Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/S2aJyiQIdaDYu-ivzWdwZT65edo.roa
File:                     S2aJyiQIdaDYu-ivzWdwZT65edo.roa (raw, json)
Hash identifier:          FFIVlJi8bhejlF8RtbzevmhsnPHPryaoNKvA3yuPljo=
Subject key identifier:   4B:66:89:CA:24:08:75:A0:D8:BB:E8:AF:CD:67:70:65:3E:B9:79:DA
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0196F3077575C3385C9111F1C75DA04782C1
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/S2aJyiQIdaDYu-ivzWdwZT65edo.roa
Signing time:             Wed 21 May 2025 13:27:54 +0000
ROA not before:           Wed 21 May 2025 13:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        194.41.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:07:75:75:c3:38:5c:91:11:f1:c7:5d:a0:47:82:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: May 21 13:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b6689ca240875a0d8bbe8afcd6770653eb979da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e8:81:a3:ca:21:95:c8:8e:01:61:48:53:a2:
                    d8:87:ea:e8:ba:ed:e5:a0:8d:75:25:aa:dd:3b:13:
                    bb:5b:69:56:4c:d7:54:5f:1f:27:c7:e9:6c:ec:1f:
                    15:80:f0:df:8e:75:48:d9:d7:d3:29:fc:aa:5f:e7:
                    df:7a:e2:20:ec:6a:dd:f1:59:0f:7a:14:9f:f5:b9:
                    fe:cd:f9:75:d8:5c:c0:79:bf:8a:d1:18:1e:67:44:
                    60:7e:4f:fa:73:74:f1:41:69:75:c6:5d:30:c6:60:
                    5c:b2:1b:93:c6:b6:56:20:7a:f1:00:c4:7b:47:8d:
                    b3:74:38:85:a1:82:e0:f8:04:18:2e:bc:47:51:5b:
                    5e:3a:bf:53:c0:7d:5d:10:a2:33:68:83:94:54:db:
                    fe:d9:35:d8:8c:cf:78:10:16:42:a8:0d:c2:89:b5:
                    22:43:8a:80:ec:b2:3f:e3:fc:e3:9f:50:a7:dc:47:
                    f7:c9:ba:b6:97:37:76:0b:ac:84:41:12:1b:6f:63:
                    57:01:1c:fc:a6:f8:5b:34:03:84:06:51:5f:84:5a:
                    74:97:04:be:4d:03:77:9d:44:e9:8c:61:b5:1f:b4:
                    a6:72:38:8f:cf:cc:a1:c7:19:f5:95:38:a3:89:5b:
                    19:1c:f5:99:fa:4e:d0:4a:53:d5:00:f2:9e:81:87:
                    6d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:66:89:CA:24:08:75:A0:D8:BB:E8:AF:CD:67:70:65:3E:B9:79:DA
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/S2aJyiQIdaDYu-ivzWdwZT65edo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.41.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:1c:a4:ff:64:ea:71:a9:ed:ac:e8:d4:0c:dc:c3:91:cb:63:
         cd:b0:11:3a:6b:32:9c:ad:ab:de:48:3c:43:83:fe:e7:d9:84:
         20:a6:72:dc:42:26:d7:37:06:8f:10:7e:75:d6:43:e4:71:b1:
         13:3c:b8:b6:85:04:1f:aa:9f:1c:a7:6e:53:82:cf:58:5b:7d:
         fb:63:94:e4:60:7c:84:f0:f1:aa:07:2a:28:f4:46:23:27:8f:
         36:6a:ae:43:0a:d3:7f:bf:82:db:b3:e1:75:34:52:01:82:93:
         27:7b:2e:39:b1:1e:44:8d:b6:b6:69:85:94:ad:3c:6d:d7:77:
         e1:ec:96:4e:82:59:f0:06:ef:ac:e0:0c:61:2b:fa:2f:90:b7:
         9d:21:ef:b3:e5:dc:f2:75:e4:9d:a6:5c:d8:8f:d0:8f:75:6c:
         a1:ba:d9:68:2e:7e:d5:c4:2e:ce:c0:fc:dc:aa:0b:e4:a6:3f:
         58:1a:13:7d:d2:82:66:70:dc:63:57:b0:9f:4f:64:d1:db:76:
         b3:ce:f1:d7:fb:b2:e9:95:5c:a7:2e:2d:0f:41:28:e7:cc:1c:
         f1:46:6b:52:81:2a:f7:98:15:5e:92:e5:18:91:ce:62:67:16:
         8c:a5:e6:09:72:60:3c:cc:ec:a1:ec:6f:7d:de:ee:f9:4f:f6:
         c9:3e:a0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzB3V1wzhckRHxx12gR4LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNTIxMTMyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY2ODljYTI0MDg3NWEwZDhiYmU4YWZjZDY3NzA2NTNlYjk3OWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreiBo8ohlciOAWFIU6LYh+rouu3l
oI11JardOxO7W2lWTNdUXx8nx+ls7B8VgPDfjnVI2dfTKfyqX+ffeuIg7Grd8VkP
ehSf9bn+zfl12FzAeb+K0RgeZ0Rgfk/6c3TxQWl1xl0wxmBcshuTxrZWIHrxAMR7
R42zdDiFoYLg+AQYLrxHUVteOr9TwH1dEKIzaIOUVNv+2TXYjM94EBZCqA3CibUi
Q4qA7LI/4/zjn1Cn3Ef3ybq2lzd2C6yEQRIbb2NXARz8pvhbNAOEBlFfhFp0lwS+
TQN3nUTpjGG1H7SmcjiPz8yhxxn1lTijiVsZHPWZ+k7QSlPVAPKegYdtCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtmicokCHWg2Lvor81ncGU+uXnaMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvUzJhSnlpUUlkYURZdS1pdnpXZHdaVDY1ZWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwilyMA0G
CSqGSIb3DQEBCwUAA4IBAQBWHKT/ZOpxqe2s6NQM3MORy2PNsBE6azKcraveSDxD
g/7n2YQgpnLcQibXNwaPEH511kPkcbETPLi2hQQfqp8cp25Tgs9YW337Y5TkYHyE
8PGqByoo9EYjJ482aq5DCtN/v4Lbs+F1NFIBgpMney45sR5Ejba2aYWUrTxt13fh
7JZOglnwBu+s4AxhK/ovkLedIe+z5dzydeSdplzYj9CPdWyhutloLn7VxC7OwPzc
qgvkpj9YGhN90oJmcNxjV7CfT2TR23azzvHX+7LplVynLi0PQSjnzBzxRmtSgSr3
mBVekuUYkc5iZxaMpeYJcmA8zOyh7G993u75T/bJPqCD
-----END CERTIFICATE-----