Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/IP2TA110bw-H4O1wamCYoNbCcjM.roa
File:                     IP2TA110bw-H4O1wamCYoNbCcjM.roa (raw, json)
Hash identifier:          hPPZWdSxmIy27LNJGRF/m5E6I6iPJVLPz81w8YZa7M4=
Subject key identifier:   20:FD:93:03:5D:74:6F:0F:87:E0:ED:70:6A:60:98:A0:D6:C2:72:33
Certificate issuer:       /CN=32e658515b1e6a72b99f332669e069e6154f70dd
Certificate serial:       01941FFA5BABEF09667CCA448CC2362431BC
Authority key identifier: 32:E6:58:51:5B:1E:6A:72:B9:9F:33:26:69:E0:69:E6:15:4F:70:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/IP2TA110bw-H4O1wamCYoNbCcjM.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9211
IP address blocks:        193.102.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5b:ab:ef:09:66:7c:ca:44:8c:c2:36:24:31:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32e658515b1e6a72b99f332669e069e6154f70dd
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20fd93035d746f0f87e0ed706a6098a0d6c27233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0e:78:f3:ad:bd:d4:67:cc:a8:c8:09:37:93:
                    05:17:1d:69:eb:83:d2:fa:90:c9:93:49:08:cf:99:
                    04:93:29:72:b0:f1:91:d4:cd:60:75:fd:e7:e9:cf:
                    de:dc:b7:b9:1c:32:60:b4:f1:33:d0:b7:cc:0d:48:
                    7a:70:32:86:af:9c:50:76:4e:30:5c:39:5e:6d:ae:
                    3b:b1:ec:93:bb:0c:c2:8d:bd:c2:a9:f9:35:5b:7a:
                    ad:a1:f2:e8:c9:2a:32:f2:45:47:ea:68:e9:a7:38:
                    0b:92:0f:03:5a:e5:80:3f:bb:8c:81:78:80:42:43:
                    e2:90:71:54:0b:c0:9c:b4:90:88:9a:c0:0f:d5:9e:
                    fa:a8:40:6e:7b:b6:77:65:cb:31:6e:6c:d2:80:68:
                    0d:44:79:ad:44:7e:e6:cb:b3:66:20:cc:93:d5:22:
                    56:47:44:87:39:44:03:9c:d1:b2:3f:68:7d:78:be:
                    7a:d9:96:fa:45:ca:e9:ea:28:55:51:a1:42:40:f9:
                    39:37:6d:5d:82:36:6c:83:70:79:8c:37:93:ac:d5:
                    d5:3a:57:0f:79:54:68:2b:51:0a:94:75:3a:2d:a6:
                    cf:00:0e:1a:83:13:66:52:e1:58:41:f5:d7:70:60:
                    ed:db:d0:f8:07:ff:40:dc:6e:10:ea:25:7c:b4:b9:
                    83:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FD:93:03:5D:74:6F:0F:87:E0:ED:70:6A:60:98:A0:D6:C2:72:33
            X509v3 Authority Key Identifier:
                keyid:32:E6:58:51:5B:1E:6A:72:B9:9F:33:26:69:E0:69:E6:15:4F:70:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MuZYUVseanK5nzMmaeBp5hVPcN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/IP2TA110bw-H4O1wamCYoNbCcjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/f69c42-6f9d-490e-b132-67f8e7d1137c/1/MuZYUVseanK5nzMmaeBp5hVPcN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.102.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:65:d0:ed:84:29:05:65:57:9a:80:de:b6:f0:8d:d1:6e:8e:
         e3:0a:06:33:c8:7e:e4:3f:c3:8b:a0:5e:f9:0d:c4:8a:2f:0e:
         c2:4c:ea:88:52:b8:9e:c7:a3:cc:6b:78:b8:dc:3a:75:1a:dc:
         9c:cb:54:f7:cf:45:41:e4:c1:ba:82:16:ca:6f:e7:dc:85:a0:
         b1:9b:ec:99:9f:f8:57:4a:9d:02:1c:e7:2e:28:92:3d:3a:24:
         54:70:3b:a8:7c:25:67:57:d2:1a:1b:43:d1:f5:81:9c:4c:f1:
         72:69:6d:af:47:50:3c:7b:a0:65:c9:e9:f4:7f:3f:d5:48:3c:
         7b:33:02:dd:a5:2e:20:18:0e:c4:34:57:66:18:73:7f:9b:a7:
         01:0c:b4:04:fe:19:dd:4e:48:5f:67:d2:db:55:9a:3d:75:5e:
         4d:08:c2:86:18:05:10:44:6e:ad:40:8b:63:bf:b1:a9:76:6f:
         c2:41:01:a5:81:80:62:75:63:fa:f9:e9:3c:7b:a4:86:bf:b1:
         cb:cb:5c:30:81:25:59:ac:05:96:0e:28:48:19:ef:27:28:b0:
         5b:6e:09:b5:a5:25:47:ef:1a:dc:ca:84:25:a3:6d:3a:9f:05:
         b5:f1:18:da:e1:25:7f:f7:eb:19:f3:7d:89:cd:15:c1:ab:69:
         0c:2a:98:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lur7wlmfMpEjMI2JDG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZTY1ODUxNWIxZTZhNzJiOTlmMzMyNjY5ZTA2OWU2MTU0
ZjcwZGQwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZkOTMwMzVkNzQ2ZjBmODdlMGVkNzA2YTYwOThhMGQ2YzI3MjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQ5486291GfMqMgJN5MFFx1p64PS
+pDJk0kIz5kEkylysPGR1M1gdf3n6c/e3Le5HDJgtPEz0LfMDUh6cDKGr5xQdk4w
XDleba47seyTuwzCjb3Cqfk1W3qtofLoySoy8kVH6mjppzgLkg8DWuWAP7uMgXiA
QkPikHFUC8CctJCImsAP1Z76qEBue7Z3ZcsxbmzSgGgNRHmtRH7my7NmIMyT1SJW
R0SHOUQDnNGyP2h9eL562Zb6Rcrp6ihVUaFCQPk5N21dgjZsg3B5jDeTrNXVOlcP
eVRoK1EKlHU6LabPAA4agxNmUuFYQfXXcGDt29D4B/9A3G4Q6iV8tLmDIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD9kwNddG8Ph+DtcGpgmKDWwnIzMB8GA1UdIwQY
MBaAFDLmWFFbHmpyuZ8zJmngaeYVT3DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXVaWVVWc2Vhbks1bnpNbWFlQnA1aFZQY04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9mNjljNDItNmY5ZC00OTBlLWIxMzIt
NjdmOGU3ZDExMzdjLzEvSVAyVEExMTBidy1INE8xd2FtQ1lvTmJDY2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9mNjljNDItNmY5ZC00OTBlLWIxMzItNjdmOGU3ZDExMzdj
LzEvTXVaWVVWc2Vhbks1bnpNbWFlQnA1aFZQY04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWbwMA0G
CSqGSIb3DQEBCwUAA4IBAQBGZdDthCkFZVeagN628I3Rbo7jCgYzyH7kP8OLoF75
DcSKLw7CTOqIUriex6PMa3i43Dp1Gtycy1T3z0VB5MG6ghbKb+fchaCxm+yZn/hX
Sp0CHOcuKJI9OiRUcDuofCVnV9IaG0PR9YGcTPFyaW2vR1A8e6Blyen0fz/VSDx7
MwLdpS4gGA7ENFdmGHN/m6cBDLQE/hndTkhfZ9LbVZo9dV5NCMKGGAUQRG6tQItj
v7Gpdm/CQQGlgYBidWP6+ek8e6SGv7HLy1wwgSVZrAWWDihIGe8nKLBbbgm1pSVH
7xrcyoQlo206nwW18Rja4SV/9+sZ832JzRXBq2kMKpgZ
-----END CERTIFICATE-----