Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/Y-ORdAusYkZsKOUTFP8lOiqiHAs.roa
File:                     Y-ORdAusYkZsKOUTFP8lOiqiHAs.roa (raw, json)
Hash identifier:          VsoWMS+G3RdpKa8Z+B6s882TzbmXTjisQIhsADrOhSU=
Subject key identifier:   63:E3:91:74:0B:AC:62:46:6C:28:E5:13:14:FF:25:3A:2A:A2:1C:0B
Certificate issuer:       /CN=705e75dbcce5fcdd91d8a99e5a1b2c995b812775
Certificate serial:       019424449E5732FA4DA4BF283AFE73975F06
Authority key identifier: 70:5E:75:DB:CC:E5:FC:DD:91:D8:A9:9E:5A:1B:2C:99:5B:81:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/Y-ORdAusYkZsKOUTFP8lOiqiHAs.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48309
IP address blocks:        188.136.136.0/24 maxlen: 24
                          188.136.137.0/24 maxlen: 24
                          188.136.138.0/24 maxlen: 24
                          188.136.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:31:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9e:57:32:fa:4d:a4:bf:28:3a:fe:73:97:5f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=705e75dbcce5fcdd91d8a99e5a1b2c995b812775
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e391740bac62466c28e51314ff253a2aa21c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:83:96:4b:54:a6:e0:82:a0:a9:02:ca:d9:3e:
                    cb:62:92:3b:3e:e1:60:35:6b:b1:4c:ad:db:c3:ea:
                    3c:a1:43:11:4f:37:09:26:15:5c:db:cb:b3:c0:c2:
                    dc:6c:3f:0e:09:10:57:c8:f8:12:c4:a3:65:f0:96:
                    20:9e:87:e4:e8:55:d1:f2:cc:a4:7f:3d:30:d6:fb:
                    4b:dc:4b:0a:62:73:9b:b4:f2:fe:6c:a8:0c:35:1d:
                    62:93:0a:14:00:e8:f8:80:d3:35:fb:94:99:47:b2:
                    f1:7e:5e:f0:c0:07:b2:7e:22:11:84:c3:3e:eb:dd:
                    5f:3c:3d:1e:e5:67:93:b8:a7:53:7f:35:f8:21:69:
                    9d:e2:61:cd:5d:01:18:17:2e:fc:1f:68:ab:56:54:
                    03:95:76:dc:65:4b:87:a2:80:d7:14:26:cd:58:5d:
                    7f:b0:b7:06:bf:d1:f1:28:b9:12:5b:fe:4d:94:c2:
                    3d:3c:02:0f:65:31:73:f2:59:84:b5:9c:e6:20:de:
                    19:c4:f8:22:4e:3f:d4:9e:62:c9:f6:25:95:74:27:
                    84:40:65:4f:5d:9c:19:3f:59:af:aa:28:e7:03:43:
                    50:92:ff:95:b4:09:4a:2a:58:6f:52:08:64:9a:ae:
                    e1:ec:bd:e5:ed:1a:c8:0a:22:ee:26:a5:c4:37:f4:
                    b8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E3:91:74:0B:AC:62:46:6C:28:E5:13:14:FF:25:3A:2A:A2:1C:0B
            X509v3 Authority Key Identifier:
                keyid:70:5E:75:DB:CC:E5:FC:DD:91:D8:A9:9E:5A:1B:2C:99:5B:81:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/Y-ORdAusYkZsKOUTFP8lOiqiHAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.136.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:f8:63:b9:23:50:2d:d4:21:6e:bf:6c:32:a1:fb:66:00:72:
         c6:1d:ad:d5:ea:9c:b3:cd:ab:66:28:aa:05:8f:32:74:4a:d5:
         a6:55:1b:6f:6a:52:60:8d:68:f9:72:b7:af:48:02:69:e4:15:
         d4:5e:be:d0:b5:9a:c8:7f:92:bd:c0:5b:c6:f5:43:f1:33:30:
         7e:5f:8e:1a:22:16:ff:28:e4:07:40:d3:52:d0:43:23:ad:03:
         1c:2c:e5:0b:3b:5c:3b:18:a1:dc:08:cb:4a:00:40:cd:02:3f:
         cc:04:a1:fb:d4:fb:47:69:46:d7:9a:6b:44:bb:2c:00:06:a6:
         9f:2c:03:d8:b7:55:32:fa:96:27:70:a0:e0:9d:28:cb:83:e9:
         f2:0e:6f:04:d4:46:56:16:09:1f:ae:32:e0:af:60:14:a7:55:
         1e:da:13:4a:ee:0e:c6:e3:0e:52:12:60:30:73:af:8d:01:70:
         01:32:de:59:61:20:d9:2f:52:ef:5d:af:0e:31:0b:7c:0e:cc:
         1d:6f:fc:a4:65:eb:09:60:ae:4c:92:af:f9:ec:2a:85:6e:ee:
         f7:2b:c5:1e:78:8a:d9:58:69:c5:e4:c7:d4:48:36:ec:29:dd:
         87:9a:ea:67:8f:73:00:45:bb:27:14:0e:89:33:40:73:e3:e4:
         aa:13:15:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJ5XMvpNpL8oOv5zl18GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNWU3NWRiY2NlNWZjZGQ5MWQ4YTk5ZTVhMWIyYzk5NWI4
MTI3NzUwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2UzOTE3NDBiYWM2MjQ2NmMyOGU1MTMxNGZmMjUzYTJhYTIxYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4OWS1Sm4IKgqQLK2T7LYpI7PuFg
NWuxTK3bw+o8oUMRTzcJJhVc28uzwMLcbD8OCRBXyPgSxKNl8JYgnofk6FXR8syk
fz0w1vtL3EsKYnObtPL+bKgMNR1ikwoUAOj4gNM1+5SZR7Lxfl7wwAeyfiIRhMM+
691fPD0e5WeTuKdTfzX4IWmd4mHNXQEYFy78H2irVlQDlXbcZUuHooDXFCbNWF1/
sLcGv9HxKLkSW/5NlMI9PAIPZTFz8lmEtZzmIN4ZxPgiTj/UnmLJ9iWVdCeEQGVP
XZwZP1mvqijnA0NQkv+VtAlKKlhvUghkmq7h7L3l7RrICiLuJqXEN/S4awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPjkXQLrGJGbCjlExT/JToqohwLMB8GA1UdIwQY
MBaAFHBeddvM5fzdkdipnlobLJlbgSd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Y1MTI4emxfTjJSMkttZVdoc3NtVnVCSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9jMWY0NDgtODgwOC00YTJmLWJmZmEt
ZjhiNDhiYWNjZDliLzEvWS1PUmRBdXNZa1pzS09VVEZQOGxPaXFpSEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9jMWY0NDgtODgwOC00YTJmLWJmZmEtZjhiNDhiYWNjZDli
LzEvY0Y1MTI4emxfTjJSMkttZVdoc3NtVnVCSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvIiIMA0G
CSqGSIb3DQEBCwUAA4IBAQBN+GO5I1At1CFuv2wyoftmAHLGHa3V6pyzzatmKKoF
jzJ0StWmVRtvalJgjWj5crevSAJp5BXUXr7QtZrIf5K9wFvG9UPxMzB+X44aIhb/
KOQHQNNS0EMjrQMcLOULO1w7GKHcCMtKAEDNAj/MBKH71PtHaUbXmmtEuywABqaf
LAPYt1Uy+pYncKDgnSjLg+nyDm8E1EZWFgkfrjLgr2AUp1Ue2hNK7g7G4w5SEmAw
c6+NAXABMt5ZYSDZL1LvXa8OMQt8Dswdb/ykZesJYK5Mkq/57CqFbu73K8UeeIrZ
WGnF5MfUSDbsKd2Hmupnj3MARbsnFA6JM0Bz4+SqExWc
-----END CERTIFICATE-----