Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2o5lxS17-TuelE1Eo35Ac7B5RQI.roa
File:                     2o5lxS17-TuelE1Eo35Ac7B5RQI.roa (raw, json)
Hash identifier:          r0p74cT43WIPOHKiilDFyNpmu7ELpn61XsWmhxelkQE=
Subject key identifier:   DA:8E:65:C5:2D:7B:F9:3B:9E:94:4D:44:A3:7E:40:73:B0:79:45:02
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       01942445711E53F797206680F3003178ABF5
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2o5lxS17-TuelE1Eo35Ac7B5RQI.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        147.136.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:71:1e:53:f7:97:20:66:80:f3:00:31:78:ab:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da8e65c52d7bf93b9e944d44a37e4073b0794502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:37:f8:a6:2f:c7:6b:1b:f2:78:6f:cc:56:c0:
                    42:f9:07:10:e3:08:54:87:7c:9d:5a:ab:dd:c5:59:
                    f5:50:16:89:5b:74:41:45:b2:ef:c1:33:6d:44:91:
                    21:16:d6:2c:2d:f2:78:8d:a4:da:ac:02:95:33:6a:
                    77:8e:7e:13:f8:0f:f4:a5:ff:70:a2:57:64:f9:4d:
                    c4:5f:32:24:f6:0f:02:2a:bc:74:d0:0d:7c:ae:6f:
                    29:00:fd:9a:21:6b:97:c0:c5:c5:38:47:a0:52:b7:
                    5f:49:34:20:f9:b4:66:9e:1d:eb:9d:c7:4a:02:8b:
                    c0:44:77:4a:25:18:bb:a4:74:35:a9:9b:2d:dd:34:
                    bf:f8:21:1c:dc:a9:b5:1c:6b:e2:74:f7:26:f3:81:
                    75:44:f9:98:b7:26:48:73:3e:ff:2c:a7:5d:50:07:
                    d2:06:5e:58:90:54:51:5d:86:38:ae:18:95:e0:8c:
                    df:85:07:44:39:0e:59:ca:ce:8e:ee:84:62:f1:c9:
                    e5:29:03:f9:18:02:a2:19:bc:b3:f5:28:5d:27:6b:
                    f7:f6:85:60:b3:ca:25:0e:6c:c0:4a:40:f8:4d:7f:
                    07:85:5b:d4:9c:47:bc:b1:55:15:4a:6e:49:f0:78:
                    5f:9a:14:63:74:e4:36:8c:fb:f9:2d:1a:b3:9d:a3:
                    15:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:8E:65:C5:2D:7B:F9:3B:9E:94:4D:44:A3:7E:40:73:B0:79:45:02
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/2o5lxS17-TuelE1Eo35Ac7B5RQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.136.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:33:d3:66:c8:78:e4:be:57:5c:d5:1d:e6:f6:ac:af:a4:96:
         f5:4d:32:2b:85:dc:70:9a:f1:65:9b:c7:a7:14:10:4f:6e:3f:
         8c:19:9c:d4:41:4a:ca:d3:eb:8e:5b:60:80:e8:36:0a:50:90:
         ad:50:aa:21:b4:3a:21:f8:c9:25:67:40:5a:90:58:37:1f:4d:
         fe:13:1e:43:e0:76:5c:e8:e1:c6:fa:bd:be:75:ec:b1:d2:0d:
         26:e6:86:f9:f0:64:cd:56:cc:25:f1:dc:94:b3:22:62:2c:6e:
         fe:ca:7e:a2:6b:0b:38:ab:db:a5:f7:5e:81:1f:74:bb:b5:bb:
         d3:76:f9:39:8a:dc:bd:88:9a:45:96:e5:87:fe:6f:75:8b:a0:
         0e:62:35:97:a7:c9:a6:48:52:e5:08:1b:90:e7:3b:a2:78:ff:
         8e:6b:fe:d9:51:5c:50:15:ce:61:c2:8d:dc:6b:bb:1f:a9:8f:
         e8:60:d1:fa:21:33:c8:e5:f6:0e:5d:80:31:6f:33:2b:74:b0:
         ed:ab:e0:3f:61:5f:07:fd:ae:25:07:d5:4e:3e:64:22:47:b8:
         5d:88:99:03:58:a5:68:c5:1c:a0:11:96:f0:78:c0:ce:e2:4f:
         1a:4b:4e:17:90:24:8e:63:ba:7b:d7:5c:a8:a0:29:7a:bb:61:
         79:11:73:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXEeU/eXIGaA8wAxeKv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYThlNjVjNTJkN2JmOTNiOWU5NDRkNDRhMzdlNDA3M2IwNzk0NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjf4pi/HaxvyeG/MVsBC+QcQ4whU
h3ydWqvdxVn1UBaJW3RBRbLvwTNtRJEhFtYsLfJ4jaTarAKVM2p3jn4T+A/0pf9w
oldk+U3EXzIk9g8CKrx00A18rm8pAP2aIWuXwMXFOEegUrdfSTQg+bRmnh3rncdK
AovARHdKJRi7pHQ1qZst3TS/+CEc3Km1HGvidPcm84F1RPmYtyZIcz7/LKddUAfS
Bl5YkFRRXYY4rhiV4IzfhQdEOQ5Zys6O7oRi8cnlKQP5GAKiGbyz9ShdJ2v39oVg
s8olDmzASkD4TX8HhVvUnEe8sVUVSm5J8HhfmhRjdOQ2jPv5LRqznaMV3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqOZcUte/k7npRNRKN+QHOweUUCMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvMm81bHhTMTctVHVlbEUxRW8zNUFjN0I1UlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk4hYMA0G
CSqGSIb3DQEBCwUAA4IBAQA7M9NmyHjkvldc1R3m9qyvpJb1TTIrhdxwmvFlm8en
FBBPbj+MGZzUQUrK0+uOW2CA6DYKUJCtUKohtDoh+MklZ0BakFg3H03+Ex5D4HZc
6OHG+r2+deyx0g0m5ob58GTNVswl8dyUsyJiLG7+yn6iaws4q9ul916BH3S7tbvT
dvk5ity9iJpFluWH/m91i6AOYjWXp8mmSFLlCBuQ5zuieP+Oa/7ZUVxQFc5hwo3c
a7sfqY/oYNH6ITPI5fYOXYAxbzMrdLDtq+A/YV8H/a4lB9VOPmQiR7hdiJkDWKVo
xRygEZbweMDO4k8aS04XkCSOY7p711yooCl6u2F5EXMi
-----END CERTIFICATE-----