Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/2b2EUjKPgTTrDrcfkQ3PX-bPZkI.roa
File:                     2b2EUjKPgTTrDrcfkQ3PX-bPZkI.roa (raw, json)
Hash identifier:          6GzZWw9zm1Ojzv7jpUxBl+G/ge6zQcNlQuchlnbtkr4=
Subject key identifier:   D9:BD:84:52:32:8F:81:34:EB:0E:B7:1F:91:0D:CF:5F:E6:CF:66:42
Certificate issuer:       /CN=ea9ff91c6b1c7a8ed02842b25c9b0d0638a90424
Certificate serial:       019421B1FAEA24D4507C60084EDC3F7312F9
Authority key identifier: EA:9F:F9:1C:6B:1C:7A:8E:D0:28:42:B2:5C:9B:0D:06:38:A9:04:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/2b2EUjKPgTTrDrcfkQ3PX-bPZkI.roa
Signing time:             Wed 01 Jan 2025 11:48:19 +0000
ROA not before:           Wed 01 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8943
IP address blocks:        83.138.62.0/24 maxlen: 24
                          2a05:5a40::/32 maxlen: 32
                          2a05:5a42::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fa:ea:24:d4:50:7c:60:08:4e:dc:3f:73:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea9ff91c6b1c7a8ed02842b25c9b0d0638a90424
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9bd8452328f8134eb0eb71f910dcf5fe6cf6642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a4:69:be:94:7c:17:f7:b5:df:6d:7d:48:4a:
                    b8:86:7d:da:e0:44:b0:f8:e4:fe:3c:4c:39:3b:37:
                    3b:a9:c3:63:00:d1:f3:69:34:68:2f:a8:b9:e1:98:
                    c9:a2:da:7a:eb:2c:01:e7:06:19:c5:99:3b:61:30:
                    c3:72:ea:72:0b:3e:1f:54:a0:38:dc:ac:40:12:0c:
                    25:62:c4:7d:ea:a5:02:a3:f4:a9:0d:ce:4f:11:c5:
                    02:e5:62:69:fb:05:1d:90:c3:08:36:03:f1:e4:66:
                    2e:9e:6b:f1:da:a7:38:64:76:78:2e:eb:88:1f:d5:
                    33:0e:c0:51:f6:f2:4a:0c:13:d0:0e:c3:55:bf:ee:
                    15:20:42:ac:9b:05:ce:f2:05:8c:76:fb:34:3e:b1:
                    16:2a:e9:04:a3:65:6f:53:b4:4c:6a:45:57:49:a5:
                    18:b5:82:30:26:8b:38:b2:10:f9:15:4d:20:db:eb:
                    52:b7:d0:90:54:84:02:c6:67:39:33:bd:28:dd:e0:
                    41:7d:36:3b:9b:24:85:e8:9d:3e:34:24:d1:fd:5b:
                    91:cf:d0:27:b1:e9:97:f1:f6:e5:06:9b:5f:1b:8c:
                    6e:c7:6a:51:6b:14:d2:3e:7f:32:62:67:f7:b5:52:
                    46:fe:1c:cf:e4:ca:80:b0:1c:21:f7:86:3a:05:6a:
                    5d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BD:84:52:32:8F:81:34:EB:0E:B7:1F:91:0D:CF:5F:E6:CF:66:42
            X509v3 Authority Key Identifier:
                keyid:EA:9F:F9:1C:6B:1C:7A:8E:D0:28:42:B2:5C:9B:0D:06:38:A9:04:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/2b2EUjKPgTTrDrcfkQ3PX-bPZkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.138.62.0/24
                IPv6:
                  2a05:5a40::/32
                  2a05:5a42::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:3a:c3:61:c9:e1:f3:d8:fc:90:cd:b7:00:60:23:dc:83:99:
         56:15:d4:c7:2b:8f:34:48:ec:63:07:bd:7b:fd:a7:2d:5a:b1:
         31:42:9f:68:ef:b2:8b:c6:c9:ad:3b:77:63:20:bd:b1:37:0c:
         2a:9b:69:6e:5a:7f:85:e6:aa:b7:eb:27:5c:87:da:c1:a7:8a:
         29:e1:07:25:cd:29:1e:59:e0:3b:6e:87:ce:af:0f:e0:d5:94:
         a7:17:1e:21:0b:60:cd:f8:e7:67:86:73:6a:0f:27:3e:6b:d6:
         94:e2:76:02:a9:c7:d8:84:fd:d3:dd:6e:b7:20:32:e0:42:55:
         99:53:27:5d:22:9e:ac:da:95:92:0f:7f:7d:5e:cc:79:fc:74:
         fc:4d:33:72:a0:7e:98:83:15:ac:bc:97:ac:6f:6a:cb:c6:90:
         5a:4d:e8:cd:af:0b:ad:06:83:d9:5b:2f:6f:1f:eb:9e:1d:09:
         29:7d:be:a8:0a:32:83:1b:5e:6c:a4:27:fc:a7:01:78:7c:da:
         48:52:91:ad:22:71:34:fb:f1:12:00:57:09:2f:be:75:a9:83:
         68:1e:cf:aa:cf:9d:66:c0:c7:a7:f2:b4:68:90:df:99:45:41:
         58:40:a9:f0:47:2b:56:14:73:cc:fa:97:41:10:a8:ac:66:01:
         eb:b5:1c:62
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQhsfrqJNRQfGAITtw/cxL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOWZmOTFjNmIxYzdhOGVkMDI4NDJiMjVjOWIwZDA2Mzhh
OTA0MjQwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWJkODQ1MjMyOGY4MTM0ZWIwZWI3MWY5MTBkY2Y1ZmU2Y2Y2NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6RpvpR8F/e13219SEq4hn3a4ESw
+OT+PEw5Ozc7qcNjANHzaTRoL6i54ZjJotp66ywB5wYZxZk7YTDDcupyCz4fVKA4
3KxAEgwlYsR96qUCo/SpDc5PEcUC5WJp+wUdkMMINgPx5GYunmvx2qc4ZHZ4LuuI
H9UzDsBR9vJKDBPQDsNVv+4VIEKsmwXO8gWMdvs0PrEWKukEo2VvU7RMakVXSaUY
tYIwJos4shD5FU0g2+tSt9CQVIQCxmc5M70o3eBBfTY7mySF6J0+NCTR/VuRz9An
semX8fblBptfG4xux2pRaxTSPn8yYmf3tVJG/hzP5MqAsBwh94Y6BWpdhwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNm9hFIyj4E06w63H5ENz1/mz2ZCMB8GA1UdIwQY
MBaAFOqf+RxrHHqO0ChCslybDQY4qQQkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBfNUhHc2NlbzdRS0VLeVhKc05CamlwQkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi81NzU0OGQtNzA5Ni00NWIwLThiZTgt
MDBiN2JmMzJlY2Y4LzEvMmIyRVVqS1BnVFRyRHJjZmtRM1BYLWJQWmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi81NzU0OGQtNzA5Ni00NWIwLThiZTgtMDBiN2JmMzJlY2Y4
LzEvNnBfNUhHc2NlbzdRS0VLeVhKc05CamlwQkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAU4o+MBQE
AgACMA4DBQAqBVpAAwUAKgVaQjANBgkqhkiG9w0BAQsFAAOCAQEANTrDYcnh89j8
kM23AGAj3IOZVhXUxyuPNEjsYwe9e/2nLVqxMUKfaO+yi8bJrTt3YyC9sTcMKptp
blp/heaqt+snXIfawaeKKeEHJc0pHlngO26Hzq8P4NWUpxceIQtgzfjnZ4Zzag8n
PmvWlOJ2AqnH2IT9091utyAy4EJVmVMnXSKerNqVkg9/fV7Mefx0/E0zcqB+mIMV
rLyXrG9qy8aQWk3oza8LrQaD2Vsvbx/rnh0JKX2+qAoygxtebKQn/KcBeHzaSFKR
rSJxNPvxEgBXCS++damDaB7Pqs+dZsDHp/K0aJDfmUVBWECp8EcrVhRzzPqXQRCo
rGYB67UcYg==
-----END CERTIFICATE-----