Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/pPGln_tGe3Wb0dePm4ie5BM7xaM.roa
File:                     pPGln_tGe3Wb0dePm4ie5BM7xaM.roa (raw, json)
Hash identifier:          e7lXmv0/qA8zwcIJTP+HZzZQ8eseEaVWqcUevE7q2Nk=
Subject key identifier:   A4:F1:A5:9F:FB:46:7B:75:9B:D1:D7:8F:9B:88:9E:E4:13:3B:C5:A3
Certificate issuer:       /CN=137f23944e3d78da920055d72c74d02be5455f35
Certificate serial:       0194258FB597FE408747636BEF05B21B056E
Authority key identifier: 13:7F:23:94:4E:3D:78:DA:92:00:55:D7:2C:74:D0:2B:E5:45:5F:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/pPGln_tGe3Wb0dePm4ie5BM7xaM.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58744
IP address blocks:        185.252.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b5:97:fe:40:87:47:63:6b:ef:05:b2:1b:05:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137f23944e3d78da920055d72c74d02be5455f35
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f1a59ffb467b759bd1d78f9b889ee4133bc5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:66:bc:e6:35:de:f3:fe:1a:94:dc:ab:cf:44:
                    ea:95:5e:c5:09:db:34:30:9e:a7:aa:67:90:57:a8:
                    72:3e:87:4b:42:ab:8b:54:b5:19:2c:71:f2:04:c3:
                    8a:ab:7a:5a:f9:be:c9:34:c1:1b:b5:05:d1:ad:e7:
                    76:7f:48:01:cb:7f:5a:b6:06:5c:65:ae:49:e5:3f:
                    c8:9b:8e:a5:b1:0c:39:c0:a0:37:d9:f1:bb:b4:bb:
                    4a:1d:f1:23:36:bc:bf:ca:ca:e2:36:e8:fa:18:b6:
                    61:70:11:3f:14:22:08:0b:8f:83:ff:06:cc:5e:f5:
                    b7:cc:76:6e:ad:29:5e:cb:6b:12:2d:66:a1:c5:d1:
                    9b:3d:5c:70:f7:83:60:8f:42:bf:4e:4a:99:c3:38:
                    2a:98:21:56:c8:31:42:38:13:46:e7:9e:36:74:ec:
                    11:4f:a5:8d:3c:e6:98:d2:e8:02:48:9b:64:28:eb:
                    3c:55:c0:6c:79:77:fc:1e:89:1a:83:5a:ed:d2:7b:
                    ab:79:f8:bd:eb:56:33:e3:1d:6d:5b:13:e7:d4:02:
                    b8:26:dd:a6:7f:7f:a5:52:b6:b3:b8:fe:47:7a:5a:
                    9c:4c:7c:83:06:df:bc:1d:17:68:be:56:59:08:5b:
                    4e:ff:73:22:d3:a6:18:ca:a5:7f:2d:a7:9e:e2:90:
                    ee:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F1:A5:9F:FB:46:7B:75:9B:D1:D7:8F:9B:88:9E:E4:13:3B:C5:A3
            X509v3 Authority Key Identifier:
                keyid:13:7F:23:94:4E:3D:78:DA:92:00:55:D7:2C:74:D0:2B:E5:45:5F:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/pPGln_tGe3Wb0dePm4ie5BM7xaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:ba:65:c7:e3:31:67:01:c7:93:2b:21:ee:e8:7e:28:dd:8f:
         39:d1:92:ec:59:5b:e9:e7:f0:9e:49:4b:ba:20:3b:1e:1e:d1:
         ea:f5:e7:cd:60:a0:19:86:81:0d:4a:8c:76:db:85:c5:e0:2d:
         b6:19:9c:b8:5e:97:e8:60:b5:5e:bd:57:94:93:3a:09:5d:52:
         7a:4a:67:60:3e:4f:12:f1:7d:0d:b8:7a:3e:b1:2e:05:f5:23:
         d9:ee:ac:b4:66:6a:51:7e:1d:c5:1b:c0:0e:d5:e7:e8:c1:55:
         14:71:13:df:b8:31:7f:cd:7d:ec:5d:89:c8:05:c9:f4:f4:a3:
         f6:35:f1:3b:92:06:16:87:6f:68:b7:02:63:0c:86:30:e0:bf:
         0d:23:bf:57:1d:e0:03:86:65:c8:c7:6d:8d:74:88:db:8a:96:
         fe:82:96:da:e5:ab:b4:62:f8:e4:f6:5c:42:df:6c:13:83:43:
         1f:c4:e9:f0:8f:41:04:1f:69:d6:e7:fc:ff:35:17:eb:e1:97:
         c9:f8:3a:0c:32:54:9f:55:30:d9:50:bc:ab:75:fe:31:7b:da:
         70:dd:15:c6:f5:aa:c5:7c:e5:0d:28:13:b9:38:e7:70:89:90:
         8c:b5:ed:01:36:2d:93:75:01:07:b9:7d:4f:79:14:59:c5:6b:
         fa:d1:9e:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7WX/kCHR2Nr7wWyGwVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2YyMzk0NGUzZDc4ZGE5MjAwNTVkNzJjNzRkMDJiZTU0
NTVmMzUwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGYxYTU5ZmZiNDY3Yjc1OWJkMWQ3OGY5Yjg4OWVlNDEzM2JjNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12a85jXe8/4alNyrz0TqlV7FCds0
MJ6nqmeQV6hyPodLQquLVLUZLHHyBMOKq3pa+b7JNMEbtQXRred2f0gBy39atgZc
Za5J5T/Im46lsQw5wKA32fG7tLtKHfEjNry/ysriNuj6GLZhcBE/FCIIC4+D/wbM
XvW3zHZurSley2sSLWahxdGbPVxw94Ngj0K/TkqZwzgqmCFWyDFCOBNG5542dOwR
T6WNPOaY0ugCSJtkKOs8VcBseXf8Hokag1rt0nurefi961Yz4x1tWxPn1AK4Jt2m
f3+lUrazuP5HelqcTHyDBt+8HRdovlZZCFtO/3Mi06YYyqV/Laee4pDu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTxpZ/7Rnt1m9HXj5uInuQTO8WjMB8GA1UdIwQY
MBaAFBN/I5ROPXjakgBV1yx00CvlRV81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM4amxFNDllTnFTQUZYWExIVFFLLVZGWHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80YTE2NGUtMWU1OC00MTA1LWJlZDEt
NDA3YWY4OWFkOGU5LzEvcFBHbG5fdEdlM1diMGRlUG00aWU1Qk03eGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80YTE2NGUtMWU1OC00MTA1LWJlZDEtNDA3YWY4OWFkOGU5
LzEvRTM4amxFNDllTnFTQUZYWExIVFFLLVZGWHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufz8MA0G
CSqGSIb3DQEBCwUAA4IBAQASumXH4zFnAceTKyHu6H4o3Y850ZLsWVvp5/CeSUu6
IDseHtHq9efNYKAZhoENSox224XF4C22GZy4XpfoYLVevVeUkzoJXVJ6SmdgPk8S
8X0NuHo+sS4F9SPZ7qy0ZmpRfh3FG8AO1efowVUUcRPfuDF/zX3sXYnIBcn09KP2
NfE7kgYWh29otwJjDIYw4L8NI79XHeADhmXIx22NdIjbipb+gpba5au0Yvjk9lxC
32wTg0MfxOnwj0EEH2nW5/z/NRfr4ZfJ+DoMMlSfVTDZULyrdf4xe9pw3RXG9arF
fOUNKBO5OOdwiZCMte0BNi2TdQEHuX1PeRRZxWv60Z5h
-----END CERTIFICATE-----