Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ps4Flj1BkuW7sLiIgaxaOcmRga0.roa
File:                     ps4Flj1BkuW7sLiIgaxaOcmRga0.roa (raw, json)
Hash identifier:          z/miJktON8vN7qBgG9XGiJDAvY3R13S1nLYmw94yLfM=
Subject key identifier:   A6:CE:05:96:3D:41:92:E5:BB:B0:B8:88:81:AC:5A:39:C9:91:81:AD
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019426D9FD6555872D7EB41FC534B1E37532
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ps4Flj1BkuW7sLiIgaxaOcmRga0.roa
Signing time:             Thu 02 Jan 2025 11:50:07 +0000
ROA not before:           Thu 02 Jan 2025 11:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39020
IP address blocks:        37.235.53.0/24 maxlen: 24
                          151.236.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:fd:65:55:87:2d:7e:b4:1f:c5:34:b1:e3:75:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  2 11:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6ce05963d4192e5bbb0b88881ac5a39c99181ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:23:13:d4:18:33:c1:cc:3e:34:c3:82:7d:2a:
                    05:53:85:dd:41:c2:b8:bf:42:90:80:f1:0e:f0:5c:
                    31:fc:82:74:c0:b4:ad:cd:a0:a5:d2:98:9e:32:d5:
                    92:53:30:a3:83:ad:f8:14:18:34:35:f3:cb:46:55:
                    df:3e:1e:b2:10:92:f4:a5:b2:87:06:59:4f:7a:e6:
                    f7:15:66:64:53:bf:df:d4:85:a6:1b:6a:b6:7a:69:
                    26:f1:fc:67:61:8d:e0:bb:84:78:fe:ce:c5:f5:a5:
                    86:61:c0:c4:0f:18:17:a3:66:09:f4:d6:01:f8:5a:
                    a7:45:29:dd:8e:c8:1e:31:8d:de:51:ba:3e:45:8e:
                    62:e9:b0:b4:7d:b0:22:49:c7:f6:06:83:b2:0b:5d:
                    a9:69:d6:55:a1:82:c5:1c:c0:3d:cc:4d:eb:2a:64:
                    f7:3b:d8:c2:05:17:d1:d0:d8:3a:8e:3e:6c:b2:3d:
                    ae:99:d2:75:88:d6:30:34:79:3d:4a:d2:a1:cc:cf:
                    b4:e2:a0:94:c6:56:fe:fd:9e:d5:41:e9:f5:47:77:
                    3d:22:69:3e:f8:da:1f:d4:d4:65:dc:71:6f:2f:4c:
                    f1:9a:99:c2:d7:78:f9:eb:56:75:18:c9:e4:a6:c2:
                    5e:19:78:8b:e3:4c:67:98:70:01:5a:bb:48:b3:a1:
                    d3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:CE:05:96:3D:41:92:E5:BB:B0:B8:88:81:AC:5A:39:C9:91:81:AD
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ps4Flj1BkuW7sLiIgaxaOcmRga0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.53.0/24
                  151.236.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:30:4a:e6:b9:97:a0:cf:62:20:b1:f2:13:85:b6:dd:6d:de:
         52:53:bc:58:0b:ae:40:0a:a4:1b:48:b3:71:79:94:e1:dd:7a:
         25:39:27:d7:65:64:c5:22:19:ed:1e:eb:94:72:5c:58:20:e9:
         68:45:5b:5a:f9:7b:45:f2:c6:6d:22:c2:87:ea:1d:7a:c7:14:
         f8:8a:65:db:6c:7b:0e:74:73:aa:10:85:a3:32:b1:6d:50:72:
         76:c7:3f:d2:b2:2d:7c:5c:cf:79:06:7f:6a:0b:04:40:51:a2:
         85:f5:dc:bb:6c:b5:5e:91:d3:33:73:2a:dd:b7:f4:00:c1:7f:
         6e:cc:7c:c7:1a:61:0a:5e:f5:3b:3c:16:72:84:d7:4a:d1:73:
         ec:69:f1:a6:d1:70:a5:a0:2d:df:3c:d6:32:e7:a1:8e:37:e5:
         1c:3a:20:ce:38:fb:90:26:52:04:a6:bb:c8:83:09:b1:5d:17:
         3a:0d:f9:72:f7:31:11:a3:84:8c:31:de:23:db:f5:78:a5:00:
         e6:e5:cc:f4:58:b6:79:07:db:d2:ee:ab:ad:52:73:31:4c:09:
         0b:5d:22:ec:96:31:c2:7f:9d:f6:67:e7:96:47:c6:a4:f7:97:
         2d:b3:ad:ab:42:18:2d:16:66:9a:1f:bf:b3:17:9f:9f:4c:97:
         2a:bb:1b:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2f1lVYctfrQfxTSx43UyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmNlMDU5NjNkNDE5MmU1YmJiMGI4ODg4MWFjNWEzOWM5OTE4MWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iMT1Bgzwcw+NMOCfSoFU4XdQcK4
v0KQgPEO8Fwx/IJ0wLStzaCl0pieMtWSUzCjg634FBg0NfPLRlXfPh6yEJL0pbKH
BllPeub3FWZkU7/f1IWmG2q2emkm8fxnYY3gu4R4/s7F9aWGYcDEDxgXo2YJ9NYB
+FqnRSndjsgeMY3eUbo+RY5i6bC0fbAiScf2BoOyC12padZVoYLFHMA9zE3rKmT3
O9jCBRfR0Ng6jj5ssj2umdJ1iNYwNHk9StKhzM+04qCUxlb+/Z7VQen1R3c9Imk+
+Nof1NRl3HFvL0zxmpnC13j561Z1GMnkpsJeGXiL40xnmHABWrtIs6HTIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKbOBZY9QZLlu7C4iIGsWjnJkYGtMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvcHM0RmxqMUJrdVc3c0xpSWdheGFPY21SZ2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJes1AwQA
l+wXMA0GCSqGSIb3DQEBCwUAA4IBAQCnMErmuZegz2IgsfIThbbdbd5SU7xYC65A
CqQbSLNxeZTh3XolOSfXZWTFIhntHuuUclxYIOloRVta+XtF8sZtIsKH6h16xxT4
imXbbHsOdHOqEIWjMrFtUHJ2xz/Ssi18XM95Bn9qCwRAUaKF9dy7bLVekdMzcyrd
t/QAwX9uzHzHGmEKXvU7PBZyhNdK0XPsafGm0XCloC3fPNYy56GON+UcOiDOOPuQ
JlIEprvIgwmxXRc6Dfly9zERo4SMMd4j2/V4pQDm5cz0WLZ5B9vS7qutUnMxTAkL
XSLsljHCf532Z+eWR8ak95cts62rQhgtFmaaH7+zF5+fTJcquxv3
-----END CERTIFICATE-----