Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/4R0hMhGbrDC4YVyzf1jrL8oQuI4.roa
File:                     4R0hMhGbrDC4YVyzf1jrL8oQuI4.roa (raw, json)
Hash identifier:          TLs9gVQTwy70mjzgj5kCuIcV2uNBgbxlOI07lSwnnow=
Subject key identifier:   E1:1D:21:32:11:9B:AC:30:B8:61:5C:B3:7F:58:EB:2F:CA:10:B8:8E
Certificate issuer:       /CN=0b1870c96ef09723811fb89250eea6eba963c0df
Certificate serial:       01942444C7509575EB5EA3D43B36D7741DC5
Authority key identifier: 0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/4R0hMhGbrDC4YVyzf1jrL8oQuI4.roa
Signing time:             Wed 01 Jan 2025 23:47:54 +0000
ROA not before:           Wed 01 Jan 2025 23:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        132.64.0.0/16 maxlen: 16
                          132.65.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c7:50:95:75:eb:5e:a3:d4:3b:36:d7:74:1d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1870c96ef09723811fb89250eea6eba963c0df
        Validity
            Not Before: Jan  1 23:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e11d2132119bac30b8615cb37f58eb2fca10b88e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c6:3b:c8:0f:16:e3:e3:bb:0c:34:ec:b8:33:
                    f1:8f:8a:a6:65:3e:70:8d:eb:28:ed:d3:38:8c:83:
                    dd:c3:1c:32:94:4c:53:62:68:10:28:db:f9:df:55:
                    88:2c:b7:bf:6d:32:29:2c:ae:b3:5b:18:a2:51:8d:
                    16:fb:fa:bf:77:19:86:e0:50:02:a2:ca:b2:3d:90:
                    ca:2a:19:20:77:13:c0:05:b3:4d:2a:c5:ad:ed:c1:
                    8b:a5:2a:0b:b3:fa:5d:de:da:39:08:bf:2d:d9:9a:
                    07:03:d3:a9:78:e2:e5:04:5c:e4:7d:32:4a:55:df:
                    f6:af:f5:ef:b4:38:89:b4:62:ba:65:74:81:b7:61:
                    35:02:66:b5:cd:7b:23:6a:40:0d:4b:03:32:df:99:
                    05:de:f7:81:e1:35:da:12:da:81:3a:68:98:29:26:
                    41:87:e4:4e:70:3f:25:95:ee:83:8a:9d:0e:a9:9a:
                    8f:7d:cc:97:84:32:e9:74:f5:6a:9e:44:59:3e:e9:
                    d0:7a:5a:2b:15:05:66:b2:e0:33:66:fb:d6:6e:e5:
                    23:3b:5c:ad:e9:90:e6:1c:bd:a4:2a:72:f2:13:40:
                    df:64:8e:85:18:65:7f:1b:a9:9f:5f:09:75:42:58:
                    0a:65:0d:ef:6a:13:e2:95:29:cc:c6:6c:f5:13:9e:
                    12:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1D:21:32:11:9B:AC:30:B8:61:5C:B3:7F:58:EB:2F:CA:10:B8:8E
            X509v3 Authority Key Identifier:
                keyid:0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/4R0hMhGbrDC4YVyzf1jrL8oQuI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.64.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         60:19:f6:3e:c6:89:4c:2a:3a:84:b3:37:8b:87:82:86:bc:fd:
         8b:f2:6a:46:0e:92:69:28:4a:a9:d2:82:6b:df:30:7a:8a:0c:
         71:5e:ca:f7:1e:43:00:64:60:a0:6a:b1:d6:ce:fb:61:ca:3c:
         61:ac:a0:9d:72:85:51:70:21:13:7d:b0:4c:90:26:fb:6a:16:
         de:a4:2b:e6:6a:fa:02:a8:44:d5:02:58:90:67:60:67:13:1b:
         5d:52:80:54:a6:8a:45:95:9d:36:15:5b:59:6e:cc:a3:9b:cd:
         a8:00:aa:3e:fa:85:78:86:10:72:5a:6d:38:f2:a3:fe:0f:a7:
         0c:c7:28:9b:4c:4a:ae:a1:11:78:56:cf:5c:ab:b2:9d:f9:9f:
         a1:82:26:b3:15:4e:d0:88:fb:eb:e4:64:5f:c6:01:7e:89:22:
         94:4e:d5:37:a1:0f:c4:9a:8c:c7:ea:1b:77:75:c1:15:4c:0a:
         03:19:ca:1e:e5:02:95:64:da:0c:58:dc:bb:39:c2:4b:85:18:
         0b:72:02:47:dc:a1:80:31:29:98:69:cc:9a:da:1c:81:bc:58:
         99:57:db:99:74:93:ff:98:0a:ae:11:76:1b:e5:a2:ff:0b:33:
         7e:98:41:05:38:ab:43:4e:74:0e:1b:d1:d4:7e:76:e6:be:b7:
         5f:0e:43:d1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQkRMdQlXXrXqPUOzbXdB3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTg3MGM5NmVmMDk3MjM4MTFmYjg5MjUwZWVhNmViYTk2
M2MwZGYwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTFkMjEzMjExOWJhYzMwYjg2MTVjYjM3ZjU4ZWIyZmNhMTBiODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMY7yA8W4+O7DDTsuDPxj4qmZT5w
jeso7dM4jIPdwxwylExTYmgQKNv531WILLe/bTIpLK6zWxiiUY0W+/q/dxmG4FAC
osqyPZDKKhkgdxPABbNNKsWt7cGLpSoLs/pd3to5CL8t2ZoHA9OpeOLlBFzkfTJK
Vd/2r/XvtDiJtGK6ZXSBt2E1Ama1zXsjakANSwMy35kF3veB4TXaEtqBOmiYKSZB
h+ROcD8lle6Dip0OqZqPfcyXhDLpdPVqnkRZPunQelorFQVmsuAzZvvWbuUjO1yt
6ZDmHL2kKnLyE0DfZI6FGGV/G6mfXwl1QlgKZQ3vahPilSnMxmz1E54SmQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOEdITIRm6wwuGFcs39Y6y/KELiOMB8GA1UdIwQY
MBaAFAsYcMlu8JcjgR+4klDupuupY8DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMt
YTJlMjRmOTgwYjNmLzEvNFIwaE1oR2JyREM0WVZ5emYxanJMOG9RdUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMtYTJlMjRmOTgwYjNm
LzEvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEAwDQYJ
KoZIhvcNAQELBQADggEBAGAZ9j7GiUwqOoSzN4uHgoa8/YvyakYOkmkoSqnSgmvf
MHqKDHFeyvceQwBkYKBqsdbO+2HKPGGsoJ1yhVFwIRN9sEyQJvtqFt6kK+Zq+gKo
RNUCWJBnYGcTG11SgFSmikWVnTYVW1luzKObzagAqj76hXiGEHJabTjyo/4PpwzH
KJtMSq6hEXhWz1yrsp35n6GCJrMVTtCI++vkZF/GAX6JIpRO1TehD8SajMfqG3d1
wRVMCgMZyh7lApVk2gxY3Ls5wkuFGAtyAkfcoYAxKZhpzJraHIG8WJlX25l0k/+Y
Cq4Rdhvlov8LM36YQQU4q0NOdA4b0dR+dua+t18OQ9E=
-----END CERTIFICATE-----