Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/2BXalnRCdxlKBucFyUnY3v8NXIE.roa
File:                     2BXalnRCdxlKBucFyUnY3v8NXIE.roa (raw, json)
Hash identifier:          qbascniAVekJiZabGEHd3VuxY6P4azJ4yMUjYrzFjJo=
Subject key identifier:   D8:15:DA:96:74:42:77:19:4A:06:E7:05:C9:49:D8:DE:FF:0D:5C:81
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       01942747D06F17DF5CDB1F9E9A7D915A0935
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/2BXalnRCdxlKBucFyUnY3v8NXIE.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199438
IP address blocks:        2a0c:4444::/48 maxlen: 48
                          2a0c:4445::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d0:6f:17:df:5c:db:1f:9e:9a:7d:91:5a:09:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d815da96744277194a06e705c949d8deff0d5c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:44:15:eb:36:87:14:0b:7c:4f:04:eb:7e:5a:
                    e2:1d:c7:22:2f:f1:c0:9a:1b:6f:56:36:3c:89:6b:
                    c3:91:b3:7f:6b:98:d8:11:bc:06:c6:29:41:42:49:
                    cd:46:08:07:8a:bc:d1:63:e4:0b:97:29:1c:30:d3:
                    25:28:54:4f:fd:09:a6:aa:ee:51:6a:29:db:58:7c:
                    e9:a7:62:6d:ad:06:d3:4c:ac:a1:4e:b9:d0:5c:f1:
                    1b:b3:b1:fc:a0:c9:d0:dc:96:d3:ba:5e:c6:50:41:
                    d6:09:b7:c9:05:a7:ec:fc:e4:ff:3b:7d:44:ba:2e:
                    c0:a1:3c:1f:47:33:c1:3a:2e:9d:47:92:d1:fb:4f:
                    53:f9:f8:d7:ae:3e:29:11:b3:b9:b4:74:7f:66:ee:
                    81:bb:a8:82:20:bc:d9:57:1f:cd:8e:8b:04:7a:c2:
                    50:b2:ba:e9:ac:d5:8b:07:8e:b4:2c:04:ae:f1:3c:
                    f7:a0:32:5e:ed:6e:ac:9f:e1:f0:c5:96:6e:28:df:
                    88:c5:7d:2b:3d:7e:b0:9e:25:af:70:97:83:30:3c:
                    f4:85:90:dd:61:5d:0f:1e:87:4c:2c:8c:d9:b7:dc:
                    8b:cf:9c:ea:34:35:dd:43:d1:1c:3d:29:6a:fc:c9:
                    3e:77:de:ed:b6:c4:7a:d8:fd:9f:2f:46:36:60:51:
                    f8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:15:DA:96:74:42:77:19:4A:06:E7:05:C9:49:D8:DE:FF:0D:5C:81
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/2BXalnRCdxlKBucFyUnY3v8NXIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4444::/48
                  2a0c:4445::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:0f:57:59:26:ad:0b:04:b3:8f:6d:72:9d:26:a7:ec:dd:3a:
         58:5a:57:35:5f:ad:42:16:e0:e5:a7:13:5a:12:64:75:87:63:
         e6:79:7c:bb:fd:7d:1e:88:17:c9:82:e3:b5:ca:23:68:8e:54:
         67:07:3f:55:37:8d:b7:bf:d1:45:a4:89:af:69:45:04:21:6f:
         43:91:78:a9:08:4c:26:9f:71:33:49:4a:05:ff:7c:98:d5:ff:
         b9:2c:2e:e9:5d:68:cc:0d:f7:cd:1d:64:3c:8d:b7:e2:40:26:
         f9:cb:1d:61:3b:f7:4c:1d:0c:13:12:2a:07:95:15:31:09:d2:
         50:b8:e6:56:ac:99:de:8f:e3:cd:10:43:e8:6d:54:73:94:c7:
         84:71:88:13:4d:eb:d8:a9:4d:37:52:c1:32:f0:d2:0b:93:71:
         a1:ee:27:a1:42:ed:5d:4c:e2:30:ff:21:d1:ec:4a:b1:22:e8:
         ca:f4:6f:f7:39:02:6e:c7:45:63:b2:52:5c:1a:fc:c6:9e:9f:
         46:d6:d8:f2:90:7b:ba:94:b2:61:da:3a:07:ed:d7:41:61:94:
         c1:2d:25:16:fd:95:6e:b5:81:8f:7a:df:be:a6:4c:02:a3:36:
         de:07:4b:97:39:c9:55:6c:3d:5a:8a:4c:76:a2:b6:4c:d0:06:
         e3:f5:c1:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnR9BvF99c2x+emn2RWgk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODE1ZGE5Njc0NDI3NzE5NGEwNmU3MDVjOTQ5ZDhkZWZmMGQ1YzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkQV6zaHFAt8TwTrflriHcciL/HA
mhtvVjY8iWvDkbN/a5jYEbwGxilBQknNRggHirzRY+QLlykcMNMlKFRP/Qmmqu5R
ainbWHzpp2JtrQbTTKyhTrnQXPEbs7H8oMnQ3JbTul7GUEHWCbfJBafs/OT/O31E
ui7AoTwfRzPBOi6dR5LR+09T+fjXrj4pEbO5tHR/Zu6Bu6iCILzZVx/NjosEesJQ
srrprNWLB460LASu8Tz3oDJe7W6sn+HwxZZuKN+IxX0rPX6wniWvcJeDMDz0hZDd
YV0PHodMLIzZt9yLz5zqNDXdQ9EcPSlq/Mk+d97ttsR62P2fL0Y2YFH4nQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNgV2pZ0QncZSgbnBclJ2N7/DVyBMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvMkJYYWxuUkNkeGxLQnVjRnlVblkzdjhOWElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgxERAAA
AwcAKgxERQAAMA0GCSqGSIb3DQEBCwUAA4IBAQBqD1dZJq0LBLOPbXKdJqfs3TpY
Wlc1X61CFuDlpxNaEmR1h2PmeXy7/X0eiBfJguO1yiNojlRnBz9VN423v9FFpImv
aUUEIW9DkXipCEwmn3EzSUoF/3yY1f+5LC7pXWjMDffNHWQ8jbfiQCb5yx1hO/dM
HQwTEioHlRUxCdJQuOZWrJnej+PNEEPobVRzlMeEcYgTTevYqU03UsEy8NILk3Gh
7iehQu1dTOIw/yHR7EqxIujK9G/3OQJux0VjslJcGvzGnp9G1tjykHu6lLJh2joH
7ddBYZTBLSUW/ZVutYGPet++pkwCozbeB0uXOclVbD1aikx2orZM0Abj9cEy
-----END CERTIFICATE-----