Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/2qX7OdgapT1BAlqvcn-h20H3SjY.roa
File:                     2qX7OdgapT1BAlqvcn-h20H3SjY.roa (raw, json)
Hash identifier:          mYdYSfl5U26j0DpruXdVtTOn2QH2B7ImuHJ/Oabup60=
Subject key identifier:   DA:A5:FB:39:D8:1A:A5:3D:41:02:5A:AF:72:7F:A1:DB:41:F7:4A:36
Certificate issuer:       /CN=30901b30617e866abc9ce50badbe88465d38f037
Certificate serial:       019421441E6778DC4AAEF0C4AE9AA580B338
Authority key identifier: 30:90:1B:30:61:7E:86:6A:BC:9C:E5:0B:AD:BE:88:46:5D:38:F0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MJAbMGF-hmq8nOULrb6IRl048Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/2qX7OdgapT1BAlqvcn-h20H3SjY.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214985
IP address blocks:        5.42.204.0/24 maxlen: 24
                          2a14:1400::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/MJAbMGF-hmq8nOULrb6IRl048Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/MJAbMGF-hmq8nOULrb6IRl048Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MJAbMGF-hmq8nOULrb6IRl048Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1e:67:78:dc:4a:ae:f0:c4:ae:9a:a5:80:b3:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30901b30617e866abc9ce50badbe88465d38f037
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daa5fb39d81aa53d41025aaf727fa1db41f74a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e6:4a:21:33:6a:65:85:63:82:6e:36:ff:3a:
                    88:53:ba:41:ba:8d:a6:ff:21:4a:18:bb:2b:10:fe:
                    c4:48:4c:8c:8e:82:69:01:c3:f7:1a:69:1a:6d:89:
                    0f:a6:6f:35:b1:5f:7d:3b:6b:4d:5d:89:32:5c:7d:
                    37:c3:5a:1d:e5:8f:44:4d:8f:80:72:9b:61:12:d2:
                    24:04:e4:2e:e3:8d:2e:9d:47:99:1f:6e:a1:16:5f:
                    d6:a8:f8:14:ca:8e:b8:3e:43:06:5e:5f:27:91:bd:
                    6e:c6:db:12:95:4c:db:d5:cb:ab:2a:70:96:1c:6f:
                    ae:b3:f7:98:a2:d0:e5:86:b6:36:86:e0:ff:04:46:
                    5e:b8:6e:c7:18:c7:9a:8b:fc:43:47:d3:a5:b1:db:
                    1c:81:d4:df:e3:79:00:dd:8a:52:2d:71:d1:60:eb:
                    f3:3d:23:88:6c:c3:a5:40:43:5f:03:63:e0:20:6f:
                    5c:ae:a1:96:ac:31:53:6f:e7:86:1f:78:64:03:a2:
                    11:02:b1:2f:58:d8:53:c2:28:94:81:aa:3e:56:57:
                    89:49:8a:67:60:e3:03:b7:fe:19:20:7a:9b:31:53:
                    05:7b:91:95:ef:98:21:a8:1a:2e:a5:82:4b:82:4b:
                    29:08:6c:4e:74:a3:6b:9d:24:10:37:63:84:e4:b0:
                    ee:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A5:FB:39:D8:1A:A5:3D:41:02:5A:AF:72:7F:A1:DB:41:F7:4A:36
            X509v3 Authority Key Identifier:
                keyid:30:90:1B:30:61:7E:86:6A:BC:9C:E5:0B:AD:BE:88:46:5D:38:F0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MJAbMGF-hmq8nOULrb6IRl048Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/2qX7OdgapT1BAlqvcn-h20H3SjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/3d2031-f4a1-437a-9a7e-97c4bbaf4676/1/MJAbMGF-hmq8nOULrb6IRl048Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.204.0/24
                IPv6:
                  2a14:1400::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:f1:4f:89:dc:86:31:88:d3:93:74:2e:1b:2b:56:57:2f:1c:
         8f:b0:67:06:02:09:d8:12:fc:af:19:23:09:4a:28:7e:d3:a6:
         76:26:0e:4c:cc:33:5f:dc:57:ce:aa:1f:e7:77:c5:15:02:dd:
         2f:7c:18:ac:a8:fc:95:c6:e8:e6:81:1e:09:a9:0e:b0:fc:57:
         b7:07:c4:28:9c:6c:0d:e0:fd:9d:6a:e8:0d:dc:d1:a0:45:a9:
         ac:b9:5d:7e:54:f9:f2:f2:d7:a3:4f:18:67:db:8b:ae:69:7b:
         e7:12:65:ee:24:90:ff:05:90:45:67:b2:89:bc:2c:52:24:97:
         05:e6:81:35:f5:1e:05:2b:ff:cd:53:e7:b2:36:23:aa:77:86:
         91:b7:5b:c0:9c:81:ed:3a:5a:76:44:03:f1:15:2f:cd:b0:b8:
         e7:9b:e3:b2:d4:4d:42:db:61:7b:5b:a0:79:4d:03:46:00:07:
         96:7b:8c:6f:37:f4:ce:8f:6b:43:00:13:4d:e3:1e:59:cf:7b:
         cf:d3:47:48:2f:13:a2:95:37:be:d5:c8:19:60:25:aa:13:87:
         c6:4f:69:c9:71:38:6d:c4:9f:d0:ee:25:c3:cc:eb:e7:3d:67:
         44:aa:c6:05:c3:8f:5c:ab:3c:17:34:a9:a7:44:9a:b6:1c:48:
         31:2a:08:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRB5neNxKrvDErpqlgLM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwOTAxYjMwNjE3ZTg2NmFiYzljZTUwYmFkYmU4ODQ2NWQz
OGYwMzcwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWE1ZmIzOWQ4MWFhNTNkNDEwMjVhYWY3MjdmYTFkYjQxZjc0YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOZKITNqZYVjgm42/zqIU7pBuo2m
/yFKGLsrEP7ESEyMjoJpAcP3GmkabYkPpm81sV99O2tNXYkyXH03w1od5Y9ETY+A
cpthEtIkBOQu440unUeZH26hFl/WqPgUyo64PkMGXl8nkb1uxtsSlUzb1curKnCW
HG+us/eYotDlhrY2huD/BEZeuG7HGMeai/xDR9OlsdscgdTf43kA3YpSLXHRYOvz
PSOIbMOlQENfA2PgIG9crqGWrDFTb+eGH3hkA6IRArEvWNhTwiiUgao+VleJSYpn
YOMDt/4ZIHqbMVMFe5GV75ghqBoupYJLgkspCGxOdKNrnSQQN2OE5LDuvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNql+znYGqU9QQJar3J/odtB90o2MB8GA1UdIwQY
MBaAFDCQGzBhfoZqvJzlC62+iEZdOPA3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUpBYk1HRi1obXE4bk9VTHJiNklSbDA0OERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zZDIwMzEtZjRhMS00MzdhLTlhN2Ut
OTdjNGJiYWY0Njc2LzEvMnFYN09kZ2FwVDFCQWxxdmNuLWgyMEgzU2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zZDIwMzEtZjRhMS00MzdhLTlhN2UtOTdjNGJiYWY0Njc2
LzEvTUpBYk1HRi1obXE4bk9VTHJiNklSbDA0OERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABSrMMA0E
AgACMAcDBQMqFBQAMA0GCSqGSIb3DQEBCwUAA4IBAQAT8U+J3IYxiNOTdC4bK1ZX
LxyPsGcGAgnYEvyvGSMJSih+06Z2Jg5MzDNf3FfOqh/nd8UVAt0vfBisqPyVxujm
gR4JqQ6w/Fe3B8QonGwN4P2daugN3NGgRamsuV1+VPny8tejTxhn24uuaXvnEmXu
JJD/BZBFZ7KJvCxSJJcF5oE19R4FK//NU+eyNiOqd4aRt1vAnIHtOlp2RAPxFS/N
sLjnm+Oy1E1C22F7W6B5TQNGAAeWe4xvN/TOj2tDABNN4x5Zz3vP00dILxOilTe+
1cgZYCWqE4fGT2nJcThtxJ/Q7iXDzOvnPWdEqsYFw49cqzwXNKmnRJq2HEgxKghk
-----END CERTIFICATE-----