Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/2cSeSi_Xs9nxENINXXMmVW1DasQ.roa
File:                     2cSeSi_Xs9nxENINXXMmVW1DasQ.roa (raw, json)
Hash identifier:          NILYBWHjcUi2YMu0b6KQQ7GSdlhIfBjAKlI5QryWGe8=
Subject key identifier:   D9:C4:9E:4A:2F:D7:B3:D9:F1:10:D2:0D:5D:73:26:55:6D:43:6A:C4
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA96807540F9BC871E43C07FB4554
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/2cSeSi_Xs9nxENINXXMmVW1DasQ.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61156
IP address blocks:        185.17.84.0/22 maxlen: 22
                          185.17.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a9:68:07:54:0f:9b:c8:71:e4:3c:07:fb:45:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9c49e4a2fd7b3d9f110d20d5d7326556d436ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:62:e5:11:e0:3c:69:59:ab:f2:b9:3a:b7:37:
                    95:98:7f:a5:02:40:13:e8:0b:9d:dc:b0:77:1a:e6:
                    3f:49:4a:4b:ee:08:4d:17:c6:e9:75:52:45:93:de:
                    66:94:a3:19:d7:f1:4e:59:6c:a6:07:57:45:ba:63:
                    50:e3:76:fb:60:e7:a9:6f:f0:f7:1d:69:69:4f:3e:
                    97:5f:b5:a8:ce:ec:86:75:b9:91:9a:09:9e:d1:a5:
                    11:c9:c8:2f:57:f2:13:03:23:b4:44:2e:83:b0:66:
                    fe:05:2c:c9:f4:4a:a4:d4:ee:09:ae:18:13:59:41:
                    67:98:27:57:74:ec:d5:07:7f:c3:21:d8:ef:ba:37:
                    f9:ef:49:84:53:e0:32:c8:d4:bc:4b:ab:91:0b:26:
                    37:d2:0b:5d:94:66:ad:67:20:3d:8b:08:81:c9:d7:
                    2b:7b:95:39:99:55:a7:33:59:bd:e8:c3:08:00:dd:
                    ee:05:c8:6a:17:6f:0d:0d:34:0f:42:d2:b3:6f:a7:
                    40:a0:ec:e5:c7:a6:1d:a6:ae:a7:7d:c2:72:b8:af:
                    7e:61:e7:f6:ba:eb:07:5e:a1:aa:df:30:bd:6f:82:
                    96:64:1c:7d:0c:d5:37:0a:41:3e:7e:4d:0e:3c:71:
                    8a:dc:8c:f9:4b:29:d3:2e:da:8b:61:33:3c:98:09:
                    11:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C4:9E:4A:2F:D7:B3:D9:F1:10:D2:0D:5D:73:26:55:6D:43:6A:C4
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/2cSeSi_Xs9nxENINXXMmVW1DasQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:c6:b9:2c:c0:35:5b:fb:73:ce:fc:02:07:d0:2a:d9:e4:1c:
         b4:a9:f9:3f:25:03:be:a1:91:56:8a:ed:11:58:f8:3d:7e:92:
         26:26:51:48:1f:39:14:fb:f2:0c:a4:7d:13:0c:ca:bc:ae:33:
         e5:bb:b0:47:dc:da:39:90:a2:bf:e3:6d:28:52:a7:51:1e:00:
         34:1a:0a:a9:b6:77:c9:1e:2f:13:f0:8e:c3:2d:66:2f:50:d8:
         75:cb:01:69:db:0b:81:80:2f:be:7e:12:bf:6c:aa:84:fe:80:
         78:b2:2a:4d:eb:c8:ee:da:6d:3f:41:a7:1c:38:c6:d2:a0:bf:
         13:41:0f:2f:f6:0f:ef:2f:1c:0c:5c:d7:29:e6:89:99:53:27:
         b5:45:26:89:54:32:13:5b:c1:5c:57:54:ed:6d:ce:ac:ba:69:
         a1:ce:c9:b1:d6:ac:03:ae:4d:cf:b0:45:eb:fd:34:1f:25:fb:
         85:70:81:a2:1a:c4:bd:48:18:3a:3a:55:40:27:8f:75:ef:0b:
         fa:f3:5d:54:dc:e9:8b:6c:83:68:ae:37:6e:7d:70:ea:d9:8a:
         1a:eb:7f:a2:cd:1a:86:0f:50:a7:29:72:41:97:08:82:0a:fb:
         23:80:a5:27:32:31:d6:b6:94:86:bf:56:3e:28:7f:79:89:e5:
         7e:ff:35:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaloB1QPm8hx5DwH+0VUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWM0OWU0YTJmZDdiM2Q5ZjExMGQyMGQ1ZDczMjY1NTZkNDM2YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmLlEeA8aVmr8rk6tzeVmH+lAkAT
6Aud3LB3GuY/SUpL7ghNF8bpdVJFk95mlKMZ1/FOWWymB1dFumNQ43b7YOepb/D3
HWlpTz6XX7WozuyGdbmRmgme0aURycgvV/ITAyO0RC6DsGb+BSzJ9Eqk1O4JrhgT
WUFnmCdXdOzVB3/DIdjvujf570mEU+AyyNS8S6uRCyY30gtdlGatZyA9iwiBydcr
e5U5mVWnM1m96MMIAN3uBchqF28NDTQPQtKzb6dAoOzlx6Ydpq6nfcJyuK9+Yef2
uusHXqGq3zC9b4KWZBx9DNU3CkE+fk0OPHGK3Iz5SynTLtqLYTM8mAkRZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnEnkov17PZ8RDSDV1zJlVtQ2rEMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvMmNTZVNpX1hzOW54RU5JTlhYTW1WVzFEYXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRFUMA0G
CSqGSIb3DQEBCwUAA4IBAQA1xrkswDVb+3PO/AIH0CrZ5By0qfk/JQO+oZFWiu0R
WPg9fpImJlFIHzkU+/IMpH0TDMq8rjPlu7BH3No5kKK/420oUqdRHgA0GgqptnfJ
Hi8T8I7DLWYvUNh1ywFp2wuBgC++fhK/bKqE/oB4sipN68ju2m0/QaccOMbSoL8T
QQ8v9g/vLxwMXNcp5omZUye1RSaJVDITW8FcV1Ttbc6summhzsmx1qwDrk3PsEXr
/TQfJfuFcIGiGsS9SBg6OlVAJ4917wv6811U3OmLbINorjdufXDq2Yoa63+izRqG
D1CnKXJBlwiCCvsjgKUnMjHWtpSGv1Y+KH95ieV+/zXW
-----END CERTIFICATE-----