Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/2aBEXLDa01SxtoivNA75uHsLwJE.roa
File:                     2aBEXLDa01SxtoivNA75uHsLwJE.roa (raw, json)
Hash identifier:          +UXL7uoQLI1yIs/e9BmqW51XuExOMxEYgTSwzClJebo=
Subject key identifier:   D9:A0:44:5C:B0:DA:D3:54:B1:B6:88:AF:34:0E:F9:B8:7B:0B:C0:91
Certificate issuer:       /CN=d594e95fa59b52b599dba406d7b76f383ca90fa8
Certificate serial:       0191B96B9AF22743B93757FFB368344151CE
Authority key identifier: D5:94:E9:5F:A5:9B:52:B5:99:DB:A4:06:D7:B7:6F:38:3C:A9:0F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/2aBEXLDa01SxtoivNA75uHsLwJE.roa
Signing time:             Tue 03 Sep 2024 19:45:22 +0000
ROA not before:           Tue 03 Sep 2024 19:45:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208446
IP address blocks:        185.137.99.0/24 maxlen: 24
                          2a12:7c40::/29 maxlen: 48
                          2a12:7c40:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b9:6b:9a:f2:27:43:b9:37:57:ff:b3:68:34:41:51:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d594e95fa59b52b599dba406d7b76f383ca90fa8
        Validity
            Not Before: Sep  3 19:45:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9a0445cb0dad354b1b688af340ef9b87b0bc091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:66:47:92:3d:0c:2d:59:f0:82:0e:4f:4c:
                    df:eb:08:00:52:45:78:50:f4:c3:79:cd:d2:fe:e6:
                    5a:c0:35:c4:e6:7f:c9:39:5d:70:77:e3:0f:42:3c:
                    00:05:e0:89:a1:23:7e:1d:e4:56:2d:81:ce:8b:e9:
                    44:5a:fe:1c:24:18:54:ff:5a:6a:e0:b2:3b:6b:f8:
                    5f:b1:59:a9:be:c7:90:7e:8b:1c:60:72:3f:22:fe:
                    09:2a:e4:b9:a1:9d:3d:26:e8:60:29:53:21:30:e5:
                    7e:77:5f:f7:2d:22:61:27:4a:0f:7f:33:5e:7a:3e:
                    4f:86:91:42:91:48:ed:d6:01:b7:03:2f:76:ff:de:
                    69:db:35:ee:36:ed:72:39:84:12:e5:fb:46:79:10:
                    f5:10:ee:44:9f:61:a9:c0:25:57:58:12:a6:00:ed:
                    39:97:96:fc:ec:ba:e9:1a:58:7e:26:2c:55:46:83:
                    99:93:60:b9:ae:60:3f:9d:7e:56:a1:be:d3:cd:93:
                    13:5c:dd:e5:a9:53:44:7f:2f:74:60:18:55:79:b7:
                    65:f1:7c:49:f2:c1:17:89:42:09:14:ff:0a:a0:90:
                    f1:e1:5e:74:b2:e6:d2:63:82:ab:4c:f3:7c:47:47:
                    3c:bc:72:33:b2:19:19:88:43:73:5f:1e:c3:cd:46:
                    eb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A0:44:5C:B0:DA:D3:54:B1:B6:88:AF:34:0E:F9:B8:7B:0B:C0:91
            X509v3 Authority Key Identifier:
                keyid:D5:94:E9:5F:A5:9B:52:B5:99:DB:A4:06:D7:B7:6F:38:3C:A9:0F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ZTpX6WbUrWZ26QG17dvODypD6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/2aBEXLDa01SxtoivNA75uHsLwJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eedbcd-ab18-4ab3-b5dd-e3b0b41e25c5/1/1ZTpX6WbUrWZ26QG17dvODypD6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.99.0/24
                IPv6:
                  2a12:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:07:eb:44:58:4f:bf:fc:5c:8d:f8:f6:e9:37:a6:eb:89:ab:
         ce:c0:c2:82:0b:3f:cd:69:ca:35:78:0f:d9:16:80:54:9b:ea:
         f5:3e:9d:ce:2a:fa:55:0f:ac:f4:5d:9c:e8:bc:6c:bb:e1:6a:
         69:46:eb:78:b2:72:d8:44:64:79:32:09:28:a8:90:26:75:e4:
         c0:d3:66:8b:c2:bf:a3:73:5a:9a:29:31:1b:0c:3c:bf:16:4c:
         0b:a9:57:70:69:2e:5b:c9:89:17:d8:a2:26:83:4b:9d:81:f3:
         bc:89:9b:e3:17:87:f3:b5:9d:af:77:73:38:fe:81:9b:99:6b:
         a2:ad:01:da:3b:36:b7:35:fd:ff:29:68:7c:6e:9f:35:4c:90:
         27:b9:cf:34:0d:2f:ea:37:7a:92:76:ba:03:d0:82:39:ac:1f:
         d8:d7:90:1f:2b:2e:b6:d4:6a:d4:33:e7:31:43:67:d0:bf:b0:
         26:dd:2d:8c:84:0e:21:77:a5:e3:c0:1d:5b:2d:e8:41:f1:3b:
         2d:34:43:66:02:b0:78:a8:04:aa:84:10:30:ec:00:9d:b2:b9:
         eb:05:eb:82:85:b7:b7:f5:4c:ec:e6:3a:eb:ea:be:76:24:4e:
         98:6e:13:d4:1e:8a:a3:57:34:a3:fa:2b:02:f2:45:fa:13:49:
         89:23:5b:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZG5a5ryJ0O5N1f/s2g0QVHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1OTRlOTVmYTU5YjUyYjU5OWRiYTQwNmQ3Yjc2ZjM4M2Nh
OTBmYTgwHhcNMjQwOTAzMTk0NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWEwNDQ1Y2IwZGFkMzU0YjFiNjg4YWYzNDBlZjliODdiMGJjMDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5FmR5I9DC1Z8IIOT0zf6wgAUkV4
UPTDec3S/uZawDXE5n/JOV1wd+MPQjwABeCJoSN+HeRWLYHOi+lEWv4cJBhU/1pq
4LI7a/hfsVmpvseQfoscYHI/Iv4JKuS5oZ09JuhgKVMhMOV+d1/3LSJhJ0oPfzNe
ej5PhpFCkUjt1gG3Ay92/95p2zXuNu1yOYQS5ftGeRD1EO5En2GpwCVXWBKmAO05
l5b87LrpGlh+JixVRoOZk2C5rmA/nX5Wob7TzZMTXN3lqVNEfy90YBhVebdl8XxJ
8sEXiUIJFP8KoJDx4V50subSY4KrTPN8R0c8vHIzshkZiENzXx7DzUbrmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNmgRFyw2tNUsbaIrzQO+bh7C8CRMB8GA1UdIwQY
MBaAFNWU6V+lm1K1mdukBte3bzg8qQ+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVpUcFg2V2JVcldaMjZRRzE3ZHZPRHlwRDZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lZWRiY2QtYWIxOC00YWIzLWI1ZGQt
ZTNiMGI0MWUyNWM1LzEvMmFCRVhMRGEwMVN4dG9pdk5BNzV1SHNMd0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lZWRiY2QtYWIxOC00YWIzLWI1ZGQtZTNiMGI0MWUyNWM1
LzEvMVpUcFg2V2JVcldaMjZRRzE3ZHZPRHlwRDZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYljMA0E
AgACMAcDBQMqEnxAMA0GCSqGSIb3DQEBCwUAA4IBAQBHB+tEWE+//FyN+PbpN6br
iavOwMKCCz/Naco1eA/ZFoBUm+r1Pp3OKvpVD6z0XZzovGy74WppRut4snLYRGR5
MgkoqJAmdeTA02aLwr+jc1qaKTEbDDy/FkwLqVdwaS5byYkX2KImg0udgfO8iZvj
F4fztZ2vd3M4/oGbmWuirQHaOza3Nf3/KWh8bp81TJAnuc80DS/qN3qSdroD0II5
rB/Y15AfKy621GrUM+cxQ2fQv7Am3S2MhA4hd6XjwB1bLehB8TstNENmArB4qASq
hBAw7ACdsrnrBeuChbe39Uzs5jrr6r52JE6YbhPUHoqjVzSj+isC8kX6E0mJI1sM
-----END CERTIFICATE-----