Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Cpqn7LsS0bcJ2RaNQ1m7A6LeDTI.roa
File:                     Cpqn7LsS0bcJ2RaNQ1m7A6LeDTI.roa (raw, json)
Hash identifier:          M0rYp/RCf1KwjUnXOEa9Bql0WWcUrXdf/3JYDVzWoPQ=
Subject key identifier:   0A:9A:A7:EC:BB:12:D1:B7:09:D9:16:8D:43:59:BB:03:A2:DE:0D:32
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019522169ED84BEA882682E03557130A07DA
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Cpqn7LsS0bcJ2RaNQ1m7A6LeDTI.roa
Signing time:             Thu 20 Feb 2025 06:41:02 +0000
ROA not before:           Thu 20 Feb 2025 06:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        147.234.4.0/24 maxlen: 24
                          147.234.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:22:16:9e:d8:4b:ea:88:26:82:e0:35:57:13:0a:07:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Feb 20 06:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a9aa7ecbb12d1b709d9168d4359bb03a2de0d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:98:37:7f:b7:22:74:e0:09:4c:5a:cf:bc:12:
                    1a:7b:fa:7e:66:05:ff:38:8d:39:4d:85:c5:f9:3a:
                    46:37:d9:92:4a:de:aa:ef:70:93:6a:33:86:37:4a:
                    85:fe:75:1b:9b:7d:c8:b3:a8:c3:0a:c7:88:14:c7:
                    c7:93:4d:db:c4:94:b5:42:42:f9:82:9c:14:63:25:
                    af:0d:a3:51:48:ac:01:4d:00:a0:0a:97:f0:ee:5e:
                    01:f3:33:62:4b:77:ca:d4:fb:f3:8f:d0:97:0b:a3:
                    c8:51:0d:5a:1b:5c:61:1e:60:70:e5:aa:77:12:1b:
                    e9:7d:7c:d9:71:2c:8a:0a:1e:e1:ac:57:7b:51:9c:
                    d2:18:45:85:cb:eb:97:a3:52:2d:7d:2e:e3:47:61:
                    dc:e9:32:d9:7d:6a:66:e4:ba:46:e1:be:7a:f2:3b:
                    f2:72:aa:53:9a:90:ca:70:58:6d:d9:b4:8e:69:df:
                    13:6c:c4:aa:b9:a0:23:96:3a:da:e7:5c:b0:09:ef:
                    c7:58:46:19:3d:f5:33:25:5e:c9:31:fb:cb:01:8b:
                    19:b1:af:24:50:8b:93:7b:c1:5b:01:40:33:39:93:
                    25:81:f3:e1:6b:13:ee:b6:cd:7b:5f:03:3f:4b:f5:
                    19:97:c3:95:fb:84:00:95:fa:76:0a:81:eb:49:02:
                    fb:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9A:A7:EC:BB:12:D1:B7:09:D9:16:8D:43:59:BB:03:A2:DE:0D:32
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Cpqn7LsS0bcJ2RaNQ1m7A6LeDTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:f5:51:51:f9:e6:40:36:77:34:d4:90:50:ba:64:64:91:9c:
         1a:e0:b5:f7:44:0d:ca:f5:d1:1e:d5:a6:47:4d:b6:d3:6d:e9:
         8f:67:28:63:ea:9e:b3:53:a1:28:9a:44:25:0e:9f:df:43:d0:
         bb:f5:c8:78:f9:eb:d7:54:9b:02:3a:21:4a:05:50:dd:fd:21:
         15:2b:51:07:27:55:4e:47:04:53:2e:1e:e5:49:4b:e9:0f:ac:
         31:bc:29:32:60:dd:06:fb:33:99:58:1e:ba:58:0e:58:a8:23:
         19:94:f0:71:a0:fb:09:4b:c1:f3:59:48:b1:0e:ad:86:12:00:
         61:d3:0e:df:89:e1:58:0d:c2:4f:31:79:83:43:dc:ff:a8:27:
         d2:a0:a4:65:8f:63:9a:a2:07:ac:f2:bf:99:dd:68:47:a6:ab:
         61:a3:d6:4b:d3:3a:8f:f4:d1:b8:e7:c2:ca:05:3f:d6:28:b0:
         4c:35:9c:c9:6c:79:ee:ab:0d:d1:9b:be:42:45:9e:49:2d:23:
         1a:bf:b1:93:b9:8c:51:4e:a0:1f:3f:6a:f9:81:5b:19:3e:f4:
         d6:ce:be:68:38:95:55:2f:a0:0f:54:3c:fb:12:75:1f:4d:e4:
         42:ed:b3:bf:28:29:03:e1:aa:18:08:cc:55:48:05:1b:66:d5:
         54:8e:9d:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUiFp7YS+qIJoLgNVcTCgfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjUwMjIwMDY0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTlhYTdlY2JiMTJkMWI3MDlkOTE2OGQ0MzU5YmIwM2EyZGUwZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Jg3f7cidOAJTFrPvBIae/p+ZgX/
OI05TYXF+TpGN9mSSt6q73CTajOGN0qF/nUbm33Is6jDCseIFMfHk03bxJS1QkL5
gpwUYyWvDaNRSKwBTQCgCpfw7l4B8zNiS3fK1Pvzj9CXC6PIUQ1aG1xhHmBw5ap3
EhvpfXzZcSyKCh7hrFd7UZzSGEWFy+uXo1ItfS7jR2Hc6TLZfWpm5LpG4b568jvy
cqpTmpDKcFht2bSOad8TbMSquaAjljra51ywCe/HWEYZPfUzJV7JMfvLAYsZsa8k
UIuTe8FbAUAzOZMlgfPhaxPuts17XwM/S/UZl8OV+4QAlfp2CoHrSQL7FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqap+y7EtG3CdkWjUNZuwOi3g0yMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvQ3BxbjdMc1MwYmNKMlJhTlExbTdBNkxlRFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+oEMA0G
CSqGSIb3DQEBCwUAA4IBAQAD9VFR+eZANnc01JBQumRkkZwa4LX3RA3K9dEe1aZH
TbbTbemPZyhj6p6zU6EomkQlDp/fQ9C79ch4+evXVJsCOiFKBVDd/SEVK1EHJ1VO
RwRTLh7lSUvpD6wxvCkyYN0G+zOZWB66WA5YqCMZlPBxoPsJS8HzWUixDq2GEgBh
0w7fieFYDcJPMXmDQ9z/qCfSoKRlj2Oaoges8r+Z3WhHpqtho9ZL0zqP9NG458LK
BT/WKLBMNZzJbHnuqw3Rm75CRZ5JLSMav7GTuYxRTqAfP2r5gVsZPvTWzr5oOJVV
L6APVDz7EnUfTeRC7bO/KCkD4aoYCMxVSAUbZtVUjp3C
-----END CERTIFICATE-----