Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/2MTjWcnAZaBZxr6B57_xkNelCyo.roa
File:                     2MTjWcnAZaBZxr6B57_xkNelCyo.roa (raw, json)
Hash identifier:          LwS+Lia49xksIy+sqAnEnU2btZ36QZE/qsN4N2FlYK8=
Subject key identifier:   D8:C4:E3:59:C9:C0:65:A0:59:C6:BE:81:E7:BF:F1:90:D7:A5:0B:2A
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019692653CD5B808844FE5B5801138FDF422
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/2MTjWcnAZaBZxr6B57_xkNelCyo.roa
Signing time:             Fri 02 May 2025 19:07:10 +0000
ROA not before:           Fri 02 May 2025 19:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        62.233.59.0/24 maxlen: 24
                          185.164.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:92:65:3c:d5:b8:08:84:4f:e5:b5:80:11:38:fd:f4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: May  2 19:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8c4e359c9c065a059c6be81e7bff190d7a50b2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8b:ed:ce:82:fd:e2:a4:8e:87:d3:2c:97:3d:
                    f2:9a:65:4d:e4:8e:18:3e:f2:6c:ed:ef:0b:aa:2b:
                    51:b8:fe:29:0e:d4:3a:5e:4c:4a:24:84:21:67:87:
                    c5:af:97:4b:93:bf:72:84:4c:86:ac:0e:66:14:2b:
                    d6:4e:95:12:72:34:ad:ec:9a:87:02:d6:87:7f:1b:
                    d6:9e:5b:67:10:af:49:e0:0c:12:50:a6:c0:8d:3c:
                    f0:dc:57:30:6c:5a:ac:16:27:86:ed:84:15:21:ea:
                    37:3c:38:c7:52:28:1e:f8:1b:58:72:7d:33:de:a4:
                    ca:ef:95:33:5a:47:d5:36:a8:49:d6:63:50:ac:43:
                    10:1a:78:5a:35:af:1b:b2:8e:c2:a3:66:62:d4:44:
                    71:c7:06:2c:f8:cb:ef:77:c6:75:02:d4:ff:1a:fd:
                    d1:6d:13:01:d1:a3:59:39:7a:73:9c:d8:b1:c3:4e:
                    14:fe:e0:c0:a0:cf:e5:e4:0f:56:f2:ea:b4:73:02:
                    e6:f0:ed:f3:93:48:09:65:bb:ae:2e:7a:87:d3:0e:
                    0e:67:a6:d6:89:66:b3:59:d1:fb:e0:49:ae:26:9b:
                    62:ff:a6:22:e9:d9:71:82:db:2d:37:a7:53:b5:7a:
                    6b:0a:47:1c:64:af:d4:b3:b5:7d:ba:6c:03:82:4a:
                    45:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C4:E3:59:C9:C0:65:A0:59:C6:BE:81:E7:BF:F1:90:D7:A5:0B:2A
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/2MTjWcnAZaBZxr6B57_xkNelCyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.59.0/24
                  185.164.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:34:00:09:cb:45:b2:dd:94:bf:51:8d:b3:23:d7:3d:8f:8e:
         72:c3:59:04:15:0c:3f:18:9f:84:44:7e:7e:15:82:46:25:7d:
         ab:bf:46:e0:7a:16:e3:19:3a:76:aa:dd:83:23:c9:f3:06:29:
         ca:cd:33:40:e0:d8:b6:34:62:5c:6b:91:31:22:6d:d1:17:07:
         d6:42:9d:65:b1:15:45:49:17:db:93:68:4b:3e:69:b9:92:d5:
         0e:0e:b7:f0:52:a1:c6:af:2c:03:bf:f4:b0:fb:0d:be:30:0c:
         53:26:52:f9:90:ec:50:22:dd:f8:28:2e:c1:ad:30:43:37:0b:
         8b:0e:d1:aa:f5:1e:7b:0b:e6:63:a8:0b:4b:f9:f4:9a:e5:ec:
         3e:70:a7:f5:6f:bc:f6:81:16:88:18:76:a0:39:e7:01:1f:9d:
         c0:75:05:9b:98:18:51:72:84:e4:4c:dd:fe:8a:9e:e9:f6:ba:
         fa:5b:7a:8b:2b:e5:d3:4c:d9:9d:58:fe:03:0b:8b:55:96:9f:
         ac:13:71:d7:7a:fc:c3:db:6f:17:80:48:39:9c:83:83:d9:0b:
         24:22:27:23:bc:1e:d6:b7:30:ea:13:c3:67:87:3b:c9:59:0a:
         16:6e:88:df:f7:1b:cb:8c:ce:06:3b:5b:19:1e:c2:65:73:14:
         c0:81:34:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaSZTzVuAiET+W1gBE4/fQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwNTAyMTkwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGM0ZTM1OWM5YzA2NWEwNTljNmJlODFlN2JmZjE5MGQ3YTUwYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34vtzoL94qSOh9Mslz3ymmVN5I4Y
PvJs7e8LqitRuP4pDtQ6XkxKJIQhZ4fFr5dLk79yhEyGrA5mFCvWTpUScjSt7JqH
AtaHfxvWnltnEK9J4AwSUKbAjTzw3FcwbFqsFieG7YQVIeo3PDjHUige+BtYcn0z
3qTK75UzWkfVNqhJ1mNQrEMQGnhaNa8bso7Co2Zi1ERxxwYs+Mvvd8Z1AtT/Gv3R
bRMB0aNZOXpznNixw04U/uDAoM/l5A9W8uq0cwLm8O3zk0gJZbuuLnqH0w4OZ6bW
iWazWdH74EmuJpti/6Yi6dlxgtstN6dTtXprCkccZK/Us7V9umwDgkpFSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNjE41nJwGWgWca+gee/8ZDXpQsqMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvMk1UaldjbkFaYUJaeHI2QjU3X3hrTmVsQ3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuk7AwQA
uaSvMA0GCSqGSIb3DQEBCwUAA4IBAQAeNAAJy0Wy3ZS/UY2zI9c9j45yw1kEFQw/
GJ+ERH5+FYJGJX2rv0bgehbjGTp2qt2DI8nzBinKzTNA4Ni2NGJca5ExIm3RFwfW
Qp1lsRVFSRfbk2hLPmm5ktUODrfwUqHGrywDv/Sw+w2+MAxTJlL5kOxQIt34KC7B
rTBDNwuLDtGq9R57C+ZjqAtL+fSa5ew+cKf1b7z2gRaIGHagOecBH53AdQWbmBhR
coTkTN3+ip7p9rr6W3qLK+XTTNmdWP4DC4tVlp+sE3HXevzD228XgEg5nIOD2Qsk
IicjvB7WtzDqE8NnhzvJWQoWbojf9xvLjM4GO1sZHsJlcxTAgTRB
-----END CERTIFICATE-----