Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/u-IVPqMn3ZrCPC8XbI4PzxSULi0.roa
File:                     u-IVPqMn3ZrCPC8XbI4PzxSULi0.roa (raw, json)
Hash identifier:          6oacQwqLQGAgLQkUClQiQ+X9Bame8BseR62OwV25Cvs=
Subject key identifier:   BB:E2:15:3E:A3:27:DD:9A:C2:3C:2F:17:6C:8E:0F:CF:14:94:2E:2D
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3AA3447E93A34B27CFBDEC262E1FA
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/u-IVPqMn3ZrCPC8XbI4PzxSULi0.roa
Signing time:             Thu 02 Jan 2025 15:47:53 +0000
ROA not before:           Thu 02 Jan 2025 15:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203268
IP address blocks:        136.144.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:aa:34:47:e9:3a:34:b2:7c:fb:de:c2:62:e1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbe2153ea327dd9ac23c2f176c8e0fcf14942e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:b7:2b:ea:85:46:c9:1c:a2:cc:d6:a6:98:
                    e8:83:62:c7:80:4b:d3:9f:af:67:7b:b3:c4:31:fb:
                    c9:c6:37:b9:5c:e6:0f:0f:4b:25:53:82:32:5c:5a:
                    f1:37:c9:35:b3:a1:9b:7d:cb:07:8a:8b:77:19:13:
                    aa:31:c5:a6:9a:6d:e0:25:d3:e0:17:b0:d4:16:54:
                    25:27:75:0f:b1:53:4b:cd:f7:eb:12:15:9d:61:4b:
                    59:5c:13:b6:73:43:d3:4e:99:d0:72:32:64:ff:5a:
                    a3:88:06:c4:c4:b6:e9:10:b5:e9:c4:34:29:1c:fa:
                    1f:ba:63:ad:e1:f7:96:23:02:69:9f:12:89:f0:da:
                    64:d1:4d:1b:f1:47:7e:85:ca:29:1c:54:e6:3a:c3:
                    b6:85:ab:7a:92:d6:f9:c7:84:b3:58:90:d9:27:5a:
                    5f:50:8e:17:09:3b:37:c5:62:83:27:2f:12:07:3f:
                    09:16:b5:e5:4a:be:85:19:3f:7f:f4:f6:00:37:55:
                    8e:ca:40:7e:b0:cc:42:4f:f9:c3:8e:81:52:aa:b3:
                    ca:17:04:fc:c3:3d:dd:93:92:d6:41:26:7c:7e:3b:
                    3b:f2:73:ef:6f:1a:35:a5:f0:25:28:21:7c:39:f0:
                    5e:f4:65:dc:78:dd:69:f7:80:fd:5e:ce:94:19:cb:
                    20:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E2:15:3E:A3:27:DD:9A:C2:3C:2F:17:6C:8E:0F:CF:14:94:2E:2D
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/u-IVPqMn3ZrCPC8XbI4PzxSULi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.144.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:3c:d9:57:3b:f2:88:01:19:f4:19:de:11:cf:c0:7d:5d:e4:
         0d:8b:9f:b1:39:f9:85:43:93:ba:22:16:f2:f0:02:3e:a3:fb:
         bc:25:fa:9b:d1:df:d4:5a:f5:5d:fb:c3:cd:12:f0:16:ff:f5:
         9c:d2:87:a6:5f:c4:2a:13:a6:f7:4f:b7:f8:a0:ba:e3:5e:01:
         ec:9a:79:63:63:e8:4a:17:ff:1f:7b:a9:9d:ad:7f:6b:19:a7:
         b5:5f:bc:5a:ea:1a:f2:b5:9a:10:95:32:39:d2:ea:a3:21:8b:
         0e:af:ec:5c:61:49:0a:53:22:b5:e8:8b:a1:14:a5:b5:6b:c9:
         4c:7f:03:4b:0e:ca:87:e9:7d:1c:70:c8:30:4e:16:46:fc:c8:
         c7:0c:ba:63:d3:d9:51:a8:e9:3f:ed:83:e1:d0:8f:83:d3:00:
         86:3c:78:66:3b:35:99:34:5c:c6:b5:2f:ba:ec:38:6f:ba:02:
         37:07:bd:02:e7:25:fe:5e:1c:42:ed:13:ae:a6:57:c6:64:7a:
         e4:5e:3c:2d:6b:b5:57:a0:b3:dc:8f:b7:fc:13:20:7a:c1:c9:
         b8:cf:e3:44:3a:13:ac:d3:31:28:97:56:84:95:f9:49:5b:dc:
         bf:1c:7f:de:af:32:9d:dd:d7:88:6a:4f:72:6c:46:d5:40:65:
         ed:d4:6d:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns6o0R+k6NLJ8+97CYuH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmUyMTUzZWEzMjdkZDlhYzIzYzJmMTc2YzhlMGZjZjE0OTQyZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3e3K+qFRskcoszWppjog2LHgEvT
n69ne7PEMfvJxje5XOYPD0slU4IyXFrxN8k1s6GbfcsHiot3GROqMcWmmm3gJdPg
F7DUFlQlJ3UPsVNLzffrEhWdYUtZXBO2c0PTTpnQcjJk/1qjiAbExLbpELXpxDQp
HPofumOt4feWIwJpnxKJ8Npk0U0b8Ud+hcopHFTmOsO2hat6ktb5x4SzWJDZJ1pf
UI4XCTs3xWKDJy8SBz8JFrXlSr6FGT9/9PYAN1WOykB+sMxCT/nDjoFSqrPKFwT8
wz3dk5LWQSZ8fjs78nPvbxo1pfAlKCF8OfBe9GXceN1p94D9Xs6UGcsgnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLviFT6jJ92awjwvF2yOD88UlC4tMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvdS1JVlBxTW4zWnJDUEM4WGJJNFB6eFNVTGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCiJAsMA0G
CSqGSIb3DQEBCwUAA4IBAQB4PNlXO/KIARn0Gd4Rz8B9XeQNi5+xOfmFQ5O6Ihby
8AI+o/u8Jfqb0d/UWvVd+8PNEvAW//Wc0oemX8QqE6b3T7f4oLrjXgHsmnljY+hK
F/8fe6mdrX9rGae1X7xa6hrytZoQlTI50uqjIYsOr+xcYUkKUyK16IuhFKW1a8lM
fwNLDsqH6X0ccMgwThZG/MjHDLpj09lRqOk/7YPh0I+D0wCGPHhmOzWZNFzGtS+6
7DhvugI3B70C5yX+XhxC7ROuplfGZHrkXjwta7VXoLPcj7f8EyB6wcm4z+NEOhOs
0zEol1aElflJW9y/HH/erzKd3deIak9ybEbVQGXt1G3u
-----END CERTIFICATE-----