8jh6AhkOKzOK+K+LVOypJFqd493NVZpXuZrGu4aI285zA2QeVW8CHEh
hoKL0QwI7+s/PQUD9YI7mHd26N+5HoF/l4K7zzU6S1dM8AZY0XQoLlXNC1SZIecX
UN+Ie0IW1tVANi9I3XJOm3mgkaGkx176s0W4PY7udOM/vqjP0sRGy9e2UihYo95u
2La+PGfpNv0UfXR1mur/Uh/njzO+rqYS65fFqwP2JfqT
-----END CERTIFICATE-----