Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/2a9Z4MiFWUxUqmTNMuUVscHb0hE.roa
File:                     2a9Z4MiFWUxUqmTNMuUVscHb0hE.roa (raw, json)
Hash identifier:          gobSMYv3Krt8vXt9XFdC11nQ+nS6jtG46MKfF14gNHU=
Subject key identifier:   D9:AF:59:E0:C8:85:59:4C:54:AA:64:CD:32:E5:15:B1:C1:DB:D2:11
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827F0CDF9F91B34B4870544CA591D2F
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/2a9Z4MiFWUxUqmTNMuUVscHb0hE.roa
Signing time:             Thu 02 Jan 2025 17:54:53 +0000
ROA not before:           Thu 02 Jan 2025 17:54:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        178.255.221.0/24 maxlen: 24
                          185.232.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:f0:cd:f9:f9:1b:34:b4:87:05:44:ca:59:1d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9af59e0c885594c54aa64cd32e515b1c1dbd211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:94:64:39:79:3f:9d:d6:00:71:f2:e3:13:58:
                    11:83:18:69:4d:92:b7:b7:8d:d2:7b:b6:12:dd:4c:
                    05:58:4d:b2:da:88:d0:59:6e:f4:fa:9b:f2:22:ff:
                    a8:61:b6:6b:fe:8c:34:5c:5c:2a:3a:9e:75:76:0a:
                    58:11:4f:7f:6c:8f:d5:cd:c6:82:7a:6e:12:f6:37:
                    f7:aa:7e:d6:8d:48:72:a4:fb:14:75:2e:24:c8:e9:
                    e6:3d:c6:64:08:4f:59:3c:e4:fc:a5:71:9d:2e:cf:
                    83:55:5e:15:50:db:ee:5f:44:d4:57:d0:31:c6:82:
                    5c:37:ec:c9:3e:48:5e:14:9e:3c:8d:89:d2:ba:41:
                    d0:4a:58:c1:d6:b6:f0:15:fe:96:13:c2:fa:c5:7e:
                    2d:43:c1:9f:35:6f:7e:1e:af:b8:3e:98:dd:52:83:
                    a6:41:bd:03:a9:bb:5c:e7:58:39:30:4e:f6:65:91:
                    75:88:5a:e8:04:e7:fc:89:a5:4c:19:d0:19:07:f4:
                    35:62:ee:37:2c:38:b5:20:95:a4:73:e0:1f:72:d9:
                    e3:1b:e5:45:65:c3:3d:49:b6:6d:5c:63:1e:38:1a:
                    01:13:cd:e9:0c:81:90:1b:85:5c:cd:b7:48:65:d6:
                    e7:f5:af:a7:eb:b6:a6:66:63:67:a2:b4:00:e1:56:
                    c2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:AF:59:E0:C8:85:59:4C:54:AA:64:CD:32:E5:15:B1:C1:DB:D2:11
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/2a9Z4MiFWUxUqmTNMuUVscHb0hE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.221.0/24
                  185.232.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:1d:bf:57:ed:66:13:3d:2e:e6:2d:97:f6:39:b5:b6:cc:74:
         27:f9:b6:ef:2b:95:2b:06:44:3e:6f:cd:cb:48:80:3a:a1:83:
         23:e7:b8:f6:d2:4b:d6:3a:c2:e9:28:77:70:27:be:08:0b:01:
         9a:21:ee:a8:c6:f3:13:3e:b6:5d:91:52:5b:3d:03:b8:36:97:
         d0:39:5c:d3:b5:f9:50:65:65:4c:69:50:2a:03:76:fc:2b:8a:
         bd:3f:d7:17:00:31:af:da:3b:1b:79:62:2b:bc:19:25:4e:a0:
         e1:f4:f0:7a:f1:94:bb:68:a5:a2:3b:17:19:e0:bb:d5:83:de:
         a3:d3:97:82:49:5c:a2:37:28:42:6c:dc:9d:31:e3:ee:29:0c:
         4c:ef:72:67:af:d0:10:9f:49:e2:a7:7c:c8:e4:39:89:68:ae:
         e9:70:b0:2e:46:70:2f:e3:a9:1b:80:ce:eb:bf:b2:de:ad:08:
         13:13:8b:42:72:97:b4:b2:fc:14:8e:dc:31:14:fd:67:63:c0:
         d7:89:e4:06:6d:a5:5b:10:00:32:d3:03:8a:93:ba:a6:80:72:
         77:58:68:3a:0f:35:f5:b9:87:2e:cd:e2:c4:33:bf:79:e5:a5:
         80:03:c7:34:fa:b3:c2:a8:92:5a:c4:ea:48:24:49:af:86:58:
         c9:a6:06:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ/DN+fkbNLSHBUTKWR0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWFmNTllMGM4ODU1OTRjNTRhYTY0Y2QzMmU1MTViMWMxZGJkMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5RkOXk/ndYAcfLjE1gRgxhpTZK3
t43Se7YS3UwFWE2y2ojQWW70+pvyIv+oYbZr/ow0XFwqOp51dgpYEU9/bI/VzcaC
em4S9jf3qn7WjUhypPsUdS4kyOnmPcZkCE9ZPOT8pXGdLs+DVV4VUNvuX0TUV9Ax
xoJcN+zJPkheFJ48jYnSukHQSljB1rbwFf6WE8L6xX4tQ8GfNW9+Hq+4PpjdUoOm
Qb0Dqbtc51g5ME72ZZF1iFroBOf8iaVMGdAZB/Q1Yu43LDi1IJWkc+AfctnjG+VF
ZcM9SbZtXGMeOBoBE83pDIGQG4VczbdIZdbn9a+n67amZmNnorQA4VbCVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNmvWeDIhVlMVKpkzTLlFbHB29IRMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvMmE5WjRNaUZXVXhVcW1UTk11VVZzY0hiMGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv/dAwQA
ueinMA0GCSqGSIb3DQEBCwUAA4IBAQCEHb9X7WYTPS7mLZf2ObW2zHQn+bbvK5Ur
BkQ+b83LSIA6oYMj57j20kvWOsLpKHdwJ74ICwGaIe6oxvMTPrZdkVJbPQO4NpfQ
OVzTtflQZWVMaVAqA3b8K4q9P9cXADGv2jsbeWIrvBklTqDh9PB68ZS7aKWiOxcZ
4LvVg96j05eCSVyiNyhCbNydMePuKQxM73Jnr9AQn0nip3zI5DmJaK7pcLAuRnAv
46kbgM7rv7LerQgTE4tCcpe0svwUjtwxFP1nY8DXieQGbaVbEAAy0wOKk7qmgHJ3
WGg6DzX1uYcuzeLEM7955aWAA8c0+rPCqJJaxOpIJEmvhljJpgZ5
-----END CERTIFICATE-----