Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/pPV-duHwP_qg6dqtHXTIMJzGTZk.roa
File:                     pPV-duHwP_qg6dqtHXTIMJzGTZk.roa (raw, json)
Hash identifier:          alNCRojVtM9rfP6fgcCwPL9ZC8lIXb9OD5QPFguw90Y=
Subject key identifier:   A4:F5:7E:76:E1:F0:3F:FA:A0:E9:DA:AD:1D:74:C8:30:9C:C6:4D:99
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       0196AF65407E35F6E8113C9ABA012DA32CE5
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/pPV-duHwP_qg6dqtHXTIMJzGTZk.roa
Signing time:             Thu 08 May 2025 10:16:10 +0000
ROA not before:           Thu 08 May 2025 10:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215462
IP address blocks:        176.65.137.0/24 maxlen: 24
                          176.65.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:65:40:7e:35:f6:e8:11:3c:9a:ba:01:2d:a3:2c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: May  8 10:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f57e76e1f03ffaa0e9daad1d74c8309cc64d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3a:d3:68:ea:00:4c:fe:6d:ea:d1:8a:bb:d1:
                    f7:bc:07:85:9d:5d:0a:f9:06:3e:46:82:9b:b3:ef:
                    2d:dd:5e:1d:5a:03:a7:e7:9e:aa:a0:4d:9c:c7:b4:
                    5c:90:98:71:3b:fe:2c:06:f1:d0:4d:22:8d:dd:01:
                    24:4c:c9:db:d1:a4:ab:b1:77:2b:78:cb:46:83:a0:
                    ca:f0:32:42:7e:72:b2:c8:5e:bc:ef:ac:0f:75:af:
                    5f:b3:fe:ef:25:ab:6c:93:55:7d:ad:11:5e:9b:52:
                    8f:30:1e:28:40:8b:1f:98:25:3b:4b:bb:71:a1:07:
                    19:1b:2d:a3:ee:02:bb:8f:75:66:83:e4:39:8a:77:
                    d3:20:dd:7f:30:78:77:5b:e5:c6:e4:36:75:a0:04:
                    c5:ab:6d:8d:50:e0:b9:8c:7e:0c:f5:58:2c:a7:13:
                    fd:8b:be:bf:ae:93:a7:b0:66:b7:21:e7:be:7e:84:
                    db:cd:51:12:29:f8:da:ce:f8:6a:d5:d6:5a:84:e3:
                    f2:97:1c:1c:5c:eb:02:62:af:48:a3:66:fd:84:c6:
                    98:35:1c:d3:36:79:c2:12:53:a9:86:57:66:85:f4:
                    e2:ee:16:35:03:6c:a4:48:d9:e0:c7:97:c2:0b:08:
                    7c:dd:17:05:5d:37:48:69:54:a4:93:cb:30:80:09:
                    cd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F5:7E:76:E1:F0:3F:FA:A0:E9:DA:AD:1D:74:C8:30:9C:C6:4D:99
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/pPV-duHwP_qg6dqtHXTIMJzGTZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.137.0-176.65.138.255

    Signature Algorithm: sha256WithRSAEncryption
         73:37:7d:dc:f1:9e:77:9f:f9:4c:05:ab:28:2e:3d:28:be:49:
         42:99:f7:96:d0:a7:9f:0b:b7:7c:31:db:b5:67:d8:a7:9f:ec:
         ff:ac:80:4d:0b:7a:6a:7c:be:49:34:1c:44:50:a9:dd:55:04:
         6f:c0:c8:e9:20:3c:d5:be:f7:18:01:d8:4d:00:dd:83:ef:70:
         59:4e:be:81:46:77:c0:22:d1:44:f0:a2:e2:f3:3f:ed:14:e3:
         d3:2e:97:83:26:c9:70:76:2d:3b:38:17:3a:03:8e:bc:e9:0d:
         c4:c4:80:12:be:13:7a:b4:80:09:96:c4:57:56:c9:db:e5:eb:
         55:59:00:02:0d:7a:a7:55:4d:02:c6:f3:3a:4c:ae:4c:af:00:
         0a:46:e5:ab:c0:fa:b9:a4:80:8c:36:0a:9a:c8:66:c6:3e:42:
         03:66:27:f8:1f:a9:7f:d0:7c:24:41:e0:59:5a:70:d7:2a:d4:
         b9:f9:03:ba:37:87:b9:18:2b:6b:e0:8c:9e:69:a2:14:10:95:
         47:2d:8c:de:19:88:6e:0f:50:97:dc:5f:89:9a:0a:40:e8:de:
         a5:d9:75:38:e3:42:79:ac:c3:45:be:40:ea:bb:66:c0:0c:8f:
         b8:d2:06:a9:93:77:19:7e:69:ae:fd:84:22:82:14:4f:9c:4d:
         58:8e:25:a0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZavZUB+NfboETyaugEtoyzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjUwNTA4MTAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY1N2U3NmUxZjAzZmZhYTBlOWRhYWQxZDc0YzgzMDljYzY0ZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTrTaOoATP5t6tGKu9H3vAeFnV0K
+QY+RoKbs+8t3V4dWgOn556qoE2cx7RckJhxO/4sBvHQTSKN3QEkTMnb0aSrsXcr
eMtGg6DK8DJCfnKyyF6876wPda9fs/7vJatsk1V9rRFem1KPMB4oQIsfmCU7S7tx
oQcZGy2j7gK7j3Vmg+Q5infTIN1/MHh3W+XG5DZ1oATFq22NUOC5jH4M9VgspxP9
i76/rpOnsGa3Iee+foTbzVESKfjazvhq1dZahOPylxwcXOsCYq9Io2b9hMaYNRzT
NnnCElOphldmhfTi7hY1A2ykSNngx5fCCwh83RcFXTdIaVSkk8swgAnNAQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKT1fnbh8D/6oOnarR10yDCcxk2ZMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvcFBWLWR1SHdQX3FnNmRxdEhYVElNSnpHVFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACwQYkD
BACwQYowDQYJKoZIhvcNAQELBQADggEBAHM3fdzxnnef+UwFqyguPSi+SUKZ95bQ
p58Lt3wx27Vn2Kef7P+sgE0Lemp8vkk0HERQqd1VBG/AyOkgPNW+9xgB2E0A3YPv
cFlOvoFGd8Ai0UTwouLzP+0U49Mul4MmyXB2LTs4FzoDjrzpDcTEgBK+E3q0gAmW
xFdWydvl61VZAAINeqdVTQLG8zpMrkyvAApG5avA+rmkgIw2CprIZsY+QgNmJ/gf
qX/QfCRB4FlacNcq1Ln5A7o3h7kYK2vgjJ5pohQQlUctjN4ZiG4PUJfcX4maCkDo
3qXZdTjjQnmsw0W+QOq7ZsAMj7jSBqmTdxl+aa79hCKCFE+cTViOJaA=
-----END CERTIFICATE-----