Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/iOPUBhC5tZj2oWAWQvj5PYOPiG4.roa
File:                     iOPUBhC5tZj2oWAWQvj5PYOPiG4.roa (raw, json)
Hash identifier:          rupFkWf6CUCaUIdYtY3ZUAkY0dS8bO7d3Kt0O/ec6M8=
Subject key identifier:   88:E3:D4:06:10:B9:B5:98:F6:A1:60:16:42:F8:F9:3D:83:8F:88:6E
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       019423D6A4362BE4B190F6AB0AB2D059B90E
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/iOPUBhC5tZj2oWAWQvj5PYOPiG4.roa
Signing time:             Wed 01 Jan 2025 21:47:36 +0000
ROA not before:           Wed 01 Jan 2025 21:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        159.197.224.0/19 maxlen: 24
                          161.8.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a4:36:2b:e4:b1:90:f6:ab:0a:b2:d0:59:b9:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 21:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88e3d40610b9b598f6a1601642f8f93d838f886e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b6:d5:08:68:54:e1:d2:bd:10:54:28:22:13:
                    a6:4d:a1:db:60:73:40:dd:0c:98:4f:84:7a:00:6f:
                    dc:96:e2:96:05:98:3a:31:8d:8c:28:28:c2:30:e2:
                    c0:24:b9:7e:83:65:fc:45:6f:e7:83:36:aa:40:83:
                    d4:b2:bc:f7:7d:90:fd:b5:49:ff:96:e0:72:4b:7b:
                    a0:5c:c5:15:b6:92:ec:a1:58:c7:19:60:eb:b5:56:
                    c9:4b:93:f2:5b:11:47:bd:c6:15:7e:60:47:84:36:
                    50:98:d4:eb:2b:00:82:83:34:98:48:49:b7:3a:f2:
                    a4:09:3c:0d:36:ca:a3:1c:2d:0b:49:f8:7f:4d:a2:
                    20:ef:8e:7f:39:bb:37:eb:84:27:99:1f:45:dd:da:
                    61:d7:97:14:70:9f:8c:0e:7a:4a:ca:1f:b5:1d:36:
                    3d:f3:db:39:3c:48:76:9f:63:2d:34:21:6e:2f:5d:
                    f6:de:2f:2a:e6:59:b6:d8:76:9c:1d:56:7a:23:3a:
                    d1:07:4c:fd:07:2b:01:fc:79:a1:3f:53:df:d9:55:
                    f1:b6:82:9a:fe:07:43:b7:30:36:d6:95:b1:7a:fe:
                    23:26:e5:77:bd:0d:dc:fd:7d:32:f7:78:43:82:71:
                    87:2f:b8:f7:7c:50:4f:6c:72:fc:2a:50:1c:c5:b7:
                    dd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E3:D4:06:10:B9:B5:98:F6:A1:60:16:42:F8:F9:3D:83:8F:88:6E
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/iOPUBhC5tZj2oWAWQvj5PYOPiG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19
                  161.8.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3c:b2:14:cd:78:b3:3a:36:5a:9f:e4:fc:07:bd:dc:a1:49:d7:
         15:db:c4:88:ee:5c:8d:2f:4d:ea:4e:7a:f8:b9:a5:54:8d:da:
         66:8d:45:ff:1d:88:56:a6:14:b8:07:7e:a5:fc:80:40:2e:82:
         e5:7e:d0:db:a3:85:c7:de:23:2c:05:dc:de:8e:29:44:b3:21:
         fb:12:ea:87:cd:fd:3a:25:ae:62:89:fe:7d:8d:74:bc:a1:65:
         13:32:6b:ee:c7:b2:04:07:ab:23:c9:cb:40:02:13:f0:da:ba:
         bd:d6:e5:de:b0:2e:45:7f:77:8c:fd:14:65:47:92:08:ef:39:
         91:5d:89:9f:5b:95:77:d5:17:ea:cd:58:7f:14:dc:66:22:07:
         4f:ed:89:34:f9:68:21:7d:02:50:4e:52:39:3a:c4:c4:65:f4:
         c5:ea:6c:73:e7:03:25:02:ba:85:19:9c:55:89:4a:c6:04:c3:
         91:f4:ef:0b:cd:58:e6:47:e2:ec:d4:85:af:c3:29:ee:1d:42:
         12:a8:09:7c:7f:f2:8d:93:8c:51:f0:55:cb:92:3b:76:10:48:
         62:8c:b1:bd:ec:1e:63:dc:00:81:a8:26:eb:10:3d:d1:17:d0:
         b0:2b:fc:32:45:fc:83:e2:d5:db:b5:57:e2:43:f8:54:b3:3e:
         13:a4:63:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1qQ2K+SxkParCrLQWbkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwMTAxMjE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGUzZDQwNjEwYjliNTk4ZjZhMTYwMTY0MmY4ZjkzZDgzOGY4ODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LbVCGhU4dK9EFQoIhOmTaHbYHNA
3QyYT4R6AG/cluKWBZg6MY2MKCjCMOLAJLl+g2X8RW/ngzaqQIPUsrz3fZD9tUn/
luByS3ugXMUVtpLsoVjHGWDrtVbJS5PyWxFHvcYVfmBHhDZQmNTrKwCCgzSYSEm3
OvKkCTwNNsqjHC0LSfh/TaIg745/Obs364QnmR9F3dph15cUcJ+MDnpKyh+1HTY9
89s5PEh2n2MtNCFuL1323i8q5lm22HacHVZ6IzrRB0z9BysB/HmhP1Pf2VXxtoKa
/gdDtzA21pWxev4jJuV3vQ3c/X0y93hDgnGHL7j3fFBPbHL8KlAcxbfdsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIjj1AYQubWY9qFgFkL4+T2Dj4huMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvaU9QVUJoQzV0Wmoyb1dBV1F2ajVQWU9QaUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFn8XgAwQF
oQiAMA0GCSqGSIb3DQEBCwUAA4IBAQA8shTNeLM6Nlqf5PwHvdyhSdcV28SI7lyN
L03qTnr4uaVUjdpmjUX/HYhWphS4B36l/IBALoLlftDbo4XH3iMsBdzejilEsyH7
EuqHzf06Ja5iif59jXS8oWUTMmvux7IEB6sjyctAAhPw2rq91uXesC5Ff3eM/RRl
R5II7zmRXYmfW5V31RfqzVh/FNxmIgdP7Yk0+WghfQJQTlI5OsTEZfTF6mxz5wMl
ArqFGZxViUrGBMOR9O8LzVjmR+Ls1IWvwynuHUISqAl8f/KNk4xR8FXLkjt2EEhi
jLG97B5j3ACBqCbrED3RF9CwK/wyRfyD4tXbtVfiQ/hUsz4TpGMx
-----END CERTIFICATE-----