Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/2r2GG3Z2qTTT4g4Y8XqO_XMC7Eo.roa
File:                     2r2GG3Z2qTTT4g4Y8XqO_XMC7Eo.roa (raw, json)
Hash identifier:          3OHcEZapfFHtZllJ50Vm5hOAGU/4QJA5k3QT//j1G5g=
Subject key identifier:   DA:BD:86:1B:76:76:A9:34:D3:E2:0E:18:F1:7A:8E:FD:73:02:EC:4A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428240B946916899278AF4580F692EB7A
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/2r2GG3Z2qTTT4g4Y8XqO_XMC7Eo.roa
Signing time:             Thu 02 Jan 2025 17:50:38 +0000
ROA not before:           Thu 02 Jan 2025 17:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        37.218.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:0b:94:69:16:89:92:78:af:45:80:f6:92:eb:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dabd861b7676a934d3e20e18f17a8efd7302ec4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ff:91:ea:13:d1:95:b6:cb:5d:d2:a6:4b:ed:
                    15:91:27:70:fa:b2:30:4f:e9:79:55:1c:68:72:60:
                    b1:1c:3a:05:55:4d:6d:18:98:c1:12:dd:64:c6:f3:
                    f1:d2:47:15:1b:7f:ae:b1:ca:51:5c:3d:39:1f:b2:
                    3f:f8:5c:c3:bb:cd:65:74:57:da:a5:19:4b:c9:27:
                    88:3e:99:70:e3:56:a3:6f:ad:50:b6:3e:45:17:1e:
                    90:77:53:ea:70:98:d4:38:8b:45:de:fd:a5:dc:80:
                    9d:6b:69:fc:01:1f:8d:cc:ea:3c:00:dd:0f:bf:b8:
                    1b:f6:d5:bc:79:5e:e4:b9:72:07:19:94:9e:a8:ec:
                    ef:b2:98:e2:c4:e6:dd:69:ac:a3:f3:49:8d:f3:d1:
                    95:6a:37:98:02:33:82:ee:dc:64:fb:6e:e9:ba:b8:
                    52:67:64:67:2f:fd:03:e4:e5:21:18:4b:8d:39:71:
                    30:f8:12:6b:63:25:3f:ac:94:7b:d2:00:c4:4d:f3:
                    18:a0:99:2a:1a:34:75:e6:76:e3:8d:3b:65:15:f1:
                    af:be:bf:cf:4d:ce:e2:00:90:4a:66:27:cc:cd:c1:
                    84:cf:e0:49:1d:e5:3f:19:dc:24:8c:8f:05:ab:36:
                    74:69:38:15:ec:7f:d4:e8:ee:d7:10:69:27:45:28:
                    a6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:BD:86:1B:76:76:A9:34:D3:E2:0E:18:F1:7A:8E:FD:73:02:EC:4A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/2r2GG3Z2qTTT4g4Y8XqO_XMC7Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:af:ef:55:e1:1d:e8:80:ff:26:b3:28:9b:d4:f1:9a:c2:21:
         46:f7:1f:7b:f0:98:26:3a:38:94:10:c9:6f:c0:5e:8e:30:f7:
         bb:b8:ab:6d:3e:4b:7a:11:25:69:5d:64:a9:7f:99:15:3f:b6:
         11:60:c6:01:47:c7:8e:97:0d:de:a3:1c:a7:6c:06:32:c2:59:
         7c:b8:c7:ee:47:eb:d8:e7:d5:89:10:da:3b:af:ac:08:e5:92:
         79:af:a9:72:3f:fd:6f:34:e1:c1:ff:85:77:78:be:06:b8:c2:
         0d:03:be:5b:a3:80:79:e9:0a:33:12:d7:c1:63:33:d0:11:bb:
         05:72:0e:f9:43:63:fd:f7:29:a5:77:f0:66:aa:a5:95:b7:fe:
         0e:a7:83:36:27:89:cd:fa:57:f5:7b:09:e3:89:fb:d6:65:a9:
         34:f5:f9:6b:da:92:52:e2:3b:4f:33:b8:dc:5a:6a:c6:87:d1:
         19:0d:03:73:5d:a8:62:cd:94:d0:26:7b:38:87:85:c1:f1:e9:
         48:8a:74:4b:72:15:7e:00:1d:06:f4:28:ef:a3:4f:3d:b5:e5:
         09:ec:c9:5a:50:68:0e:d3:74:bf:25:69:8f:d9:59:30:d8:3f:
         3b:ec:6f:fb:09:6d:2a:0a:d3:9c:a4:d9:13:2e:dd:14:bf:6a:
         cd:af:e0:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJAuUaRaJknivRYD2kut6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWJkODYxYjc2NzZhOTM0ZDNlMjBlMThmMTdhOGVmZDczMDJlYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv+R6hPRlbbLXdKmS+0VkSdw+rIw
T+l5VRxocmCxHDoFVU1tGJjBEt1kxvPx0kcVG3+uscpRXD05H7I/+FzDu81ldFfa
pRlLySeIPplw41ajb61Qtj5FFx6Qd1PqcJjUOItF3v2l3ICda2n8AR+NzOo8AN0P
v7gb9tW8eV7kuXIHGZSeqOzvspjixObdaayj80mN89GVajeYAjOC7txk+27purhS
Z2RnL/0D5OUhGEuNOXEw+BJrYyU/rJR70gDETfMYoJkqGjR15nbjjTtlFfGvvr/P
Tc7iAJBKZifMzcGEz+BJHeU/GdwkjI8FqzZ0aTgV7H/U6O7XEGknRSimnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNq9hht2dqk00+IOGPF6jv1zAuxKMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvMnIyR0czWjJxVFRUNGc0WThYcU9fWE1DN0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJdrQMA0G
CSqGSIb3DQEBCwUAA4IBAQBMr+9V4R3ogP8msyib1PGawiFG9x978JgmOjiUEMlv
wF6OMPe7uKttPkt6ESVpXWSpf5kVP7YRYMYBR8eOlw3eoxynbAYywll8uMfuR+vY
59WJENo7r6wI5ZJ5r6lyP/1vNOHB/4V3eL4GuMINA75bo4B56QozEtfBYzPQEbsF
cg75Q2P99ymld/BmqqWVt/4Op4M2J4nN+lf1ewnjifvWZak09flr2pJS4jtPM7jc
WmrGh9EZDQNzXahizZTQJns4h4XB8elIinRLchV+AB0G9Cjvo089teUJ7MlaUGgO
03S/JWmP2Vkw2D877G/7CW0qCtOcpNkTLt0Uv2rNr+Az
-----END CERTIFICATE-----