Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/cPOk9XaYMPnXv3i4A_ZWhKLa-c0.roa
File:                     cPOk9XaYMPnXv3i4A_ZWhKLa-c0.roa (raw, json)
Hash identifier:          DgpoUG8V1y8nR1k4pl9K8GHgZay1hvO5tnK0jFOLUl0=
Subject key identifier:   70:F3:A4:F5:76:98:30:F9:D7:BF:78:B8:03:F6:56:84:A2:DA:F9:CD
Certificate issuer:       /CN=19ac1498860e2bb0958173854bd04c869a369017
Certificate serial:       01941FFA69E3C2C6AB9D53BC926E6ABC8D1E
Authority key identifier: 19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/cPOk9XaYMPnXv3i4A_ZWhKLa-c0.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136258
IP address blocks:        37.143.128.0/24 maxlen: 24
                          37.143.129.0/24 maxlen: 24
                          37.143.130.0/24 maxlen: 24
                          37.143.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:69:e3:c2:c6:ab:9d:53:bc:92:6e:6a:bc:8d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ac1498860e2bb0958173854bd04c869a369017
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70f3a4f5769830f9d7bf78b803f65684a2daf9cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4c:16:23:1b:50:53:57:80:5c:e5:48:38:9a:
                    c8:da:bb:a4:fa:b5:d6:99:7c:a7:07:78:61:8c:2b:
                    35:f2:6c:d0:49:f0:83:78:56:5a:63:5c:58:e4:68:
                    25:51:1b:f3:c4:4e:6a:62:f5:ff:e7:6a:95:b3:66:
                    20:5b:7d:63:b0:78:c2:40:85:92:e7:c6:d8:9e:2b:
                    d0:48:c5:b2:82:f7:aa:a4:5e:5f:30:54:35:5a:bd:
                    9d:27:bb:45:53:c5:4c:d6:8b:d4:13:45:a1:60:58:
                    73:2b:d1:cf:fe:92:a1:2a:fc:c7:3e:aa:eb:93:d1:
                    41:79:7f:ca:a0:3a:93:18:27:32:85:78:24:20:be:
                    ac:66:ac:9c:cd:42:be:4b:87:9e:5d:47:71:72:bd:
                    4f:dc:f9:46:2b:9f:b9:0b:da:59:81:2d:96:72:7f:
                    36:af:81:b2:6b:d7:d8:80:ef:95:5d:58:fe:aa:d6:
                    96:1c:86:ad:6b:8c:70:04:64:d5:74:3b:4b:8b:55:
                    7c:8b:4c:a0:64:37:29:a8:90:21:0c:e8:98:b3:24:
                    8f:a7:77:11:96:1f:23:6d:80:fe:63:6a:16:b1:bb:
                    e8:06:ff:fc:f6:09:ba:9a:8f:b0:48:76:51:5b:3d:
                    be:a1:67:ba:dd:cb:c4:32:02:48:bc:6f:de:8e:4e:
                    9f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F3:A4:F5:76:98:30:F9:D7:BF:78:B8:03:F6:56:84:A2:DA:F9:CD
            X509v3 Authority Key Identifier:
                keyid:19:AC:14:98:86:0E:2B:B0:95:81:73:85:4B:D0:4C:86:9A:36:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GawUmIYOK7CVgXOFS9BMhpo2kBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/cPOk9XaYMPnXv3i4A_ZWhKLa-c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/69c389-17c9-4461-a390-7aa290e857e9/1/GawUmIYOK7CVgXOFS9BMhpo2kBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:d6:08:c8:4e:30:5d:ef:c7:35:bb:d4:b5:c8:36:2f:9a:ed:
         d9:b3:e4:ba:a6:4b:9a:54:2f:5b:d6:49:3e:88:33:50:b7:80:
         77:9e:9c:51:02:6b:51:10:b2:0f:02:49:00:f3:ba:65:78:c2:
         4c:8b:03:1f:9a:c8:d0:d9:48:80:5e:bb:7a:8f:84:fe:8c:3a:
         09:1d:5c:b9:b1:4f:64:4f:7a:61:2f:bc:04:43:64:bb:d1:2b:
         e4:33:73:ca:e4:0a:06:1a:8c:71:a0:d6:2d:ff:90:37:0f:ed:
         1d:e8:2a:24:34:89:04:ea:23:86:25:74:46:66:ee:94:47:77:
         12:79:91:0f:15:e3:8d:01:38:68:5b:8e:48:3d:bd:eb:c6:31:
         e0:e7:22:0d:d4:a5:4b:4f:cf:a7:af:ee:8b:31:bf:5c:ea:b9:
         d7:96:8e:ce:da:c1:22:d3:3e:c1:c8:87:0f:5d:6b:23:9a:18:
         4c:ff:43:4f:54:5f:55:ef:11:36:db:ad:cc:a2:f7:fa:02:11:
         21:bd:6c:31:fb:62:ff:dd:e2:07:e5:33:6e:1d:a9:9c:99:fa:
         96:1c:a4:50:0f:32:21:3f:88:53:09:45:24:7a:2e:81:4b:8c:
         ec:98:c7:29:bd:6b:c1:da:48:ef:7c:50:d0:c8:84:c1:4f:03:
         48:c9:75:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mnjwsarnVO8km5qvI0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YWMxNDk4ODYwZTJiYjA5NTgxNzM4NTRiZDA0Yzg2OWEz
NjkwMTcwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGYzYTRmNTc2OTgzMGY5ZDdiZjc4YjgwM2Y2NTY4NGEyZGFmOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0wWIxtQU1eAXOVIOJrI2ruk+rXW
mXynB3hhjCs18mzQSfCDeFZaY1xY5GglURvzxE5qYvX/52qVs2YgW31jsHjCQIWS
58bYnivQSMWygveqpF5fMFQ1Wr2dJ7tFU8VM1ovUE0WhYFhzK9HP/pKhKvzHPqrr
k9FBeX/KoDqTGCcyhXgkIL6sZqyczUK+S4eeXUdxcr1P3PlGK5+5C9pZgS2Wcn82
r4Gya9fYgO+VXVj+qtaWHIata4xwBGTVdDtLi1V8i0ygZDcpqJAhDOiYsySPp3cR
lh8jbYD+Y2oWsbvoBv/89gm6mo+wSHZRWz2+oWe63cvEMgJIvG/ejk6fcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDzpPV2mDD51794uAP2VoSi2vnNMB8GA1UdIwQY
MBaAFBmsFJiGDiuwlYFzhUvQTIaaNpAXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAt
N2FhMjkwZTg1N2U5LzEvY1BPazlYYVlNUG5YdjNpNEFfWldoS0xhLWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82OWMzODktMTdjOS00NDYxLWEzOTAtN2FhMjkwZTg1N2U5
LzEvR2F3VW1JWU9LN0NWZ1hPRlM5Qk1ocG8ya0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY+AMA0G
CSqGSIb3DQEBCwUAA4IBAQA61gjITjBd78c1u9S1yDYvmu3Zs+S6pkuaVC9b1kk+
iDNQt4B3npxRAmtRELIPAkkA87pleMJMiwMfmsjQ2UiAXrt6j4T+jDoJHVy5sU9k
T3phL7wEQ2S70SvkM3PK5AoGGoxxoNYt/5A3D+0d6CokNIkE6iOGJXRGZu6UR3cS
eZEPFeONAThoW45IPb3rxjHg5yIN1KVLT8+nr+6LMb9c6rnXlo7O2sEi0z7ByIcP
XWsjmhhM/0NPVF9V7xE2263Movf6AhEhvWwx+2L/3eIH5TNuHamcmfqWHKRQDzIh
P4hTCUUkei6BS4zsmMcpvWvB2kjvfFDQyITBTwNIyXXS
-----END CERTIFICATE-----