Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/aW4RufV84k31ipqteYJMKE-MWns.roa
File:                     aW4RufV84k31ipqteYJMKE-MWns.roa (raw, json)
Hash identifier:          TaIvFNKhSLJsRmqi1+QKHEIHNXDSbVD+wo6DE/PVLR4=
Subject key identifier:   69:6E:11:B9:F5:7C:E2:4D:F5:8A:9A:AD:79:82:4C:28:4F:8C:5A:7B
Certificate issuer:       /CN=1dcac99e7ca15d0c990420ee316d9aab84cc847f
Certificate serial:       019426D9231ABC52073757A39ACDBA51E1F5
Authority key identifier: 1D:CA:C9:9E:7C:A1:5D:0C:99:04:20:EE:31:6D:9A:AB:84:CC:84:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HcrJnnyhXQyZBCDuMW2aq4TMhH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/aW4RufV84k31ipqteYJMKE-MWns.roa
Signing time:             Thu 02 Jan 2025 11:49:11 +0000
ROA not before:           Thu 02 Jan 2025 11:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        85.236.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/HcrJnnyhXQyZBCDuMW2aq4TMhH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/HcrJnnyhXQyZBCDuMW2aq4TMhH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HcrJnnyhXQyZBCDuMW2aq4TMhH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:23:1a:bc:52:07:37:57:a3:9a:cd:ba:51:e1:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dcac99e7ca15d0c990420ee316d9aab84cc847f
        Validity
            Not Before: Jan  2 11:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=696e11b9f57ce24df58a9aad79824c284f8c5a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:a6:b8:41:66:6c:d6:9a:4c:29:71:f0:e0:
                    18:5d:0d:a7:3f:78:c8:46:11:1b:e9:f6:e2:2a:28:
                    f9:f4:8f:87:ee:05:4f:23:d8:04:ca:d9:41:7b:12:
                    f9:ba:46:07:52:d7:06:3c:c4:23:fe:1c:0d:8b:6d:
                    14:63:f4:01:e8:ba:cb:86:c2:74:84:cf:61:e7:35:
                    22:92:aa:2f:12:c0:9f:2a:d9:f3:2b:75:61:ea:60:
                    fe:45:15:36:bb:12:60:32:25:c3:88:24:2e:47:a8:
                    b9:23:01:aa:31:73:a5:15:ef:b2:a8:7f:d4:29:f3:
                    ed:55:0a:89:3d:48:6a:d4:6a:aa:db:5a:c9:eb:a8:
                    7b:0d:9d:57:23:c7:0e:3d:9b:a2:fb:44:38:56:64:
                    03:af:1c:82:ee:7e:3d:e7:6a:83:fc:a8:2b:61:f6:
                    32:f1:07:05:42:88:fe:ef:14:86:cb:cf:1c:4d:e3:
                    ac:33:84:8a:a6:3b:c0:b3:33:4a:e6:ce:94:d3:d4:
                    0c:e6:76:cc:59:1c:3f:41:c6:c2:b0:8a:f3:14:95:
                    ff:92:72:8b:ad:81:94:c0:05:45:2a:5f:e4:d2:10:
                    cf:05:08:70:0f:1c:50:4c:e4:ca:5d:b6:e8:bf:5c:
                    53:92:26:fc:0b:da:70:b7:bb:6f:23:7b:83:53:66:
                    a1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6E:11:B9:F5:7C:E2:4D:F5:8A:9A:AD:79:82:4C:28:4F:8C:5A:7B
            X509v3 Authority Key Identifier:
                keyid:1D:CA:C9:9E:7C:A1:5D:0C:99:04:20:EE:31:6D:9A:AB:84:CC:84:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HcrJnnyhXQyZBCDuMW2aq4TMhH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/aW4RufV84k31ipqteYJMKE-MWns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/9a5d4d-162a-4c09-a47a-92b5e25d247b/1/HcrJnnyhXQyZBCDuMW2aq4TMhH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.236.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bb:3a:b8:4b:e6:5b:0b:a8:ba:6e:17:26:a2:0e:fe:22:70:5e:
         29:95:33:d1:c6:d6:7b:70:35:80:ce:a2:3c:a0:af:73:38:97:
         d0:a4:cf:0d:d3:44:f0:85:f5:03:78:42:73:56:76:a3:8b:c4:
         cb:f0:85:60:c8:1c:72:96:ff:b1:f1:66:10:40:b5:5f:f0:d3:
         b5:be:47:96:37:62:ca:c5:30:c4:32:a7:b1:b2:ec:55:9f:a2:
         34:57:0d:ea:41:2d:3a:23:3b:dd:8e:9d:91:a6:9a:65:c9:3f:
         d2:d1:4f:4e:f4:c4:03:ac:ab:d0:a1:75:a2:7d:d6:65:c2:23:
         44:65:d8:89:80:6c:fc:91:ca:6f:45:3e:e2:2c:8d:e6:ab:43:
         bb:f0:4c:03:7c:a6:c8:ca:63:b2:a0:a1:34:5d:07:d2:52:2c:
         8d:e5:94:c5:18:80:43:4d:56:fc:78:57:8e:58:1d:d7:6b:4f:
         48:b9:ef:19:79:d0:4e:cf:a4:3f:31:b8:cf:24:98:ae:9d:07:
         7f:e5:ff:5b:07:8d:b9:82:81:07:7f:06:7b:5b:44:b0:7d:40:
         d4:bb:86:5a:9b:0e:95:1d:f8:d3:d7:b6:55:4f:f3:92:e4:d3:
         98:e3:78:89:5e:4f:c9:1b:57:c7:17:a3:0e:74:52:f5:55:a2:
         e0:a4:05:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SMavFIHN1ejms26UeH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkY2FjOTllN2NhMTVkMGM5OTA0MjBlZTMxNmQ5YWFiODRj
Yzg0N2YwHhcNMjUwMTAyMTE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZlMTFiOWY1N2NlMjRkZjU4YTlhYWQ3OTgyNGMyODRmOGM1YTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFSmuEFmbNaaTClx8OAYXQ2nP3jI
RhEb6fbiKij59I+H7gVPI9gEytlBexL5ukYHUtcGPMQj/hwNi20UY/QB6LrLhsJ0
hM9h5zUikqovEsCfKtnzK3Vh6mD+RRU2uxJgMiXDiCQuR6i5IwGqMXOlFe+yqH/U
KfPtVQqJPUhq1Gqq21rJ66h7DZ1XI8cOPZui+0Q4VmQDrxyC7n4952qD/KgrYfYy
8QcFQoj+7xSGy88cTeOsM4SKpjvAszNK5s6U09QM5nbMWRw/QcbCsIrzFJX/knKL
rYGUwAVFKl/k0hDPBQhwDxxQTOTKXbbov1xTkib8C9pwt7tvI3uDU2ahhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGluEbn1fOJN9YqarXmCTChPjFp7MB8GA1UdIwQY
MBaAFB3KyZ58oV0MmQQg7jFtmquEzIR/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGNySm5ueWhYUXlaQkNEdU1XMmFxNFRNaEg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS85YTVkNGQtMTYyYS00YzA5LWE0N2Et
OTJiNWUyNWQyNDdiLzEvYVc0UnVmVjg0azMxaXBxdGVZSk1LRS1NV25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS85YTVkNGQtMTYyYS00YzA5LWE0N2EtOTJiNWUyNWQyNDdi
LzEvSGNySm5ueWhYUXlaQkNEdU1XMmFxNFRNaEg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVeyIMA0G
CSqGSIb3DQEBCwUAA4IBAQC7OrhL5lsLqLpuFyaiDv4icF4plTPRxtZ7cDWAzqI8
oK9zOJfQpM8N00TwhfUDeEJzVnaji8TL8IVgyBxylv+x8WYQQLVf8NO1vkeWN2LK
xTDEMqexsuxVn6I0Vw3qQS06Izvdjp2RppplyT/S0U9O9MQDrKvQoXWifdZlwiNE
ZdiJgGz8kcpvRT7iLI3mq0O78EwDfKbIymOyoKE0XQfSUiyN5ZTFGIBDTVb8eFeO
WB3Xa09Iue8ZedBOz6Q/MbjPJJiunQd/5f9bB425goEHfwZ7W0SwfUDUu4Zamw6V
HfjT17ZVT/OS5NOY43iJXk/JG1fHF6MOdFL1VaLgpAXQ
-----END CERTIFICATE-----