Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/2DxOeFRwGr0ZkLmLFLoh-xJZObE.roa
File:                     2DxOeFRwGr0ZkLmLFLoh-xJZObE.roa (raw, json)
Hash identifier:          aeAg8fL5FqA68LiiZmemChuMc/666QpvAefI6BAnFLU=
Subject key identifier:   D8:3C:4E:78:54:70:1A:BD:19:90:B9:8B:14:BA:21:FB:12:59:39:B1
Certificate issuer:       /CN=3d11fba43f57ab0445e542fceecb87681657ccf3
Certificate serial:       01941F8C0F310CC53837D318A03C6640D1B5
Authority key identifier: 3D:11:FB:A4:3F:57:AB:04:45:E5:42:FC:EE:CB:87:68:16:57:CC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/2DxOeFRwGr0ZkLmLFLoh-xJZObE.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62026
IP address blocks:        178.211.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0f:31:0c:c5:38:37:d3:18:a0:3c:66:40:d1:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d11fba43f57ab0445e542fceecb87681657ccf3
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83c4e7854701abd1990b98b14ba21fb125939b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cd:e2:f1:33:c9:95:a2:d5:b3:30:50:85:09:
                    85:03:8c:b3:16:35:35:2a:78:ff:00:a3:20:93:bc:
                    7c:82:1f:b7:05:bb:80:94:01:89:ff:a2:be:ad:48:
                    b6:64:25:39:5a:d4:81:e3:d1:7d:ee:36:36:ef:55:
                    25:2e:d4:fa:76:8b:1a:6c:11:79:cd:65:0a:cd:8d:
                    aa:7c:10:5e:87:b2:f8:9b:36:fd:a2:4d:e6:33:c6:
                    60:36:5d:c1:bc:80:7f:bf:8c:fe:2e:86:f4:00:60:
                    99:33:db:6d:19:16:3f:bd:3d:cf:46:c1:d3:a5:06:
                    55:b1:d3:39:9a:66:59:24:16:c4:92:90:ac:57:b2:
                    fa:d4:ef:3c:52:1b:f8:17:80:37:b0:26:a0:b9:0a:
                    23:c5:05:93:fc:93:bf:56:6a:50:b0:39:12:92:6c:
                    1f:ce:38:53:8a:f3:e1:c3:f2:d3:64:98:de:4b:15:
                    93:b7:93:4b:38:34:f3:fd:be:db:8c:15:ed:46:33:
                    57:5e:84:dd:91:23:7b:d1:ab:b0:ac:d1:48:22:06:
                    e1:ce:75:0a:90:75:5f:03:9e:b4:3e:85:1b:5f:3e:
                    6b:c5:05:45:17:af:46:95:7e:d8:cf:fa:fd:c4:0b:
                    4d:bf:de:dc:dc:5f:61:ad:5c:9a:f5:be:d7:39:41:
                    6a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3C:4E:78:54:70:1A:BD:19:90:B9:8B:14:BA:21:FB:12:59:39:B1
            X509v3 Authority Key Identifier:
                keyid:3D:11:FB:A4:3F:57:AB:04:45:E5:42:FC:EE:CB:87:68:16:57:CC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRH7pD9XqwRF5UL87suHaBZXzPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/2DxOeFRwGr0ZkLmLFLoh-xJZObE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/473ade-b504-4b10-aed6-c5dd3857a4d2/1/PRH7pD9XqwRF5UL87suHaBZXzPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0d:e2:72:a9:ec:c3:70:70:92:ad:d0:60:90:9f:0b:b8:9a:
         a1:3c:2d:75:64:b2:61:18:9d:a8:05:e7:8b:5d:aa:72:ec:c6:
         2a:ef:5d:f2:4a:f5:ea:12:61:2d:9b:a8:1b:ac:29:ed:b2:e0:
         b6:f8:2c:37:24:1f:a8:43:3b:7d:52:bd:70:6c:3c:8e:5f:ed:
         c3:11:08:6d:4f:81:df:11:a9:49:f7:44:ac:db:45:c7:f5:bc:
         1b:bd:92:bb:e3:cf:d1:36:e0:76:7e:05:4c:ec:cf:fe:bc:86:
         a5:03:1a:e6:c7:73:d7:56:27:33:df:10:ab:69:23:12:40:89:
         3d:26:b5:5c:50:90:9d:12:70:e0:6a:a2:b3:e3:cc:cc:6b:53:
         59:f3:36:86:84:2f:ec:71:1b:ba:a2:c0:45:36:fb:cc:9d:cb:
         6a:28:9d:73:e4:16:0c:9b:ab:36:ea:5b:f7:18:72:ed:3a:af:
         c9:3a:00:67:ee:8f:db:c2:a1:d9:05:57:c9:40:30:a8:5e:db:
         7e:43:e4:35:f7:10:a4:f7:2a:b2:50:2b:27:d9:dc:64:07:99:
         e5:1b:35:e7:db:3b:cd:e8:1f:a2:4d:63:36:5c:2d:c0:f6:e5:
         e0:2d:0c:6d:6b:02:ea:2d:e0:13:4c:32:ca:65:02:50:9a:c6:
         89:e7:ba:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjA8xDMU4N9MYoDxmQNG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTFmYmE0M2Y1N2FiMDQ0NWU1NDJmY2VlY2I4NzY4MTY1
N2NjZjMwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNjNGU3ODU0NzAxYWJkMTk5MGI5OGIxNGJhMjFmYjEyNTkzOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM3i8TPJlaLVszBQhQmFA4yzFjU1
Knj/AKMgk7x8gh+3BbuAlAGJ/6K+rUi2ZCU5WtSB49F97jY271UlLtT6dosabBF5
zWUKzY2qfBBeh7L4mzb9ok3mM8ZgNl3BvIB/v4z+Lob0AGCZM9ttGRY/vT3PRsHT
pQZVsdM5mmZZJBbEkpCsV7L61O88Uhv4F4A3sCaguQojxQWT/JO/VmpQsDkSkmwf
zjhTivPhw/LTZJjeSxWTt5NLODTz/b7bjBXtRjNXXoTdkSN70auwrNFIIgbhznUK
kHVfA560PoUbXz5rxQVFF69GlX7Yz/r9xAtNv97c3F9hrVya9b7XOUFq9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNg8TnhUcBq9GZC5ixS6IfsSWTmxMB8GA1UdIwQY
MBaAFD0R+6Q/V6sEReVC/O7Lh2gWV8zzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJIN3BEOVhxd1JGNVVMODdzdUhhQlpYelBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NzNhZGUtYjUwNC00YjEwLWFlZDYt
YzVkZDM4NTdhNGQyLzEvMkR4T2VGUndHcjBaa0xtTEZMb2gteEpaT2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NzNhZGUtYjUwNC00YjEwLWFlZDYtYzVkZDM4NTdhNGQy
LzEvUFJIN3BEOVhxd1JGNVVMODdzdUhhQlpYelBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOcMA0G
CSqGSIb3DQEBCwUAA4IBAQCSDeJyqezDcHCSrdBgkJ8LuJqhPC11ZLJhGJ2oBeeL
Xapy7MYq713ySvXqEmEtm6gbrCntsuC2+Cw3JB+oQzt9Ur1wbDyOX+3DEQhtT4Hf
EalJ90Ss20XH9bwbvZK748/RNuB2fgVM7M/+vIalAxrmx3PXVicz3xCraSMSQIk9
JrVcUJCdEnDgaqKz48zMa1NZ8zaGhC/scRu6osBFNvvMnctqKJ1z5BYMm6s26lv3
GHLtOq/JOgBn7o/bwqHZBVfJQDCoXtt+Q+Q19xCk9yqyUCsn2dxkB5nlGzXn2zvN
6B+iTWM2XC3A9uXgLQxtawLqLeATTDLKZQJQmsaJ57oI
-----END CERTIFICATE-----