Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2wuDk6nFqqGYiaSC6iucrRXcbQk.roa
File:                     2wuDk6nFqqGYiaSC6iucrRXcbQk.roa (raw, json)
Hash identifier:          79MFBQJOifCFih1gwOm9utzcHryDlN0MlgfAlM0KB/E=
Subject key identifier:   DB:0B:83:93:A9:C5:AA:A1:98:89:A4:82:EA:2B:9C:AD:15:DC:6D:09
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       019423D74BBF82ADEC2FF7F59DB994EE4AC3
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2wuDk6nFqqGYiaSC6iucrRXcbQk.roa
Signing time:             Wed 01 Jan 2025 21:48:19 +0000
ROA not before:           Wed 01 Jan 2025 21:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202041
IP address blocks:        194.170.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 10:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:4b:bf:82:ad:ec:2f:f7:f5:9d:b9:94:ee:4a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 21:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db0b8393a9c5aaa19889a482ea2b9cad15dc6d09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6d:fa:eb:a1:24:d1:7d:5b:ff:0f:7a:b0:40:
                    fe:84:b6:13:d7:66:e0:23:c1:62:79:12:6b:18:b7:
                    d0:37:5e:20:b6:57:7c:b8:2f:a1:3f:76:2c:87:6e:
                    c3:bf:89:86:e8:ad:ca:65:91:f0:74:7d:64:0f:a6:
                    79:ab:32:a4:38:1c:2e:01:dd:b3:3a:21:ff:2d:29:
                    8b:04:3b:cc:fb:b0:64:19:44:14:df:06:e2:3e:83:
                    3d:e0:b6:97:a7:96:ed:00:ad:c9:57:c7:5b:82:78:
                    dc:2d:90:17:5f:e6:e0:7d:4d:da:d3:7e:e9:ca:3e:
                    2a:76:c1:ce:34:90:a6:ae:4c:53:6a:58:ab:97:da:
                    02:50:5b:90:6a:58:36:0c:a6:6d:68:49:44:4c:31:
                    07:e3:b9:23:a3:45:25:16:81:d3:87:93:dd:29:0d:
                    47:71:b6:91:22:a7:15:60:98:7d:90:3c:ac:cf:98:
                    ec:56:42:24:e7:66:89:4d:87:76:2d:d5:5c:04:d4:
                    f5:2b:0d:7c:89:25:33:4d:fd:ec:fc:69:37:7d:7b:
                    fd:fc:fd:b6:6a:bf:22:db:1e:02:cf:59:83:60:1b:
                    38:98:35:8a:ad:24:ba:0d:5a:fe:b9:0f:12:f2:cf:
                    95:9e:81:b6:62:f7:a5:07:88:e9:39:b9:77:58:62:
                    da:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0B:83:93:A9:C5:AA:A1:98:89:A4:82:EA:2B:9C:AD:15:DC:6D:09
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2wuDk6nFqqGYiaSC6iucrRXcbQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.170.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:17:1b:29:41:bf:cb:45:72:95:ff:f6:8c:dc:0a:af:61:9b:
         1b:e7:a9:f7:cd:73:bf:ae:f6:46:d8:4a:7a:38:64:e7:9c:98:
         9a:77:56:10:fc:9f:08:e1:7f:79:7e:c8:b3:88:16:cf:2a:f6:
         0a:b5:2c:23:91:79:83:8e:38:bd:1c:6a:33:e7:be:76:80:ac:
         de:81:a2:86:29:e3:76:fc:86:54:2e:63:ff:39:c2:04:f9:0a:
         4f:5a:8b:cb:90:d3:b3:4e:b6:ee:e6:42:cb:2a:4f:91:11:5b:
         ac:34:11:c0:a3:91:20:75:67:d2:0a:f7:4d:b9:b1:ed:47:5c:
         11:7b:a2:2b:b5:4b:d5:4a:14:51:90:36:9a:94:57:a4:bf:24:
         76:9c:48:be:81:79:87:d7:36:6a:f9:20:dd:95:86:40:23:32:
         29:0d:f6:8c:54:a8:8b:d6:30:1a:62:2b:b0:89:c9:a9:0b:03:
         31:96:f3:20:59:22:c1:8f:27:84:d5:4d:24:90:48:8e:d3:db:
         a8:72:f2:74:75:0a:db:6f:8b:9c:85:d4:7b:17:60:9b:4d:61:
         e7:0a:94:76:0a:99:76:02:6d:34:96:db:f1:39:89:11:2b:c1:
         31:42:82:1a:7f:cb:4c:88:75:c1:ec:b7:5a:b6:82:50:36:96:
         64:fb:42:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10u/gq3sL/f1nbmU7krDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjUwMTAxMjE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBiODM5M2E5YzVhYWExOTg4OWE0ODJlYTJiOWNhZDE1ZGM2ZDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAom3666Ek0X1b/w96sED+hLYT12bg
I8FieRJrGLfQN14gtld8uC+hP3Ysh27Dv4mG6K3KZZHwdH1kD6Z5qzKkOBwuAd2z
OiH/LSmLBDvM+7BkGUQU3wbiPoM94LaXp5btAK3JV8dbgnjcLZAXX+bgfU3a037p
yj4qdsHONJCmrkxTalirl9oCUFuQalg2DKZtaElETDEH47kjo0UlFoHTh5PdKQ1H
cbaRIqcVYJh9kDysz5jsVkIk52aJTYd2LdVcBNT1Kw18iSUzTf3s/Gk3fXv9/P22
ar8i2x4Cz1mDYBs4mDWKrSS6DVr+uQ8S8s+VnoG2YvelB4jpObl3WGLa2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsLg5OpxaqhmImkguornK0V3G0JMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvMnd1RGs2bkZxcUdZaWFTQzZpdWNyUlhjYlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqryMA0G
CSqGSIb3DQEBCwUAA4IBAQBXFxspQb/LRXKV//aM3AqvYZsb56n3zXO/rvZG2Ep6
OGTnnJiad1YQ/J8I4X95fsiziBbPKvYKtSwjkXmDjji9HGoz5752gKzegaKGKeN2
/IZULmP/OcIE+QpPWovLkNOzTrbu5kLLKk+REVusNBHAo5EgdWfSCvdNubHtR1wR
e6IrtUvVShRRkDaalFekvyR2nEi+gXmH1zZq+SDdlYZAIzIpDfaMVKiL1jAaYiuw
icmpCwMxlvMgWSLBjyeE1U0kkEiO09uocvJ0dQrbb4uchdR7F2CbTWHnCpR2Cpl2
Am00ltvxOYkRK8ExQoIaf8tMiHXB7LdatoJQNpZk+0Lj
-----END CERTIFICATE-----