Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/2n3afJDZ2VaAW1ICi9wuuluJH-s.roa
File:                     2n3afJDZ2VaAW1ICi9wuuluJH-s.roa (raw, json)
Hash identifier:          n7gdmzqfRPjhPckkIN46JD6+pmnsuH8Fvwcad0thHWk=
Subject key identifier:   DA:7D:DA:7C:90:D9:D9:56:80:5B:52:02:8B:DC:2E:BA:5B:89:1F:EB
Certificate issuer:       /CN=209da783cdfb3cb6d9bc82c192d6d72abb4a336d
Certificate serial:       01942067E44410E3139967773690F548BE3F
Authority key identifier: 20:9D:A7:83:CD:FB:3C:B6:D9:BC:82:C1:92:D6:D7:2A:BB:4A:33:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IJ2ng837PLbZvILBktbXKrtKM20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/2n3afJDZ2VaAW1ICi9wuuluJH-s.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35507
IP address blocks:        185.66.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/IJ2ng837PLbZvILBktbXKrtKM20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/IJ2ng837PLbZvILBktbXKrtKM20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IJ2ng837PLbZvILBktbXKrtKM20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e4:44:10:e3:13:99:67:77:36:90:f5:48:be:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=209da783cdfb3cb6d9bc82c192d6d72abb4a336d
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da7dda7c90d9d956805b52028bdc2eba5b891feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c0:ea:b5:6b:54:a6:9e:a5:15:54:85:ab:f8:
                    d9:ce:1b:4e:fb:29:62:35:9d:c7:27:63:63:15:02:
                    f2:f2:6c:30:93:a9:9f:43:36:f1:c5:4a:84:02:28:
                    32:58:69:8e:a8:42:6b:62:c5:d1:57:1c:86:2d:4a:
                    c0:fd:79:ca:69:4f:1f:d7:56:40:41:e9:c6:47:53:
                    64:ee:ae:7e:e7:e9:78:48:a6:52:94:a7:bb:30:4b:
                    8f:1f:82:fa:1d:e5:76:87:bb:9e:99:e0:7c:ad:ac:
                    f2:fd:57:13:6c:67:64:92:4e:ca:26:40:b1:3e:6a:
                    cc:2f:ec:0a:06:6b:20:40:df:c2:5d:25:98:fe:91:
                    15:7c:e2:66:42:de:ed:e7:d6:b0:c7:4e:b7:12:28:
                    ae:c1:79:95:5c:b0:78:fa:f9:3f:53:39:5d:28:59:
                    4f:03:31:2b:99:b3:aa:9b:a1:33:9d:04:30:43:b3:
                    b9:df:b8:cd:49:c8:b3:68:24:b4:a0:e3:bf:89:e5:
                    64:d7:95:0b:39:9c:10:8d:21:0d:ee:96:48:a5:84:
                    f1:c4:1b:0d:b8:92:7f:e0:05:4a:b0:32:b5:8c:67:
                    94:68:02:6a:44:c8:17:ce:73:e6:d5:eb:01:c4:b1:
                    16:b6:a2:52:44:df:f2:4f:d9:54:5a:fd:1f:a2:d0:
                    37:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7D:DA:7C:90:D9:D9:56:80:5B:52:02:8B:DC:2E:BA:5B:89:1F:EB
            X509v3 Authority Key Identifier:
                keyid:20:9D:A7:83:CD:FB:3C:B6:D9:BC:82:C1:92:D6:D7:2A:BB:4A:33:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IJ2ng837PLbZvILBktbXKrtKM20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/2n3afJDZ2VaAW1ICi9wuuluJH-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5d59c6-f089-4530-a097-28461be89740/1/IJ2ng837PLbZvILBktbXKrtKM20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:04:d6:46:48:77:79:41:be:82:c5:01:c6:66:23:9e:46:9a:
         2a:46:b4:64:e8:cd:2a:6c:2e:73:67:fd:b9:a0:84:11:10:ac:
         a6:b5:ba:14:7a:d4:99:2f:90:ad:18:07:cb:d0:8c:33:3c:01:
         86:6f:9d:a4:9c:0a:8f:fe:37:e4:7b:ab:24:01:c4:25:85:e9:
         09:63:4c:57:94:4c:37:03:27:77:98:b1:b5:c3:a9:f8:a6:ca:
         45:6c:fa:47:39:28:74:77:75:6a:09:1a:c2:fa:b4:42:f0:95:
         07:dd:33:ea:99:d8:32:4f:bc:3c:06:b7:25:88:69:97:2b:7c:
         eb:00:fb:3e:ab:e5:fe:3b:27:03:45:22:76:fd:00:b3:2c:71:
         5e:d7:84:ee:96:f7:17:71:fc:4c:df:ca:1f:b1:5d:6b:b2:8b:
         ac:42:00:fd:26:c7:a3:01:63:c1:97:c4:d0:ee:fa:e7:87:06:
         a3:1d:5e:82:20:2e:0b:55:66:8d:b8:bc:0e:15:bb:77:b4:15:
         f5:38:b7:15:16:f8:4d:52:05:07:83:9c:dd:c6:a0:a8:9f:ad:
         19:e0:db:98:4a:50:3e:d4:29:2a:7a:d2:c4:31:e5:9f:71:4b:
         d2:b1:c5:9b:4c:f0:72:51:ea:d2:3c:58:93:d9:7b:1f:52:53:
         46:ac:ac:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+REEOMTmWd3NpD1SL4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwOWRhNzgzY2RmYjNjYjZkOWJjODJjMTkyZDZkNzJhYmI0
YTMzNmQwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdkZGE3YzkwZDlkOTU2ODA1YjUyMDI4YmRjMmViYTViODkxZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsDqtWtUpp6lFVSFq/jZzhtO+yli
NZ3HJ2NjFQLy8mwwk6mfQzbxxUqEAigyWGmOqEJrYsXRVxyGLUrA/XnKaU8f11ZA
QenGR1Nk7q5+5+l4SKZSlKe7MEuPH4L6HeV2h7uemeB8razy/VcTbGdkkk7KJkCx
PmrML+wKBmsgQN/CXSWY/pEVfOJmQt7t59awx063EiiuwXmVXLB4+vk/UzldKFlP
AzErmbOqm6EznQQwQ7O537jNScizaCS0oOO/ieVk15ULOZwQjSEN7pZIpYTxxBsN
uJJ/4AVKsDK1jGeUaAJqRMgXznPm1esBxLEWtqJSRN/yT9lUWv0fotA3vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp92nyQ2dlWgFtSAovcLrpbiR/rMB8GA1UdIwQY
MBaAFCCdp4PN+zy22byCwZLW1yq7SjNtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUoybmc4MzdQTGJadklMQmt0YlhLcnRLTTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS81ZDU5YzYtZjA4OS00NTMwLWEwOTct
Mjg0NjFiZTg5NzQwLzEvMm4zYWZKRFoyVmFBVzFJQ2k5d3V1bHVKSC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS81ZDU5YzYtZjA4OS00NTMwLWEwOTctMjg0NjFiZTg5NzQw
LzEvSUoybmc4MzdQTGJadklMQmt0YlhLcnRLTTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUJPMA0G
CSqGSIb3DQEBCwUAA4IBAQAXBNZGSHd5Qb6CxQHGZiOeRpoqRrRk6M0qbC5zZ/25
oIQREKymtboUetSZL5CtGAfL0IwzPAGGb52knAqP/jfke6skAcQlhekJY0xXlEw3
Ayd3mLG1w6n4pspFbPpHOSh0d3VqCRrC+rRC8JUH3TPqmdgyT7w8BrcliGmXK3zr
APs+q+X+OycDRSJ2/QCzLHFe14TulvcXcfxM38ofsV1rsousQgD9JsejAWPBl8TQ
7vrnhwajHV6CIC4LVWaNuLwOFbt3tBX1OLcVFvhNUgUHg5zdxqCon60Z4NuYSlA+
1CkqetLEMeWfcUvSscWbTPByUerSPFiT2XsfUlNGrKyO
-----END CERTIFICATE-----