Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/osc7ldM1EyAIq-Pc65jfOVsDsEo.roa
File:                     osc7ldM1EyAIq-Pc65jfOVsDsEo.roa (raw, json)
Hash identifier:          jLW59X/F/Mi9You64kz4gdG8TC0tIrDCV1yujScQLmQ=
Subject key identifier:   A2:C7:3B:95:D3:35:13:20:08:AB:E3:DC:EB:98:DF:39:5B:03:B0:4A
Certificate issuer:       /CN=99282d77c662e68bb87e83338b76ad6bead93185
Certificate serial:       019425222392975113C94F5461482DF4A2D3
Authority key identifier: 99:28:2D:77:C6:62:E6:8B:B8:7E:83:33:8B:76:AD:6B:EA:D9:31:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/osc7ldM1EyAIq-Pc65jfOVsDsEo.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29208
IP address blocks:        185.176.136.0/24 maxlen: 32
                          185.176.137.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:23:92:97:51:13:c9:4f:54:61:48:2d:f4:a2:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99282d77c662e68bb87e83338b76ad6bead93185
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2c73b95d335132008abe3dceb98df395b03b04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8d:38:49:b5:c1:18:30:f7:fa:a1:83:3a:24:
                    de:9a:c6:d5:4b:cf:70:5a:6e:3c:a3:f1:4c:af:f5:
                    5a:ab:ac:f0:57:3a:31:7e:5a:82:73:4d:2a:09:74:
                    a8:de:5c:fe:91:4a:2c:8f:49:f9:fe:50:33:22:ae:
                    5a:4d:7b:3d:e1:47:3e:9c:3a:f4:a9:54:99:4e:83:
                    44:59:08:f5:a2:9d:4b:2a:42:cf:ed:39:94:f1:00:
                    8f:f7:a1:49:dc:11:e1:2a:f5:0a:f8:9a:ef:e3:99:
                    2f:a5:73:82:a3:d1:5b:82:59:5b:fb:42:ba:28:ae:
                    40:8d:60:eb:52:1f:a1:00:47:a1:e7:67:e9:db:58:
                    fa:69:68:df:53:b3:96:15:3b:e1:c0:c8:75:b1:98:
                    89:90:43:8b:86:2d:e3:f2:71:9e:82:b9:bd:cf:03:
                    4f:42:4c:11:54:08:6c:bc:f8:d8:88:6a:7f:dd:7c:
                    17:b4:9a:ef:a6:f5:1e:99:31:3e:40:3c:c8:4e:1b:
                    08:40:bb:07:84:93:37:1a:a9:d8:7e:4a:68:29:a0:
                    fe:59:66:18:a6:ba:a6:a4:e5:1c:09:cd:65:71:e1:
                    8d:ad:42:f8:78:3b:94:30:10:4c:f1:b2:8d:a5:01:
                    f8:d2:e7:20:b3:99:0a:8e:e8:fc:22:fe:4b:eb:27:
                    f8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C7:3B:95:D3:35:13:20:08:AB:E3:DC:EB:98:DF:39:5B:03:B0:4A
            X509v3 Authority Key Identifier:
                keyid:99:28:2D:77:C6:62:E6:8B:B8:7E:83:33:8B:76:AD:6B:EA:D9:31:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/osc7ldM1EyAIq-Pc65jfOVsDsEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:5f:f8:18:24:62:4a:d5:d7:4e:5a:67:dd:9c:8d:e6:11:56:
         aa:ff:08:d5:2c:a7:18:ea:96:cc:d5:b2:32:3b:20:90:c7:5c:
         43:be:b8:70:6f:20:8d:25:04:f9:a9:65:8e:3b:73:72:a6:08:
         ab:4e:4f:28:ce:24:1f:54:22:23:96:e6:a8:42:ba:0c:ee:9b:
         11:11:ed:c1:29:c7:33:54:ed:1f:23:1c:c8:06:75:dd:eb:b0:
         f7:1a:04:1d:d8:1f:61:6b:28:86:3b:64:a5:88:4b:46:76:ff:
         ba:93:7b:c9:c0:d5:48:10:4c:33:f8:ca:fa:d5:26:f9:6f:3e:
         f8:8e:db:dc:65:a8:b4:ff:73:8e:1d:d0:a0:36:d2:54:7a:5c:
         5c:ab:3f:75:3f:e6:ef:fb:a5:2c:c9:fc:c1:52:e8:fb:08:f0:
         82:7e:f0:fb:13:af:dc:7d:7c:82:e8:16:e4:28:09:59:f4:dc:
         d1:5e:21:43:a3:72:2e:3c:ad:f1:2e:b0:4e:11:fb:b4:74:e7:
         6d:b3:3a:fd:44:8f:f5:5f:92:62:2e:d2:b2:fc:69:75:bf:da:
         0c:93:ae:86:06:dd:bd:5c:b2:f5:d9:8b:20:ba:ad:af:19:cf:
         5d:db:62:7a:92:44:12:64:a4:ec:39:0f:b0:2d:ae:d7:92:91:
         78:72:ec:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIiOSl1ETyU9UYUgt9KLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjgyZDc3YzY2MmU2OGJiODdlODMzMzhiNzZhZDZiZWFk
OTMxODUwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM3M2I5NWQzMzUxMzIwMDhhYmUzZGNlYjk4ZGYzOTViMDNiMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo04SbXBGDD3+qGDOiTemsbVS89w
Wm48o/FMr/Vaq6zwVzoxflqCc00qCXSo3lz+kUosj0n5/lAzIq5aTXs94Uc+nDr0
qVSZToNEWQj1op1LKkLP7TmU8QCP96FJ3BHhKvUK+Jrv45kvpXOCo9Fbgllb+0K6
KK5AjWDrUh+hAEeh52fp21j6aWjfU7OWFTvhwMh1sZiJkEOLhi3j8nGegrm9zwNP
QkwRVAhsvPjYiGp/3XwXtJrvpvUemTE+QDzIThsIQLsHhJM3GqnYfkpoKaD+WWYY
prqmpOUcCc1lceGNrUL4eDuUMBBM8bKNpQH40ucgs5kKjuj8Iv5L6yf4PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLHO5XTNRMgCKvj3OuY3zlbA7BKMB8GA1UdIwQY
MBaAFJkoLXfGYuaLuH6DM4t2rWvq2TGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNndGQ4Wmk1b3U0Zm9NemkzYXRhLXJaTVlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82MWM2MWQtNWVkOC00NzY2LTliNGIt
MDU2YjljMjMxZjM0LzEvb3NjN2xkTTFFeUFJcS1QYzY1amZPVnNEc0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82MWM2MWQtNWVkOC00NzY2LTliNGItMDU2YjljMjMxZjM0
LzEvbVNndGQ4Wmk1b3U0Zm9NemkzYXRhLXJaTVlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubCIMA0G
CSqGSIb3DQEBCwUAA4IBAQBPX/gYJGJK1ddOWmfdnI3mEVaq/wjVLKcY6pbM1bIy
OyCQx1xDvrhwbyCNJQT5qWWOO3NypgirTk8oziQfVCIjluaoQroM7psREe3BKccz
VO0fIxzIBnXd67D3GgQd2B9hayiGO2SliEtGdv+6k3vJwNVIEEwz+Mr61Sb5bz74
jtvcZai0/3OOHdCgNtJUelxcqz91P+bv+6UsyfzBUuj7CPCCfvD7E6/cfXyC6Bbk
KAlZ9NzRXiFDo3IuPK3xLrBOEfu0dOdtszr9RI/1X5JiLtKy/Gl1v9oMk66GBt29
XLL12Ysguq2vGc9d22J6kkQSZKTsOQ+wLa7XkpF4cuxh
-----END CERTIFICATE-----