Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/DhgKv9EWttCPWimr0cMYdix-VFM.roa
File:                     DhgKv9EWttCPWimr0cMYdix-VFM.roa (raw, json)
Hash identifier:          jt6Z6pHhL+jbqX5CBAxAInUF4d0Kgk2CfxAQbj8DhrM=
Subject key identifier:   0E:18:0A:BF:D1:16:B6:D0:8F:5A:29:AB:D1:C3:18:76:2C:7E:54:53
Certificate issuer:       /CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
Certificate serial:       01942521BA7129E635CF8697FA699D2C097C
Authority key identifier: 7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/DhgKv9EWttCPWimr0cMYdix-VFM.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35129
IP address blocks:        88.135.0.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ba:71:29:e6:35:cf:86:97:fa:69:9d:2c:09:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e180abfd116b6d08f5a29abd1c318762c7e5453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:aa:a3:3f:5e:c3:39:0b:20:c6:01:0d:b7:db:
                    04:9e:d7:43:ec:1d:63:d5:55:4a:40:38:1f:ee:4d:
                    29:a9:05:70:ee:95:42:9b:69:c6:27:39:c8:ef:2d:
                    5f:c7:3b:5f:8e:4a:3e:94:a7:d8:a5:3d:fe:34:0c:
                    06:02:dc:79:c2:b4:e0:30:93:0b:f7:7d:ab:dc:3c:
                    85:d2:1d:46:8f:6e:11:58:79:98:18:00:7c:0b:4f:
                    86:bb:7d:c9:e5:2f:5e:65:e2:69:f4:9d:f9:7e:86:
                    70:73:c4:40:7b:32:3f:d3:17:22:0b:df:d7:74:14:
                    fc:8f:15:c6:71:ef:8b:24:2a:c1:9b:cc:f2:f8:44:
                    55:c4:33:5b:73:51:08:10:88:8e:c8:83:18:f8:06:
                    48:f9:ca:16:ea:a1:8a:fb:e1:cd:98:7c:85:a1:a2:
                    27:15:ee:34:a2:10:90:8c:28:38:d4:bb:39:4e:c3:
                    25:05:e5:b8:20:4b:e4:93:33:76:44:62:0e:94:ef:
                    da:69:e5:eb:e5:e4:55:9e:d7:c4:bb:bb:e1:33:70:
                    2d:cb:10:69:2c:6a:f6:bf:2c:d2:44:ad:ee:57:63:
                    be:eb:77:64:a0:83:e7:cf:c8:c7:21:f7:30:71:f1:
                    ee:a1:c4:bf:9c:e9:b1:bf:be:bb:8b:d1:51:eb:a3:
                    83:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:18:0A:BF:D1:16:B6:D0:8F:5A:29:AB:D1:C3:18:76:2C:7E:54:53
            X509v3 Authority Key Identifier:
                keyid:7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/DhgKv9EWttCPWimr0cMYdix-VFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c8:9e:ad:31:a8:ce:df:65:af:7c:05:5c:5d:d9:1b:ab:86:03:
         97:94:7e:3f:3d:61:2f:b4:11:6a:4d:58:1e:74:f4:9e:74:e1:
         95:9c:ff:af:d2:6d:a0:08:93:12:82:50:bc:c7:d1:50:0a:21:
         c9:27:07:65:f3:36:6b:7c:6b:28:8f:9b:81:b2:8d:28:10:30:
         c3:30:73:50:11:e9:a7:ae:a9:ed:f9:5e:85:61:99:29:53:10:
         43:ed:fe:f0:bc:a7:4e:f6:0e:ea:cb:c8:47:bb:92:62:6c:c6:
         02:c1:dc:27:3c:b6:79:bb:02:9c:9c:15:5f:d2:6b:a8:88:3d:
         59:8c:ce:6a:e7:be:49:72:d7:41:d1:db:90:8d:c1:d8:c4:11:
         b5:d2:4e:12:14:d9:55:36:a0:d3:2e:57:82:e8:96:b6:91:73:
         06:99:9b:5a:67:43:53:b0:18:cb:aa:18:1b:b0:c7:e6:5c:f9:
         2b:4a:3b:e0:b7:08:cc:44:09:ef:93:d7:3d:58:b3:08:3f:3c:
         35:9e:30:93:6e:7c:74:a8:20:0f:ae:c3:a3:74:13:bd:0d:7f:
         9a:3c:3a:cc:06:c9:43:87:b1:08:62:57:24:59:24:0a:6f:21:
         38:4c:29:83:1b:3a:51:c7:15:fa:86:b1:b3:d6:a5:47:19:04:
         cb:4c:0c:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbpxKeY1z4aX+mmdLAl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTlhNWNjNjFmZWJkYjkxNmQ0NjI0YmJlOGMxMDg5NzM1
M2IwYzEwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE4MGFiZmQxMTZiNmQwOGY1YTI5YWJkMWMzMTg3NjJjN2U1NDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKqjP17DOQsgxgENt9sEntdD7B1j
1VVKQDgf7k0pqQVw7pVCm2nGJznI7y1fxztfjko+lKfYpT3+NAwGAtx5wrTgMJML
932r3DyF0h1Gj24RWHmYGAB8C0+Gu33J5S9eZeJp9J35foZwc8RAezI/0xciC9/X
dBT8jxXGce+LJCrBm8zy+ERVxDNbc1EIEIiOyIMY+AZI+coW6qGK++HNmHyFoaIn
Fe40ohCQjCg41Ls5TsMlBeW4IEvkkzN2RGIOlO/aaeXr5eRVntfEu7vhM3AtyxBp
LGr2vyzSRK3uV2O+63dkoIPnz8jHIfcwcfHuocS/nOmxv767i9FR66ODDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4YCr/RFrbQj1opq9HDGHYsflRTMB8GA1UdIwQY
MBaAFHpZpcxh/r25FtRiS76MEIlzU7DBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxtbHpHSC12YmtXMUdKTHZvd1FpWE5Uc01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9iMWFiMWItMGU5NS00YzNjLTg3Njgt
OTAzZDA4MzQ5NmU1LzEvRGhnS3Y5RVd0dENQV2ltcjBjTVlkaXgtVkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9iMWFiMWItMGU5NS00YzNjLTg3NjgtOTAzZDA4MzQ5NmU1
LzEvZWxtbHpHSC12YmtXMUdKTHZvd1FpWE5Uc01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWIcAMA0G
CSqGSIb3DQEBCwUAA4IBAQDInq0xqM7fZa98BVxd2RurhgOXlH4/PWEvtBFqTVge
dPSedOGVnP+v0m2gCJMSglC8x9FQCiHJJwdl8zZrfGsoj5uBso0oEDDDMHNQEemn
rqnt+V6FYZkpUxBD7f7wvKdO9g7qy8hHu5JibMYCwdwnPLZ5uwKcnBVf0muoiD1Z
jM5q575JctdB0duQjcHYxBG10k4SFNlVNqDTLleC6Ja2kXMGmZtaZ0NTsBjLqhgb
sMfmXPkrSjvgtwjMRAnvk9c9WLMIPzw1njCTbnx0qCAPrsOjdBO9DX+aPDrMBslD
h7EIYlckWSQKbyE4TCmDGzpRxxX6hrGz1qVHGQTLTAys
-----END CERTIFICATE-----