Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/VWEs-xVV5ND0GJkPhbytzQmCX2s.roa
File:                     VWEs-xVV5ND0GJkPhbytzQmCX2s.roa (raw, json)
Hash identifier:          Lvidk3VL8SGZhZHfYCyzYvXPKQ2gZ6B2D2mdtv2GK9E=
Subject key identifier:   55:61:2C:FB:15:55:E4:D0:F4:18:99:0F:85:BC:AD:CD:09:82:5F:6B
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       0194274789C231329C2F0A8FDE7AA4EE6A57
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/VWEs-xVV5ND0GJkPhbytzQmCX2s.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8400
IP address blocks:        185.129.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:89:c2:31:32:9c:2f:0a:8f:de:7a:a4:ee:6a:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55612cfb1555e4d0f418990f85bcadcd09825f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c8:72:38:46:8e:9d:c0:0b:d1:b4:bb:40:a3:
                    1f:a7:6a:66:e5:c2:36:4a:9c:f8:52:60:ba:4b:e0:
                    9e:36:1f:93:03:4c:aa:27:f4:32:59:df:df:00:2b:
                    3b:8c:7d:ad:b3:b4:dc:c9:95:69:68:69:d4:64:9c:
                    7c:5d:f9:a4:e3:dd:a2:01:ba:45:bc:c0:ac:55:75:
                    ac:46:b1:50:e8:5a:ae:33:70:d5:23:cb:af:7f:d2:
                    2a:cf:58:fc:3f:aa:5c:6f:09:93:1a:e5:5c:97:c6:
                    7d:09:88:48:ff:17:2f:a6:9e:88:62:2a:85:3b:81:
                    b7:25:bd:d7:a5:5d:fd:91:dd:98:77:a2:9d:4a:a8:
                    50:e5:78:55:ca:b9:a1:be:1e:5f:d6:3a:e3:ef:c4:
                    2e:cc:2c:32:14:f9:41:36:75:e3:ed:54:fd:b4:1a:
                    35:52:ce:bd:b5:dd:a3:b3:ba:91:f3:48:2e:d8:93:
                    6e:bf:9d:d8:19:38:3d:51:51:7e:e7:dc:02:30:93:
                    d9:65:61:c0:79:79:7e:cf:76:6a:10:cb:f4:02:24:
                    30:05:96:5e:1e:10:88:56:e3:52:4c:85:e8:a0:27:
                    14:f9:aa:2c:f2:8a:52:31:0f:a1:2b:49:d1:ef:92:
                    57:fa:ee:f2:a5:9d:61:1f:ce:63:4b:3a:28:99:91:
                    fa:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:61:2C:FB:15:55:E4:D0:F4:18:99:0F:85:BC:AD:CD:09:82:5F:6B
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/VWEs-xVV5ND0GJkPhbytzQmCX2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:6a:65:85:12:13:2f:7a:84:fb:7e:42:42:38:2a:84:23:e4:
         ec:b6:a4:f4:2d:5a:22:69:3b:88:99:3e:e0:20:f8:1a:82:98:
         99:f0:6b:71:35:31:6e:c8:74:89:ac:f3:7d:8c:a9:68:66:ec:
         08:f2:83:de:71:31:75:1b:b1:eb:e7:5a:44:ed:bd:ad:bd:d3:
         11:6d:99:bf:c7:dc:60:11:8e:55:3e:2a:a2:d7:bc:f0:42:fa:
         0c:1d:8e:b6:e5:c6:1c:f0:f4:a6:72:87:3d:ba:d4:4d:4f:70:
         e8:cf:ec:20:dc:b5:6e:09:3f:8c:89:48:86:a4:3c:0c:9c:e9:
         ad:e5:9e:6f:75:df:0b:af:15:c7:47:ab:5d:9a:cf:2b:76:fc:
         7f:e3:0f:2b:e4:0b:96:d9:df:a2:0b:c5:c0:03:2c:ff:7f:8e:
         08:b9:63:ae:cd:fd:77:66:14:3a:74:07:12:64:7f:68:cc:8f:
         4d:f5:5e:c6:33:d6:77:31:6d:39:19:93:38:01:ac:0b:39:9f:
         2c:16:c3:f5:73:4a:8d:d9:f4:3b:e9:db:6f:f2:9d:00:99:d3:
         a3:e3:9d:96:f8:c0:80:32:51:e1:ed:53:e8:b4:cb:25:83:7f:
         4e:2b:ac:68:02:52:07:7a:f5:fa:81:7a:0d:0d:a2:31:3b:d7:
         e7:2f:10:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4nCMTKcLwqP3nqk7mpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYxMmNmYjE1NTVlNGQwZjQxODk5MGY4NWJjYWRjZDA5ODI1ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MhyOEaOncAL0bS7QKMfp2pm5cI2
Spz4UmC6S+CeNh+TA0yqJ/QyWd/fACs7jH2ts7TcyZVpaGnUZJx8Xfmk492iAbpF
vMCsVXWsRrFQ6FquM3DVI8uvf9Iqz1j8P6pcbwmTGuVcl8Z9CYhI/xcvpp6IYiqF
O4G3Jb3XpV39kd2Yd6KdSqhQ5XhVyrmhvh5f1jrj78QuzCwyFPlBNnXj7VT9tBo1
Us69td2js7qR80gu2JNuv53YGTg9UVF+59wCMJPZZWHAeXl+z3ZqEMv0AiQwBZZe
HhCIVuNSTIXooCcU+aos8opSMQ+hK0nR75JX+u7ypZ1hH85jSzoomZH6owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVhLPsVVeTQ9BiZD4W8rc0Jgl9rMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvVldFcy14VlY1TkQwR0prUGhieXR6UW1DWDJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF4MA0G
CSqGSIb3DQEBCwUAA4IBAQB+amWFEhMveoT7fkJCOCqEI+TstqT0LVoiaTuImT7g
IPgagpiZ8GtxNTFuyHSJrPN9jKloZuwI8oPecTF1G7Hr51pE7b2tvdMRbZm/x9xg
EY5VPiqi17zwQvoMHY625cYc8PSmcoc9utRNT3Doz+wg3LVuCT+MiUiGpDwMnOmt
5Z5vdd8LrxXHR6tdms8rdvx/4w8r5AuW2d+iC8XAAyz/f44IuWOuzf13ZhQ6dAcS
ZH9ozI9N9V7GM9Z3MW05GZM4AawLOZ8sFsP1c0qN2fQ76dtv8p0AmdOj452W+MCA
MlHh7VPotMslg39OK6xoAlIHevX6gXoNDaIxO9fnLxAF
-----END CERTIFICATE-----