Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2_qP_wNq8AHUW-EoyL-lwp2z10s.roa
File:                     2_qP_wNq8AHUW-EoyL-lwp2z10s.roa (raw, json)
Hash identifier:          s2dQbzadExO8v0zgkawY9FWp62vIpIla71iZ5vtmqv4=
Subject key identifier:   DB:FA:8F:FF:03:6A:F0:01:D4:5B:E1:28:C8:BF:A5:C2:9D:B3:D7:4B
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       0194AFEE21CB04788CC472B4EAE0ABFC09A3
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2_qP_wNq8AHUW-EoyL-lwp2z10s.roa
Signing time:             Wed 29 Jan 2025 02:40:06 +0000
ROA not before:           Wed 29 Jan 2025 02:40:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213845
IP address blocks:        2a14:7dc0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:af:ee:21:cb:04:78:8c:c4:72:b4:ea:e0:ab:fc:09:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Jan 29 02:40:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbfa8fff036af001d45be128c8bfa5c29db3d74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:aa:4b:9f:5a:27:b5:40:20:cf:6e:cd:fe:d5:
                    4b:82:c0:c2:0a:0a:2f:78:83:fa:db:d1:bb:81:6b:
                    3e:de:81:bf:59:a4:ab:46:67:1e:95:16:2e:88:06:
                    2d:6c:f3:eb:8a:b6:92:80:f7:c6:35:c4:8a:95:fa:
                    08:9a:d4:47:e6:9b:a5:70:e6:49:85:53:c7:33:f7:
                    d0:ca:fd:b1:58:0a:6f:d3:09:17:5d:54:c5:a4:4a:
                    b8:e4:23:b5:95:06:b5:79:6e:b2:70:49:7f:da:97:
                    b0:3a:e5:da:ab:2a:32:3e:7f:de:d3:ed:62:c8:c7:
                    38:a7:69:4e:72:a8:0d:4d:c8:de:0b:60:28:92:d4:
                    6e:1c:68:9d:53:2d:89:e8:d2:8e:46:7a:f5:e3:6c:
                    bd:46:67:25:30:61:4e:99:03:60:96:fc:a1:e9:50:
                    92:00:0e:62:ba:8d:21:5b:ab:a2:8f:93:4c:1a:8e:
                    a6:61:ef:80:d5:4d:61:9b:84:42:6b:9d:11:56:60:
                    c5:22:be:ac:c3:71:76:58:24:7b:c7:88:f1:39:0f:
                    27:ed:c7:5f:79:9a:fe:94:41:a9:fe:16:2c:ad:c3:
                    04:78:a5:e4:c9:52:b5:98:ba:24:65:c4:b2:9f:bc:
                    da:72:70:38:09:8e:27:38:20:9f:ad:37:65:9a:44:
                    ba:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FA:8F:FF:03:6A:F0:01:D4:5B:E1:28:C8:BF:A5:C2:9D:B3:D7:4B
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2_qP_wNq8AHUW-EoyL-lwp2z10s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7dc0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:2e:99:76:8d:fd:b4:f7:6d:e8:2f:94:e2:c9:59:1c:a0:5b:
         6c:67:3c:a9:be:7a:7f:35:99:a5:77:c3:b2:fb:1d:38:f7:d7:
         91:e4:84:75:e2:16:02:ad:d9:9b:52:3f:39:63:f7:ab:1e:09:
         c4:a9:3e:7c:45:81:b9:5e:56:82:a3:64:24:12:f0:e6:3b:31:
         20:4a:da:b1:38:66:11:d1:5d:03:24:63:84:cd:b5:c2:fb:66:
         4b:33:11:4e:71:d1:4d:0d:f1:cd:2c:32:a8:10:08:83:6c:d7:
         fd:6a:73:10:94:2b:11:21:2c:d7:e8:30:5d:cc:2d:15:54:b0:
         66:e6:08:ec:8b:06:57:53:df:67:f3:c5:74:de:bf:c3:2f:55:
         8d:78:10:12:d0:c2:80:89:d1:23:d3:ef:3a:de:dc:8f:6c:a9:
         76:e8:b6:4c:7d:49:a8:7a:98:e1:5c:a9:bd:ce:28:c7:79:6a:
         da:a1:89:8f:87:55:4d:a2:3a:35:4e:5c:70:5c:c8:a9:bb:0e:
         6b:98:5a:a5:0a:78:74:60:6e:1e:db:77:37:47:2f:e6:63:1a:
         5f:cf:61:4a:ba:c9:7d:ab:5e:46:6a:7a:68:cc:0e:11:aa:b1:
         a1:63:d1:f1:9a:de:69:eb:40:05:9b:70:fe:e6:76:3b:ba:6e:
         b5:fe:5b:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZSv7iHLBHiMxHK06uCr/AmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjUwMTI5MDI0MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZhOGZmZjAzNmFmMDAxZDQ1YmUxMjhjOGJmYTVjMjlkYjNkNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKpLn1ontUAgz27N/tVLgsDCCgov
eIP629G7gWs+3oG/WaSrRmcelRYuiAYtbPPriraSgPfGNcSKlfoImtRH5pulcOZJ
hVPHM/fQyv2xWApv0wkXXVTFpEq45CO1lQa1eW6ycEl/2pewOuXaqyoyPn/e0+1i
yMc4p2lOcqgNTcjeC2AoktRuHGidUy2J6NKORnr142y9RmclMGFOmQNglvyh6VCS
AA5iuo0hW6uij5NMGo6mYe+A1U1hm4RCa50RVmDFIr6sw3F2WCR7x4jxOQ8n7cdf
eZr+lEGp/hYsrcMEeKXkyVK1mLokZcSyn7zacnA4CY4nOCCfrTdlmkS6IQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNv6j/8DavAB1FvhKMi/pcKds9dLMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvMl9xUF93TnE4QUhVVy1Fb3lMLWx3cDJ6MTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR9wAEw
DQYJKoZIhvcNAQELBQADggEBADEumXaN/bT3begvlOLJWRygW2xnPKm+en81maV3
w7L7HTj315HkhHXiFgKt2ZtSPzlj96seCcSpPnxFgbleVoKjZCQS8OY7MSBK2rE4
ZhHRXQMkY4TNtcL7ZkszEU5x0U0N8c0sMqgQCINs1/1qcxCUKxEhLNfoMF3MLRVU
sGbmCOyLBldT32fzxXTev8MvVY14EBLQwoCJ0SPT7zre3I9sqXbotkx9Sah6mOFc
qb3OKMd5atqhiY+HVU2iOjVOXHBcyKm7DmuYWqUKeHRgbh7bdzdHL+ZjGl/PYUq6
yX2rXkZqemjMDhGqsaFj0fGa3mnrQAWbcP7mdju6brX+W9o=
-----END CERTIFICATE-----