Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/0cFm87h5GkHalEGqmJaLcd0Qqo8.roa
File:                     0cFm87h5GkHalEGqmJaLcd0Qqo8.roa (raw, json)
Hash identifier:          jMxPSL+zdsv3eh4JmgehYYH5Kp/WnR56mTqAfCb0p0E=
Subject key identifier:   D1:C1:66:F3:B8:79:1A:41:DA:94:41:AA:98:96:8B:71:DD:10:AA:8F
Certificate issuer:       /CN=a2c51386acf05b3aab6181047478d6eea1bf0062
Certificate serial:       019497AC1C0990E15C07478082F2E03D824A
Authority key identifier: A2:C5:13:86:AC:F0:5B:3A:AB:61:81:04:74:78:D6:EE:A1:BF:00:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/osUThqzwWzqrYYEEdHjW7qG_AGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/0cFm87h5GkHalEGqmJaLcd0Qqo8.roa
Signing time:             Fri 24 Jan 2025 09:37:06 +0000
ROA not before:           Fri 24 Jan 2025 09:37:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57141
IP address blocks:        149.154.80.0/21 maxlen: 21
                          185.131.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/osUThqzwWzqrYYEEdHjW7qG_AGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/osUThqzwWzqrYYEEdHjW7qG_AGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/osUThqzwWzqrYYEEdHjW7qG_AGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:97:ac:1c:09:90:e1:5c:07:47:80:82:f2:e0:3d:82:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2c51386acf05b3aab6181047478d6eea1bf0062
        Validity
            Not Before: Jan 24 09:37:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1c166f3b8791a41da9441aa98968b71dd10aa8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fe:3f:b4:33:c4:54:38:1f:8e:57:25:ef:ea:
                    eb:7e:87:81:95:8a:89:4e:e5:1a:4c:01:53:b7:6c:
                    0f:58:ea:fd:ab:78:85:3b:08:ae:05:ec:63:c8:58:
                    92:a1:a9:9b:bb:f9:e6:34:06:f6:39:22:90:c2:ca:
                    c5:ca:cb:95:88:4b:f0:68:e8:ce:a3:8b:ce:c9:5e:
                    15:e6:16:90:c9:38:9e:2d:d9:97:4d:8e:2c:47:15:
                    9c:d9:58:60:eb:06:b8:10:13:70:2b:c2:c3:cf:ee:
                    f3:d8:e2:f2:19:16:cb:47:e7:d1:22:8c:68:94:3d:
                    ac:73:c4:1f:d0:24:48:dc:96:bc:70:90:17:99:7b:
                    24:32:0a:4b:cd:21:84:cd:22:5a:1b:ea:60:71:33:
                    12:fc:c6:20:bd:a9:c2:2a:d1:90:11:d4:51:c4:88:
                    63:1d:87:6e:ef:1a:ed:f0:a8:5c:8c:ff:3c:cc:63:
                    fd:a4:f7:13:d4:68:5c:d8:da:9a:f6:0a:14:fa:e0:
                    78:31:e5:87:63:c3:26:7a:a2:43:c8:7a:29:73:aa:
                    fa:fc:bf:2a:13:99:8d:b6:4e:69:db:8f:02:72:9d:
                    10:1d:b3:11:fc:04:df:12:dc:ca:4f:0b:dd:16:50:
                    7a:42:e8:5d:fe:07:0d:8c:ec:ff:60:6b:30:d1:79:
                    e3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C1:66:F3:B8:79:1A:41:DA:94:41:AA:98:96:8B:71:DD:10:AA:8F
            X509v3 Authority Key Identifier:
                keyid:A2:C5:13:86:AC:F0:5B:3A:AB:61:81:04:74:78:D6:EE:A1:BF:00:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/osUThqzwWzqrYYEEdHjW7qG_AGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/0cFm87h5GkHalEGqmJaLcd0Qqo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/164d34-125f-4c60-8635-7d6f53889d57/1/osUThqzwWzqrYYEEdHjW7qG_AGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.154.80.0/21
                  185.131.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:06:9e:c5:3f:ef:5a:31:db:02:97:e0:bb:1b:28:25:b9:ad:
         2f:3b:df:a0:4a:6a:15:bf:7f:c1:6b:48:9f:6d:7e:2a:05:2b:
         87:23:db:cb:e9:05:9f:7f:af:cb:4b:b8:71:7f:29:74:4a:93:
         5e:b2:12:4e:b3:ac:ff:38:60:82:26:5c:e8:fc:7a:3b:19:7b:
         6e:02:e5:3a:c9:cc:a0:86:63:cb:1d:70:f9:9f:5e:ff:b3:de:
         49:94:2f:81:5c:66:cd:33:ec:4f:fa:e3:09:3e:39:56:6f:52:
         80:df:83:d7:08:e9:97:d0:48:2a:57:d1:36:99:6a:35:74:84:
         90:60:ed:05:a7:d0:0d:ca:41:1d:72:1f:41:aa:fe:f3:18:c8:
         50:6d:c1:0b:0b:b9:13:b3:b6:1e:80:33:1e:3d:1e:e9:a7:28:
         28:ab:c0:04:11:1b:0b:00:c5:5e:8e:6d:21:f5:9b:7d:3e:02:
         51:69:27:fb:15:ad:64:c3:ea:67:88:4d:3a:43:b2:14:cf:ea:
         26:b9:eb:2c:51:a5:99:d2:b8:53:ef:5d:e4:c0:e9:89:18:4c:
         dc:0f:45:0f:49:34:7c:26:59:69:11:6c:b5:1f:60:b2:7c:70:
         87:d6:85:3e:00:b3:79:ec:1f:a1:95:ec:7a:bf:34:ee:c5:41:
         d3:6d:94:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSXrBwJkOFcB0eAgvLgPYJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYzUxMzg2YWNmMDViM2FhYjYxODEwNDc0NzhkNmVlYTFi
ZjAwNjIwHhcNMjUwMTI0MDkzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWMxNjZmM2I4NzkxYTQxZGE5NDQxYWE5ODk2OGI3MWRkMTBhYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuP4/tDPEVDgfjlcl7+rrfoeBlYqJ
TuUaTAFTt2wPWOr9q3iFOwiuBexjyFiSoambu/nmNAb2OSKQwsrFysuViEvwaOjO
o4vOyV4V5haQyTieLdmXTY4sRxWc2Vhg6wa4EBNwK8LDz+7z2OLyGRbLR+fRIoxo
lD2sc8Qf0CRI3Ja8cJAXmXskMgpLzSGEzSJaG+pgcTMS/MYgvanCKtGQEdRRxIhj
HYdu7xrt8KhcjP88zGP9pPcT1Ghc2Nqa9goU+uB4MeWHY8MmeqJDyHopc6r6/L8q
E5mNtk5p248Ccp0QHbMR/ATfEtzKTwvdFlB6Quhd/gcNjOz/YGsw0XnjKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNHBZvO4eRpB2pRBqpiWi3HdEKqPMB8GA1UdIwQY
MBaAFKLFE4as8Fs6q2GBBHR41u6hvwBiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3NVVGhxendXenFyWVlFRWRIalc3cUdfQUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xNjRkMzQtMTI1Zi00YzYwLTg2MzUt
N2Q2ZjUzODg5ZDU3LzEvMGNGbTg3aDVHa0hhbEVHcW1KYUxjZDBRcW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xNjRkMzQtMTI1Zi00YzYwLTg2MzUtN2Q2ZjUzODg5ZDU3
LzEvb3NVVGhxendXenFyWVlFRWRIalc3cUdfQUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDlZpQAwQC
uYPAMA0GCSqGSIb3DQEBCwUAA4IBAQAeBp7FP+9aMdsCl+C7Gyglua0vO9+gSmoV
v3/Ba0ifbX4qBSuHI9vL6QWff6/LS7hxfyl0SpNeshJOs6z/OGCCJlzo/Ho7GXtu
AuU6ycyghmPLHXD5n17/s95JlC+BXGbNM+xP+uMJPjlWb1KA34PXCOmX0EgqV9E2
mWo1dISQYO0Fp9ANykEdch9Bqv7zGMhQbcELC7kTs7YegDMePR7ppygoq8AEERsL
AMVejm0h9Zt9PgJRaSf7Fa1kw+pniE06Q7IUz+omuessUaWZ0rhT713kwOmJGEzc
D0UPSTR8JllpEWy1H2CyfHCH1oU+ALN57B+hlex6vzTuxUHTbZQo
-----END CERTIFICATE-----