Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/APe792PPzgn2UcG2RsKnM9NZvXY.roa
File:                     APe792PPzgn2UcG2RsKnM9NZvXY.roa (raw, json)
Hash identifier:          P5YJH0mHT12JV4knVxcd215g8BRGbGqkMZPdkHPu8r8=
Subject key identifier:   00:F7:BB:F7:63:CF:CE:09:F6:51:C1:B6:46:C2:A7:33:D3:59:BD:76
Certificate issuer:       /CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
Certificate serial:       0196D48424F83A2BE93A7CDE8E22C4FE7BE6
Authority key identifier: C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/APe792PPzgn2UcG2RsKnM9NZvXY.roa
Signing time:             Thu 15 May 2025 15:15:51 +0000
ROA not before:           Thu 15 May 2025 15:15:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208512
IP address blocks:        185.136.128.0/22 maxlen: 24
                          2a03:a4e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:84:24:f8:3a:2b:e9:3a:7c:de:8e:22:c4:fe:7b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
        Validity
            Not Before: May 15 15:15:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00f7bbf763cfce09f651c1b646c2a733d359bd76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3c:d5:5b:76:4b:99:ca:d9:55:28:0f:7b:80:
                    05:29:aa:c9:40:49:b4:1c:a8:98:f2:5f:6f:9f:9a:
                    32:43:01:22:d6:91:b9:57:32:19:1d:a3:d7:e6:89:
                    72:05:ac:4f:da:f5:8c:a7:c6:35:fa:68:f2:68:80:
                    64:34:6b:a2:30:c4:38:b5:38:e9:e2:48:c5:5f:ab:
                    62:11:44:17:00:5a:9b:d5:e8:a0:52:c9:13:c9:44:
                    8a:2e:45:56:20:13:18:8a:e1:c7:7d:ff:fc:5a:cf:
                    f5:f1:c5:bc:8b:49:b9:6e:29:31:d5:7b:38:a1:67:
                    ba:1f:de:23:9a:98:37:af:8b:3c:58:9d:5b:64:b3:
                    b6:8f:7d:95:ad:0e:5a:f9:2b:37:31:b0:30:dd:ee:
                    f4:1d:43:9b:d0:e4:aa:6d:61:da:ec:e0:87:a7:b3:
                    d6:b3:2f:5c:87:88:97:7c:c6:37:b5:0f:61:da:60:
                    ee:92:6c:ad:4f:62:89:c4:f4:3a:3d:60:98:a4:95:
                    ac:44:2c:3d:c5:0f:f5:9b:15:63:1b:3d:72:a0:91:
                    8d:e3:f6:6f:0a:1f:29:78:30:b7:90:c4:b7:c6:ea:
                    ac:48:c9:55:95:9e:3c:5d:08:e1:e0:55:56:3c:ef:
                    d1:0d:81:a0:65:53:e5:c7:5e:a7:5b:30:23:61:2c:
                    f5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F7:BB:F7:63:CF:CE:09:F6:51:C1:B6:46:C2:A7:33:D3:59:BD:76
            X509v3 Authority Key Identifier:
                keyid:C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/APe792PPzgn2UcG2RsKnM9NZvXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.128.0/22
                IPv6:
                  2a03:a4e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:a4:7f:4e:6f:fc:af:bf:e1:dc:95:15:a0:99:1a:65:24:18:
         55:f2:c1:96:45:2b:de:79:64:f3:eb:17:73:b4:53:30:e7:f2:
         2e:ca:2b:fc:ec:84:96:cd:12:d2:dc:e0:9a:20:1c:c9:89:4b:
         ee:48:3b:39:91:31:f0:2b:20:4c:62:cd:fb:d2:b6:df:1f:5f:
         ae:58:f2:71:9c:21:e7:54:80:8e:b3:8b:e8:34:96:95:76:03:
         e6:51:45:24:a1:36:f0:5b:3c:0a:b7:65:d3:55:86:0d:34:99:
         e2:cf:d0:b8:71:48:e5:4d:d1:8b:c3:76:9f:bb:e5:7b:a5:43:
         ae:8f:8d:b5:d3:26:6d:93:bf:f1:a2:03:6a:e2:3d:66:71:23:
         d3:71:85:c9:ad:dc:68:d5:fc:bf:93:49:76:6a:bd:d8:63:22:
         a1:a1:69:6e:a7:0a:69:41:1c:e5:f7:01:e3:44:d1:a0:a2:3f:
         25:5e:d3:1e:e2:b1:25:f3:59:b7:40:e9:49:0e:0b:d2:4d:6a:
         8a:cc:5a:91:56:1e:43:f5:81:d0:4f:ec:fd:97:a0:b7:99:4f:
         a3:a4:33:97:98:6d:dd:5e:0a:0f:6f:86:af:67:9d:b0:aa:0f:
         54:8f:f2:44:8a:fb:2b:7f:0c:74:d9:5e:d2:89:b7:5d:6a:e2:
         27:1c:c7:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbUhCT4OivpOnzejiLE/nvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NTBkN2IxOTc1YTM3MDNhZTI3YjMxYWQyZjkzMmFlNDZh
NGNjOTQwHhcNMjUwNTE1MTUxNTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY3YmJmNzYzY2ZjZTA5ZjY1MWMxYjY0NmMyYTczM2QzNTliZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTzVW3ZLmcrZVSgPe4AFKarJQEm0
HKiY8l9vn5oyQwEi1pG5VzIZHaPX5olyBaxP2vWMp8Y1+mjyaIBkNGuiMMQ4tTjp
4kjFX6tiEUQXAFqb1eigUskTyUSKLkVWIBMYiuHHff/8Ws/18cW8i0m5bikx1Xs4
oWe6H94jmpg3r4s8WJ1bZLO2j32VrQ5a+Ss3MbAw3e70HUOb0OSqbWHa7OCHp7PW
sy9ch4iXfMY3tQ9h2mDukmytT2KJxPQ6PWCYpJWsRCw9xQ/1mxVjGz1yoJGN4/Zv
Ch8peDC3kMS3xuqsSMlVlZ48XQjh4FVWPO/RDYGgZVPlx16nWzAjYSz1swIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAD3u/djz84J9lHBtkbCpzPTWb12MB8GA1UdIwQY
MBaAFMlQ17GXWjcDriezGtL5Mq5GpMyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUt
YzZhODgyMWFkZWE5LzEvQVBlNzkyUFB6Z24yVWNHMlJzS25NOU5adlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUtYzZhODgyMWFkZWE5
LzEveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYiAMA0E
AgACMAcDBQAqA6TgMA0GCSqGSIb3DQEBCwUAA4IBAQBxpH9Ob/yvv+HclRWgmRpl
JBhV8sGWRSveeWTz6xdztFMw5/Iuyiv87ISWzRLS3OCaIBzJiUvuSDs5kTHwKyBM
Ys370rbfH1+uWPJxnCHnVICOs4voNJaVdgPmUUUkoTbwWzwKt2XTVYYNNJniz9C4
cUjlTdGLw3afu+V7pUOuj4210yZtk7/xogNq4j1mcSPTcYXJrdxo1fy/k0l2ar3Y
YyKhoWlupwppQRzl9wHjRNGgoj8lXtMe4rEl81m3QOlJDgvSTWqKzFqRVh5D9YHQ
T+z9l6C3mU+jpDOXmG3dXgoPb4avZ52wqg9Uj/JEivsrfwx02V7SibddauInHMez
-----END CERTIFICATE-----