Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/2SAQLA7QMTW3rJ2MPjCOahlOsgA.roa
File:                     2SAQLA7QMTW3rJ2MPjCOahlOsgA.roa (raw, json)
Hash identifier:          YQiN3iKo5zTaytwvVXkZsjdfMdlDibNqV0v4+CZFgPw=
Subject key identifier:   D9:20:10:2C:0E:D0:31:35:B7:AC:9D:8C:3E:30:8E:6A:19:4E:B2:00
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01942827B294E8DA3EDE838E3C53073A40EE
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/2SAQLA7QMTW3rJ2MPjCOahlOsgA.roa
Signing time:             Thu 02 Jan 2025 17:54:37 +0000
ROA not before:           Thu 02 Jan 2025 17:54:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210974
IP address blocks:        213.182.200.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.202.0/24 maxlen: 24
                          213.182.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:b2:94:e8:da:3e:de:83:8e:3c:53:07:3a:40:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  2 17:54:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d920102c0ed03135b7ac9d8c3e308e6a194eb200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f6:e3:63:0c:45:52:9e:23:9e:94:05:cb:ed:
                    c4:41:7b:ac:0d:5a:e5:17:68:d6:76:16:5f:a5:d8:
                    38:5f:20:d7:c1:64:af:a8:bb:e6:96:b3:ad:2a:ab:
                    85:0b:f6:8b:dd:21:91:ff:d7:8e:a2:e6:88:04:aa:
                    8d:38:e0:ae:45:1e:05:b6:b8:fc:1b:98:14:e5:cb:
                    f2:78:fb:69:d3:47:7b:01:fc:aa:6f:80:b5:40:fd:
                    b0:7e:00:e3:fe:4c:3a:de:71:c7:63:1f:8e:80:24:
                    ff:0c:4d:96:4d:db:bf:6f:ab:d0:59:0a:dc:50:4e:
                    e1:ea:9e:17:7d:99:d0:b0:0a:f5:a0:49:9b:20:2b:
                    30:d2:3e:04:e9:72:a2:9e:cb:15:42:dd:7e:16:42:
                    a4:af:84:94:15:62:53:a1:94:ba:89:b3:c2:d4:f4:
                    79:91:54:3f:1f:29:c5:61:e9:a3:bf:4e:93:30:e2:
                    ae:c9:11:49:4b:69:a5:af:2b:a6:ae:72:6a:d8:8b:
                    a8:00:e9:99:ea:54:5f:29:52:99:c7:8e:90:c1:2b:
                    d6:24:6b:d0:cf:69:7a:53:3c:5b:d3:34:70:66:8f:
                    7d:1a:cb:2c:9b:12:4a:3d:98:bf:c3:ac:a9:72:e4:
                    f2:b8:29:21:51:74:aa:a0:43:06:da:58:9d:47:25:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:20:10:2C:0E:D0:31:35:B7:AC:9D:8C:3E:30:8E:6A:19:4E:B2:00
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/2SAQLA7QMTW3rJ2MPjCOahlOsgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:aa:3f:70:5c:a2:23:dd:46:01:8a:41:e1:b4:19:75:de:21:
         84:4a:b3:38:55:e2:53:cc:5a:70:4f:4a:0f:f0:b3:42:40:83:
         55:64:8d:37:0e:8c:ef:fc:fe:01:20:9c:6f:58:c9:fc:a2:5f:
         7d:f0:14:b5:20:7e:51:07:dc:4d:1c:a0:95:fc:ab:c2:f8:eb:
         3b:1e:ee:99:1b:7c:fa:c7:22:57:93:1d:67:78:99:b0:0f:07:
         6c:d9:f2:fb:6c:1c:d4:2f:f9:41:84:c2:c4:20:69:88:f5:25:
         30:11:b9:f4:13:05:2e:1c:17:46:c2:4d:af:0b:18:72:b9:34:
         b3:d8:bf:2e:47:e7:65:15:31:77:28:9b:ae:fe:fe:0d:09:4d:
         95:ce:15:80:86:90:87:28:af:6b:c1:50:27:90:00:ba:b8:2d:
         e9:b8:7b:42:dd:9e:15:1d:47:48:31:2f:a3:b5:4b:6b:e4:18:
         0e:50:23:c4:b7:99:7b:a4:72:8d:3a:ae:05:42:d9:2e:da:7a:
         6e:f5:c9:ff:b4:63:8f:ff:3f:58:98:df:6a:24:1c:90:87:25:
         a5:e6:b8:78:43:94:5d:28:e8:d0:30:4b:25:7f:c0:e9:ec:88:
         95:b4:86:37:00:7e:6d:ed:61:2f:95:43:67:70:74:e3:2a:a3:
         3d:a4:a3:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ7KU6No+3oOOPFMHOkDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMTAyMTc1NDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTIwMTAyYzBlZDAzMTM1YjdhYzlkOGMzZTMwOGU2YTE5NGViMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/bjYwxFUp4jnpQFy+3EQXusDVrl
F2jWdhZfpdg4XyDXwWSvqLvmlrOtKquFC/aL3SGR/9eOouaIBKqNOOCuRR4Ftrj8
G5gU5cvyePtp00d7Afyqb4C1QP2wfgDj/kw63nHHYx+OgCT/DE2WTdu/b6vQWQrc
UE7h6p4XfZnQsAr1oEmbICsw0j4E6XKinssVQt1+FkKkr4SUFWJToZS6ibPC1PR5
kVQ/HynFYemjv06TMOKuyRFJS2mlryumrnJq2IuoAOmZ6lRfKVKZx46QwSvWJGvQ
z2l6Uzxb0zRwZo99GsssmxJKPZi/w6ypcuTyuCkhUXSqoEMG2lidRyWydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkgECwO0DE1t6ydjD4wjmoZTrIAMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvMlNBUUxBN1FNVFczckoyTVBqQ09haGxPc2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bbIMA0G
CSqGSIb3DQEBCwUAA4IBAQBpqj9wXKIj3UYBikHhtBl13iGESrM4VeJTzFpwT0oP
8LNCQINVZI03Dozv/P4BIJxvWMn8ol998BS1IH5RB9xNHKCV/KvC+Os7Hu6ZG3z6
xyJXkx1neJmwDwds2fL7bBzUL/lBhMLEIGmI9SUwEbn0EwUuHBdGwk2vCxhyuTSz
2L8uR+dlFTF3KJuu/v4NCU2VzhWAhpCHKK9rwVAnkAC6uC3puHtC3Z4VHUdIMS+j
tUtr5BgOUCPEt5l7pHKNOq4FQtku2npu9cn/tGOP/z9YmN9qJByQhyWl5rh4Q5Rd
KOjQMEslf8Dp7IiVtIY3AH5t7WEvlUNncHTjKqM9pKNl
-----END CERTIFICATE-----