Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/2jiC5eT3Zp14Y_ai9CTSYQHkF2c.roa
File:                     2jiC5eT3Zp14Y_ai9CTSYQHkF2c.roa (raw, json)
Hash identifier:          NvKL8MO+mEB5+eXtUnel8QQ1gLp3HBXl5WFoUUUDw3w=
Subject key identifier:   DA:38:82:E5:E4:F7:66:9D:78:63:F6:A2:F4:24:D2:61:01:E4:17:67
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDD3DF071659C08B1CB77D22571381
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/2jiC5eT3Zp14Y_ai9CTSYQHkF2c.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3302
IP address blocks:        185.133.209.0/24 maxlen: 24
                          185.197.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d3:df:07:16:59:c0:8b:1c:b7:7d:22:57:13:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da3882e5e4f7669d7863f6a2f424d26101e41767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:ea:6a:cc:11:03:44:26:bf:3a:d1:74:9d:
                    35:51:e1:26:7a:97:11:54:11:c4:ab:69:e2:f0:50:
                    f5:cc:70:0e:3e:45:12:06:b7:94:5f:9e:05:04:51:
                    6f:da:b9:7f:9a:05:87:85:46:fc:01:e8:44:67:b3:
                    6e:02:22:ee:df:05:24:67:19:0c:ef:c1:4e:d7:c1:
                    25:f4:84:ba:ce:fb:9d:ae:33:9b:c1:ba:4b:41:96:
                    3b:4c:a4:81:f4:ba:c2:dc:0d:f1:72:66:6f:3d:e2:
                    cc:67:9b:51:0e:0d:d5:3b:d9:08:7c:8d:20:1a:39:
                    49:71:ae:b7:18:66:f3:96:ec:48:25:ca:6e:40:b8:
                    e1:86:00:79:31:ae:3c:04:e3:17:76:23:d6:3d:13:
                    31:03:b4:75:46:c5:3e:b4:a5:ff:33:ec:e1:06:b1:
                    5a:1c:c4:d3:19:8b:4f:07:b4:21:0a:a6:32:ed:3f:
                    76:30:31:d7:15:ec:ad:be:fa:83:da:eb:37:8f:a4:
                    a4:bd:74:65:f0:34:cc:0e:d9:0d:72:51:f1:96:af:
                    53:9f:11:9a:36:1e:ba:d2:8b:00:a5:a0:b5:0b:6f:
                    81:4d:d2:8d:c1:e9:de:4c:cc:22:4e:bb:98:cb:21:
                    2c:86:46:a1:15:0c:ad:0d:b4:c1:21:93:53:79:4f:
                    3f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:38:82:E5:E4:F7:66:9D:78:63:F6:A2:F4:24:D2:61:01:E4:17:67
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/2jiC5eT3Zp14Y_ai9CTSYQHkF2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.209.0/24
                  185.197.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:4a:a4:2d:50:54:eb:1f:90:15:01:50:36:77:3a:c8:2c:3e:
         82:77:b8:40:57:14:44:c2:bc:dc:08:43:0d:bf:25:46:22:89:
         7a:c3:21:30:73:22:4a:12:c5:7f:1e:0f:71:c3:f8:85:cd:e6:
         a5:2b:6e:0a:a9:88:bd:10:e5:d9:65:e9:3d:3f:6e:73:17:3e:
         dc:25:b0:a1:a4:57:c9:35:f1:ab:7a:4d:0c:e9:6e:5f:25:da:
         09:c7:1e:3c:22:af:ee:9f:95:c2:fe:89:c4:1f:6f:52:1e:aa:
         af:5b:fc:8c:93:4d:6a:7c:d0:b8:89:84:71:95:22:88:dc:d7:
         c7:75:51:db:4f:32:f6:55:a9:f7:63:e4:d9:01:53:4b:eb:f0:
         7e:55:79:5b:64:4f:ed:b4:32:f3:fb:9a:86:30:b0:2b:8b:b7:
         6c:db:55:ee:09:8c:20:cb:f5:45:b7:d5:5e:df:b8:12:e7:38:
         3d:6f:3e:4d:d5:72:03:1b:b9:b7:66:bc:1a:64:89:69:c2:41:
         13:43:26:ad:f7:8a:93:2a:3d:4d:64:e8:fa:ce:cf:1e:59:a9:
         72:9b:f4:44:9b:53:4e:a6:fa:0e:82:80:68:12:d1:f9:ee:1d:
         0c:2e:af:b1:9b:30:8f:8a:39:31:25:67:0b:f4:89:c6:fc:46:
         08:0f:75:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/dPfBxZZwIsct30iVxOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM4ODJlNWU0Zjc2NjlkNzg2M2Y2YTJmNDI0ZDI2MTAxZTQxNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP7qaswRA0QmvzrRdJ01UeEmepcR
VBHEq2ni8FD1zHAOPkUSBreUX54FBFFv2rl/mgWHhUb8AehEZ7NuAiLu3wUkZxkM
78FO18El9IS6zvudrjObwbpLQZY7TKSB9LrC3A3xcmZvPeLMZ5tRDg3VO9kIfI0g
GjlJca63GGbzluxIJcpuQLjhhgB5Ma48BOMXdiPWPRMxA7R1RsU+tKX/M+zhBrFa
HMTTGYtPB7QhCqYy7T92MDHXFeytvvqD2us3j6SkvXRl8DTMDtkNclHxlq9TnxGa
Nh660osApaC1C2+BTdKNweneTMwiTruYyyEshkahFQytDbTBIZNTeU8/rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNo4guXk92adeGP2ovQk0mEB5BdnMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvMmppQzVlVDNacDE0WV9haTlDVFNZUUhrRjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYXRAwQA
ucWGMA0GCSqGSIb3DQEBCwUAA4IBAQDVSqQtUFTrH5AVAVA2dzrILD6Cd7hAVxRE
wrzcCEMNvyVGIol6wyEwcyJKEsV/Hg9xw/iFzealK24KqYi9EOXZZek9P25zFz7c
JbChpFfJNfGrek0M6W5fJdoJxx48Iq/un5XC/onEH29SHqqvW/yMk01qfNC4iYRx
lSKI3NfHdVHbTzL2Van3Y+TZAVNL6/B+VXlbZE/ttDLz+5qGMLAri7ds21XuCYwg
y/VFt9Ve37gS5zg9bz5N1XIDG7m3ZrwaZIlpwkETQyat94qTKj1NZOj6zs8eWaly
m/REm1NOpvoOgoBoEtH57h0MLq+xmzCPijkxJWcL9InG/EYID3Xf
-----END CERTIFICATE-----