Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/oLLFimpiIjJAatRY99k9UQMOCQQ.roa
File:                     oLLFimpiIjJAatRY99k9UQMOCQQ.roa (raw, json)
Hash identifier:          wTcQB20VYZ/GbSK9GTTzmMAtJntg2q+//028FiIAhtc=
Subject key identifier:   A0:B2:C5:8A:6A:62:22:32:40:6A:D4:58:F7:D9:3D:51:03:0E:09:04
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       0194F5A1B35C59F33781455CABE38E149DDA
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/oLLFimpiIjJAatRY99k9UQMOCQQ.roa
Signing time:             Tue 11 Feb 2025 15:30:02 +0000
ROA not before:           Tue 11 Feb 2025 15:30:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        37.153.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:a1:b3:5c:59:f3:37:81:45:5c:ab:e3:8e:14:9d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Feb 11 15:30:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0b2c58a6a622232406ad458f7d93d51030e0904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:08:bb:16:00:fc:d6:60:20:bd:11:20:b2:c3:
                    9b:7c:2c:4d:fc:08:93:f7:0c:cb:1b:87:9a:95:c1:
                    7e:cd:14:f5:fa:5a:da:80:1a:8a:9a:86:ca:99:85:
                    48:a1:51:54:27:4a:d9:5d:5f:97:57:75:8f:9d:47:
                    91:50:ba:b9:c8:fa:d7:b9:76:df:5f:a6:1e:b4:ef:
                    80:06:ff:3a:ed:5c:d8:c8:74:77:4f:d3:d2:f8:cb:
                    34:21:62:91:a0:36:8a:47:9c:0d:43:0d:67:a0:38:
                    c1:03:69:ed:31:aa:26:a7:b3:29:62:eb:59:8b:95:
                    a3:d1:c6:f1:69:d3:86:28:ac:c3:f6:8b:4a:ef:c3:
                    8e:5f:2a:33:95:73:4d:05:d6:85:ad:92:4e:7f:eb:
                    18:7f:03:28:29:9e:d3:2b:0e:1b:1a:6d:fd:cb:6c:
                    0a:a8:d6:de:cd:ed:20:ca:d3:b0:7c:23:a7:91:01:
                    44:49:26:5e:f4:46:e8:20:f2:b1:36:b8:fb:45:36:
                    8b:9e:04:15:ec:7d:e1:79:10:97:2e:1d:41:e1:32:
                    9d:d8:47:3f:9a:cb:9c:70:8f:17:fa:e3:80:ee:eb:
                    52:e1:09:b3:48:1c:21:e6:dc:de:4a:86:e8:67:3c:
                    d0:a6:06:82:da:6b:c7:af:27:06:6b:da:ca:69:45:
                    45:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B2:C5:8A:6A:62:22:32:40:6A:D4:58:F7:D9:3D:51:03:0E:09:04
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/oLLFimpiIjJAatRY99k9UQMOCQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:09:76:0c:b9:bd:62:2b:14:27:08:7f:d8:83:c5:aa:50:b1:
         b4:3b:d2:45:b4:65:d1:f8:89:78:45:5a:9e:4a:84:f1:bd:03:
         e8:2a:a8:25:f4:f7:a0:86:86:0c:3b:a2:d3:a3:8f:c3:1e:4e:
         b7:b5:72:82:9d:21:c3:dc:fc:dd:c6:d7:7a:be:7c:7b:29:fc:
         fa:53:8d:8e:93:9c:66:36:f2:33:d5:d5:f9:1f:1c:a5:8f:4a:
         6b:e0:70:27:16:7a:9b:97:e3:99:aa:bc:c0:14:53:2c:54:ea:
         49:82:81:34:bc:54:6e:f0:ff:c5:0f:04:3d:7e:41:3a:f0:d0:
         13:84:66:c8:96:46:29:92:a2:e3:e2:d7:03:0e:d9:f9:18:d6:
         ec:6e:55:17:5e:93:68:cc:8a:b5:fa:38:c4:3c:ca:a1:74:42:
         b6:0b:e1:7f:ac:9b:11:f0:22:9f:77:c2:bc:d3:2c:fc:19:b1:
         7e:19:01:f0:41:95:c6:5c:c6:17:6c:2f:15:0d:ff:0b:bd:46:
         ec:c7:09:27:90:58:3c:fa:6c:d4:e3:10:60:7f:8f:68:4b:7e:
         9d:75:fe:90:d7:de:8b:27:76:2d:55:ee:6a:53:a8:7e:47:9e:
         3e:10:0e:fd:f9:44:90:b5:5d:5b:98:00:9a:fa:48:a5:7f:ab:
         8b:e3:32:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1obNcWfM3gUVcq+OOFJ3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjUwMjExMTUzMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGIyYzU4YTZhNjIyMjMyNDA2YWQ0NThmN2Q5M2Q1MTAzMGUwOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywi7FgD81mAgvREgssObfCxN/AiT
9wzLG4ealcF+zRT1+lragBqKmobKmYVIoVFUJ0rZXV+XV3WPnUeRULq5yPrXuXbf
X6YetO+ABv867VzYyHR3T9PS+Ms0IWKRoDaKR5wNQw1noDjBA2ntMaomp7MpYutZ
i5Wj0cbxadOGKKzD9otK78OOXyozlXNNBdaFrZJOf+sYfwMoKZ7TKw4bGm39y2wK
qNbeze0gytOwfCOnkQFESSZe9EboIPKxNrj7RTaLngQV7H3heRCXLh1B4TKd2Ec/
msuccI8X+uOA7utS4QmzSBwh5tzeSoboZzzQpgaC2mvHrycGa9rKaUVFlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCyxYpqYiIyQGrUWPfZPVEDDgkEMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvb0xMRmltcGlJakpBYXRSWTk5azlVUU1PQ1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmZMA0G
CSqGSIb3DQEBCwUAA4IBAQCMCXYMub1iKxQnCH/Yg8WqULG0O9JFtGXR+Il4RVqe
SoTxvQPoKqgl9PeghoYMO6LTo4/DHk63tXKCnSHD3Pzdxtd6vnx7Kfz6U42Ok5xm
NvIz1dX5Hxylj0pr4HAnFnqbl+OZqrzAFFMsVOpJgoE0vFRu8P/FDwQ9fkE68NAT
hGbIlkYpkqLj4tcDDtn5GNbsblUXXpNozIq1+jjEPMqhdEK2C+F/rJsR8CKfd8K8
0yz8GbF+GQHwQZXGXMYXbC8VDf8LvUbsxwknkFg8+mzU4xBgf49oS36ddf6Q196L
J3YtVe5qU6h+R54+EA79+USQtV1bmACa+kilf6uL4zLb
-----END CERTIFICATE-----