Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/dgU5vlO-tSZH9-UJqAaEQqbbaCs.roa
File:                     dgU5vlO-tSZH9-UJqAaEQqbbaCs.roa (raw, json)
Hash identifier:          nD633AlsIhgNBoEkfn8usULq0SX/ck0Kdr9DaPkQSf4=
Subject key identifier:   76:05:39:BE:53:BE:B5:26:47:F7:E5:09:A8:06:84:42:A6:DB:68:2B
Certificate issuer:       /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial:       019657E1613AED0CE8C6AC7F02935D9FC909
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/dgU5vlO-tSZH9-UJqAaEQqbbaCs.roa
Signing time:             Mon 21 Apr 2025 10:25:10 +0000
ROA not before:           Mon 21 Apr 2025 10:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201089
IP address blocks:        185.124.149.0/24 maxlen: 24
                          185.124.150.0/24 maxlen: 24
                          185.124.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:e1:61:3a:ed:0c:e8:c6:ac:7f:02:93:5d:9f:c9:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
        Validity
            Not Before: Apr 21 10:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=760539be53beb52647f7e509a8068442a6db682b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:55:4e:59:d1:72:c4:e5:15:48:c5:49:39:81:
                    71:b2:47:44:e2:14:ee:1f:08:d1:9b:38:23:00:1f:
                    09:ee:1c:bb:56:59:41:d9:ae:1c:a4:65:3b:9c:fd:
                    1a:fe:40:a7:56:f2:cd:ff:b1:e5:af:a7:ed:6b:a0:
                    21:4c:06:2e:3d:8a:88:00:38:61:bc:45:55:55:f0:
                    d8:c7:06:88:4e:dd:c4:e5:89:12:2b:6c:d2:58:84:
                    94:a1:a0:78:0d:3e:da:55:14:3a:34:4f:d0:c0:6d:
                    01:9f:ce:8e:59:13:dd:90:36:1e:fd:aa:c4:79:d0:
                    42:cd:e9:1a:28:ce:16:1a:09:f8:c4:99:42:3c:51:
                    5f:8c:ae:b8:89:54:0c:6f:73:54:9b:2c:31:4c:56:
                    96:c8:ee:6d:87:40:10:f2:16:5b:15:da:9e:3e:40:
                    63:15:fe:74:6b:04:62:4d:a3:4e:e9:6a:46:ef:90:
                    b6:48:d8:01:78:76:17:45:f7:1d:1e:72:0a:58:90:
                    3b:e5:9f:26:06:b3:30:90:83:8a:24:ab:4d:1b:6f:
                    9d:0d:93:b5:e8:5c:15:47:1d:8b:cf:a1:cd:17:4c:
                    fa:70:5e:24:da:c5:7a:d8:18:7d:4f:61:b3:45:01:
                    8c:43:45:fa:19:39:c9:f3:89:4c:61:02:57:cd:80:
                    ac:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:05:39:BE:53:BE:B5:26:47:F7:E5:09:A8:06:84:42:A6:DB:68:2B
            X509v3 Authority Key Identifier:
                keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/dgU5vlO-tSZH9-UJqAaEQqbbaCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.149.0-185.124.151.255

    Signature Algorithm: sha256WithRSAEncryption
         67:19:48:07:81:42:de:c8:c4:01:3c:30:78:9a:73:b2:78:b5:
         d9:fd:bd:e5:45:35:1a:8f:4e:11:f0:34:13:98:78:6c:92:1e:
         cd:a6:4d:f6:f6:39:ee:1b:af:ce:b5:2d:2c:0f:f4:e2:71:92:
         9b:4c:80:1f:ff:39:cf:a8:fc:30:b9:1d:ea:b6:f2:36:66:ca:
         fd:70:5d:33:72:00:77:29:c6:a2:d0:2e:37:c8:58:39:44:74:
         b4:12:80:25:cd:aa:89:18:d4:7e:29:a3:a6:c9:56:76:b3:a1:
         df:30:d1:ab:10:99:d7:87:d0:49:40:e8:aa:3b:9b:5d:f1:7b:
         30:9e:d2:46:66:86:99:79:4a:31:bd:96:50:6d:e1:3f:2e:8c:
         cd:07:eb:4b:50:7c:63:a5:50:e4:f8:d6:c8:a9:b8:f8:d8:10:
         ea:69:9f:13:4f:07:92:56:8a:1a:35:39:ef:e7:a9:11:e2:d8:
         38:6d:82:cd:75:00:09:09:c4:d8:1d:9b:6d:6e:8d:76:4a:37:
         8e:99:ad:14:cc:85:04:ca:dc:54:9f:7d:c5:21:bc:6f:26:18:
         b3:c0:9a:07:61:1c:26:fa:97:83:c7:5b:22:a8:1f:48:56:56:
         6a:5d:91:05:fa:d3:78:9f:ca:88:e4:f9:6f:2b:c9:75:ca:b4:
         7c:5a:3a:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZX4WE67Qzoxqx/ApNdn8kJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjUwNDIxMTAyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjA1MzliZTUzYmViNTI2NDdmN2U1MDlhODA2ODQ0MmE2ZGI2ODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVVOWdFyxOUVSMVJOYFxskdE4hTu
HwjRmzgjAB8J7hy7VllB2a4cpGU7nP0a/kCnVvLN/7Hlr6fta6AhTAYuPYqIADhh
vEVVVfDYxwaITt3E5YkSK2zSWISUoaB4DT7aVRQ6NE/QwG0Bn86OWRPdkDYe/arE
edBCzekaKM4WGgn4xJlCPFFfjK64iVQMb3NUmywxTFaWyO5th0AQ8hZbFdqePkBj
Ff50awRiTaNO6WpG75C2SNgBeHYXRfcdHnIKWJA75Z8mBrMwkIOKJKtNG2+dDZO1
6FwVRx2Lz6HNF0z6cF4k2sV62Bh9T2GzRQGMQ0X6GTnJ84lMYQJXzYCsSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHYFOb5TvrUmR/flCagGhEKm22grMB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEvZGdVNXZsTy10U1pIOS1VSnFBYUVRcWJiYUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5fJUD
BAO5fJAwDQYJKoZIhvcNAQELBQADggEBAGcZSAeBQt7IxAE8MHiac7J4tdn9veVF
NRqPThHwNBOYeGySHs2mTfb2Oe4br861LSwP9OJxkptMgB//Oc+o/DC5Heq28jZm
yv1wXTNyAHcpxqLQLjfIWDlEdLQSgCXNqokY1H4po6bJVnazod8w0asQmdeH0ElA
6Ko7m13xezCe0kZmhpl5SjG9llBt4T8ujM0H60tQfGOlUOT41sipuPjYEOppnxNP
B5JWiho1Oe/nqRHi2Dhtgs11AAkJxNgdm21ujXZKN46ZrRTMhQTK3FSffcUhvG8m
GLPAmgdhHCb6l4PHWyKoH0hWVmpdkQX603ifyojk+W8ryXXKtHxaOgk=
-----END CERTIFICATE-----