Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/2r9-1A9w7ROnLkmD5iJBudQRKms.roa
File:                     2r9-1A9w7ROnLkmD5iJBudQRKms.roa (raw, json)
Hash identifier:          iYcfrPlmh6XOVx66BDh8Wcb5MO3DVlLZA31Bcub398E=
Subject key identifier:   DA:BF:7E:D4:0F:70:ED:13:A7:2E:49:83:E6:22:41:B9:D4:11:2A:6B
Certificate issuer:       /CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
Certificate serial:       01941F8C10ED4212D63D1DA5476F49C31B52
Authority key identifier: B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/2r9-1A9w7ROnLkmD5iJBudQRKms.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42008
IP address blocks:        212.8.192.0/19 maxlen: 24
                          212.15.192.0/19 maxlen: 24
                          2001:ae0::/30 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:10:ed:42:12:d6:3d:1d:a5:47:6f:49:c3:1b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dabf7ed40f70ed13a72e4983e62241b9d4112a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3a:88:a6:2e:df:02:16:c3:e6:e5:00:d1:86:
                    5c:21:bc:b2:af:58:9b:83:d8:09:d6:98:ed:da:ff:
                    9d:5d:43:39:f4:96:66:b9:c1:88:17:bc:68:c2:84:
                    b1:6d:27:5b:6c:20:3e:f1:d6:e0:ec:5e:4a:82:4a:
                    bf:7f:77:60:fa:4e:65:58:c9:11:67:94:02:44:05:
                    31:ad:12:71:8d:5f:58:b6:f5:95:b7:2e:e6:8c:9d:
                    2b:fe:2a:7f:ec:91:2a:c2:22:3e:e4:92:11:90:d4:
                    74:08:65:3c:e3:4f:65:a7:e2:1a:1a:18:2e:3e:e1:
                    a0:d1:e5:13:ff:0a:23:31:55:96:e7:35:c8:06:61:
                    65:df:e2:8d:d4:a9:51:35:73:83:6f:1a:5f:66:45:
                    18:0a:0d:81:1d:59:7d:08:02:77:fe:95:47:22:3b:
                    cd:2f:c7:b2:d6:3c:bf:41:78:c3:22:9c:ca:10:3e:
                    ee:fc:d1:76:a2:cb:7e:07:26:9d:fb:76:8d:83:7b:
                    f6:f6:c4:78:a8:cc:68:7c:48:15:75:ca:d0:52:07:
                    d8:0a:d6:18:53:b7:1f:0f:e7:9b:e3:d2:19:22:1e:
                    f8:fa:23:b0:51:52:70:15:e6:47:66:21:94:52:4a:
                    30:11:12:52:3d:3b:fc:28:bd:fc:77:d5:49:54:0e:
                    c7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:BF:7E:D4:0F:70:ED:13:A7:2E:49:83:E6:22:41:B9:D4:11:2A:6B
            X509v3 Authority Key Identifier:
                keyid:B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/2r9-1A9w7ROnLkmD5iJBudQRKms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.192.0/19
                  212.15.192.0/19
                IPv6:
                  2001:ae0::/30

    Signature Algorithm: sha256WithRSAEncryption
         b3:eb:90:b3:a3:bb:ff:5c:de:2f:80:2e:4d:2a:b7:a7:2f:91:
         cc:13:77:b4:29:3b:f3:b4:79:0a:ff:83:c4:3a:13:e8:80:ee:
         72:a6:84:9d:75:5c:cb:6c:70:a3:85:d6:9d:a5:d5:96:9e:5c:
         a5:b0:80:2b:1f:d8:38:95:f3:0e:ed:a9:db:97:df:48:d1:26:
         63:03:39:91:bf:3a:6f:3f:b1:b4:92:32:9f:d4:f9:65:b7:ce:
         4e:a3:57:8d:33:e5:99:a5:a2:64:b3:27:16:8a:61:6f:e3:6b:
         50:c0:26:8d:83:21:d2:12:dd:55:7d:0f:b4:a4:1d:e5:18:e3:
         8f:bd:70:d3:ba:ce:aa:b9:64:68:9a:91:1e:27:15:90:67:73:
         7c:9c:65:97:70:63:81:ee:66:fa:af:48:df:f3:37:b2:85:26:
         d0:4a:d8:db:4b:24:b0:52:e2:4c:9f:fa:92:08:d4:99:43:47:
         60:0b:ff:40:cf:e0:46:cb:00:95:24:dc:65:8b:1b:7a:91:a6:
         76:93:a1:89:9f:87:ed:59:07:57:c2:e7:ae:17:da:07:1f:3a:
         9b:ec:19:23:12:ea:fa:4e:ca:e1:ac:23:d8:2e:45:c2:69:a8:
         8b:dc:b1:2f:55:d6:c7:6e:e9:d0:92:59:ac:00:88:a6:43:d6:
         fc:23:d5:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjBDtQhLWPR2lR29JwxtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2M5NWZjNDJmM2Q4MTkyMGY0NjRiMGYyMGM4YTUyMDNm
MjFlMzAwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWJmN2VkNDBmNzBlZDEzYTcyZTQ5ODNlNjIyNDFiOWQ0MTEyYTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTqIpi7fAhbD5uUA0YZcIbyyr1ib
g9gJ1pjt2v+dXUM59JZmucGIF7xowoSxbSdbbCA+8dbg7F5Kgkq/f3dg+k5lWMkR
Z5QCRAUxrRJxjV9YtvWVty7mjJ0r/ip/7JEqwiI+5JIRkNR0CGU8409lp+IaGhgu
PuGg0eUT/wojMVWW5zXIBmFl3+KN1KlRNXODbxpfZkUYCg2BHVl9CAJ3/pVHIjvN
L8ey1jy/QXjDIpzKED7u/NF2ost+Byad+3aNg3v29sR4qMxofEgVdcrQUgfYCtYY
U7cfD+eb49IZIh74+iOwUVJwFeZHZiGUUkowERJSPTv8KL38d9VJVA7HeQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNq/ftQPcO0Tpy5Jg+YiQbnUESprMB8GA1UdIwQY
MBaAFLDMlfxC89gZIPRksPIMilID8h4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEt
ODQ1M2MwZjEzNWQ2LzEvMnI5LTFBOXc3Uk9uTGttRDVpSkJ1ZFFSS21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEtODQ1M2MwZjEzNWQ2
LzEvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQF1AjAAwQF
1A/AMA0EAgACMAcDBQIgAQrgMA0GCSqGSIb3DQEBCwUAA4IBAQCz65Czo7v/XN4v
gC5NKrenL5HME3e0KTvztHkK/4PEOhPogO5ypoSddVzLbHCjhdadpdWWnlylsIAr
H9g4lfMO7anbl99I0SZjAzmRvzpvP7G0kjKf1Pllt85Oo1eNM+WZpaJksycWimFv
42tQwCaNgyHSEt1VfQ+0pB3lGOOPvXDTus6quWRompEeJxWQZ3N8nGWXcGOB7mb6
r0jf8zeyhSbQStjbSySwUuJMn/qSCNSZQ0dgC/9Az+BGywCVJNxlixt6kaZ2k6GJ
n4ftWQdXwueuF9oHHzqb7BkjEur6TsrhrCPYLkXCaaiL3LEvVdbHbunQklmsAIim
Q9b8I9Vr
-----END CERTIFICATE-----