Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/CmOI9SR69ovMKrxlDxbUWh5QUU0.roa
File:                     CmOI9SR69ovMKrxlDxbUWh5QUU0.roa (raw, json)
Hash identifier:          ebd4rV/RF1OTbOXyyPqPuU0N5clQOOerkc0GReb1J2w=
Subject key identifier:   0A:63:88:F5:24:7A:F6:8B:CC:2A:BC:65:0F:16:D4:5A:1E:50:51:4D
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       01942745CD1414A59ECE8A639FBFB1DE457A
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/CmOI9SR69ovMKrxlDxbUWh5QUU0.roa
Signing time:             Thu 02 Jan 2025 13:47:53 +0000
ROA not before:           Thu 02 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        37.1.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:cd:14:14:a5:9e:ce:8a:63:9f:bf:b1:de:45:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a6388f5247af68bcc2abc650f16d45a1e50514d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b9:63:1a:7c:56:9f:7c:65:10:2c:ee:9e:77:
                    5e:08:b7:84:4c:d4:34:86:26:ec:b7:e4:74:29:8d:
                    62:6d:43:43:20:a4:00:ca:ce:67:3f:50:b8:f0:01:
                    39:e8:11:aa:ce:fe:3b:70:27:ae:29:8c:6c:a3:80:
                    4d:15:7d:37:bc:5f:41:d8:97:3f:44:54:0d:10:33:
                    bd:f6:c9:d8:fb:0d:90:41:e6:f9:01:96:06:5c:97:
                    18:80:75:f0:57:e5:09:77:c1:92:28:6c:94:2d:70:
                    b5:b1:9b:d7:55:03:0f:a5:55:9f:63:11:d0:b0:fd:
                    8f:22:e1:47:14:56:05:d7:7f:90:f7:b4:0e:6b:c9:
                    7b:43:f4:07:a4:92:40:a9:71:78:9b:f3:8a:e2:7e:
                    eb:94:0a:69:c1:d1:6b:82:c0:bb:82:80:ba:59:ac:
                    9e:e7:39:ce:77:72:8a:7c:40:ee:e7:0d:9f:87:d2:
                    ef:fe:e1:64:80:77:cd:63:80:84:76:33:02:dc:4f:
                    e9:15:e8:ef:4c:9b:52:64:ae:fa:33:53:27:f9:b7:
                    57:2d:7d:a9:0f:4b:9b:35:e6:77:e8:eb:4e:5b:e9:
                    ce:7b:76:a6:28:85:04:92:09:2a:a7:c3:94:af:a6:
                    b6:fc:0d:3a:8a:65:63:51:37:e7:3f:7f:62:1f:fe:
                    20:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:63:88:F5:24:7A:F6:8B:CC:2A:BC:65:0F:16:D4:5A:1E:50:51:4D
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/CmOI9SR69ovMKrxlDxbUWh5QUU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:d8:14:3b:24:cd:39:e2:9f:39:83:ab:65:74:0d:f2:c3:d7:
         c3:1e:69:8f:d6:39:96:65:38:a7:5d:a9:bf:c8:7d:35:e5:bb:
         14:1c:7a:4a:28:5a:b5:fe:fe:a0:d7:a3:71:2e:a3:b7:aa:85:
         7c:55:19:1e:c4:84:38:d9:2e:8f:91:f7:e2:3d:cb:86:c8:1d:
         78:e6:4b:ff:1d:c9:14:39:e5:0f:81:0d:51:2d:eb:a7:d4:cd:
         6b:2a:b5:f6:90:3f:9a:2f:23:ac:87:5a:7f:75:6f:7b:3f:7f:
         22:08:0e:32:8e:c2:5d:72:a4:b8:ac:a6:71:2f:e4:a2:9e:e8:
         00:9d:24:25:50:2a:0c:69:72:d1:ae:9f:92:a3:2c:fd:6f:39:
         ea:9a:bd:9b:0b:dd:ea:66:9b:9b:92:a6:e5:9f:1f:30:24:11:
         97:f6:aa:85:ed:78:2c:36:84:bb:cf:bf:0d:3e:41:c7:ff:36:
         c2:b8:98:d6:eb:ab:6b:94:65:e3:1c:4a:46:a8:64:9a:a9:b7:
         f9:da:9e:d5:20:84:0e:9e:cc:9c:db:f9:fb:a8:9c:4e:c1:cb:
         d0:b6:71:0d:7a:a6:78:e1:0f:1f:59:f8:ea:57:67:8e:db:d5:
         37:1d:42:63:03:4f:6e:ae:b8:39:24:4b:00:81:70:78:15:6b:
         43:0d:71:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRc0UFKWezopjn7+x3kV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwMTAyMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYzODhmNTI0N2FmNjhiY2MyYWJjNjUwZjE2ZDQ1YTFlNTA1MTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbljGnxWn3xlECzunndeCLeETNQ0
hibst+R0KY1ibUNDIKQAys5nP1C48AE56BGqzv47cCeuKYxso4BNFX03vF9B2Jc/
RFQNEDO99snY+w2QQeb5AZYGXJcYgHXwV+UJd8GSKGyULXC1sZvXVQMPpVWfYxHQ
sP2PIuFHFFYF13+Q97QOa8l7Q/QHpJJAqXF4m/OK4n7rlAppwdFrgsC7goC6Waye
5znOd3KKfEDu5w2fh9Lv/uFkgHfNY4CEdjMC3E/pFejvTJtSZK76M1Mn+bdXLX2p
D0ubNeZ36OtOW+nOe3amKIUEkgkqp8OUr6a2/A06imVjUTfnP39iH/4gpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApjiPUkevaLzCq8ZQ8W1FoeUFFNMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvQ21PSTlTUjY5b3ZNS3J4bER4YlVXaDVRVVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJQGTMA0G
CSqGSIb3DQEBCwUAA4IBAQAE2BQ7JM054p85g6tldA3yw9fDHmmP1jmWZTinXam/
yH015bsUHHpKKFq1/v6g16NxLqO3qoV8VRkexIQ42S6PkffiPcuGyB145kv/HckU
OeUPgQ1RLeun1M1rKrX2kD+aLyOsh1p/dW97P38iCA4yjsJdcqS4rKZxL+SinugA
nSQlUCoMaXLRrp+Soyz9bznqmr2bC93qZpubkqblnx8wJBGX9qqF7XgsNoS7z78N
PkHH/zbCuJjW66trlGXjHEpGqGSaqbf52p7VIIQOnsyc2/n7qJxOwcvQtnENeqZ4
4Q8fWfjqV2eO29U3HUJjA09urrg5JEsAgXB4FWtDDXGe
-----END CERTIFICATE-----