Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/hVVS9Cn-0kGfNBOiQMyNN9VUf0k.roa
File:                     hVVS9Cn-0kGfNBOiQMyNN9VUf0k.roa (raw, json)
Hash identifier:          sbgdIqLYSK1OXVPg3GYNP6cJGG82G/AcVDZsAviuiqM=
Subject key identifier:   85:55:52:F4:29:FE:D2:41:9F:34:13:A2:40:CC:8D:37:D5:54:7F:49
Certificate issuer:       /CN=55a72cff41bdb7c7e01855d39076daf721742c70
Certificate serial:       019421B1CBC2A933C37B19BC381D97C9F6D8
Authority key identifier: 55:A7:2C:FF:41:BD:B7:C7:E0:18:55:D3:90:76:DA:F7:21:74:2C:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/hVVS9Cn-0kGfNBOiQMyNN9VUf0k.roa
Signing time:             Wed 01 Jan 2025 11:48:07 +0000
ROA not before:           Wed 01 Jan 2025 11:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205814
IP address blocks:        185.234.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:cb:c2:a9:33:c3:7b:19:bc:38:1d:97:c9:f6:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55a72cff41bdb7c7e01855d39076daf721742c70
        Validity
            Not Before: Jan  1 11:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=855552f429fed2419f3413a240cc8d37d5547f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:02:e9:57:2a:cf:ed:34:60:6c:6f:e9:79:bc:
                    77:a7:b9:6d:2d:a3:b4:65:66:c4:43:af:35:a9:47:
                    5f:77:8e:90:b5:1b:0e:0e:59:61:b0:11:cf:bc:fd:
                    0f:b8:11:a6:0a:cc:ca:d2:02:a0:3c:b9:fc:0b:11:
                    4a:0a:88:4f:1a:62:27:fa:73:93:24:0d:71:00:53:
                    00:ce:97:05:68:7f:b9:a5:b7:d1:eb:26:de:31:7b:
                    5b:bf:25:34:14:09:cb:57:4c:9a:f6:d9:6c:92:0e:
                    c5:b7:cf:b0:50:e4:76:da:a1:21:98:0b:52:b0:85:
                    94:f4:f4:1d:61:d0:25:a1:7b:d5:62:98:a4:2f:40:
                    55:cb:d3:fb:67:68:fb:7e:e2:77:1c:09:eb:31:03:
                    cc:7a:68:aa:47:53:e9:a4:a2:ce:1c:b0:46:ff:f3:
                    4f:09:f4:f6:2f:c8:39:92:21:14:5d:de:74:d5:3b:
                    08:78:7f:39:fe:f2:4d:56:c6:61:25:a9:9a:84:56:
                    74:ac:6d:98:1c:ba:70:3a:c3:5b:de:a3:28:a6:e0:
                    c1:59:5f:a1:75:24:b2:dd:dc:7a:6c:44:fe:5e:fc:
                    8f:78:0e:de:8b:c2:7d:3d:1a:cb:db:d8:c9:25:16:
                    44:d1:08:94:c2:56:6b:41:6c:93:09:4e:e1:5c:ea:
                    f5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:55:52:F4:29:FE:D2:41:9F:34:13:A2:40:CC:8D:37:D5:54:7F:49
            X509v3 Authority Key Identifier:
                keyid:55:A7:2C:FF:41:BD:B7:C7:E0:18:55:D3:90:76:DA:F7:21:74:2C:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/hVVS9Cn-0kGfNBOiQMyNN9VUf0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c1:f4:9c:86:b2:80:ea:a8:00:36:e4:b2:af:b7:50:d8:7f:
         ca:3e:93:dc:cf:ac:06:91:56:74:42:ab:dd:b1:7b:8c:01:0a:
         43:9a:95:58:07:4a:72:40:f6:84:ca:9b:17:02:77:79:f1:b6:
         e4:ea:30:6e:56:81:8a:49:cf:8c:d5:2b:fa:32:40:90:5c:65:
         5e:04:8c:8f:8e:50:20:bf:b6:21:16:3c:d2:d4:9c:b6:87:25:
         9d:1f:2c:32:40:e8:2c:f0:a0:bd:9e:b5:6e:2d:c5:d0:6e:19:
         f5:46:d7:36:3e:42:b1:a1:74:bc:46:0c:5f:ec:97:f5:c3:8d:
         03:8f:43:b9:af:cd:57:18:df:55:62:03:4f:d7:8b:37:e8:ca:
         c5:3f:28:c4:90:cb:b9:08:18:82:18:ae:f9:e8:55:d8:da:41:
         55:de:02:e8:61:63:65:ce:e7:a9:e5:4d:ef:35:8a:61:60:00:
         c8:43:05:41:86:c3:a5:aa:3e:7b:8a:58:ed:d6:5b:4d:1b:e8:
         f3:2d:06:ca:c1:3b:15:57:b1:1f:f6:02:c1:14:ad:23:4f:c9:
         d1:70:1b:0d:d3:2c:d8:b3:ef:60:19:63:3d:c0:82:16:ef:88:
         99:a6:60:b1:19:d1:13:d2:14:31:ef:f4:3f:5b:d5:0b:8c:1a:
         96:6e:55:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscvCqTPDexm8OB2XyfbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YTcyY2ZmNDFiZGI3YzdlMDE4NTVkMzkwNzZkYWY3MjE3
NDJjNzAwHhcNMjUwMTAxMTE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTU1NTJmNDI5ZmVkMjQxOWYzNDEzYTI0MGNjOGQzN2Q1NTQ3ZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsALpVyrP7TRgbG/pebx3p7ltLaO0
ZWbEQ681qUdfd46QtRsODllhsBHPvP0PuBGmCszK0gKgPLn8CxFKCohPGmIn+nOT
JA1xAFMAzpcFaH+5pbfR6ybeMXtbvyU0FAnLV0ya9tlskg7Ft8+wUOR22qEhmAtS
sIWU9PQdYdAloXvVYpikL0BVy9P7Z2j7fuJ3HAnrMQPMemiqR1PppKLOHLBG//NP
CfT2L8g5kiEUXd501TsIeH85/vJNVsZhJamahFZ0rG2YHLpwOsNb3qMopuDBWV+h
dSSy3dx6bET+XvyPeA7ei8J9PRrL29jJJRZE0QiUwlZrQWyTCU7hXOr1MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVVUvQp/tJBnzQTokDMjTfVVH9JMB8GA1UdIwQY
MBaAFFWnLP9BvbfH4BhV05B22vchdCxwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmFjc18wRzl0OGZnR0ZYVGtIYmE5eUYwTEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy80ZjkxOGItMjhkOS00MTliLTg2NDct
MzM4OTg2MTc2YjFmLzEvaFZWUzlDbi0wa0dmTkJPaVFNeU5OOVZVZjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy80ZjkxOGItMjhkOS00MTliLTg2NDctMzM4OTg2MTc2YjFm
LzEvVmFjc18wRzl0OGZnR0ZYVGtIYmE5eUYwTEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuer0MA0G
CSqGSIb3DQEBCwUAA4IBAQAywfSchrKA6qgANuSyr7dQ2H/KPpPcz6wGkVZ0Qqvd
sXuMAQpDmpVYB0pyQPaEypsXAnd58bbk6jBuVoGKSc+M1Sv6MkCQXGVeBIyPjlAg
v7YhFjzS1Jy2hyWdHywyQOgs8KC9nrVuLcXQbhn1Rtc2PkKxoXS8Rgxf7Jf1w40D
j0O5r81XGN9VYgNP14s36MrFPyjEkMu5CBiCGK756FXY2kFV3gLoYWNlzuep5U3v
NYphYADIQwVBhsOlqj57iljt1ltNG+jzLQbKwTsVV7Ef9gLBFK0jT8nRcBsN0yzY
s+9gGWM9wIIW74iZpmCxGdET0hQx7/Q/W9ULjBqWblW2
-----END CERTIFICATE-----