Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/73fgtycAM2crZ_LHwWRiB0oEU9Y.roa
File:                     73fgtycAM2crZ_LHwWRiB0oEU9Y.roa (raw, json)
Hash identifier:          flrMOVA6rk3M5Itkv7RZo+kAVGvmhl0NxmnJ1f7lgFI=
Subject key identifier:   EF:77:E0:B7:27:00:33:67:2B:67:F2:C7:C1:64:62:07:4A:04:53:D6
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       0196AA3247D2AD259DDB46BAB204FF8F9940
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/73fgtycAM2crZ_LHwWRiB0oEU9Y.roa
Signing time:             Wed 07 May 2025 10:02:23 +0000
ROA not before:           Wed 07 May 2025 10:02:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        152.53.234.0/23 maxlen: 23
                          152.53.234.0/24 maxlen: 24
                          152.53.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:32:47:d2:ad:25:9d:db:46:ba:b2:04:ff:8f:99:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: May  7 10:02:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef77e0b7270033672b67f2c7c16462074a0453d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0f:9a:8e:1a:1c:72:a9:e6:ca:3b:06:08:62:
                    6b:e5:84:b1:0c:11:1c:9c:ad:fc:ba:b8:20:39:8d:
                    97:71:57:0b:3e:74:3e:ec:f5:b7:a3:f7:fe:1f:5b:
                    0b:11:60:25:49:d4:41:70:d3:2f:77:d1:4d:78:4f:
                    2b:25:0f:54:c9:88:13:ef:c9:0d:a3:4c:58:0f:bd:
                    f8:36:32:b4:80:03:c0:e2:f3:0e:20:16:26:29:7c:
                    4a:33:fb:cd:b6:b8:2e:ae:09:13:36:23:c6:ff:38:
                    f1:c6:8e:ef:03:57:f5:95:0a:17:b2:1f:17:57:29:
                    f1:b1:4b:bb:24:11:24:65:77:73:10:0a:d5:dd:38:
                    92:42:fd:dc:66:c9:c3:10:9e:2c:5a:f5:85:3e:94:
                    b7:06:98:74:cc:5a:3c:34:7c:2d:ba:fb:2b:a3:2e:
                    fa:ae:b6:0b:78:05:bd:53:46:3c:08:d4:d3:38:60:
                    86:d6:bd:70:17:d9:18:c7:e1:ea:0e:ca:9d:b9:c5:
                    bf:ff:f1:55:b6:d7:69:26:da:a6:83:d8:b9:d9:b7:
                    3c:1d:25:d4:1d:4e:83:d7:9a:90:8f:5e:df:36:96:
                    b2:70:03:fe:62:78:eb:89:a4:3a:04:89:69:5c:65:
                    b0:5c:41:e6:4e:85:b4:b6:04:11:fb:69:be:4f:c2:
                    82:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:77:E0:B7:27:00:33:67:2B:67:F2:C7:C1:64:62:07:4A:04:53:D6
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/73fgtycAM2crZ_LHwWRiB0oEU9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:d6:ef:0d:68:28:3d:88:45:bd:eb:68:5b:ef:3f:31:a9:fa:
         45:46:f9:cd:30:e1:a4:9a:8a:73:7a:43:95:a0:5b:49:40:3e:
         a4:1c:68:2a:af:1a:ad:a7:b0:f1:ef:2a:86:27:b1:77:d4:0d:
         d1:b5:23:9d:b9:53:7d:df:85:60:cb:e1:58:bf:61:b3:ce:fc:
         3b:76:6f:b1:96:e0:e8:e4:21:41:ee:63:fb:45:06:b6:a1:6e:
         f6:44:bc:3d:2f:dc:cb:22:45:f7:b6:25:d4:36:60:76:89:7f:
         0d:d3:24:9e:6e:60:c6:20:40:99:7c:85:98:c6:84:95:cb:71:
         96:7b:c8:06:ce:94:a8:14:a9:8b:20:15:ca:8e:e5:75:99:13:
         b4:b2:6b:3e:18:53:de:3a:19:cf:00:e2:3e:06:51:e6:db:0b:
         2e:74:0f:97:e0:0d:e6:7c:43:40:14:ac:d3:b3:c4:e9:c9:56:
         81:c1:f8:ed:79:80:52:c2:e2:f4:9e:f7:39:40:a8:d0:22:0c:
         69:f0:f7:b9:8e:bf:fb:e8:e1:9e:0c:42:cb:58:0d:58:90:dc:
         e1:c8:94:01:19:39:ff:ba:21:b1:2e:9e:06:40:54:f4:fa:86:
         35:80:72:ef:f1:53:07:62:7a:f7:b2:87:4d:b6:b7:58:98:7c:
         c8:a7:ce:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaqMkfSrSWd20a6sgT/j5lAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwNTA3MTAwMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjc3ZTBiNzI3MDAzMzY3MmI2N2YyYzdjMTY0NjIwNzRhMDQ1M2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw+ajhoccqnmyjsGCGJr5YSxDBEc
nK38urggOY2XcVcLPnQ+7PW3o/f+H1sLEWAlSdRBcNMvd9FNeE8rJQ9UyYgT78kN
o0xYD734NjK0gAPA4vMOIBYmKXxKM/vNtrgurgkTNiPG/zjxxo7vA1f1lQoXsh8X
VynxsUu7JBEkZXdzEArV3TiSQv3cZsnDEJ4sWvWFPpS3Bph0zFo8NHwtuvsroy76
rrYLeAW9U0Y8CNTTOGCG1r1wF9kYx+HqDsqducW///FVttdpJtqmg9i52bc8HSXU
HU6D15qQj17fNpaycAP+YnjriaQ6BIlpXGWwXEHmToW0tgQR+2m+T8KCtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO934LcnADNnK2fyx8FkYgdKBFPWMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvNzNmZ3R5Y0FNMmNyWl9MSHdXUmlCMG9FVTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmDXqMA0G
CSqGSIb3DQEBCwUAA4IBAQBc1u8NaCg9iEW962hb7z8xqfpFRvnNMOGkmopzekOV
oFtJQD6kHGgqrxqtp7Dx7yqGJ7F31A3RtSOduVN934Vgy+FYv2Gzzvw7dm+xluDo
5CFB7mP7RQa2oW72RLw9L9zLIkX3tiXUNmB2iX8N0ySebmDGIECZfIWYxoSVy3GW
e8gGzpSoFKmLIBXKjuV1mRO0sms+GFPeOhnPAOI+BlHm2wsudA+X4A3mfENAFKzT
s8TpyVaBwfjteYBSwuL0nvc5QKjQIgxp8Pe5jr/76OGeDELLWA1YkNzhyJQBGTn/
uiGxLp4GQFT0+oY1gHLv8VMHYnr3sodNtrdYmHzIp84J
-----END CERTIFICATE-----