Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/pPQq_lolA8g8QxXqDDucDfwuETo.roa
File:                     pPQq_lolA8g8QxXqDDucDfwuETo.roa (raw, json)
Hash identifier:          L1m+KNUP0y0o8T6Tj0pDmrtwsUBi0b51YKd4t4w0w/g=
Subject key identifier:   A4:F4:2A:FE:5A:25:03:C8:3C:43:15:EA:0C:3B:9C:0D:FC:2E:11:3A
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       01942745CE61B060A09D98CB459CC30489FF
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/pPQq_lolA8g8QxXqDDucDfwuETo.roa
Signing time:             Thu 02 Jan 2025 13:47:53 +0000
ROA not before:           Thu 02 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50941
IP address blocks:        185.88.135.0/24 maxlen: 24
                          185.172.50.0/24 maxlen: 24
                          185.172.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:ce:61:b0:60:a0:9d:98:cb:45:9c:c3:04:89:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f42afe5a2503c83c4315ea0c3b9c0dfc2e113a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5a:6a:1f:09:04:02:10:3e:2c:cc:e7:c1:77:
                    50:12:0e:67:cc:60:fa:91:3e:47:1d:8f:98:51:1a:
                    e7:9b:7a:25:09:71:4b:68:2b:40:a4:e8:9a:f0:d6:
                    14:8d:db:44:f7:bc:df:61:45:20:bd:5a:9c:8c:b5:
                    ef:22:95:4e:48:71:69:49:ed:d8:9a:08:c3:3f:f3:
                    e1:78:3a:d7:0a:fd:c7:e3:f4:47:24:36:ed:c3:56:
                    f0:f0:0f:f5:15:dc:83:ad:3c:8b:3b:b4:91:4e:03:
                    99:88:8e:e7:b2:22:7f:8c:06:f1:07:58:1c:1e:0f:
                    91:ab:09:65:50:d3:6a:47:a2:32:e3:0c:88:0a:65:
                    1d:70:8a:33:0a:a0:14:2c:27:e5:7b:cb:23:b9:85:
                    22:dc:a3:12:79:b9:b9:d5:6e:d7:b5:9e:01:cb:1d:
                    b5:79:4b:b2:86:b7:82:1d:10:81:4a:41:47:a7:0d:
                    0f:e1:ba:bc:0c:86:00:4e:12:bd:06:c3:a6:8b:6a:
                    d6:2b:1d:20:84:26:6e:6c:4f:8b:ac:7a:97:7d:37:
                    34:97:bc:ed:10:2a:3e:10:41:b9:08:bc:3c:c0:c1:
                    2e:a6:79:69:b3:64:d9:3a:e6:55:7c:b7:88:2d:39:
                    f0:35:39:50:a0:41:94:3e:8b:68:9f:04:65:e5:dc:
                    94:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F4:2A:FE:5A:25:03:C8:3C:43:15:EA:0C:3B:9C:0D:FC:2E:11:3A
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/pPQq_lolA8g8QxXqDDucDfwuETo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.135.0/24
                  185.172.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:d6:49:9c:5a:a7:18:76:06:8a:e5:64:27:68:b2:e9:bd:de:
         8b:58:08:8b:c0:fb:8c:92:f6:d6:3b:23:a5:65:b8:60:41:7e:
         1c:8c:65:85:8d:11:52:61:d4:71:34:e6:da:1c:d5:9e:d5:54:
         87:42:f5:2b:2d:e7:d7:89:18:96:64:fa:ca:6b:cb:b8:40:27:
         86:be:70:32:e4:3b:76:5e:df:07:e1:07:b9:d6:a6:f0:7a:c4:
         27:d3:f0:0b:72:86:f2:86:71:48:bf:aa:0c:7e:4a:e4:92:c8:
         84:a3:38:34:14:d1:cf:3a:84:41:ac:f4:64:01:ae:72:c1:e7:
         a2:a2:db:f5:2b:7d:df:72:96:3d:a9:ae:96:a9:67:7d:df:73:
         70:47:f3:65:16:55:aa:38:0d:fe:78:5c:ff:b2:c9:d7:59:21:
         88:c6:a3:97:f9:75:b8:d8:3b:6c:d4:c8:11:3d:80:42:80:de:
         0b:50:57:f8:3e:ad:ca:ba:1d:aa:f7:37:fd:46:58:c5:71:77:
         7a:c3:8f:41:a1:72:69:5a:4b:49:18:02:ce:04:a6:72:0c:eb:
         5f:04:d4:14:3e:56:68:46:fc:d9:0b:39:b9:d7:44:8f:2a:05:
         1e:c9:9b:0a:29:c5:46:70:0a:e2:0f:bf:82:8f:1a:6d:66:69:
         d2:d9:e5:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRc5hsGCgnZjLRZzDBIn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwMTAyMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY0MmFmZTVhMjUwM2M4M2M0MzE1ZWEwYzNiOWMwZGZjMmUxMTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVpqHwkEAhA+LMznwXdQEg5nzGD6
kT5HHY+YURrnm3olCXFLaCtApOia8NYUjdtE97zfYUUgvVqcjLXvIpVOSHFpSe3Y
mgjDP/PheDrXCv3H4/RHJDbtw1bw8A/1FdyDrTyLO7SRTgOZiI7nsiJ/jAbxB1gc
Hg+RqwllUNNqR6Iy4wyICmUdcIozCqAULCfle8sjuYUi3KMSebm51W7XtZ4Byx21
eUuyhreCHRCBSkFHpw0P4bq8DIYAThK9BsOmi2rWKx0ghCZubE+LrHqXfTc0l7zt
ECo+EEG5CLw8wMEupnlps2TZOuZVfLeILTnwNTlQoEGUPotonwRl5dyU3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKT0Kv5aJQPIPEMV6gw7nA38LhE6MB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvcFBRcV9sb2xBOGc4UXhYcUREdWNEZnd1RVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuViHAwQB
uawyMA0GCSqGSIb3DQEBCwUAA4IBAQB71kmcWqcYdgaK5WQnaLLpvd6LWAiLwPuM
kvbWOyOlZbhgQX4cjGWFjRFSYdRxNObaHNWe1VSHQvUrLefXiRiWZPrKa8u4QCeG
vnAy5Dt2Xt8H4Qe51qbwesQn0/ALcobyhnFIv6oMfkrkksiEozg0FNHPOoRBrPRk
Aa5yweeiotv1K33fcpY9qa6WqWd933NwR/NlFlWqOA3+eFz/ssnXWSGIxqOX+XW4
2Dts1MgRPYBCgN4LUFf4Pq3Kuh2q9zf9RljFcXd6w49BoXJpWktJGALOBKZyDOtf
BNQUPlZoRvzZCzm510SPKgUeyZsKKcVGcAriD7+CjxptZmnS2eXk
-----END CERTIFICATE-----