Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/ol7J2Hvjmb5X-K2OVwqn9laMR1o.roa
File:                     ol7J2Hvjmb5X-K2OVwqn9laMR1o.roa (raw, json)
Hash identifier:          eQqCRMd4r4yuoCt7TNNg0VZgfQMMOGRkxRWIPXje6c8=
Subject key identifier:   A2:5E:C9:D8:7B:E3:99:BE:57:F8:AD:8E:57:0A:A7:F6:56:8C:47:5A
Certificate issuer:       /CN=b152ac8d369911ef2c13f93f999ba663c18e1133
Certificate serial:       01984FF5CAABDEE44F2312E1C23FE9969DA2
Authority key identifier: B1:52:AC:8D:36:99:11:EF:2C:13:F9:3F:99:9B:A6:63:C1:8E:11:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVKsjTaZEe8sE_k_mZumY8GOETM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/ol7J2Hvjmb5X-K2OVwqn9laMR1o.roa
Signing time:             Mon 28 Jul 2025 07:36:04 +0000
ROA not before:           Mon 28 Jul 2025 07:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208997
IP address blocks:        45.11.136.0/24 maxlen: 24
                          45.11.137.0/24 maxlen: 24
                          45.11.138.0/24 maxlen: 24
                          45.11.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/sVKsjTaZEe8sE_k_mZumY8GOETM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/sVKsjTaZEe8sE_k_mZumY8GOETM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVKsjTaZEe8sE_k_mZumY8GOETM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4f:f5:ca:ab:de:e4:4f:23:12:e1:c2:3f:e9:96:9d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b152ac8d369911ef2c13f93f999ba663c18e1133
        Validity
            Not Before: Jul 28 07:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a25ec9d87be399be57f8ad8e570aa7f6568c475a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c2:c9:32:53:2c:d3:b5:be:5e:ef:2f:82:bf:
                    1a:ad:ff:4b:cc:09:a0:93:29:ce:33:e0:42:6e:aa:
                    f4:0e:ad:59:9c:59:22:86:dd:04:15:74:af:e3:08:
                    4c:9a:1d:fe:d6:d7:8c:26:34:95:5b:80:c4:6c:04:
                    ed:20:b0:74:aa:60:10:9e:29:e4:53:f9:7f:f5:57:
                    81:24:ea:5e:7c:e6:33:f5:a3:dd:34:72:ee:1a:d2:
                    91:76:83:91:cf:79:5c:34:2f:f9:9f:10:05:cb:88:
                    5f:69:27:be:87:d4:84:f7:6e:9f:c0:91:2b:1e:d3:
                    1a:ee:18:6f:7c:b7:6a:f2:02:a4:fd:7f:ea:35:be:
                    5f:26:14:f1:7a:9d:fa:2c:a0:f9:a3:d0:e9:91:5b:
                    34:97:7b:67:93:eb:28:06:2e:d6:05:1d:9c:a2:e0:
                    7a:08:e1:23:94:88:47:0e:d6:b9:a7:d6:5c:ce:78:
                    78:c0:67:f6:91:f1:db:74:26:e5:50:88:9a:ad:a8:
                    4e:b1:b1:ba:6f:e3:66:53:16:c0:56:52:e5:9b:35:
                    9b:4f:10:88:8a:57:16:c5:a6:0d:9d:28:de:ea:b4:
                    b7:e5:89:ac:ca:f6:a4:45:b5:d5:96:c4:e1:61:ec:
                    4e:a2:66:4d:f4:1f:31:c3:00:df:6e:07:01:52:62:
                    d3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:5E:C9:D8:7B:E3:99:BE:57:F8:AD:8E:57:0A:A7:F6:56:8C:47:5A
            X509v3 Authority Key Identifier:
                keyid:B1:52:AC:8D:36:99:11:EF:2C:13:F9:3F:99:9B:A6:63:C1:8E:11:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVKsjTaZEe8sE_k_mZumY8GOETM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/ol7J2Hvjmb5X-K2OVwqn9laMR1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7544b6-e0a9-4df8-9db5-e934dbf93631/1/sVKsjTaZEe8sE_k_mZumY8GOETM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:e8:33:0b:81:b5:77:aa:4e:0d:64:b9:0a:a9:1e:58:f9:6e:
         de:6c:ee:9b:b1:c8:81:00:f4:e8:87:50:1f:62:1e:0f:b2:fb:
         51:a0:26:9d:47:5e:28:97:7d:fc:b2:11:0c:93:5f:da:82:f5:
         b6:3e:30:27:0d:31:93:46:9d:44:ac:b6:88:88:80:03:e6:88:
         97:e7:fe:50:37:99:0b:c3:86:be:21:ea:57:87:b2:5d:0f:08:
         ab:7d:72:61:a9:41:44:d8:37:13:b4:67:91:9d:ab:3b:51:bd:
         a1:cb:4c:77:54:46:85:60:f8:c1:a0:41:a6:f7:70:d8:48:e6:
         c7:1d:95:1c:04:d3:62:8c:9a:21:c6:7e:4f:80:c6:08:92:95:
         fc:27:92:39:f8:bd:f9:8d:42:44:1f:ab:d2:c5:78:e3:98:ea:
         cc:09:6b:13:e6:58:ed:1d:5c:10:f4:97:74:16:9e:77:b9:60:
         ce:95:9c:e8:19:b4:7d:2a:82:40:a6:5a:9b:6b:bb:fa:cc:e3:
         54:8e:b8:7f:51:96:a6:98:9f:cb:8c:74:ac:25:8f:fa:d9:0c:
         56:e1:2f:76:d3:d3:5e:0b:6e:cc:c4:a9:91:50:6d:1d:22:69:
         c7:52:5e:cc:85:ad:3a:f2:4f:ea:28:44:80:5f:f7:c9:cb:8f:
         5d:65:68:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhP9cqr3uRPIxLhwj/plp2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTJhYzhkMzY5OTExZWYyYzEzZjkzZjk5OWJhNjYzYzE4
ZTExMzMwHhcNMjUwNzI4MDczNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjVlYzlkODdiZTM5OWJlNTdmOGFkOGU1NzBhYTdmNjU2OGM0NzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcLJMlMs07W+Xu8vgr8arf9LzAmg
kynOM+BCbqr0Dq1ZnFkiht0EFXSv4whMmh3+1teMJjSVW4DEbATtILB0qmAQnink
U/l/9VeBJOpefOYz9aPdNHLuGtKRdoORz3lcNC/5nxAFy4hfaSe+h9SE926fwJEr
HtMa7hhvfLdq8gKk/X/qNb5fJhTxep36LKD5o9DpkVs0l3tnk+soBi7WBR2couB6
COEjlIhHDta5p9Zcznh4wGf2kfHbdCblUIiarahOsbG6b+NmUxbAVlLlmzWbTxCI
ilcWxaYNnSje6rS35YmsyvakRbXVlsThYexOomZN9B8xwwDfbgcBUmLTbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJeydh745m+V/itjlcKp/ZWjEdaMB8GA1UdIwQY
MBaAFLFSrI02mRHvLBP5P5mbpmPBjhEzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZLc2pUYVpFZThzRV9rX21adW1ZOEdPRVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC83NTQ0YjYtZTBhOS00ZGY4LTlkYjUt
ZTkzNGRiZjkzNjMxLzEvb2w3SjJIdmptYjVYLUsyT1Z3cW45bGFNUjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC83NTQ0YjYtZTBhOS00ZGY4LTlkYjUtZTkzNGRiZjkzNjMx
LzEvc1ZLc2pUYVpFZThzRV9rX21adW1ZOEdPRVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQuIMA0G
CSqGSIb3DQEBCwUAA4IBAQDA6DMLgbV3qk4NZLkKqR5Y+W7ebO6bsciBAPToh1Af
Yh4PsvtRoCadR14ol338shEMk1/agvW2PjAnDTGTRp1ErLaIiIAD5oiX5/5QN5kL
w4a+IepXh7JdDwirfXJhqUFE2DcTtGeRnas7Ub2hy0x3VEaFYPjBoEGm93DYSObH
HZUcBNNijJohxn5PgMYIkpX8J5I5+L35jUJEH6vSxXjjmOrMCWsT5ljtHVwQ9Jd0
Fp53uWDOlZzoGbR9KoJAplqba7v6zONUjrh/UZammJ/LjHSsJY/62QxW4S9209Ne
C27MxKmRUG0dImnHUl7Mha068k/qKESAX/fJy49dZWhN
-----END CERTIFICATE-----