Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/o2jbAYhRTuQBmdDMbACuxNgCDog.roa
File:                     o2jbAYhRTuQBmdDMbACuxNgCDog.roa (raw, json)
Hash identifier:          l9P4NF0hkDAdmr9McK92Zf+I3x80Yj+ORPskROTVaoo=
Subject key identifier:   A3:68:DB:01:88:51:4E:E4:01:99:D0:CC:6C:00:AE:C4:D8:02:0E:88
Certificate issuer:       /CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
Certificate serial:       0194258F2B369C1B674A75149C2D0FE2F0F1
Authority key identifier: 9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/o2jbAYhRTuQBmdDMbACuxNgCDog.roa
Signing time:             Thu 02 Jan 2025 05:48:47 +0000
ROA not before:           Thu 02 Jan 2025 05:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200697
IP address blocks:        185.136.240.0/24 maxlen: 24
                          185.136.241.0/24 maxlen: 24
                          185.136.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:2b:36:9c:1b:67:4a:75:14:9c:2d:0f:e2:f0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
        Validity
            Not Before: Jan  2 05:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a368db0188514ee40199d0cc6c00aec4d8020e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bd:4f:83:60:f1:e6:bd:93:e1:8e:fe:c5:25:
                    81:9e:5f:9d:9a:bf:45:68:15:f3:96:91:f6:8e:04:
                    a3:6f:b3:e2:49:ac:ac:d0:ad:6d:27:21:b3:24:73:
                    d2:54:61:8c:03:05:63:78:06:57:c6:7d:5b:ab:31:
                    03:2d:77:f9:c1:8b:fa:21:03:cb:be:b5:fc:43:36:
                    c6:f1:fc:ff:3d:d5:b2:84:71:f2:40:07:9e:4a:1b:
                    4f:8f:c2:49:43:6d:bc:67:dd:a9:64:19:76:0f:9a:
                    17:c9:c0:ed:f4:f1:61:7d:56:09:82:68:7e:2a:e9:
                    14:2b:0d:6c:0b:58:b3:1f:92:73:d0:c8:61:fa:f1:
                    35:a5:50:c3:ff:f4:8b:6b:1b:62:0b:7e:5b:23:58:
                    66:b6:0c:46:b0:d9:c3:6f:49:ca:d3:e1:14:f6:58:
                    d9:e0:21:b3:94:da:37:b1:a0:67:e3:aa:05:64:c6:
                    0c:45:3c:f2:fc:ee:54:5e:ea:98:90:e0:c0:6b:32:
                    16:15:d1:80:f6:a6:3b:26:aa:9c:05:97:a8:7c:ba:
                    7a:8f:0d:67:66:85:71:26:69:5f:5b:96:2a:78:50:
                    7e:09:4e:f9:88:f8:d4:96:85:b4:4b:73:23:35:6d:
                    5f:30:68:f2:6a:25:69:51:a5:2f:f9:18:cb:31:ae:
                    7e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:68:DB:01:88:51:4E:E4:01:99:D0:CC:6C:00:AE:C4:D8:02:0E:88
            X509v3 Authority Key Identifier:
                keyid:9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/o2jbAYhRTuQBmdDMbACuxNgCDog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.240.0-185.136.242.255

    Signature Algorithm: sha256WithRSAEncryption
         16:c1:4d:86:2b:21:c7:e7:5c:2d:29:bc:fb:71:0c:71:c2:44:
         81:15:fa:08:aa:bb:82:20:6c:e1:34:cc:5c:57:33:1f:7f:f3:
         5d:7e:15:eb:a9:3f:58:9d:9b:f1:2d:c3:fa:66:1f:d2:b3:c3:
         16:6b:90:78:06:69:33:bc:eb:93:2e:ad:8b:68:9a:46:9f:57:
         b9:7a:96:f2:c4:b2:30:fb:5c:ee:58:3f:62:f1:61:ea:27:4d:
         05:40:ae:cf:68:26:03:60:aa:38:95:93:c0:79:61:e2:02:47:
         b9:a3:34:60:ad:4e:c4:3c:ed:a8:79:45:8f:f7:90:ea:ea:0c:
         dc:5a:b0:ed:0d:46:c6:e7:1d:37:f5:bb:c9:81:db:fc:7f:5a:
         0d:90:ea:30:33:a9:51:67:1f:94:a9:51:bf:3d:e3:5a:e6:a9:
         59:7d:76:a2:a9:8d:84:31:06:d5:3e:f2:98:75:fd:98:d2:fc:
         6e:fe:e5:47:f3:34:d2:93:50:7f:13:67:a8:aa:7a:90:2b:2c:
         d2:c2:fa:fd:92:5d:a4:14:43:c0:75:be:90:4b:67:3a:08:44:
         fe:ff:7f:59:1b:91:ff:d3:4e:2b:2d:1a:af:a4:6d:2a:04:a1:
         de:cf:b3:79:2b:bc:08:10:08:74:fc:21:71:e6:b0:71:8a:ce:
         39:75:74:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQljys2nBtnSnUUnC0P4vDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWNkMWIzYzg3NzI5NTZmYTg1NTM1YTg0NjRiNGNhMTk2
NjNhZGUwHhcNMjUwMTAyMDU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzY4ZGIwMTg4NTE0ZWU0MDE5OWQwY2M2YzAwYWVjNGQ4MDIwZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0r1Pg2Dx5r2T4Y7+xSWBnl+dmr9F
aBXzlpH2jgSjb7PiSays0K1tJyGzJHPSVGGMAwVjeAZXxn1bqzEDLXf5wYv6IQPL
vrX8QzbG8fz/PdWyhHHyQAeeShtPj8JJQ228Z92pZBl2D5oXycDt9PFhfVYJgmh+
KukUKw1sC1izH5Jz0Mhh+vE1pVDD//SLaxtiC35bI1hmtgxGsNnDb0nK0+EU9ljZ
4CGzlNo3saBn46oFZMYMRTzy/O5UXuqYkODAazIWFdGA9qY7JqqcBZeofLp6jw1n
ZoVxJmlfW5YqeFB+CU75iPjUloW0S3MjNW1fMGjyaiVpUaUv+RjLMa5+rwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKNo2wGIUU7kAZnQzGwArsTYAg6IMB8GA1UdIwQY
MBaAFJwc0bPIdylW+oVTWoRktMoZZjreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMt
OTE2MDQ3MDYyYTIyLzEvbzJqYkFZaFJUdVFCbWRETWJBQ3V4TmdDRG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMtOTE2MDQ3MDYyYTIy
LzEvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS5iPAD
BAC5iPIwDQYJKoZIhvcNAQELBQADggEBABbBTYYrIcfnXC0pvPtxDHHCRIEV+giq
u4IgbOE0zFxXMx9/811+FeupP1idm/Etw/pmH9KzwxZrkHgGaTO865MurYtomkaf
V7l6lvLEsjD7XO5YP2LxYeonTQVArs9oJgNgqjiVk8B5YeICR7mjNGCtTsQ87ah5
RY/3kOrqDNxasO0NRsbnHTf1u8mB2/x/Wg2Q6jAzqVFnH5SpUb8941rmqVl9dqKp
jYQxBtU+8ph1/ZjS/G7+5UfzNNKTUH8TZ6iqepArLNLC+v2SXaQUQ8B1vpBLZzoI
RP7/f1kbkf/TTistGq+kbSoEod7Ps3krvAgQCHT8IXHmsHGKzjl1dPg=
-----END CERTIFICATE-----