Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/2nyXOUnq8HwO4oLCvfJ-Ox7H8mw.roa
File:                     2nyXOUnq8HwO4oLCvfJ-Ox7H8mw.roa (raw, json)
Hash identifier:          NuZHCaEAk+qkjfN7phn7HKdi7yOnn+ng8AEUE8vglQE=
Subject key identifier:   DA:7C:97:39:49:EA:F0:7C:0E:E2:82:C2:BD:F2:7E:3B:1E:C7:F2:6C
Certificate issuer:       /CN=b025bac132e479a28df33573dd1096a9b7b78d32
Certificate serial:       01942444AF40E5763E6BB4A2E03FFF605F38
Authority key identifier: B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/2nyXOUnq8HwO4oLCvfJ-Ox7H8mw.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203489
IP address blocks:        185.132.68.0/22 maxlen: 22
                          185.214.0.0/22 maxlen: 22
                          2a0b:91c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:af:40:e5:76:3e:6b:b4:a2:e0:3f:ff:60:5f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b025bac132e479a28df33573dd1096a9b7b78d32
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da7c973949eaf07c0ee282c2bdf27e3b1ec7f26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:35:cf:97:db:4a:34:12:4f:bb:33:7c:d0:df:
                    f7:89:39:da:22:e3:8a:a1:d2:40:99:4d:c5:38:84:
                    0e:a8:09:70:3f:c5:48:06:95:5f:34:ae:1c:1c:23:
                    99:4f:f1:24:b1:2c:0c:fb:d0:fb:f6:60:45:2d:25:
                    7a:a6:fc:1a:89:f8:03:cb:e2:1d:0f:20:ac:3e:ee:
                    9c:b2:7d:85:1f:78:71:83:7c:cf:b3:92:1e:02:e3:
                    19:29:9a:44:32:c2:09:64:d8:ec:d8:f1:cd:92:2b:
                    2c:aa:1f:1f:c5:6f:fe:42:dc:7a:71:03:3b:32:8e:
                    f1:c7:10:73:68:76:70:b8:15:d6:72:ba:fb:51:81:
                    ef:9f:eb:b2:3e:d8:62:3c:54:62:c8:ef:b7:b0:74:
                    d1:1a:c1:41:1c:39:22:22:94:e1:0e:a1:ea:d6:6e:
                    59:24:2f:4a:e8:23:78:8c:ea:1c:fc:d1:cf:9b:a5:
                    65:b1:7a:c4:92:7d:7d:71:27:70:63:99:94:7a:1e:
                    92:1c:7f:67:44:ac:00:9f:e7:dd:c8:37:56:d0:e7:
                    37:48:b5:fc:22:37:eb:ad:5b:be:4c:cb:f5:d2:ef:
                    d4:25:56:06:2e:d8:fc:8f:e3:1e:e6:9c:4f:b8:4f:
                    6b:42:2a:89:e9:8d:25:dc:ed:41:53:a8:2a:c5:02:
                    66:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7C:97:39:49:EA:F0:7C:0E:E2:82:C2:BD:F2:7E:3B:1E:C7:F2:6C
            X509v3 Authority Key Identifier:
                keyid:B0:25:BA:C1:32:E4:79:A2:8D:F3:35:73:DD:10:96:A9:B7:B7:8D:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCW6wTLkeaKN8zVz3RCWqbe3jTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/2nyXOUnq8HwO4oLCvfJ-Ox7H8mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d2d9f3-8d56-481c-8bc4-7c8f3fecdb2c/1/sCW6wTLkeaKN8zVz3RCWqbe3jTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.68.0/22
                  185.214.0.0/22
                IPv6:
                  2a0b:91c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:fd:48:fd:8f:1f:67:cd:80:61:4c:bb:63:fb:16:9b:6b:89:
         d0:84:dc:a4:25:66:c8:1a:d1:bc:8c:b9:c6:c3:a2:12:99:a9:
         a5:56:52:e8:cc:d0:ab:d2:f1:a5:18:d7:84:eb:14:07:ea:67:
         29:32:49:8b:92:c5:e8:99:71:05:60:cd:1d:f1:e3:bc:f7:f0:
         b7:6b:57:f1:57:b5:a7:44:7e:f7:42:38:73:1f:31:39:a4:e5:
         3f:5d:4e:21:d1:06:91:b2:15:41:2a:bf:fc:cc:f3:ab:38:d6:
         16:6d:ef:92:e8:c1:b3:de:4e:19:ea:61:37:20:bb:72:25:0f:
         e7:b1:42:ad:6a:d4:60:8e:56:a2:09:4e:a0:98:a7:cc:cd:b0:
         b4:14:36:8e:5b:9d:77:a1:00:8f:57:d7:13:30:59:08:50:c5:
         b0:ad:61:41:ea:50:67:b0:d6:da:ad:90:5b:fc:99:eb:94:8c:
         56:d9:c1:5c:3a:52:4b:95:ba:04:76:b1:3b:c4:8c:7d:4d:b7:
         e1:32:a6:b4:08:43:06:a9:5c:6a:82:6f:ca:60:ef:0a:5e:58:
         99:fa:7b:cf:d9:73:db:09:85:88:a0:ad:29:4a:d9:5f:cb:33:
         b6:76:20:79:c9:ef:9c:37:ac:20:7f:44:48:57:8e:b5:2c:63:
         9a:10:52:32
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRK9A5XY+a7Si4D//YF84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjViYWMxMzJlNDc5YTI4ZGYzMzU3M2RkMTA5NmE5Yjdi
NzhkMzIwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdjOTczOTQ5ZWFmMDdjMGVlMjgyYzJiZGYyN2UzYjFlYzdmMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDXPl9tKNBJPuzN80N/3iTnaIuOK
odJAmU3FOIQOqAlwP8VIBpVfNK4cHCOZT/EksSwM+9D79mBFLSV6pvwaifgDy+Id
DyCsPu6csn2FH3hxg3zPs5IeAuMZKZpEMsIJZNjs2PHNkissqh8fxW/+Qtx6cQM7
Mo7xxxBzaHZwuBXWcrr7UYHvn+uyPthiPFRiyO+3sHTRGsFBHDkiIpThDqHq1m5Z
JC9K6CN4jOoc/NHPm6VlsXrEkn19cSdwY5mUeh6SHH9nRKwAn+fdyDdW0Oc3SLX8
IjfrrVu+TMv10u/UJVYGLtj8j+Me5pxPuE9rQiqJ6Y0l3O1BU6gqxQJmLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNp8lzlJ6vB8DuKCwr3yfjsex/JsMB8GA1UdIwQY
MBaAFLAlusEy5HmijfM1c90Qlqm3t40yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQt
N2M4ZjNmZWNkYjJjLzEvMm55WE9VbnE4SHdPNG9MQ3ZmSi1PeDdIOG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMmQ5ZjMtOGQ1Ni00ODFjLThiYzQtN2M4ZjNmZWNkYjJj
LzEvc0NXNndUTGtlYUtOOHpWejNSQ1dxYmUzalRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYREAwQC
udYAMA0EAgACMAcDBQMqC5HAMA0GCSqGSIb3DQEBCwUAA4IBAQA9/Uj9jx9nzYBh
TLtj+xaba4nQhNykJWbIGtG8jLnGw6ISmamlVlLozNCr0vGlGNeE6xQH6mcpMkmL
ksXomXEFYM0d8eO89/C3a1fxV7WnRH73QjhzHzE5pOU/XU4h0QaRshVBKr/8zPOr
ONYWbe+S6MGz3k4Z6mE3ILtyJQ/nsUKtatRgjlaiCU6gmKfMzbC0FDaOW513oQCP
V9cTMFkIUMWwrWFB6lBnsNbarZBb/JnrlIxW2cFcOlJLlboEdrE7xIx9TbfhMqa0
CEMGqVxqgm/KYO8KXliZ+nvP2XPbCYWIoK0pStlfyzO2diB5ye+cN6wgf0RIV461
LGOaEFIy
-----END CERTIFICATE-----