Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/aLexfPDGULdeLEaZK1qcN8F_0gk.roa
File:                     aLexfPDGULdeLEaZK1qcN8F_0gk.roa (raw, json)
Hash identifier:          mf1iYDEjsne4mRwDfdumJxwd7j7HuNwZ6q+crjDLiV4=
Subject key identifier:   68:B7:B1:7C:F0:C6:50:B7:5E:2C:46:99:2B:5A:9C:37:C1:7F:D2:09
Certificate issuer:       /CN=51e140495bd06c2e8efacb7ed0a31516db1f405f
Certificate serial:       0194B1BF3851C1BBC778B41BBA5B4178F0BD
Authority key identifier: 51:E1:40:49:5B:D0:6C:2E:8E:FA:CB:7E:D0:A3:15:16:DB:1F:40:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UeFASVvQbC6O-st-0KMVFtsfQF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/aLexfPDGULdeLEaZK1qcN8F_0gk.roa
Signing time:             Wed 29 Jan 2025 11:08:06 +0000
ROA not before:           Wed 29 Jan 2025 11:08:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        185.234.137.0/24 maxlen: 24
                          185.234.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/UeFASVvQbC6O-st-0KMVFtsfQF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/UeFASVvQbC6O-st-0KMVFtsfQF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UeFASVvQbC6O-st-0KMVFtsfQF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:bf:38:51:c1:bb:c7:78:b4:1b:ba:5b:41:78:f0:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51e140495bd06c2e8efacb7ed0a31516db1f405f
        Validity
            Not Before: Jan 29 11:08:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68b7b17cf0c650b75e2c46992b5a9c37c17fd209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d3:f1:b5:de:a6:c0:f9:0f:d0:c5:88:3f:99:
                    4a:6a:cd:93:a0:93:78:a1:a1:2b:5a:4e:3e:01:b0:
                    58:d1:90:18:6b:53:8c:09:cd:14:d4:98:7b:8c:0e:
                    b0:59:9b:de:b5:21:e2:8a:32:22:d0:74:4c:07:49:
                    6e:71:59:42:c4:0c:71:1c:be:b4:65:ec:d6:29:9a:
                    da:b3:3b:9e:56:f7:c5:0f:14:8f:38:b0:07:48:01:
                    1d:4f:61:06:e4:0e:d9:ad:01:9a:93:3f:38:81:51:
                    36:a6:b7:fb:5f:a2:19:82:ac:e3:ec:c0:28:e4:b0:
                    32:6f:48:0b:06:d0:07:ab:e1:05:57:4c:9d:0d:4a:
                    e5:14:17:b4:8e:bf:6e:5b:7b:92:46:d9:41:f6:be:
                    15:1f:f5:46:9c:1b:6c:91:f4:01:08:da:02:19:8d:
                    a2:40:3e:c8:40:07:b7:66:36:b2:65:2a:22:c1:fa:
                    b6:39:63:b4:da:5c:16:ff:9f:a8:82:bc:c7:2a:ad:
                    42:4e:da:e6:dc:29:1b:99:4f:2d:7c:33:eb:be:4f:
                    d4:0f:81:17:69:0d:60:f1:01:df:da:ed:83:d7:de:
                    20:aa:0f:97:59:79:f1:1e:55:a4:c2:45:61:ba:41:
                    0b:24:bb:8f:ce:91:82:d7:84:6a:30:0f:52:8d:c8:
                    1a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B7:B1:7C:F0:C6:50:B7:5E:2C:46:99:2B:5A:9C:37:C1:7F:D2:09
            X509v3 Authority Key Identifier:
                keyid:51:E1:40:49:5B:D0:6C:2E:8E:FA:CB:7E:D0:A3:15:16:DB:1F:40:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UeFASVvQbC6O-st-0KMVFtsfQF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/aLexfPDGULdeLEaZK1qcN8F_0gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/fd5f04-1d26-4451-a6ae-9867642c2f10/1/UeFASVvQbC6O-st-0KMVFtsfQF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.137.0-185.234.138.255

    Signature Algorithm: sha256WithRSAEncryption
         77:be:45:dc:0d:2a:0a:23:fe:3d:4a:e2:25:56:23:d4:9e:0a:
         c7:36:ad:75:67:19:7f:6c:68:00:b9:04:8e:77:87:2f:62:5d:
         0b:fd:49:d7:6d:b3:96:ab:ff:ba:a9:10:81:c8:ff:ff:a9:d9:
         47:17:4e:54:9a:b4:6a:76:cb:29:2d:4f:e2:7e:63:f2:38:65:
         89:62:99:79:64:d3:f2:cb:d6:d1:3d:48:2a:79:eb:68:df:88:
         08:ce:4b:52:9c:c0:7e:c3:05:ae:c6:0c:d4:42:c3:4d:91:49:
         d6:ba:31:03:bb:f1:f1:5e:2c:b3:79:95:11:34:75:fa:11:bd:
         3c:25:4f:5f:3f:e1:c1:0e:86:d2:9a:66:a3:2c:02:d8:53:2e:
         38:bf:c7:0d:87:87:05:2d:2f:f3:8e:82:43:c2:57:de:fe:33:
         f9:9f:37:bf:e2:db:ff:a8:cd:d7:19:cd:de:9e:88:ee:23:d1:
         c9:d1:6e:ab:3e:1e:1b:d1:3d:c1:f2:bf:01:80:15:7b:11:e6:
         aa:5c:7e:89:31:4f:e8:5b:85:27:16:b8:97:b6:db:ea:44:c0:
         d0:32:42:6c:a3:de:ab:f5:22:25:e8:93:41:c7:32:2e:a4:33:
         3a:d7:7b:9b:45:4f:5d:94:0d:c3:d9:37:33:66:40:7b:09:f8:
         38:fb:1a:1b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZSxvzhRwbvHeLQbultBePC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZTE0MDQ5NWJkMDZjMmU4ZWZhY2I3ZWQwYTMxNTE2ZGIx
ZjQwNWYwHhcNMjUwMTI5MTEwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGI3YjE3Y2YwYzY1MGI3NWUyYzQ2OTkyYjVhOWMzN2MxN2ZkMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtPxtd6mwPkP0MWIP5lKas2ToJN4
oaErWk4+AbBY0ZAYa1OMCc0U1Jh7jA6wWZvetSHiijIi0HRMB0lucVlCxAxxHL60
ZezWKZraszueVvfFDxSPOLAHSAEdT2EG5A7ZrQGakz84gVE2prf7X6IZgqzj7MAo
5LAyb0gLBtAHq+EFV0ydDUrlFBe0jr9uW3uSRtlB9r4VH/VGnBtskfQBCNoCGY2i
QD7IQAe3ZjayZSoiwfq2OWO02lwW/5+ogrzHKq1CTtrm3CkbmU8tfDPrvk/UD4EX
aQ1g8QHf2u2D194gqg+XWXnxHlWkwkVhukELJLuPzpGC14RqMA9Sjcga1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGi3sXzwxlC3XixGmStanDfBf9IJMB8GA1UdIwQY
MBaAFFHhQElb0GwujvrLftCjFRbbH0BfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWVGQVNWdlFiQzZPLXN0LTBLTVZGdHNmUUY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9mZDVmMDQtMWQyNi00NDUxLWE2YWUt
OTg2NzY0MmMyZjEwLzEvYUxleGZQREdVTGRlTEVhWksxcWNOOEZfMGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9mZDVmMDQtMWQyNi00NDUxLWE2YWUtOTg2NzY0MmMyZjEw
LzEvVWVGQVNWdlFiQzZPLXN0LTBLTVZGdHNmUUY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC56okD
BAC56oowDQYJKoZIhvcNAQELBQADggEBAHe+RdwNKgoj/j1K4iVWI9SeCsc2rXVn
GX9saAC5BI53hy9iXQv9Sddts5ar/7qpEIHI//+p2UcXTlSatGp2yyktT+J+Y/I4
ZYlimXlk0/LL1tE9SCp562jfiAjOS1KcwH7DBa7GDNRCw02RSda6MQO78fFeLLN5
lRE0dfoRvTwlT18/4cEOhtKaZqMsAthTLji/xw2HhwUtL/OOgkPCV97+M/mfN7/i
2/+ozdcZzd6eiO4j0cnRbqs+HhvRPcHyvwGAFXsR5qpcfokxT+hbhScWuJe22+pE
wNAyQmyj3qv1IiXok0HHMi6kMzrXe5tFT12UDcPZNzNmQHsJ+Dj7Ghs=
-----END CERTIFICATE-----