Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/yV2QuoCYFVjM2-OTmFDea8Z9hyw.roa
File:                     yV2QuoCYFVjM2-OTmFDea8Z9hyw.roa (raw, json)
Hash identifier:          Fm6HaS57Sk5HrIHo3AJdE4/OrtFAnjdqKcrhGRoXq3s=
Subject key identifier:   C9:5D:90:BA:80:98:15:58:CC:DB:E3:93:98:50:DE:6B:C6:7D:87:2C
Certificate issuer:       /CN=e50c22c66b85fac98de83d761ef4243437ab0393
Certificate serial:       01941FFA6F4E549603842427FEE28D75C968
Authority key identifier: E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/yV2QuoCYFVjM2-OTmFDea8Z9hyw.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13170
IP address blocks:        213.255.163.0/24 maxlen: 24
                          213.255.164.0/24 maxlen: 24
                          213.255.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6f:4e:54:96:03:84:24:27:fe:e2:8d:75:c9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50c22c66b85fac98de83d761ef4243437ab0393
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c95d90ba80981558ccdbe3939850de6bc67d872c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cb:29:3a:b1:8b:cd:7a:88:57:08:a7:db:57:
                    f1:69:08:86:0e:96:97:8e:95:af:1c:5a:06:c4:76:
                    77:ab:27:c0:51:1d:1d:0c:a6:96:90:3f:41:b0:1d:
                    ec:17:2d:d7:dd:ef:ec:fa:c2:c1:22:84:25:52:8e:
                    3e:11:ee:65:f7:c4:b3:6d:e5:d1:35:e7:9d:80:01:
                    29:b6:74:f3:62:e6:32:d3:ad:c6:48:91:fa:dc:2a:
                    bd:c1:3d:a7:82:bb:91:1e:0a:cf:27:4c:60:97:3a:
                    51:7d:9f:7b:bc:7f:49:28:8c:d7:b9:f9:3c:60:f2:
                    65:72:a7:ad:e6:c6:d3:47:a4:d8:e5:ea:0c:c2:f9:
                    28:2c:d9:6b:48:9b:25:5b:ce:28:99:d9:0f:8d:0c:
                    05:ee:81:87:a1:40:54:73:e4:c1:8d:19:86:b2:16:
                    2c:79:b8:9d:a7:9a:28:1b:b9:fb:54:bf:42:e2:43:
                    83:48:e4:ca:de:ac:9c:21:1a:94:60:14:59:b4:1e:
                    72:50:09:57:c3:67:df:be:3d:c8:f6:42:b5:6e:28:
                    41:c0:e4:d1:f3:91:d1:90:16:af:86:b6:4b:9e:f0:
                    8b:88:d8:82:f5:4b:36:3a:b7:3c:fe:a9:8e:63:f1:
                    35:09:bd:df:d1:91:4b:ac:11:53:a8:49:6c:ca:1f:
                    dc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5D:90:BA:80:98:15:58:CC:DB:E3:93:98:50:DE:6B:C6:7D:87:2C
            X509v3 Authority Key Identifier:
                keyid:E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/yV2QuoCYFVjM2-OTmFDea8Z9hyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.255.163.0-213.255.164.255
                  213.255.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b5:24:0d:2c:af:57:5d:91:e7:1d:58:55:02:dd:72:dd:7f:
         c1:49:d6:fd:bc:44:5b:3b:16:eb:c7:ae:9c:93:f6:d3:85:44:
         44:4e:53:3f:71:3b:91:8e:d2:c2:c7:e8:84:f5:03:39:0a:9b:
         75:58:c0:02:24:c8:66:25:38:60:0a:db:a8:c4:17:5d:a0:ee:
         26:61:5c:ae:5f:ed:3d:8f:c8:8d:f4:06:5d:b1:cf:be:db:ef:
         d5:63:26:9f:00:cb:4e:a6:02:4d:81:05:a9:94:aa:9c:70:87:
         4c:8a:a8:83:02:19:ef:a9:fd:cd:d8:e5:df:38:ca:1b:31:bb:
         c8:cd:e2:ff:db:16:7c:c7:bf:b1:67:a7:59:b8:ae:fe:ae:53:
         23:21:fd:bd:a2:6e:90:46:5b:f9:23:aa:db:8a:72:3f:86:86:
         d7:4e:cd:56:15:bc:4b:23:05:f3:30:44:07:13:de:ed:79:af:
         2a:0b:e0:bb:54:50:32:28:e8:60:6f:6c:75:25:4a:80:be:3e:
         cf:44:7b:8d:17:cd:b9:1f:65:d8:f1:5c:4f:74:8d:55:af:e8:
         08:a9:4a:b6:0e:b6:4b:71:b8:f3:b5:ec:a2:35:96:6e:18:2f:
         b0:41:d8:b1:44:10:73:31:ca:35:f6:c4:41:3a:aa:78:68:13:
         6e:01:27:97
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQf+m9OVJYDhCQn/uKNdcloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGMyMmM2NmI4NWZhYzk4ZGU4M2Q3NjFlZjQyNDM0Mzdh
YjAzOTMwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVkOTBiYTgwOTgxNTU4Y2NkYmUzOTM5ODUwZGU2YmM2N2Q4NzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcspOrGLzXqIVwin21fxaQiGDpaX
jpWvHFoGxHZ3qyfAUR0dDKaWkD9BsB3sFy3X3e/s+sLBIoQlUo4+Ee5l98SzbeXR
NeedgAEptnTzYuYy063GSJH63Cq9wT2ngruRHgrPJ0xglzpRfZ97vH9JKIzXufk8
YPJlcqet5sbTR6TY5eoMwvkoLNlrSJslW84omdkPjQwF7oGHoUBUc+TBjRmGshYs
ebidp5ooG7n7VL9C4kODSOTK3qycIRqUYBRZtB5yUAlXw2ffvj3I9kK1bihBwOTR
85HRkBavhrZLnvCLiNiC9Us2Orc8/qmOY/E1Cb3f0ZFLrBFTqElsyh/ckQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMldkLqAmBVYzNvjk5hQ3mvGfYcsMB8GA1UdIwQY
MBaAFOUMIsZrhfrJjeg9dh70JDQ3qwOTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgt
OTIxNDI3ODEwOGE4LzEveVYyUXVvQ1lGVmpNMi1PVG1GRGVhOFo5aHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgtOTIxNDI3ODEwOGE4
LzEvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADV/6MD
BADV/6QDBADV/7gwDQYJKoZIhvcNAQELBQADggEBADO1JA0sr1ddkecdWFUC3XLd
f8FJ1v28RFs7FuvHrpyT9tOFREROUz9xO5GO0sLH6IT1AzkKm3VYwAIkyGYlOGAK
26jEF12g7iZhXK5f7T2PyI30Bl2xz77b79VjJp8Ay06mAk2BBamUqpxwh0yKqIMC
Ge+p/c3Y5d84yhsxu8jN4v/bFnzHv7Fnp1m4rv6uUyMh/b2ibpBGW/kjqtuKcj+G
htdOzVYVvEsjBfMwRAcT3u15ryoL4LtUUDIo6GBvbHUlSoC+Ps9Ee40XzbkfZdjx
XE90jVWv6AipSrYOtktxuPO17KI1lm4YL7BB2LFEEHMxyjX2xEE6qnhoE24BJ5c=
-----END CERTIFICATE-----