Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/olC5ZpSEtozZndm4qi7fm722epU.roa
File:                     olC5ZpSEtozZndm4qi7fm722epU.roa (raw, json)
Hash identifier:          osI53NMsoiUBoOeQCVmzdMQWvODeVRAe3gG8Sio/M8A=
Subject key identifier:   A2:50:B9:66:94:84:B6:8C:D9:9D:D9:B8:AA:2E:DF:9B:BD:B6:7A:95
Certificate issuer:       /CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
Certificate serial:       019426D975317D0A205E4B2589782E7B0EE0
Authority key identifier: C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/olC5ZpSEtozZndm4qi7fm722epU.roa
Signing time:             Thu 02 Jan 2025 11:49:33 +0000
ROA not before:           Thu 02 Jan 2025 11:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50304
IP address blocks:        185.136.128.0/22 maxlen: 24
                          2a03:a4e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 14:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:75:31:7d:0a:20:5e:4b:25:89:78:2e:7b:0e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
        Validity
            Not Before: Jan  2 11:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a250b9669484b68cd99dd9b8aa2edf9bbdb67a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5f:aa:44:70:2f:fc:6e:6c:2c:97:f9:ae:3b:
                    dc:c7:b8:24:43:62:36:3e:45:8b:5c:15:1d:5e:60:
                    88:ec:7c:fa:68:53:e2:14:d4:1a:07:7b:fe:92:05:
                    37:f0:24:56:ce:af:27:96:42:84:65:35:a4:f2:88:
                    0f:54:1f:4d:c2:bf:29:6f:b6:ca:c8:84:b3:1b:0f:
                    f9:87:7e:9a:15:53:20:3a:9e:5d:f4:23:8b:12:d7:
                    5b:9f:33:4c:4c:be:13:63:a0:02:31:ee:bb:7e:45:
                    08:65:c9:58:2f:62:8d:d4:e4:ca:e4:3e:0a:3c:3d:
                    de:5b:06:96:9b:52:22:73:39:b4:08:a3:05:5d:eb:
                    00:cd:6c:24:e0:8d:81:a1:44:07:cb:9d:93:a0:0b:
                    7e:89:3e:3e:2a:82:56:53:0d:07:99:81:76:6c:13:
                    c8:8a:48:62:93:32:52:7f:08:2d:36:b2:0c:a2:a9:
                    9a:8e:fa:63:b7:d7:c5:54:a1:94:06:45:88:f2:39:
                    b4:98:fe:21:35:66:81:8c:79:56:bd:fe:2e:ec:4a:
                    55:8a:4d:e4:8d:12:52:24:8d:1e:69:5f:b7:4a:05:
                    c9:8a:db:7f:1e:b8:02:b3:34:c3:c7:99:d1:59:52:
                    76:da:5f:3a:42:2f:07:46:62:10:cf:c5:d9:8b:3c:
                    0b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:50:B9:66:94:84:B6:8C:D9:9D:D9:B8:AA:2E:DF:9B:BD:B6:7A:95
            X509v3 Authority Key Identifier:
                keyid:C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/olC5ZpSEtozZndm4qi7fm722epU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.128.0/22
                IPv6:
                  2a03:a4e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:7a:9e:e5:87:4c:c4:96:c5:b9:f2:8a:b0:81:87:cb:cb:4f:
         74:ec:89:85:84:cc:0f:e9:8c:b8:b8:6a:6a:40:45:8a:11:f9:
         60:d3:d7:41:23:c2:0c:61:47:cf:4f:1d:98:c8:42:99:95:4a:
         60:36:3d:e8:03:77:52:e7:84:64:01:1d:74:2f:bf:6f:8a:88:
         2f:d2:2f:1f:27:a1:3c:78:bd:53:28:4e:f1:ca:ef:14:ce:0f:
         a2:aa:db:2d:04:b3:f6:f3:09:1a:e1:a3:8f:31:0f:4f:af:5d:
         03:64:a8:4b:0e:eb:a8:98:44:e5:4c:ac:50:f7:ed:09:14:b3:
         9a:71:02:95:83:6c:c5:a1:d1:7e:aa:a1:7d:1d:21:07:91:43:
         d9:2a:5f:42:92:c7:5a:74:b3:ed:02:98:a9:34:28:d5:d2:52:
         30:60:c2:07:78:71:38:7c:04:5f:af:dc:27:08:a7:49:f7:10:
         c5:76:71:c9:8d:04:06:cd:0f:0a:28:00:3a:20:99:8f:83:d8:
         21:1b:24:63:e8:69:37:1a:f0:63:42:31:1b:1d:3b:66:24:45:
         69:fb:61:d7:83:22:5b:13:e5:19:e7:12:f7:11:ea:85:c6:67:
         ae:f6:c7:5b:d5:c5:34:bb:1e:d0:de:f3:8d:6d:24:24:53:6f:
         94:a2:7a:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2XUxfQogXksliXguew7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NTBkN2IxOTc1YTM3MDNhZTI3YjMxYWQyZjkzMmFlNDZh
NGNjOTQwHhcNMjUwMTAyMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUwYjk2Njk0ODRiNjhjZDk5ZGQ5YjhhYTJlZGY5YmJkYjY3YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql+qRHAv/G5sLJf5rjvcx7gkQ2I2
PkWLXBUdXmCI7Hz6aFPiFNQaB3v+kgU38CRWzq8nlkKEZTWk8ogPVB9Nwr8pb7bK
yISzGw/5h36aFVMgOp5d9COLEtdbnzNMTL4TY6ACMe67fkUIZclYL2KN1OTK5D4K
PD3eWwaWm1Iiczm0CKMFXesAzWwk4I2BoUQHy52ToAt+iT4+KoJWUw0HmYF2bBPI
ikhikzJSfwgtNrIMoqmajvpjt9fFVKGUBkWI8jm0mP4hNWaBjHlWvf4u7EpVik3k
jRJSJI0eaV+3SgXJitt/HrgCszTDx5nRWVJ22l86Qi8HRmIQz8XZizwL7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKJQuWaUhLaM2Z3ZuKou35u9tnqVMB8GA1UdIwQY
MBaAFMlQ17GXWjcDriezGtL5Mq5GpMyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUt
YzZhODgyMWFkZWE5LzEvb2xDNVpwU0V0b3pabmRtNHFpN2ZtNzIyZXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUtYzZhODgyMWFkZWE5
LzEveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYiAMA0E
AgACMAcDBQAqA6TgMA0GCSqGSIb3DQEBCwUAA4IBAQBSep7lh0zElsW58oqwgYfL
y0907ImFhMwP6Yy4uGpqQEWKEflg09dBI8IMYUfPTx2YyEKZlUpgNj3oA3dS54Rk
AR10L79viogv0i8fJ6E8eL1TKE7xyu8Uzg+iqtstBLP28wka4aOPMQ9Pr10DZKhL
DuuomETlTKxQ9+0JFLOacQKVg2zFodF+qqF9HSEHkUPZKl9CksdadLPtApipNCjV
0lIwYMIHeHE4fARfr9wnCKdJ9xDFdnHJjQQGzQ8KKAA6IJmPg9ghGyRj6Gk3GvBj
QjEbHTtmJEVp+2HXgyJbE+UZ5xL3EeqFxmeu9sdb1cU0ux7Q3vONbSQkU2+Uonrz
-----END CERTIFICATE-----