Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/Lh4J1VP02-oTK-HxM-W2DuWref8.roa
File:                     Lh4J1VP02-oTK-HxM-W2DuWref8.roa (raw, json)
Hash identifier:          W28vw4gwp9YROhgcttiVHyEse6JN5PCY1Q1d5LlTtlY=
Subject key identifier:   2E:1E:09:D5:53:F4:DB:EA:13:2B:E1:F1:33:E5:B6:0E:E5:AB:79:FF
Certificate issuer:       /CN=0b0a940cfd2eefe82f570fafc4fdc5bd07941a06
Certificate serial:       0194221F986E7E1BC65F34148B4EFA3D6E09
Authority key identifier: 0B:0A:94:0C:FD:2E:EF:E8:2F:57:0F:AF:C4:FD:C5:BD:07:94:1A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CwqUDP0u7-gvVw-vxP3FvQeUGgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/Lh4J1VP02-oTK-HxM-W2DuWref8.roa
Signing time:             Wed 01 Jan 2025 13:48:03 +0000
ROA not before:           Wed 01 Jan 2025 13:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17158
IP address blocks:        139.28.145.0/24 maxlen: 24
                          139.28.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/CwqUDP0u7-gvVw-vxP3FvQeUGgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/CwqUDP0u7-gvVw-vxP3FvQeUGgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CwqUDP0u7-gvVw-vxP3FvQeUGgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:98:6e:7e:1b:c6:5f:34:14:8b:4e:fa:3d:6e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b0a940cfd2eefe82f570fafc4fdc5bd07941a06
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e1e09d553f4dbea132be1f133e5b60ee5ab79ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:ec:79:7e:95:6b:59:43:46:cd:a4:33:12:
                    2f:8a:87:c1:bc:ad:f4:65:21:b2:15:9b:7e:0a:92:
                    c4:dc:be:91:d1:f1:9e:a1:94:4f:3e:ac:63:b2:4b:
                    59:06:36:8e:43:e1:6c:73:dc:01:c0:22:b0:f3:f4:
                    0d:84:5b:96:ef:68:3e:93:26:d1:6d:88:fa:fc:c1:
                    a2:95:22:f6:1a:b8:a6:83:fd:0a:81:0f:2c:bd:5d:
                    71:9b:54:da:05:15:ad:ed:3f:15:4d:25:ac:a9:22:
                    7f:e1:9f:07:1d:60:fb:c7:1e:c5:f7:fc:5c:67:ab:
                    d8:b0:d8:01:b8:b9:f0:b3:cd:20:21:1a:99:8b:09:
                    58:f6:f7:81:67:ac:ff:e4:e2:4b:ad:bd:c2:33:3e:
                    9e:a5:78:60:7a:b8:7b:ab:b2:ac:d8:b9:cf:3a:58:
                    2d:29:d1:7b:bd:08:f3:44:bb:0b:b4:a7:6a:18:0a:
                    c7:21:c4:84:05:16:d5:87:d5:4f:b4:7f:55:72:2e:
                    a6:89:99:bf:1b:17:37:15:90:d2:89:4c:71:a9:96:
                    6f:e1:3a:37:99:fe:e7:de:df:2e:5c:ca:ff:fe:40:
                    0d:b3:60:8a:79:aa:8f:3d:1f:04:76:19:cd:6e:26:
                    b7:e5:92:e5:d7:ad:f0:55:0b:dc:3d:6d:70:a3:d9:
                    29:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1E:09:D5:53:F4:DB:EA:13:2B:E1:F1:33:E5:B6:0E:E5:AB:79:FF
            X509v3 Authority Key Identifier:
                keyid:0B:0A:94:0C:FD:2E:EF:E8:2F:57:0F:AF:C4:FD:C5:BD:07:94:1A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CwqUDP0u7-gvVw-vxP3FvQeUGgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/Lh4J1VP02-oTK-HxM-W2DuWref8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/305475-b224-4ea8-91ae-6e4cd836c7cb/1/CwqUDP0u7-gvVw-vxP3FvQeUGgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.145.0-139.28.146.255

    Signature Algorithm: sha256WithRSAEncryption
         36:02:a6:5a:a5:1e:d7:d1:d0:2d:71:9d:a5:7a:f2:7f:07:a1:
         55:62:e3:aa:7f:12:ad:52:88:20:0a:d5:ab:40:0a:17:18:f0:
         7a:bc:c8:13:5d:08:9d:c7:4f:39:6c:25:fd:25:4f:53:1e:68:
         f4:13:d6:6c:d7:e1:03:28:49:f0:4b:73:c8:b5:ac:c5:08:76:
         ac:d5:5b:a3:92:d3:27:be:12:98:b2:58:80:07:75:07:46:49:
         25:cf:1c:dc:dd:53:e5:6c:a6:71:63:5a:4a:1d:53:10:04:20:
         ff:44:8e:f2:d3:c7:9b:34:c5:ed:f3:f1:6e:5b:38:69:5b:cb:
         8e:d1:40:43:3b:87:0a:99:88:2d:4c:3d:48:94:38:47:27:77:
         6a:5e:c5:59:a3:6a:f0:d8:54:56:08:bc:f2:7a:da:f3:3c:35:
         22:4a:03:20:13:7e:10:49:cc:41:a5:f0:4a:23:8b:8f:9a:c3:
         23:45:21:7c:84:17:3b:c3:1b:9c:50:36:f9:a5:e0:c0:e1:f1:
         8b:56:52:00:5a:3a:57:bf:46:ee:07:27:77:a2:ae:89:e4:53:
         9a:95:e6:f1:a3:be:15:1b:d7:e8:89:d1:86:54:9d:cc:73:90:
         e8:32:44:8e:83:80:f1:9b:6d:e5:de:d3:7b:80:ed:e7:73:2e:
         aa:2d:ed:42
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH5hufhvGXzQUi076PW4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMGE5NDBjZmQyZWVmZTgyZjU3MGZhZmM0ZmRjNWJkMDc5
NDFhMDYwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFlMDlkNTUzZjRkYmVhMTMyYmUxZjEzM2U1YjYwZWU1YWI3OWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF7seX6Va1lDRs2kMxIviofBvK30
ZSGyFZt+CpLE3L6R0fGeoZRPPqxjsktZBjaOQ+Fsc9wBwCKw8/QNhFuW72g+kybR
bYj6/MGilSL2Grimg/0KgQ8svV1xm1TaBRWt7T8VTSWsqSJ/4Z8HHWD7xx7F9/xc
Z6vYsNgBuLnws80gIRqZiwlY9veBZ6z/5OJLrb3CMz6epXhgerh7q7Ks2LnPOlgt
KdF7vQjzRLsLtKdqGArHIcSEBRbVh9VPtH9Vci6miZm/Gxc3FZDSiUxxqZZv4To3
mf7n3t8uXMr//kANs2CKeaqPPR8EdhnNbia35ZLl163wVQvcPW1wo9kpdwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC4eCdVT9NvqEyvh8TPltg7lq3n/MB8GA1UdIwQY
MBaAFAsKlAz9Lu/oL1cPr8T9xb0HlBoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3dxVURQMHU3LWd2VnctdnhQM0Z2UWVVR2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMDU0NzUtYjIyNC00ZWE4LTkxYWUt
NmU0Y2Q4MzZjN2NiLzEvTGg0SjFWUDAyLW9USy1IeE0tVzJEdVdyZWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMDU0NzUtYjIyNC00ZWE4LTkxYWUtNmU0Y2Q4MzZjN2Ni
LzEvQ3dxVURQMHU3LWd2VnctdnhQM0Z2UWVVR2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACLHJED
BACLHJIwDQYJKoZIhvcNAQELBQADggEBADYCplqlHtfR0C1xnaV68n8HoVVi46p/
Eq1SiCAK1atAChcY8Hq8yBNdCJ3HTzlsJf0lT1MeaPQT1mzX4QMoSfBLc8i1rMUI
dqzVW6OS0ye+EpiyWIAHdQdGSSXPHNzdU+VspnFjWkodUxAEIP9EjvLTx5s0xe3z
8W5bOGlby47RQEM7hwqZiC1MPUiUOEcnd2pexVmjavDYVFYIvPJ62vM8NSJKAyAT
fhBJzEGl8Eoji4+awyNFIXyEFzvDG5xQNvml4MDh8YtWUgBaOle/Ru4HJ3eironk
U5qV5vGjvhUb1+iJ0YZUncxzkOgyRI6DgPGbbeXe03uA7edzLqot7UI=
-----END CERTIFICATE-----