Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/2NXfzQOX2yzR_1PZmnB4_Blj3Qs.roa
File:                     2NXfzQOX2yzR_1PZmnB4_Blj3Qs.roa (raw, json)
Hash identifier:          Ak/GG6l8wter3UNq3QplQdRhCDB/vDLztI0yd4qCSKk=
Subject key identifier:   D8:D5:DF:CD:03:97:DB:2C:D1:FF:53:D9:9A:70:78:FC:19:63:DD:0B
Certificate issuer:       /CN=e93f3a41e6be524115c6c2b558bc280043a0224e
Certificate serial:       0194206821FB07FAC52EF7636E6693EDC519
Authority key identifier: E9:3F:3A:41:E6:BE:52:41:15:C6:C2:B5:58:BC:28:00:43:A0:22:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6T86Qea-UkEVxsK1WLwoAEOgIk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/2NXfzQOX2yzR_1PZmnB4_Blj3Qs.roa
Signing time:             Wed 01 Jan 2025 05:48:02 +0000
ROA not before:           Wed 01 Jan 2025 05:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35779
IP address blocks:        188.93.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/6T86Qea-UkEVxsK1WLwoAEOgIk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/6T86Qea-UkEVxsK1WLwoAEOgIk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6T86Qea-UkEVxsK1WLwoAEOgIk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:21:fb:07:fa:c5:2e:f7:63:6e:66:93:ed:c5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e93f3a41e6be524115c6c2b558bc280043a0224e
        Validity
            Not Before: Jan  1 05:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8d5dfcd0397db2cd1ff53d99a7078fc1963dd0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:3c:d9:a9:6c:c6:3f:de:0f:b1:b3:c4:9b:
                    bb:67:e5:cd:70:23:43:6c:c2:52:3c:d3:7e:12:4f:
                    3e:ce:35:d0:5c:ae:5e:6b:56:88:66:15:45:c2:9f:
                    5a:e7:4d:f5:92:9b:1b:c0:f7:ef:1e:6a:05:9a:01:
                    4f:b7:ab:8e:35:ca:00:48:49:91:2f:3d:51:ef:57:
                    d8:bc:6d:79:34:cf:8e:bc:77:e0:2d:c8:0e:e9:a3:
                    9b:45:db:e5:41:42:c7:26:fe:52:6e:42:b9:d8:e0:
                    3c:6d:8b:34:3b:b8:71:54:aa:e1:b3:44:2a:b3:16:
                    b0:7f:9a:ed:e0:98:fd:82:d1:35:a6:d3:e0:59:40:
                    d8:ae:27:a6:45:fc:78:9d:fa:6f:9d:fc:cf:2b:0d:
                    3e:2a:b3:96:61:27:71:a5:fe:ec:10:d5:6a:b4:cc:
                    0b:eb:0e:c7:8a:19:97:da:46:83:12:30:14:c4:d8:
                    0b:5f:94:73:76:8f:f6:96:f5:89:79:25:c6:4a:48:
                    9d:e6:d6:c4:5c:6c:fc:b7:78:53:db:d6:13:6d:cb:
                    c9:bf:1e:7c:cd:52:2e:55:33:f8:36:e5:01:c3:af:
                    9e:18:a2:0b:c3:53:53:03:ef:db:3c:2a:ad:81:0b:
                    b5:5a:ee:b2:b4:6c:d4:7b:b0:d9:82:22:fc:28:b4:
                    92:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D5:DF:CD:03:97:DB:2C:D1:FF:53:D9:9A:70:78:FC:19:63:DD:0B
            X509v3 Authority Key Identifier:
                keyid:E9:3F:3A:41:E6:BE:52:41:15:C6:C2:B5:58:BC:28:00:43:A0:22:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6T86Qea-UkEVxsK1WLwoAEOgIk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/2NXfzQOX2yzR_1PZmnB4_Blj3Qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/a1740e-8404-42d2-af5c-10e24625a4d4/1/6T86Qea-UkEVxsK1WLwoAEOgIk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:47:0b:85:eb:e3:44:3c:24:53:80:f8:f7:f9:e6:bf:bb:f9:
         26:0e:b3:70:8c:a4:fd:40:c1:fc:bb:c4:d6:99:4d:1b:64:29:
         80:50:a9:74:b5:ae:1f:38:a1:66:72:7b:41:a8:4e:21:24:8d:
         90:e0:6c:86:eb:67:25:5d:da:24:0b:9d:65:a5:b0:71:00:3b:
         ec:b2:f2:ab:42:da:2c:cd:c8:b2:9e:bd:a0:e5:c1:41:8f:fd:
         47:d1:86:ce:c6:92:91:9f:b7:d2:4c:64:a0:3c:4f:11:ac:14:
         44:3d:65:59:60:b0:0a:7a:f6:32:13:7c:90:a6:76:44:7a:66:
         53:aa:a6:36:8f:0d:ec:21:e5:c0:3b:83:7c:e4:70:41:20:ed:
         27:83:98:3c:af:0b:72:2f:4e:b4:20:41:f5:23:cc:e6:54:b0:
         05:37:bc:68:42:0e:41:e8:38:12:9b:33:26:34:66:66:c0:96:
         1d:7c:f6:9d:52:96:ee:99:11:eb:80:15:ec:d9:6c:0b:01:d0:
         7c:cf:88:79:c9:9a:16:7c:97:27:0d:fb:22:3f:4d:d6:19:cc:
         6e:d4:d6:a9:98:1d:83:e3:57:1a:0c:61:cb:d5:b7:ed:ae:8e:
         56:fc:bb:1b:4b:3b:05:e2:f0:7f:cc:7c:b2:92:eb:48:20:3b:
         be:c7:3c:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaCH7B/rFLvdjbmaT7cUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5M2YzYTQxZTZiZTUyNDExNWM2YzJiNTU4YmMyODAwNDNh
MDIyNGUwHhcNMjUwMTAxMDU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQ1ZGZjZDAzOTdkYjJjZDFmZjUzZDk5YTcwNzhmYzE5NjNkZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh082alsxj/eD7GzxJu7Z+XNcCND
bMJSPNN+Ek8+zjXQXK5ea1aIZhVFwp9a5031kpsbwPfvHmoFmgFPt6uONcoASEmR
Lz1R71fYvG15NM+OvHfgLcgO6aObRdvlQULHJv5SbkK52OA8bYs0O7hxVKrhs0Qq
sxawf5rt4Jj9gtE1ptPgWUDYriemRfx4nfpvnfzPKw0+KrOWYSdxpf7sENVqtMwL
6w7HihmX2kaDEjAUxNgLX5Rzdo/2lvWJeSXGSkid5tbEXGz8t3hT29YTbcvJvx58
zVIuVTP4NuUBw6+eGKILw1NTA+/bPCqtgQu1Wu6ytGzUe7DZgiL8KLSSgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjV380Dl9ss0f9T2ZpwePwZY90LMB8GA1UdIwQY
MBaAFOk/OkHmvlJBFcbCtVi8KABDoCJOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlQ4NlFlYS1Va0VWeHNLMVdMd29BRU9nSWs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9hMTc0MGUtODQwNC00MmQyLWFmNWMt
MTBlMjQ2MjVhNGQ0LzEvMk5YZnpRT1gyeXpSXzFQWm1uQjRfQmxqM1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9hMTc0MGUtODQwNC00MmQyLWFmNWMtMTBlMjQ2MjVhNGQ0
LzEvNlQ4NlFlYS1Va0VWeHNLMVdMd29BRU9nSWs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvF16MA0G
CSqGSIb3DQEBCwUAA4IBAQBZRwuF6+NEPCRTgPj3+ea/u/kmDrNwjKT9QMH8u8TW
mU0bZCmAUKl0ta4fOKFmcntBqE4hJI2Q4GyG62clXdokC51lpbBxADvssvKrQtos
zciynr2g5cFBj/1H0YbOxpKRn7fSTGSgPE8RrBREPWVZYLAKevYyE3yQpnZEemZT
qqY2jw3sIeXAO4N85HBBIO0ng5g8rwtyL060IEH1I8zmVLAFN7xoQg5B6DgSmzMm
NGZmwJYdfPadUpbumRHrgBXs2WwLAdB8z4h5yZoWfJcnDfsiP03WGcxu1NapmB2D
41caDGHL1bftro5W/LsbSzsF4vB/zHyykutIIDu+xzwZ
-----END CERTIFICATE-----