Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/mLA257ocCAEG4i8dT3-2uEMzH38.roa
File:                     mLA257ocCAEG4i8dT3-2uEMzH38.roa (raw, json)
Hash identifier:          gAidC2XkEP7lY54SVw2r9aPedFyESPvNjAYkfUOrZPc=
Subject key identifier:   98:B0:36:E7:BA:1C:08:01:06:E2:2F:1D:4F:7F:B6:B8:43:33:1F:7F
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0194C7328E951602EE8D5FB3B244C1604CAC
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/mLA257ocCAEG4i8dT3-2uEMzH38.roa
Signing time:             Sun 02 Feb 2025 15:06:06 +0000
ROA not before:           Sun 02 Feb 2025 15:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152460
IP address blocks:        87.229.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c7:32:8e:95:16:02:ee:8d:5f:b3:b2:44:c1:60:4c:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb  2 15:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98b036e7ba1c080106e22f1d4f7fb6b843331f7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:af:dd:b2:23:29:cc:a9:41:d2:10:3b:af:b2:
                    53:fb:bc:28:a4:34:c5:25:be:bd:52:b5:e0:79:bb:
                    27:6c:24:43:78:62:7d:fc:e2:8c:81:ec:98:65:b8:
                    6c:d9:70:4d:e3:41:69:f0:33:35:d2:bc:e2:c7:6c:
                    2d:14:c6:b3:2d:4d:99:27:85:3e:9e:0b:08:54:4c:
                    d4:7f:f9:5d:61:ed:0f:4a:ff:d4:bf:21:a6:aa:a6:
                    22:f1:fe:a3:5e:78:b9:0c:21:7f:28:29:63:e8:4a:
                    a1:fa:8f:45:fb:8e:9d:8c:de:a4:d2:26:33:1a:fd:
                    f5:fb:da:b8:c2:61:43:ac:bc:0a:40:a2:1d:9d:c7:
                    cf:c1:da:af:cc:87:b8:bb:d0:aa:00:09:ed:57:55:
                    32:a1:d5:1e:ab:0f:7d:1b:4a:ff:09:d9:4c:74:d5:
                    34:cb:7e:b4:98:64:f2:68:96:f0:14:31:79:d1:47:
                    c2:e7:9f:77:76:6e:03:9f:59:2c:bd:24:9e:9f:20:
                    5c:36:cf:81:bd:aa:3e:18:51:67:2c:8b:b4:cc:bc:
                    b5:34:42:cb:79:c6:28:93:d4:09:7c:4f:0f:20:a2:
                    7e:1f:13:4f:2a:f6:ac:fb:ba:f4:c5:15:99:3a:e0:
                    83:37:67:95:77:6c:09:b6:fc:cb:09:eb:10:94:60:
                    01:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B0:36:E7:BA:1C:08:01:06:E2:2F:1D:4F:7F:B6:B8:43:33:1F:7F
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/mLA257ocCAEG4i8dT3-2uEMzH38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:2a:99:c3:da:dd:6a:84:a0:95:7e:65:fb:3b:3e:ad:6b:0a:
         c9:9b:3a:e4:cd:ce:e8:0d:7f:6c:0b:d4:dd:0c:4f:65:13:7a:
         e3:7d:da:aa:75:d5:e8:50:02:7f:53:93:c9:27:72:cc:dd:8c:
         5f:c6:22:d8:9e:fd:d0:64:b7:e7:41:89:74:fe:ea:49:17:2b:
         97:b5:38:9e:f9:4e:e9:6e:e4:d4:45:a4:4c:de:35:c3:b1:3c:
         d7:0e:88:22:94:02:04:ce:69:c1:57:11:ca:ad:06:ad:52:75:
         cd:60:4e:72:41:df:19:de:4f:a6:8a:e6:0a:93:3b:ae:a7:4f:
         ea:2b:f0:e4:0b:33:a2:77:4f:d6:c1:24:51:2d:a8:5c:79:9d:
         a3:46:19:1f:33:6f:7a:a6:a0:4b:c8:44:dd:2a:eb:3b:a1:6b:
         c7:27:b8:68:e0:08:96:44:a5:46:fe:52:01:13:bc:4a:66:f4:
         64:3f:7f:92:d4:ed:94:1c:db:a4:a9:47:08:89:5c:8a:8c:5e:
         d2:03:b7:bd:8f:41:7a:c2:6d:b5:5f:0a:c0:32:ed:04:be:a9:
         7d:92:94:40:6d:63:b9:ca:2e:9d:87:3a:ee:4e:7b:08:75:52:
         a5:ca:03:25:39:8d:14:dc:b8:1f:02:64:fa:7e:6b:8e:96:fc:
         e0:26:47:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTHMo6VFgLujV+zskTBYEysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMjAyMTUwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGIwMzZlN2JhMWMwODAxMDZlMjJmMWQ0ZjdmYjZiODQzMzMxZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6/dsiMpzKlB0hA7r7JT+7wopDTF
Jb69UrXgebsnbCRDeGJ9/OKMgeyYZbhs2XBN40Fp8DM10rzix2wtFMazLU2ZJ4U+
ngsIVEzUf/ldYe0PSv/UvyGmqqYi8f6jXni5DCF/KClj6Eqh+o9F+46djN6k0iYz
Gv31+9q4wmFDrLwKQKIdncfPwdqvzIe4u9CqAAntV1UyodUeqw99G0r/CdlMdNU0
y360mGTyaJbwFDF50UfC5593dm4Dn1ksvSSenyBcNs+Bvao+GFFnLIu0zLy1NELL
ecYok9QJfE8PIKJ+HxNPKvas+7r0xRWZOuCDN2eVd2wJtvzLCesQlGABYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiwNue6HAgBBuIvHU9/trhDMx9/MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvbUxBMjU3b2NDQUVHNGk4ZFQzLTJ1RU16SDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UAMA0G
CSqGSIb3DQEBCwUAA4IBAQCAKpnD2t1qhKCVfmX7Oz6tawrJmzrkzc7oDX9sC9Td
DE9lE3rjfdqqddXoUAJ/U5PJJ3LM3YxfxiLYnv3QZLfnQYl0/upJFyuXtTie+U7p
buTURaRM3jXDsTzXDogilAIEzmnBVxHKrQatUnXNYE5yQd8Z3k+miuYKkzuup0/q
K/DkCzOid0/WwSRRLahceZ2jRhkfM296pqBLyETdKus7oWvHJ7ho4AiWRKVG/lIB
E7xKZvRkP3+S1O2UHNukqUcIiVyKjF7SA7e9j0F6wm21XwrAMu0Evql9kpRAbWO5
yi6dhzruTnsIdVKlygMlOY0U3LgfAmT6fmuOlvzgJkd3
-----END CERTIFICATE-----