Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/2J6NqlWHVpoHI7xMxAN2rgxKF2c.roa
File:                     2J6NqlWHVpoHI7xMxAN2rgxKF2c.roa (raw, json)
Hash identifier:          xTnTXj9EQwNTqre8Qcvnk4UacFct9Z+R6XGenqUpoR8=
Subject key identifier:   D8:9E:8D:AA:55:87:56:9A:07:23:BC:4C:C4:03:76:AE:0C:4A:17:67
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       0194FFD20998D8F65D06C30C254948EC8460
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/2J6NqlWHVpoHI7xMxAN2rgxKF2c.roa
Signing time:             Thu 13 Feb 2025 14:59:02 +0000
ROA not before:           Thu 13 Feb 2025 14:59:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58255
IP address blocks:        193.232.24.0/24 maxlen: 24
                          194.85.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ff:d2:09:98:d8:f6:5d:06:c3:0c:25:49:48:ec:84:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Feb 13 14:59:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d89e8daa5587569a0723bc4cc40376ae0c4a1767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:5d:67:0f:bc:84:7a:b2:fb:63:89:2d:8a:
                    fa:42:8c:d0:44:20:f3:52:55:36:48:bb:eb:16:8a:
                    a7:6f:85:ef:8e:53:5a:6f:9c:85:d7:07:db:5f:f3:
                    8e:2d:e1:18:00:76:dc:45:05:2f:07:7a:d6:bc:68:
                    4a:7d:46:e0:98:95:a5:95:9d:42:f4:68:d4:54:6e:
                    e4:f8:28:25:7a:7b:97:77:e4:13:fa:d2:f0:b3:ce:
                    f6:63:17:ab:02:55:7f:61:80:32:fd:79:47:a9:ef:
                    27:82:23:27:3d:2f:23:06:2d:7b:2b:d4:cc:aa:e8:
                    7b:71:88:db:32:4b:ea:7c:a0:d4:73:61:17:91:36:
                    11:6b:34:1a:0a:8e:6a:ae:d0:f7:16:8b:ff:83:29:
                    1e:6e:17:69:16:21:b8:d2:76:d5:ac:28:b6:06:99:
                    04:2c:ea:a3:04:b8:b7:19:89:c2:b0:4e:2e:cf:a7:
                    ec:e7:24:2c:74:8d:91:14:39:86:d6:f1:c2:6d:92:
                    0c:a7:75:b0:c3:3e:fd:99:ac:0e:03:f1:ac:70:79:
                    39:8f:36:17:da:db:94:55:ee:62:25:54:19:9b:fd:
                    d2:75:c3:b9:11:3d:67:25:69:97:b2:83:8b:4c:bb:
                    8d:7a:a5:67:b4:5b:10:80:7a:dc:41:50:3c:f0:fa:
                    d0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:9E:8D:AA:55:87:56:9A:07:23:BC:4C:C4:03:76:AE:0C:4A:17:67
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/2J6NqlWHVpoHI7xMxAN2rgxKF2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.24.0/24
                  194.85.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:87:06:0a:9d:37:0f:39:17:bb:59:34:47:32:7f:ae:3b:ad:
         d4:ea:45:4a:e5:f4:b7:3d:9a:8d:81:aa:be:2c:e5:c3:81:90:
         6d:32:32:58:5e:39:87:8c:20:e8:99:a5:ea:34:d1:3a:66:df:
         45:90:a4:5a:45:6c:aa:97:2d:c8:e1:35:41:01:c5:fa:6e:c0:
         07:df:21:81:3e:de:4d:94:70:23:7f:78:63:13:1b:b8:1c:d5:
         31:cd:55:39:66:63:58:f1:29:b4:69:1f:62:c4:38:07:a9:c2:
         70:37:d1:5a:25:61:ba:1c:86:71:d4:6f:b3:4d:ba:40:39:ac:
         ac:89:32:d8:74:a0:05:ab:0c:76:7a:7f:40:6b:95:e7:05:2d:
         68:5f:8f:bc:b3:f6:a6:ed:9b:ca:9e:8b:20:92:d7:00:68:a0:
         88:4b:93:7f:b0:4e:15:e7:69:71:43:70:e7:0c:57:b3:ed:52:
         c0:d8:70:81:44:90:8a:e9:6e:8f:71:e9:88:71:5d:7f:03:58:
         c3:80:ca:57:9e:f8:ad:d2:fd:b3:54:be:24:7e:d5:34:b6:90:
         56:8d:75:2a:ac:3f:67:bc:11:a7:b4:25:39:54:2a:d4:9d:5a:
         b3:e8:f0:6f:ab:2e:fe:db:61:8f:ee:8d:b7:0d:db:a4:c1:8d:
         cf:d2:27:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZT/0gmY2PZdBsMMJUlI7IRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMjEzMTQ1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODllOGRhYTU1ODc1NjlhMDcyM2JjNGNjNDAzNzZhZTBjNGExNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfJdZw+8hHqy+2OJLYr6QozQRCDz
UlU2SLvrFoqnb4XvjlNab5yF1wfbX/OOLeEYAHbcRQUvB3rWvGhKfUbgmJWllZ1C
9GjUVG7k+CglenuXd+QT+tLws872YxerAlV/YYAy/XlHqe8ngiMnPS8jBi17K9TM
quh7cYjbMkvqfKDUc2EXkTYRazQaCo5qrtD3Fov/gykebhdpFiG40nbVrCi2BpkE
LOqjBLi3GYnCsE4uz6fs5yQsdI2RFDmG1vHCbZIMp3Wwwz79mawOA/GscHk5jzYX
2tuUVe5iJVQZm/3SdcO5ET1nJWmXsoOLTLuNeqVntFsQgHrcQVA88PrQUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNiejapVh1aaByO8TMQDdq4MShdnMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvMko2TnFsV0hWcG9ISTd4TXhBTjJyZ3hLRjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwegYAwQA
wlXQMA0GCSqGSIb3DQEBCwUAA4IBAQBFhwYKnTcPORe7WTRHMn+uO63U6kVK5fS3
PZqNgaq+LOXDgZBtMjJYXjmHjCDomaXqNNE6Zt9FkKRaRWyqly3I4TVBAcX6bsAH
3yGBPt5NlHAjf3hjExu4HNUxzVU5ZmNY8Sm0aR9ixDgHqcJwN9FaJWG6HIZx1G+z
TbpAOaysiTLYdKAFqwx2en9Aa5XnBS1oX4+8s/am7ZvKnosgktcAaKCIS5N/sE4V
52lxQ3DnDFez7VLA2HCBRJCK6W6PcemIcV1/A1jDgMpXnvit0v2zVL4kftU0tpBW
jXUqrD9nvBGntCU5VCrUnVqz6PBvqy7+22GP7o23DdukwY3P0ifq
-----END CERTIFICATE-----