Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/1-W8soB7j9APk25v0dLdeJYYGd64.roa
File:                     1-W8soB7j9APk25v0dLdeJYYGd64.roa (raw, json)
Hash identifier:          XIj90J/o3h0TEBJj2DW5RTPwW3YKa0Pa3O9Mz8MU5Ho=
Subject key identifier:   F9:6F:2C:A0:1E:E3:F4:03:E4:DB:9B:F4:74:B7:5E:25:86:06:77:AE
Certificate issuer:       /CN=a98eebed9753f580bea75b352e706325a18d1447
Certificate serial:       01941F8C3DBB77E39FFC35596A047DDA953F
Authority key identifier: A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/1-W8soB7j9APk25v0dLdeJYYGd64.roa
Signing time:             Wed 01 Jan 2025 01:47:52 +0000
ROA not before:           Wed 01 Jan 2025 01:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12552
IP address blocks:        185.57.136.0/22 maxlen: 24
                          2a04:ddc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3d:bb:77:e3:9f:fc:35:59:6a:04:7d:da:95:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a98eebed9753f580bea75b352e706325a18d1447
        Validity
            Not Before: Jan  1 01:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f96f2ca01ee3f403e4db9bf474b75e25860677ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e1:3e:24:58:21:eb:9d:aa:7e:5c:1e:20:20:
                    a2:d7:bc:55:a8:cd:c7:f4:42:00:6a:9c:b2:e0:2e:
                    92:ae:b4:26:0c:5f:ee:17:05:6f:bc:a3:cf:70:22:
                    12:3a:ad:1f:23:fa:02:4b:11:cf:07:05:1f:0f:cc:
                    ae:77:2a:b3:ac:c2:5e:a1:07:7a:cf:11:2c:6e:31:
                    09:28:93:9b:a1:7f:36:04:01:32:f8:23:9e:20:a8:
                    df:f3:b8:b0:8d:60:d0:b0:bc:2d:78:2a:04:2e:4d:
                    1e:0e:e8:60:d5:30:f4:b5:b7:71:99:bd:aa:03:25:
                    32:18:db:b3:31:fd:f9:e5:82:96:15:e8:29:0a:60:
                    e5:94:76:8b:53:4e:1f:2e:90:61:68:1e:31:85:ad:
                    1c:f2:2c:88:20:89:75:f2:a3:61:5c:23:a0:f0:e8:
                    9e:b0:66:ab:93:71:c7:07:f2:c7:ca:ef:53:21:f5:
                    22:96:b4:c4:17:57:4c:2d:2f:70:5c:58:d5:cf:86:
                    31:35:12:c5:43:44:94:a5:53:34:f1:3a:c6:48:34:
                    6a:0d:c5:81:b5:e0:41:90:7d:65:93:22:b5:48:eb:
                    b1:b2:ae:18:54:74:a0:44:70:39:f5:66:f1:65:1e:
                    0e:55:ef:40:6f:94:5b:66:19:55:cc:fe:ee:53:d7:
                    23:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6F:2C:A0:1E:E3:F4:03:E4:DB:9B:F4:74:B7:5E:25:86:06:77:AE
            X509v3 Authority Key Identifier:
                keyid:A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/1-W8soB7j9APk25v0dLdeJYYGd64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.136.0/22
                IPv6:
                  2a04:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:0d:42:96:3f:39:3e:a0:b3:5b:95:2c:6b:7f:2c:c0:12:1b:
         e4:f2:69:f8:23:c2:4b:af:14:13:10:ee:a8:a8:27:e7:f0:b7:
         be:50:bc:1f:b4:17:9f:b2:53:ba:5c:96:c4:a4:64:a4:82:67:
         75:6a:b8:c9:59:2f:65:97:2e:c2:01:59:eb:a7:d8:7c:97:20:
         22:cc:33:67:a5:8c:b1:fc:30:f4:07:af:02:a3:15:54:3e:35:
         34:ff:33:ba:69:bd:05:fd:c1:27:f8:34:53:d8:2b:fc:5c:f8:
         44:68:f1:a7:8c:94:3b:a3:f9:80:28:30:fa:7b:e9:ab:1d:10:
         78:e9:6e:64:09:11:aa:8c:2a:79:b0:74:f6:72:67:88:55:4b:
         96:0c:1f:95:e2:eb:7a:dc:e1:68:08:2c:4d:45:af:25:ce:96:
         bc:91:16:7d:f6:37:53:a8:3b:a6:39:63:47:38:7b:ec:ca:9c:
         c8:d8:45:f9:22:2d:08:eb:92:d4:16:4f:58:4c:b1:9c:78:6b:
         2c:e1:70:7c:f2:a8:db:fc:55:bc:06:c0:9d:81:e2:68:8e:44:
         08:ff:99:7a:ee:cc:16:ba:38:6e:b8:e7:d3:64:25:51:5d:e7:
         a0:15:dd:9d:6a:8d:f1:c2:30:a9:44:a0:75:9d:6e:76:93:8f:
         50:0f:38:95
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQfjD27d+Of/DVZagR92pU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OGVlYmVkOTc1M2Y1ODBiZWE3NWIzNTJlNzA2MzI1YTE4
ZDE0NDcwHhcNMjUwMTAxMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZmMmNhMDFlZTNmNDAzZTRkYjliZjQ3NGI3NWUyNTg2MDY3N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreE+JFgh652qflweICCi17xVqM3H
9EIAapyy4C6SrrQmDF/uFwVvvKPPcCISOq0fI/oCSxHPBwUfD8yudyqzrMJeoQd6
zxEsbjEJKJOboX82BAEy+COeIKjf87iwjWDQsLwteCoELk0eDuhg1TD0tbdxmb2q
AyUyGNuzMf355YKWFegpCmDllHaLU04fLpBhaB4xha0c8iyIIIl18qNhXCOg8Oie
sGark3HHB/LHyu9TIfUilrTEF1dMLS9wXFjVz4YxNRLFQ0SUpVM08TrGSDRqDcWB
teBBkH1lkyK1SOuxsq4YVHSgRHA59WbxZR4OVe9Ab5RbZhlVzP7uU9cjTQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPlvLKAe4/QD5Nub9HS3XiWGBneuMB8GA1UdIwQY
MBaAFKmO6+2XU/WAvqdbNS5wYyWhjRRHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVk3cjdaZFQ5WUMtcDFzMUxuQmpKYUdORkVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hNzQ3NDQtZWQ0OC00NzA3LWE2M2Ut
NTJmNjkxOTEzOWM0LzEvMS1XOHNvQjdqOUFQazI1djBkTGRlSllZR2Q2NC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvYTc0NzQ0LWVkNDgtNDcwNy1hNjNlLTUyZjY5MTkxMzlj
NC8xL3FZN3I3WmRUOVlDLXAxczFMbkJqSmFHTkZFYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArk5iDAN
BAIAAjAHAwUDKgTdwDANBgkqhkiG9w0BAQsFAAOCAQEAOg1Clj85PqCzW5Usa38s
wBIb5PJp+CPCS68UExDuqKgn5/C3vlC8H7QXn7JTulyWxKRkpIJndWq4yVkvZZcu
wgFZ66fYfJcgIswzZ6WMsfww9AevAqMVVD41NP8zumm9Bf3BJ/g0U9gr/Fz4RGjx
p4yUO6P5gCgw+nvpqx0QeOluZAkRqowqebB09nJniFVLlgwfleLretzhaAgsTUWv
Jc6WvJEWffY3U6g7pjljRzh77MqcyNhF+SItCOuS1BZPWEyxnHhrLOFwfPKo2/xV
vAbAnYHiaI5ECP+Zeu7MFro4brjn02QlUV3noBXdnWqN8cIwqUSgdZ1udpOPUA84
lQ==
-----END CERTIFICATE-----