Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DY1K6i5vQY8rznvxHZCh5DHCv5w.roa
File:                     DY1K6i5vQY8rznvxHZCh5DHCv5w.roa (raw, json)
Hash identifier:          EKe1zlcQfQBpBTnSLz03ZLWlWqnPT4BruNhWaalp/48=
Subject key identifier:   0D:8D:4A:EA:2E:6F:41:8F:2B:CE:7B:F1:1D:90:A1:E4:31:C2:BF:9C
Certificate issuer:       /CN=d83713fd7b4cdfa6cba016a87eaf8b31c891beb0
Certificate serial:       019561333110EA12E5A97B747003F7C7C97E
Authority key identifier: D8:37:13:FD:7B:4C:DF:A6:CB:A0:16:A8:7E:AF:8B:31:C8:91:BE:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DY1K6i5vQY8rznvxHZCh5DHCv5w.roa
Signing time:             Tue 04 Mar 2025 12:48:19 +0000
ROA not before:           Tue 04 Mar 2025 12:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211444
IP address blocks:        193.58.118.0/24 maxlen: 24
                          194.62.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:61:33:31:10:ea:12:e5:a9:7b:74:70:03:f7:c7:c9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d83713fd7b4cdfa6cba016a87eaf8b31c891beb0
        Validity
            Not Before: Mar  4 12:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d8d4aea2e6f418f2bce7bf11d90a1e431c2bf9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:28:69:f4:5a:d9:9b:ac:0e:db:69:e5:33:84:
                    57:da:c9:56:1a:03:f8:12:88:79:c7:94:78:a1:56:
                    17:41:86:0d:6a:7a:5b:a2:f1:13:02:1b:39:b2:4a:
                    ff:57:12:4b:6c:fe:4e:03:4b:22:57:5b:e3:f9:db:
                    88:3b:ed:90:21:41:6e:bb:c7:89:4b:c3:14:b3:ba:
                    65:54:30:f7:52:51:07:c8:2a:2c:88:5d:1b:cb:67:
                    56:90:28:c2:54:ca:da:77:72:11:eb:14:56:01:c9:
                    f1:d4:52:8c:ff:8d:b6:2d:7c:f5:d5:54:70:b4:d1:
                    7a:74:b7:5c:07:2f:c9:80:7f:40:9f:78:eb:d4:79:
                    ad:a1:6f:f7:43:ff:a0:d1:db:13:07:f1:a4:b4:3d:
                    b1:30:89:70:e5:75:67:57:50:07:a5:40:bb:aa:cb:
                    de:3e:46:00:76:31:9b:1a:b4:44:97:03:14:bb:bc:
                    f1:53:fe:b8:6c:dc:4b:0d:5e:10:46:e3:54:c4:84:
                    e5:11:66:c9:7e:c0:24:fd:75:4a:8b:27:02:18:61:
                    4d:c7:87:50:67:34:14:a4:f1:a7:38:5f:e9:0f:e7:
                    ec:ae:cb:dc:43:10:31:95:23:af:fd:87:7f:62:53:
                    d9:bb:49:b1:f0:6d:73:0e:f5:a4:87:87:d5:1c:65:
                    14:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8D:4A:EA:2E:6F:41:8F:2B:CE:7B:F1:1D:90:A1:E4:31:C2:BF:9C
            X509v3 Authority Key Identifier:
                keyid:D8:37:13:FD:7B:4C:DF:A6:CB:A0:16:A8:7E:AF:8B:31:C8:91:BE:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2DcT_XtM36bLoBaofq-LMciRvrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/DY1K6i5vQY8rznvxHZCh5DHCv5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/2d2109-cfb8-4325-a0e3-058785b4a96e/1/2DcT_XtM36bLoBaofq-LMciRvrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.118.0/24
                  194.62.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e5:25:e0:b5:4d:d0:80:62:5e:b2:09:d8:d3:e0:5d:f7:93:
         47:33:bb:6d:d8:b5:28:55:b0:64:01:6f:61:06:f9:85:f8:2c:
         8e:97:19:0c:f5:f1:f4:18:c1:00:3e:a1:b8:3b:31:87:56:de:
         2f:8c:56:98:33:f4:ec:f0:3a:dd:88:2f:23:39:20:50:c2:1d:
         6b:e5:6d:8f:8b:34:39:7b:37:64:3d:2d:e6:ca:80:60:e6:59:
         05:fc:6b:4e:07:f9:e6:1b:4f:cd:d6:58:eb:e6:7d:92:c5:37:
         03:f6:82:4b:cf:05:1a:35:54:3b:49:5a:97:e8:ec:c3:f7:41:
         27:3e:7e:92:0f:12:35:dd:d3:ad:9c:88:77:ec:69:23:e0:23:
         ac:0d:e6:99:5e:c8:5e:73:16:56:6d:35:1c:97:8c:b0:00:14:
         32:d2:29:a4:4a:b1:20:7a:51:76:9d:35:73:4e:fd:b9:10:0c:
         4b:31:f5:19:8f:85:32:66:c7:02:4a:9e:c9:d3:b1:a7:3e:8a:
         7b:da:16:d4:88:93:d9:0d:a8:a9:80:49:90:41:6d:08:57:77:
         79:50:0f:f2:49:03:e7:b4:93:a8:25:fe:07:8c:d5:a9:7b:a2:
         e8:ad:7c:5b:75:a8:b8:f8:ef:86:82:c5:18:5f:94:3f:89:a5:
         a2:64:41:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVhMzEQ6hLlqXt0cAP3x8l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MzcxM2ZkN2I0Y2RmYTZjYmEwMTZhODdlYWY4YjMxYzg5
MWJlYjAwHhcNMjUwMzA0MTI0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDhkNGFlYTJlNmY0MThmMmJjZTdiZjExZDkwYTFlNDMxYzJiZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ihp9FrZm6wO22nlM4RX2slWGgP4
Eoh5x5R4oVYXQYYNanpbovETAhs5skr/VxJLbP5OA0siV1vj+duIO+2QIUFuu8eJ
S8MUs7plVDD3UlEHyCosiF0by2dWkCjCVMrad3IR6xRWAcnx1FKM/422LXz11VRw
tNF6dLdcBy/JgH9An3jr1HmtoW/3Q/+g0dsTB/GktD2xMIlw5XVnV1AHpUC7qsve
PkYAdjGbGrRElwMUu7zxU/64bNxLDV4QRuNUxITlEWbJfsAk/XVKiycCGGFNx4dQ
ZzQUpPGnOF/pD+fsrsvcQxAxlSOv/Yd/YlPZu0mx8G1zDvWkh4fVHGUUIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA2NSuoub0GPK8578R2QoeQxwr+cMB8GA1UdIwQY
MBaAFNg3E/17TN+my6AWqH6vizHIkb6wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkRjVF9YdE0zNmJMb0Jhb2ZxLUxNY2lSdnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8yZDIxMDktY2ZiOC00MzI1LWEwZTMt
MDU4Nzg1YjRhOTZlLzEvRFkxSzZpNXZRWThyem52eEhaQ2g1REhDdjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8yZDIxMDktY2ZiOC00MzI1LWEwZTMtMDU4Nzg1YjRhOTZl
LzEvMkRjVF9YdE0zNmJMb0Jhb2ZxLUxNY2lSdnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwTp2AwQA
wj4pMA0GCSqGSIb3DQEBCwUAA4IBAQAi5SXgtU3QgGJesgnY0+Bd95NHM7tt2LUo
VbBkAW9hBvmF+CyOlxkM9fH0GMEAPqG4OzGHVt4vjFaYM/Ts8DrdiC8jOSBQwh1r
5W2PizQ5ezdkPS3myoBg5lkF/GtOB/nmG0/N1ljr5n2SxTcD9oJLzwUaNVQ7SVqX
6OzD90EnPn6SDxI13dOtnIh37Gkj4COsDeaZXshecxZWbTUcl4ywABQy0imkSrEg
elF2nTVzTv25EAxLMfUZj4UyZscCSp7J07GnPop72hbUiJPZDaipgEmQQW0IV3d5
UA/ySQPntJOoJf4HjNWpe6LorXxbdai4+O+GgsUYX5Q/iaWiZEE/
-----END CERTIFICATE-----