Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hzMppxXqmHPftU1fq7AFJid_j-s.roa
File:                     hzMppxXqmHPftU1fq7AFJid_j-s.roa (raw, json)
Hash identifier:          dFjjhc5X7f8eKUSwPCOtc0u3b5QDydYkdJEctFheU2M=
Subject key identifier:   87:33:29:A7:15:EA:98:73:DF:B5:4D:5F:AB:B0:05:26:27:7F:8F:EB
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019643A55455C309216E4E5D771A9B31D151
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hzMppxXqmHPftU1fq7AFJid_j-s.roa
Signing time:             Thu 17 Apr 2025 12:07:10 +0000
ROA not before:           Thu 17 Apr 2025 12:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13213
IP address blocks:        136.144.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:a5:54:55:c3:09:21:6e:4e:5d:77:1a:9b:31:d1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Apr 17 12:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=873329a715ea9873dfb54d5fabb00526277f8feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:40:ac:0c:13:72:21:ac:bb:cd:e7:f4:1f:da:
                    c6:b4:42:d7:cf:0b:c4:11:2b:b7:ec:9a:03:00:bb:
                    ee:31:53:a6:bd:98:a2:04:a0:30:34:2f:48:84:d9:
                    1d:d9:22:66:4d:26:2d:ec:0c:76:71:37:67:31:11:
                    12:f1:db:4c:b8:41:b6:24:07:0b:f5:4c:f0:12:2c:
                    d7:f8:6e:56:6b:84:a1:ea:31:99:2b:05:45:84:66:
                    99:86:6f:a8:49:ae:d5:d6:27:e9:7c:c2:d7:b7:44:
                    99:e2:fc:60:52:d8:2f:b8:7f:59:1c:e9:73:24:78:
                    fb:0a:8c:79:d3:13:40:b8:6e:cf:a2:54:a9:df:e8:
                    d0:da:b5:34:aa:8b:55:f1:9d:ee:65:57:b5:89:76:
                    56:45:4f:bd:ed:27:cb:51:2b:80:44:f0:59:ab:ba:
                    30:45:4a:da:99:72:ae:4b:5a:40:4d:9f:d8:dc:b3:
                    49:48:06:74:c2:91:a0:59:57:bf:d4:5d:f7:ba:7f:
                    85:79:39:cb:b1:41:55:99:30:4a:3e:e5:61:1d:49:
                    8b:f7:99:79:5b:dc:55:6c:dd:f4:c9:e5:49:f6:e5:
                    6f:a6:31:21:80:4e:4e:e1:37:af:88:58:5e:0a:f4:
                    40:d5:ba:75:35:d7:a3:aa:42:21:0f:83:44:92:7f:
                    ee:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:33:29:A7:15:EA:98:73:DF:B5:4D:5F:AB:B0:05:26:27:7F:8F:EB
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hzMppxXqmHPftU1fq7AFJid_j-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.144.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:9d:51:44:21:04:b2:ba:30:56:5f:8d:7e:83:a5:7a:4d:36:
         36:7f:10:3c:ef:09:95:0f:23:8f:91:6c:f7:38:ba:45:5d:7c:
         f1:5f:f3:3f:f9:4e:dc:02:eb:57:65:a1:7d:df:ca:52:93:06:
         95:f3:44:da:15:32:ae:1d:e6:ba:67:c2:53:81:4d:2a:9b:f7:
         ac:82:6b:f9:9f:68:65:0d:3f:dd:23:7d:dd:ac:d2:14:6e:8b:
         7f:6a:eb:bb:e4:e8:c8:7e:48:0f:8c:3c:21:45:01:9e:f8:19:
         10:ba:c2:92:7b:ae:fc:05:b0:fa:fc:d9:1f:d0:e7:38:f0:8b:
         4e:61:9b:67:77:0c:8e:3f:1c:b3:d6:55:b3:0a:71:65:10:64:
         c1:7a:49:ed:71:2b:71:32:02:6a:e6:49:d5:f5:54:62:c3:c1:
         97:38:03:13:2b:7a:cb:52:57:f4:2e:7e:fc:7c:23:c2:f6:85:
         28:6a:e7:31:77:30:e8:8f:71:7e:02:93:ab:17:f0:e7:5b:74:
         e9:31:92:c3:56:22:76:a4:9d:f8:b9:49:2e:9d:9d:34:77:3a:
         85:0e:ae:cb:23:4d:ef:4a:f9:82:42:d0:43:b4:95:b7:a9:4a:
         72:fe:a0:75:1f:90:41:d0:f6:2a:c2:ef:4c:34:72:cc:55:b7:
         7c:6c:25:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZDpVRVwwkhbk5ddxqbMdFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwNDE3MTIwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMzMjlhNzE1ZWE5ODczZGZiNTRkNWZhYmIwMDUyNjI3N2Y4ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUCsDBNyIay7zef0H9rGtELXzwvE
ESu37JoDALvuMVOmvZiiBKAwNC9IhNkd2SJmTSYt7Ax2cTdnMRES8dtMuEG2JAcL
9UzwEizX+G5Wa4Sh6jGZKwVFhGaZhm+oSa7V1ifpfMLXt0SZ4vxgUtgvuH9ZHOlz
JHj7Cox50xNAuG7PolSp3+jQ2rU0qotV8Z3uZVe1iXZWRU+97SfLUSuARPBZq7ow
RUramXKuS1pATZ/Y3LNJSAZ0wpGgWVe/1F33un+FeTnLsUFVmTBKPuVhHUmL95l5
W9xVbN30yeVJ9uVvpjEhgE5O4TeviFheCvRA1bp1NdejqkIhD4NEkn/uPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIczKacV6phz37VNX6uwBSYnf4/rMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvaHpNcHB4WHFtSFBmdFUxZnE3QUZKaWRfai1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiJAoMA0G
CSqGSIb3DQEBCwUAA4IBAQDAnVFEIQSyujBWX41+g6V6TTY2fxA87wmVDyOPkWz3
OLpFXXzxX/M/+U7cAutXZaF938pSkwaV80TaFTKuHea6Z8JTgU0qm/esgmv5n2hl
DT/dI33drNIUbot/auu75OjIfkgPjDwhRQGe+BkQusKSe678BbD6/Nkf0Oc48ItO
YZtndwyOPxyz1lWzCnFlEGTBekntcStxMgJq5knV9VRiw8GXOAMTK3rLUlf0Ln78
fCPC9oUoaucxdzDoj3F+ApOrF/DnW3TpMZLDViJ2pJ34uUkunZ00dzqFDq7LI03v
SvmCQtBDtJW3qUpy/qB1H5BB0PYqwu9MNHLMVbd8bCW8
-----END CERTIFICATE-----