Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/2U5A9tBCqnUvMT1Z72ylKjdlWos.roa
File:                     2U5A9tBCqnUvMT1Z72ylKjdlWos.roa (raw, json)
Hash identifier:          6v+qu4r96g6wyDjQr5ZuHMdSm+7rbKbxTfJLRSIKjI8=
Subject key identifier:   D9:4E:40:F6:D0:42:AA:75:2F:31:3D:59:EF:6C:A5:2A:37:65:5A:8B
Certificate issuer:       /CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
Certificate serial:       0195145A1475394AFD67BCD8984ACF53C5AD
Authority key identifier: AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/2U5A9tBCqnUvMT1Z72ylKjdlWos.roa
Signing time:             Mon 17 Feb 2025 14:40:02 +0000
ROA not before:           Mon 17 Feb 2025 14:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24763
IP address blocks:        193.56.124.0/24 maxlen: 24
                          2a00:4f40:fffe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/rJ4u_NwhOsWxsIedkioXi4UPRR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/rJ4u_NwhOsWxsIedkioXi4UPRR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:5a:14:75:39:4a:fd:67:bc:d8:98:4a:cf:53:c5:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9e2efcdc213ac5b1b0879d922a178b850f451f
        Validity
            Not Before: Feb 17 14:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d94e40f6d042aa752f313d59ef6ca52a37655a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:3d:c5:13:d5:dc:6f:a3:09:00:aa:a1:6a:c5:
                    05:e7:f1:50:4e:db:eb:45:dd:72:4e:9d:d9:7a:72:
                    20:f5:7a:6d:55:3a:27:46:80:ec:56:bb:c1:1c:0f:
                    35:42:ce:46:ce:30:3a:33:6e:26:7b:08:fc:fb:d1:
                    0e:96:99:d7:82:97:a3:fb:7d:35:23:1d:69:15:95:
                    3f:78:78:26:60:d5:62:38:7b:03:a7:16:01:6d:3e:
                    df:67:51:28:ee:b2:d8:83:70:83:98:c0:96:80:d3:
                    90:04:41:c7:88:4d:1c:97:9f:b6:b0:b4:1c:d5:bf:
                    e2:04:e6:df:be:d6:55:19:30:11:9e:f0:8d:7e:5a:
                    5c:07:13:9e:95:69:4f:2b:4c:47:4a:0c:93:13:61:
                    68:a3:0e:6c:66:51:64:f2:31:5c:3a:1a:d7:c6:2b:
                    cb:68:cc:7d:22:18:8a:51:75:c4:ac:d3:02:55:6b:
                    08:c7:fa:4d:86:da:06:87:86:51:08:c9:75:4a:92:
                    c7:8a:25:10:1c:9a:19:b0:c5:5b:66:d9:d5:3c:80:
                    bc:0d:01:97:47:50:12:31:e5:26:8e:af:92:2a:60:
                    a6:7b:7f:92:c9:a9:2f:14:d8:50:3c:1d:1b:0e:f7:
                    0f:f8:9d:9c:15:2b:30:16:c0:28:2c:2b:77:13:a5:
                    32:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4E:40:F6:D0:42:AA:75:2F:31:3D:59:EF:6C:A5:2A:37:65:5A:8B
            X509v3 Authority Key Identifier:
                keyid:AC:9E:2E:FC:DC:21:3A:C5:B1:B0:87:9D:92:2A:17:8B:85:0F:45:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJ4u_NwhOsWxsIedkioXi4UPRR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/2U5A9tBCqnUvMT1Z72ylKjdlWos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d1faa9-b5a3-4d49-868a-7c7bf27175c5/1/rJ4u_NwhOsWxsIedkioXi4UPRR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.124.0/24
                IPv6:
                  2a00:4f40:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:25:b8:a4:36:5d:93:2e:72:9f:da:d1:35:67:bd:0d:b7:5b:
         b7:23:b2:41:97:0b:79:cc:41:a7:3d:d5:a1:2a:8c:3b:46:11:
         2b:34:a8:bb:ac:63:9e:cd:6b:19:24:f1:ef:54:f6:bc:5c:38:
         fa:e8:99:f9:ca:c1:8b:90:c3:b4:ac:5a:fd:67:87:22:7e:f4:
         92:99:3f:b8:ce:9a:6d:b2:5d:4f:e2:e3:24:b1:e4:70:38:62:
         0f:b6:9c:61:fc:94:f8:b0:16:43:15:93:59:f5:ee:77:a6:65:
         5a:bd:f4:26:b5:27:6b:42:13:af:99:ae:c5:39:2e:e3:df:ce:
         a8:ff:8d:58:24:ec:39:b5:b7:d7:f4:85:63:3c:b8:86:33:4b:
         50:b9:94:e9:80:1a:d5:3e:25:ed:bd:6f:eb:53:06:07:2e:78:
         85:a1:50:b8:25:50:a2:60:67:1f:f2:88:1c:f0:4d:50:48:c4:
         27:30:6b:b6:66:70:93:4a:63:b7:ed:85:a1:95:f0:1d:1e:00:
         84:24:38:86:a9:0c:5f:da:38:7d:92:4e:03:30:ca:92:b0:b9:
         3a:80:ad:3d:c0:3d:7c:83:86:0f:23:a6:ed:e0:03:40:67:fb:
         8f:4a:21:1f:37:46:5e:4c:a6:55:92:ba:9d:54:00:a3:58:c0:
         36:ad:1b:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZUUWhR1OUr9Z7zYmErPU8WtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWUyZWZjZGMyMTNhYzViMWIwODc5ZDkyMmExNzhiODUw
ZjQ1MWYwHhcNMjUwMjE3MTQ0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRlNDBmNmQwNDJhYTc1MmYzMTNkNTllZjZjYTUyYTM3NjU1YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4z3FE9Xcb6MJAKqhasUF5/FQTtvr
Rd1yTp3ZenIg9XptVTonRoDsVrvBHA81Qs5GzjA6M24mewj8+9EOlpnXgpej+301
Ix1pFZU/eHgmYNViOHsDpxYBbT7fZ1Eo7rLYg3CDmMCWgNOQBEHHiE0cl5+2sLQc
1b/iBObfvtZVGTARnvCNflpcBxOelWlPK0xHSgyTE2Foow5sZlFk8jFcOhrXxivL
aMx9IhiKUXXErNMCVWsIx/pNhtoGh4ZRCMl1SpLHiiUQHJoZsMVbZtnVPIC8DQGX
R1ASMeUmjq+SKmCme3+SyakvFNhQPB0bDvcP+J2cFSswFsAoLCt3E6UyqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNlOQPbQQqp1LzE9We9spSo3ZVqLMB8GA1UdIwQY
MBaAFKyeLvzcITrFsbCHnZIqF4uFD0UfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEt
N2M3YmYyNzE3NWM1LzEvMlU1QTl0QkNxblV2TVQxWjcyeWxLamRsV29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMWZhYTktYjVhMy00ZDQ5LTg2OGEtN2M3YmYyNzE3NWM1
LzEvcko0dV9Od2hPc1d4c0llZGtpb1hpNFVQUlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTh8MA8E
AgACMAkDBwAqAE9A//4wDQYJKoZIhvcNAQELBQADggEBAKIluKQ2XZMucp/a0TVn
vQ23W7cjskGXC3nMQac91aEqjDtGESs0qLusY57Naxkk8e9U9rxcOPromfnKwYuQ
w7SsWv1nhyJ+9JKZP7jOmm2yXU/i4ySx5HA4Yg+2nGH8lPiwFkMVk1n17nemZVq9
9Ca1J2tCE6+ZrsU5LuPfzqj/jVgk7Dm1t9f0hWM8uIYzS1C5lOmAGtU+Je29b+tT
BgcueIWhULglUKJgZx/yiBzwTVBIxCcwa7ZmcJNKY7fthaGV8B0eAIQkOIapDF/a
OH2STgMwypKwuTqArT3APXyDhg8jpu3gA0Bn+49KIR83Rl5MplWSup1UAKNYwDat
G5k=
-----END CERTIFICATE-----