Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/D7oUSyhrzSWYYWl3XhQsUS72Yg4.roa
File:                     D7oUSyhrzSWYYWl3XhQsUS72Yg4.roa (raw, json)
Hash identifier:          gFrsONax/RUGkygvJXfVvu2wc5r7m/Z6tusuo2v3M6g=
Subject key identifier:   0F:BA:14:4B:28:6B:CD:25:98:61:69:77:5E:14:2C:51:2E:F6:62:0E
Certificate issuer:       /CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
Certificate serial:       019427B4F2AC7B14592FF155311E6F0732E5
Authority key identifier: AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/D7oUSyhrzSWYYWl3XhQsUS72Yg4.roa
Signing time:             Thu 02 Jan 2025 15:49:17 +0000
ROA not before:           Thu 02 Jan 2025 15:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204303
IP address blocks:        185.137.68.0/22 maxlen: 22
                          185.137.68.0/24 maxlen: 24
                          185.137.70.0/24 maxlen: 24
                          185.137.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:f2:ac:7b:14:59:2f:f1:55:31:1e:6f:07:32:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
        Validity
            Not Before: Jan  2 15:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fba144b286bcd25986169775e142c512ef6620e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3a:34:72:71:51:a1:ae:a7:b7:c2:9d:9e:8a:
                    ae:d7:5e:fc:37:38:03:47:3d:56:f6:21:97:cf:ed:
                    00:fc:2b:a5:47:61:dc:b2:19:dd:04:e6:78:7f:82:
                    71:9f:d8:cf:39:8c:09:4c:a1:d8:17:8b:0d:c2:ce:
                    3c:17:1b:38:23:e4:66:69:2c:22:35:18:43:3a:c9:
                    85:dd:bc:00:84:f3:44:3b:80:09:d0:c4:03:54:4a:
                    de:10:e1:1f:83:a3:de:66:c1:ab:35:a9:2f:30:e5:
                    f0:b5:97:95:9f:38:fc:68:17:4f:1f:22:25:e2:84:
                    bf:dc:12:39:20:c0:08:e9:4e:13:ee:ec:34:3d:ee:
                    ac:8d:d7:50:a0:1e:71:97:da:c6:3d:6d:02:07:87:
                    92:a5:ae:41:2c:4b:c9:d8:5b:cc:5d:b1:1d:96:01:
                    ff:ea:2f:5c:59:18:e4:09:a8:49:c0:b1:e1:b6:15:
                    73:b7:f9:c0:a9:b7:8c:85:96:17:e6:15:5d:48:e3:
                    2d:bd:4c:e1:b1:8b:e8:f2:9f:c9:64:de:fe:ad:5e:
                    d4:13:1f:a7:51:9b:95:e6:a3:d3:fb:6e:d5:fd:ba:
                    0b:82:06:b6:d2:7f:64:85:1b:03:bc:3b:d7:17:1b:
                    81:4c:eb:c7:af:64:2c:39:31:d2:5f:6e:89:30:b0:
                    24:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BA:14:4B:28:6B:CD:25:98:61:69:77:5E:14:2C:51:2E:F6:62:0E
            X509v3 Authority Key Identifier:
                keyid:AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/D7oUSyhrzSWYYWl3XhQsUS72Yg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:30:03:5f:4a:e0:84:cf:33:1a:96:25:10:2c:70:e9:d3:8b:
         82:2d:84:27:f2:8c:6e:a1:d5:51:00:7f:dc:c4:e2:83:3c:48:
         a4:10:54:49:52:fb:0f:00:72:10:a7:ac:22:85:83:cb:db:2b:
         4c:bd:53:26:fd:31:38:67:45:53:19:09:83:da:e3:f9:42:d5:
         e2:60:e9:97:27:d5:c2:a6:d1:f2:99:f6:01:33:5f:16:48:f8:
         c6:1e:d0:73:93:3a:fe:d2:70:86:09:07:29:62:6f:34:7e:54:
         97:a2:8e:a1:b0:d0:4b:c9:2c:58:6a:70:60:f4:b7:fc:e0:3d:
         a1:18:92:df:dc:23:75:01:43:cf:b4:6d:e2:da:3a:70:bf:4f:
         0a:97:f6:cd:a0:9e:91:fb:79:81:90:dc:0c:83:f7:92:d8:17:
         0c:42:5e:8d:71:12:4e:ae:55:4b:71:85:35:64:bf:8f:06:d7:
         5b:13:6f:a0:64:df:87:f9:40:af:39:d2:f1:df:2f:d2:06:24:
         fd:fc:93:03:ad:4b:c0:8f:da:c7:c2:34:ac:a6:6a:ed:7c:78:
         90:37:b4:b5:14:72:9c:a0:da:00:9d:df:64:63:7d:d4:db:d1:
         82:ad:35:61:fd:79:49:06:30:1f:40:61:03:bd:8c:13:92:82:
         6d:37:c5:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntPKsexRZL/FVMR5vBzLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNzM2Y2FmZGRiNmViYjhkN2M3Njk0M2Y0YTI3MWUwMzg1
MTBhYTkwHhcNMjUwMTAyMTU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJhMTQ0YjI4NmJjZDI1OTg2MTY5Nzc1ZTE0MmM1MTJlZjY2MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzo0cnFRoa6nt8Kdnoqu1178NzgD
Rz1W9iGXz+0A/CulR2HcshndBOZ4f4Jxn9jPOYwJTKHYF4sNws48Fxs4I+RmaSwi
NRhDOsmF3bwAhPNEO4AJ0MQDVEreEOEfg6PeZsGrNakvMOXwtZeVnzj8aBdPHyIl
4oS/3BI5IMAI6U4T7uw0Pe6sjddQoB5xl9rGPW0CB4eSpa5BLEvJ2FvMXbEdlgH/
6i9cWRjkCahJwLHhthVzt/nAqbeMhZYX5hVdSOMtvUzhsYvo8p/JZN7+rV7UEx+n
UZuV5qPT+27V/boLgga20n9khRsDvDvXFxuBTOvHr2QsOTHSX26JMLAkdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+6FEsoa80lmGFpd14ULFEu9mIOMB8GA1UdIwQY
MBaAFK5zbK/dtuu418dpQ/SiceA4UQqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2Mt
M2FhMTUwYTkyYWI3LzEvRDdvVVN5aHJ6U1dZWVdsM1hoUXNVUzcyWWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2MtM2FhMTUwYTkyYWI3
LzEvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYlEMA0G
CSqGSIb3DQEBCwUAA4IBAQBQMANfSuCEzzMaliUQLHDp04uCLYQn8oxuodVRAH/c
xOKDPEikEFRJUvsPAHIQp6wihYPL2ytMvVMm/TE4Z0VTGQmD2uP5QtXiYOmXJ9XC
ptHymfYBM18WSPjGHtBzkzr+0nCGCQcpYm80flSXoo6hsNBLySxYanBg9Lf84D2h
GJLf3CN1AUPPtG3i2jpwv08Kl/bNoJ6R+3mBkNwMg/eS2BcMQl6NcRJOrlVLcYU1
ZL+PBtdbE2+gZN+H+UCvOdLx3y/SBiT9/JMDrUvAj9rHwjSspmrtfHiQN7S1FHKc
oNoAnd9kY33U29GCrTVh/XlJBjAfQGEDvYwTkoJtN8U8
-----END CERTIFICATE-----