Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/2_e31xA0ke3Styc34JcGbffddwc.roa
File:                     2_e31xA0ke3Styc34JcGbffddwc.roa (raw, json)
Hash identifier:          SiZtRmCeZumulAZS0QR6GtmaGOYbZYgtQLDnc2RPi2w=
Subject key identifier:   DB:F7:B7:D7:10:34:91:ED:D2:B7:27:37:E0:97:06:6D:F7:DD:77:07
Certificate issuer:       /CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
Certificate serial:       01942827E5F9E36E15C6502FD64942F5BA06
Authority key identifier: 49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/2_e31xA0ke3Styc34JcGbffddwc.roa
Signing time:             Thu 02 Jan 2025 17:54:50 +0000
ROA not before:           Thu 02 Jan 2025 17:54:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44066
IP address blocks:        45.81.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 20:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:e5:f9:e3:6e:15:c6:50:2f:d6:49:42:f5:ba:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
        Validity
            Not Before: Jan  2 17:54:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbf7b7d7103491edd2b72737e097066df7dd7707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:86:2f:09:b1:f9:69:04:2d:14:f3:c2:f8:1a:
                    f1:01:b0:10:d6:76:6b:00:05:05:4d:58:d1:0c:c8:
                    8b:1f:af:2b:45:6d:fb:b6:1a:e7:78:f4:9b:84:b4:
                    e7:74:cd:af:de:81:f0:c7:ed:29:d1:12:46:af:07:
                    7f:a6:09:80:f1:dd:9f:43:72:02:8c:9b:62:de:70:
                    50:2f:08:f7:65:6c:58:7d:f4:ad:82:0a:5a:df:f4:
                    f4:99:2b:d9:39:c4:ad:ed:4c:ae:92:94:2a:ab:2e:
                    67:62:98:be:e2:d3:9b:94:e8:12:03:cb:a3:7a:e7:
                    78:63:b9:e0:6e:e7:ab:93:51:aa:1b:94:f2:db:b4:
                    83:86:df:69:c5:27:cc:c6:98:86:3b:e2:31:02:b8:
                    c6:0d:73:34:5a:73:ca:17:48:e3:74:30:15:e3:26:
                    6f:93:4b:5b:36:70:dd:c0:30:13:1e:fc:f2:f1:3d:
                    38:38:47:df:96:91:5f:c4:ab:3a:0d:dd:a1:76:c4:
                    41:ab:2e:e4:d6:77:4f:a4:b4:9b:ed:06:1e:40:0c:
                    69:05:34:26:e0:d1:dd:f0:77:11:f0:c6:cf:52:dc:
                    56:e4:ef:3d:30:c6:36:34:a2:29:50:d2:3f:df:4b:
                    5a:6a:a3:b8:f0:29:3c:15:62:eb:a7:16:fd:50:69:
                    c5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F7:B7:D7:10:34:91:ED:D2:B7:27:37:E0:97:06:6D:F7:DD:77:07
            X509v3 Authority Key Identifier:
                keyid:49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/2_e31xA0ke3Styc34JcGbffddwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:e6:31:e3:8c:ae:17:47:cc:13:7b:a2:34:a2:42:ae:c5:6d:
         26:dd:b7:8b:dd:59:35:fc:8f:d8:2b:03:c2:56:e9:d6:ab:1b:
         d1:cc:f0:00:07:b6:97:6a:ae:60:f7:ef:e4:c1:4a:89:d9:61:
         2b:70:57:dc:32:e5:56:86:b5:8e:2a:3c:5f:ba:15:19:f3:c9:
         92:87:84:52:b6:ef:78:58:98:57:e4:32:7e:c2:ab:bd:d4:71:
         0e:ff:4b:1d:d4:c0:64:45:51:5e:31:25:ea:42:47:c6:32:f3:
         9f:60:e8:f8:48:a6:d2:dc:c8:5f:1c:23:1c:95:67:f2:86:d7:
         73:38:36:99:09:38:2f:e4:c1:0a:64:1c:4a:0a:d1:c8:82:0f:
         19:56:c1:3a:1f:b6:62:4c:49:f5:3e:ba:9d:bd:bb:3b:d9:58:
         2d:6a:85:3b:5c:6f:1f:2a:a5:3f:fa:e1:fe:10:93:b8:a9:06:
         af:75:f5:87:f2:57:a1:ed:44:43:55:fd:bd:86:77:89:ce:48:
         55:ea:35:43:8b:fc:d4:9e:65:b0:63:6d:08:fd:62:79:6e:8a:
         09:85:f1:41:39:6f:2a:80:d5:62:b0:f8:31:4b:ea:34:6f:63:
         e6:b1:61:cf:1d:ad:f2:d7:d2:22:37:ee:2c:3e:1a:d3:54:9a:
         4f:be:b8:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ+X5424VxlAv1klC9boGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzIyYTBjYThiYmM5NGQ0OGE1Y2I0OGNjYzkyZWZlZjg0
NWE3ZTMwHhcNMjUwMTAyMTc1NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY3YjdkNzEwMzQ5MWVkZDJiNzI3MzdlMDk3MDY2ZGY3ZGQ3NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04YvCbH5aQQtFPPC+BrxAbAQ1nZr
AAUFTVjRDMiLH68rRW37thrnePSbhLTndM2v3oHwx+0p0RJGrwd/pgmA8d2fQ3IC
jJti3nBQLwj3ZWxYffStggpa3/T0mSvZOcSt7UyukpQqqy5nYpi+4tOblOgSA8uj
eud4Y7ngbuerk1GqG5Ty27SDht9pxSfMxpiGO+IxArjGDXM0WnPKF0jjdDAV4yZv
k0tbNnDdwDATHvzy8T04OEfflpFfxKs6Dd2hdsRBqy7k1ndPpLSb7QYeQAxpBTQm
4NHd8HcR8MbPUtxW5O89MMY2NKIpUNI/30taaqO48Ck8FWLrpxb9UGnFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv3t9cQNJHt0rcnN+CXBm333XcHMB8GA1UdIwQY
MBaAFElyKgyou8lNSKXLSMzJLv74RafjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjIt
ZTE4ZmE2NTgwNTVhLzEvMl9lMzF4QTBrZTNTdHljMzRKY0diZmZkZHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjItZTE4ZmE2NTgwNTVh
LzEvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVHoMA0G
CSqGSIb3DQEBCwUAA4IBAQCe5jHjjK4XR8wTe6I0okKuxW0m3beL3Vk1/I/YKwPC
VunWqxvRzPAAB7aXaq5g9+/kwUqJ2WErcFfcMuVWhrWOKjxfuhUZ88mSh4RStu94
WJhX5DJ+wqu91HEO/0sd1MBkRVFeMSXqQkfGMvOfYOj4SKbS3MhfHCMclWfyhtdz
ODaZCTgv5MEKZBxKCtHIgg8ZVsE6H7ZiTEn1Prqdvbs72VgtaoU7XG8fKqU/+uH+
EJO4qQavdfWH8leh7URDVf29hneJzkhV6jVDi/zUnmWwY20I/WJ5booJhfFBOW8q
gNVisPgxS+o0b2PmsWHPHa3y19IiN+4sPhrTVJpPvrhs
-----END CERTIFICATE-----