Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/2VAk9AH_jCxBcmS3UFNJkQWmjmM.roa
File:                     2VAk9AH_jCxBcmS3UFNJkQWmjmM.roa (raw, json)
Hash identifier:          OTJmVbnhsENHWSTSM66puZiLKu+kw6NtZbXCQeGN/YQ=
Subject key identifier:   D9:50:24:F4:01:FF:8C:2C:41:72:64:B7:50:53:49:91:05:A6:8E:63
Certificate issuer:       /CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
Certificate serial:       019425FDC8DF53A2A393F46FC90D1401A4B2
Authority key identifier: D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/2VAk9AH_jCxBcmS3UFNJkQWmjmM.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.160.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c8:df:53:a2:a3:93:f4:6f:c9:0d:14:01:a4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d95024f401ff8c2c417264b75053499105a68e63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:96:47:a3:da:5f:ca:f3:da:5d:0d:87:fb:1e:
                    44:84:74:a7:dc:d3:fa:ec:44:a6:63:2d:3e:3e:74:
                    b1:64:a4:2e:45:87:82:33:cb:1d:b9:d1:98:1d:63:
                    fd:b0:6e:ec:ae:31:e7:7a:41:a2:d0:fe:ae:06:d1:
                    8d:05:f1:d0:13:4a:70:4e:4e:d7:9c:e6:a6:dc:16:
                    ae:19:93:9c:93:f7:1b:d3:bf:02:ee:91:c5:34:39:
                    dc:00:e4:e0:ad:7c:6a:f9:99:b2:40:f8:4c:3c:12:
                    ea:2a:06:94:69:b4:99:9a:53:cc:dc:89:22:28:c3:
                    c1:07:28:4e:41:ab:b5:8a:c0:6a:84:bb:23:c2:3b:
                    d0:db:d2:61:28:c0:c5:85:d0:23:1d:48:2e:89:1b:
                    09:e5:d7:de:d0:29:67:51:1b:bc:5d:41:7c:4d:c1:
                    ca:3f:44:ee:34:f9:77:ee:09:d3:b1:0f:c5:df:c3:
                    04:f0:88:e0:45:a5:96:6a:a3:10:ac:a8:19:85:ff:
                    49:7e:8b:40:eb:99:f7:22:a9:00:02:1c:32:a6:e7:
                    bc:f7:86:c5:de:3b:b9:a2:4f:4f:37:16:62:21:61:
                    59:03:89:2a:a2:80:dc:27:c6:89:99:3b:2c:dc:b2:
                    92:2b:49:24:5a:e1:fe:66:56:c1:1e:34:a0:0f:2d:
                    32:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:50:24:F4:01:FF:8C:2C:41:72:64:B7:50:53:49:91:05:A6:8E:63
            X509v3 Authority Key Identifier:
                keyid:D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/2VAk9AH_jCxBcmS3UFNJkQWmjmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:8e:c0:4a:08:81:ba:58:f2:71:2a:2e:4b:ed:96:53:f7:50:
         17:f8:ac:f3:eb:0e:9c:4c:1e:49:f6:b2:92:5b:f4:f8:20:1c:
         dd:df:e1:2d:2f:b7:4f:ba:09:eb:14:cc:23:3d:2b:ba:85:38:
         c2:f7:47:e0:74:02:59:e7:29:e3:ae:cd:00:48:7b:19:28:1e:
         17:61:f5:d3:f0:50:c9:d1:18:fe:5b:14:63:48:1c:c8:a2:43:
         b1:c2:c6:4a:68:5f:01:5b:e0:9b:de:99:91:ad:e2:f1:6c:4f:
         84:56:0d:d6:ad:03:b5:05:ae:02:61:a5:d8:c9:24:d2:44:de:
         fc:a4:16:d5:b7:a4:2a:69:6b:1b:2c:6b:e6:c1:3b:7e:b1:b0:
         2b:1f:e9:a5:ff:cf:0f:43:4b:e0:4b:9c:96:1b:cd:15:3f:c7:
         2e:c3:e8:17:da:31:98:6f:88:a5:a2:d6:fd:db:cc:bf:b6:ee:
         0d:29:2f:38:8c:3a:fa:b2:8e:fd:e7:4b:7c:77:12:dc:8e:3d:
         d5:c8:79:f3:71:f3:70:32:f0:76:5b:f5:a0:d5:e4:26:98:ce:
         5d:76:8e:de:ac:09:b8:0c:81:9c:73:3e:4a:3b:e2:fd:9c:e2:
         b5:47:fc:5a:00:77:cd:30:15:76:ce:6a:4a:93:aa:60:4e:79:
         02:69:d7:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cjfU6Kjk/RvyQ0UAaSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxODFkMGM0MDk1MWE0ZjkwMGU0ZDlkZDljMjBlNDg1NjM1
MDkyMGUwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTUwMjRmNDAxZmY4YzJjNDE3MjY0Yjc1MDUzNDk5MTA1YTY4ZTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJZHo9pfyvPaXQ2H+x5EhHSn3NP6
7ESmYy0+PnSxZKQuRYeCM8sdudGYHWP9sG7srjHnekGi0P6uBtGNBfHQE0pwTk7X
nOam3BauGZOck/cb078C7pHFNDncAOTgrXxq+ZmyQPhMPBLqKgaUabSZmlPM3Iki
KMPBByhOQau1isBqhLsjwjvQ29JhKMDFhdAjHUguiRsJ5dfe0ClnURu8XUF8TcHK
P0TuNPl37gnTsQ/F38ME8IjgRaWWaqMQrKgZhf9JfotA65n3IqkAAhwypue894bF
3ju5ok9PNxZiIWFZA4kqooDcJ8aJmTss3LKSK0kkWuH+ZlbBHjSgDy0yzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlQJPQB/4wsQXJkt1BTSZEFpo5jMB8GA1UdIwQY
MBaAFNGB0MQJUaT5AOTZ3Zwg5IVjUJIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEt
Mzg4YjgxYzBjOTBjLzEvMlZBazlBSF9qQ3hCY21TM1VGTkprUVdtam1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEtMzg4YjgxYzBjOTBj
LzEvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaCYMA0G
CSqGSIb3DQEBCwUAA4IBAQBVjsBKCIG6WPJxKi5L7ZZT91AX+Kzz6w6cTB5J9rKS
W/T4IBzd3+EtL7dPugnrFMwjPSu6hTjC90fgdAJZ5ynjrs0ASHsZKB4XYfXT8FDJ
0Rj+WxRjSBzIokOxwsZKaF8BW+Cb3pmRreLxbE+EVg3WrQO1Ba4CYaXYySTSRN78
pBbVt6QqaWsbLGvmwTt+sbArH+ml/88PQ0vgS5yWG80VP8cuw+gX2jGYb4ilotb9
28y/tu4NKS84jDr6so7950t8dxLcjj3VyHnzcfNwMvB2W/Wg1eQmmM5ddo7erAm4
DIGccz5KO+L9nOK1R/xaAHfNMBV2zmpKk6pgTnkCadcK
-----END CERTIFICATE-----