Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/2z0NeYZe1xNl9FiaXMK1zDvmewM.roa
File:                     2z0NeYZe1xNl9FiaXMK1zDvmewM.roa (raw, json)
Hash identifier:          cOILWkUhsnduTiBD7sHiLuG2BYfCl/U6Tpdfh+0XXP8=
Subject key identifier:   DB:3D:0D:79:86:5E:D7:13:65:F4:58:9A:5C:C2:B5:CC:3B:E6:7B:03
Certificate issuer:       /CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
Certificate serial:       01941F8CAAEBC27809824DFD91FBEE8906B3
Authority key identifier: 99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/2z0NeYZe1xNl9FiaXMK1zDvmewM.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29241
IP address blocks:        194.30.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:aa:eb:c2:78:09:82:4d:fd:91:fb:ee:89:06:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db3d0d79865ed71365f4589a5cc2b5cc3be67b03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ad:59:39:1b:6c:b3:e7:7b:82:71:b8:e8:0d:
                    fa:9a:1c:b1:a1:2e:58:eb:5b:8e:cf:a0:97:22:3b:
                    06:0f:00:1a:9f:04:9a:49:9b:ff:0d:6f:28:62:1a:
                    97:8e:ab:c1:dd:40:30:0e:bc:68:6d:b4:ad:47:38:
                    ba:4d:13:ae:47:8e:b8:76:17:6b:38:37:de:87:e1:
                    34:c9:98:57:2b:4a:c3:07:b9:9f:2a:a6:24:8f:09:
                    59:47:4e:48:18:4b:6d:96:73:33:a0:9a:44:b0:74:
                    e1:a1:37:18:42:88:ac:0e:90:48:2f:bb:f8:b3:1a:
                    54:8c:d8:f7:b2:85:fe:73:b2:c4:e1:e4:6b:65:94:
                    8d:80:63:cc:3d:a9:70:78:12:fc:59:13:d9:6d:9c:
                    27:e6:d1:e0:13:36:20:e1:ed:e2:17:d5:71:28:bb:
                    68:75:d0:d0:a3:1e:71:9b:17:ec:e4:19:2d:1e:e7:
                    c1:5a:12:74:ed:16:2d:75:ac:36:63:3c:4c:20:5d:
                    6e:02:ec:f1:59:48:1f:e3:bf:08:cc:95:47:b3:8f:
                    29:fd:72:a7:58:52:dc:df:7c:dd:37:90:9f:25:6a:
                    0b:bc:2d:1a:8a:b9:d6:60:35:95:90:c7:3d:69:7b:
                    a8:96:5e:fd:f6:17:42:77:84:0a:14:5e:1d:ee:fd:
                    c6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3D:0D:79:86:5E:D7:13:65:F4:58:9A:5C:C2:B5:CC:3B:E6:7B:03
            X509v3 Authority Key Identifier:
                keyid:99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/2z0NeYZe1xNl9FiaXMK1zDvmewM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:0b:67:cb:eb:3d:96:1a:b0:49:b8:a1:b1:9c:c6:72:68:94:
         21:41:8b:c5:80:81:84:0e:9c:61:d7:9b:6d:80:93:1a:9b:b6:
         1b:52:df:aa:67:74:35:2a:5e:b1:4b:e6:ca:09:6c:2e:a1:15:
         b9:e7:4b:3e:93:49:b4:e6:96:54:b8:e3:45:ad:a6:e0:70:77:
         c5:4e:39:cf:51:f5:37:7c:8d:c1:05:7f:98:61:04:f6:c1:13:
         7e:fd:5a:7b:ec:d8:e2:70:de:e0:08:d6:81:c0:95:d9:bc:e8:
         ea:88:ac:5c:7d:8a:4d:46:32:c8:73:35:95:5e:3e:25:60:96:
         1d:19:f5:5a:1b:73:c8:2c:07:ce:e6:f6:c6:c7:fd:d5:d8:62:
         55:12:ea:fb:0c:b9:35:19:54:03:c4:d2:59:5d:ef:19:00:30:
         53:32:32:0b:6e:d5:53:7c:ce:da:e0:53:81:dd:d9:e1:34:11:
         02:ad:17:75:b1:37:4c:f3:9e:80:7b:7e:e4:49:82:7a:a1:07:
         9e:63:98:05:24:0b:88:04:30:b6:9e:89:52:64:bc:fd:4b:0a:
         ed:ba:90:e5:b6:19:f8:5b:ef:90:3f:f0:8a:27:47:65:d2:c5:
         97:36:fb:e4:88:b4:57:7a:eb:5d:7f:e0:22:93:bd:14:54:68:
         f8:91:b6:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKrrwngJgk39kfvuiQazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NTVjNWE3MTM3ZWI1ZDQ3ZWEyNGUxN2QyN2ZhOTJkMGI0
MmZiZDgwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNkMGQ3OTg2NWVkNzEzNjVmNDU4OWE1Y2MyYjVjYzNiZTY3YjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAha1ZORtss+d7gnG46A36mhyxoS5Y
61uOz6CXIjsGDwAanwSaSZv/DW8oYhqXjqvB3UAwDrxobbStRzi6TROuR464dhdr
ODfeh+E0yZhXK0rDB7mfKqYkjwlZR05IGEttlnMzoJpEsHThoTcYQoisDpBIL7v4
sxpUjNj3soX+c7LE4eRrZZSNgGPMPalweBL8WRPZbZwn5tHgEzYg4e3iF9VxKLto
ddDQox5xmxfs5BktHufBWhJ07RYtdaw2YzxMIF1uAuzxWUgf478IzJVHs48p/XKn
WFLc33zdN5CfJWoLvC0airnWYDWVkMc9aXuoll799hdCd4QKFF4d7v3GjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs9DXmGXtcTZfRYmlzCtcw75nsDMB8GA1UdIwQY
MBaAFJlVxacTfrXUfqJOF9J/qS0LQvvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTkt
ZTM5NTI0ZTdhNmVkLzEvMnowTmVZWmUxeE5sOUZpYVhNSzF6RHZtZXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTktZTM5NTI0ZTdhNmVk
LzEvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh7gMA0G
CSqGSIb3DQEBCwUAA4IBAQAyC2fL6z2WGrBJuKGxnMZyaJQhQYvFgIGEDpxh15tt
gJMam7YbUt+qZ3Q1Kl6xS+bKCWwuoRW550s+k0m05pZUuONFrabgcHfFTjnPUfU3
fI3BBX+YYQT2wRN+/Vp77NjicN7gCNaBwJXZvOjqiKxcfYpNRjLIczWVXj4lYJYd
GfVaG3PILAfO5vbGx/3V2GJVEur7DLk1GVQDxNJZXe8ZADBTMjILbtVTfM7a4FOB
3dnhNBECrRd1sTdM856Ae37kSYJ6oQeeY5gFJAuIBDC2nolSZLz9SwrtupDlthn4
W++QP/CKJ0dl0sWXNvvkiLRXeutdf+Aik70UVGj4kbZe
-----END CERTIFICATE-----