Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/VV0lcvnlnG9WTkwgXPk5TRHRcZQ.roa
File:                     VV0lcvnlnG9WTkwgXPk5TRHRcZQ.roa (raw, json)
Hash identifier:          DsDIMEW7TR5yp1+sD2rXx7TV58t745Rd1fkPc4+bsBs=
Subject key identifier:   55:5D:25:72:F9:E5:9C:6F:56:4E:4C:20:5C:F9:39:4D:11:D1:71:94
Certificate issuer:       /CN=c57e58c346e7b415550c13aeadd2cf90edd07895
Certificate serial:       019421B2018C6F7AAFF9113E4E09AAFF30E4
Authority key identifier: C5:7E:58:C3:46:E7:B4:15:55:0C:13:AE:AD:D2:CF:90:ED:D0:78:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xX5Yw0bntBVVDBOurdLPkO3QeJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/VV0lcvnlnG9WTkwgXPk5TRHRcZQ.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204816
IP address blocks:        185.49.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/xX5Yw0bntBVVDBOurdLPkO3QeJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/xX5Yw0bntBVVDBOurdLPkO3QeJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xX5Yw0bntBVVDBOurdLPkO3QeJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Jan 2025 09:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:01:8c:6f:7a:af:f9:11:3e:4e:09:aa:ff:30:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c57e58c346e7b415550c13aeadd2cf90edd07895
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=555d2572f9e59c6f564e4c205cf9394d11d17194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e2:d3:ea:7e:df:5c:66:95:4d:8d:4d:e6:65:
                    84:11:e4:6a:2a:04:75:4e:bd:45:a0:a2:14:d7:ef:
                    df:43:1a:9a:76:ec:7f:41:83:6c:f0:d6:96:8e:f6:
                    48:be:84:67:53:b4:31:86:8d:b9:e5:6d:90:cd:5b:
                    87:db:93:c9:17:c3:a9:d9:96:82:83:cb:54:84:5f:
                    8d:1e:e3:04:bb:38:4e:3a:7e:c9:eb:a8:6f:0f:c2:
                    d7:15:7d:31:92:43:92:c8:2a:e9:8e:a9:02:89:20:
                    c4:eb:d2:cf:a4:52:ac:e8:cf:77:49:e0:16:33:be:
                    2d:62:61:c7:c2:2f:b6:ba:a3:0c:fd:95:b7:28:fc:
                    d6:bc:50:16:40:9d:82:e1:d5:32:19:6c:12:28:76:
                    16:af:26:75:a3:a3:bb:5f:7d:65:3b:af:92:bf:07:
                    87:29:a0:9a:28:06:c7:77:7f:3c:5c:f3:05:d3:9d:
                    1f:a2:0d:13:fb:8f:d0:8a:4f:f4:2c:31:4c:e3:54:
                    b3:2b:2c:c3:68:29:88:5a:ba:9a:7d:a5:27:df:1f:
                    ea:17:e5:1e:43:c4:20:c8:49:e9:4d:3e:ae:c4:dd:
                    aa:0a:7f:0f:fa:b5:fb:75:ba:8d:f5:92:f1:0c:b2:
                    23:ce:30:67:bc:75:7e:68:6f:8d:70:88:11:86:36:
                    14:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:5D:25:72:F9:E5:9C:6F:56:4E:4C:20:5C:F9:39:4D:11:D1:71:94
            X509v3 Authority Key Identifier:
                keyid:C5:7E:58:C3:46:E7:B4:15:55:0C:13:AE:AD:D2:CF:90:ED:D0:78:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xX5Yw0bntBVVDBOurdLPkO3QeJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/VV0lcvnlnG9WTkwgXPk5TRHRcZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/cee70d-8b52-4c11-a77c-074305735ac2/1/xX5Yw0bntBVVDBOurdLPkO3QeJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:4c:39:a6:44:df:bc:2a:3a:7d:7f:55:d8:97:46:eb:35:88:
         9b:4d:fd:d4:9f:a8:7f:4b:82:55:12:12:11:08:4a:44:23:fc:
         24:09:0f:87:04:a9:41:c8:92:59:4a:a1:45:a4:7d:d6:c7:62:
         51:d1:d6:92:0f:61:41:3f:9c:8e:60:73:a7:2c:14:94:a8:8f:
         a4:fa:0b:74:20:a6:bc:11:3d:e3:e3:71:6d:80:85:a0:3e:cc:
         f6:44:93:b6:9c:7c:31:11:a0:38:14:a8:39:18:20:0c:3d:71:
         de:46:31:3d:e4:1c:55:84:4f:33:cc:b3:12:7e:d9:80:80:cb:
         38:7b:3c:9b:6e:40:19:e1:ce:c6:1e:70:24:c4:4d:2a:e3:7f:
         5e:85:c4:5e:26:60:7c:24:8d:2c:9c:a0:30:68:15:8a:36:ac:
         0c:e8:bd:17:6a:ca:dd:5f:04:a6:d5:f2:78:7b:3d:d9:4a:80:
         e0:3a:09:ec:f6:df:d6:32:9c:b3:02:6a:30:de:73:92:30:c0:
         c9:02:5e:e5:57:17:c8:97:2f:e3:49:54:f6:1d:fa:91:c3:69:
         85:ea:33:0a:8f:05:30:91:ea:d5:08:28:20:bc:88:d1:be:69:
         1e:45:2f:ed:e6:4d:a6:1c:8f:74:b1:db:7c:33:6c:0d:1b:7f:
         7b:70:8c:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgGMb3qv+RE+Tgmq/zDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1N2U1OGMzNDZlN2I0MTU1NTBjMTNhZWFkZDJjZjkwZWRk
MDc4OTUwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTVkMjU3MmY5ZTU5YzZmNTY0ZTRjMjA1Y2Y5Mzk0ZDExZDE3MTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuLT6n7fXGaVTY1N5mWEEeRqKgR1
Tr1FoKIU1+/fQxqadux/QYNs8NaWjvZIvoRnU7Qxho255W2QzVuH25PJF8Op2ZaC
g8tUhF+NHuMEuzhOOn7J66hvD8LXFX0xkkOSyCrpjqkCiSDE69LPpFKs6M93SeAW
M74tYmHHwi+2uqMM/ZW3KPzWvFAWQJ2C4dUyGWwSKHYWryZ1o6O7X31lO6+SvweH
KaCaKAbHd388XPMF050fog0T+4/Qik/0LDFM41SzKyzDaCmIWrqafaUn3x/qF+Ue
Q8QgyEnpTT6uxN2qCn8P+rX7dbqN9ZLxDLIjzjBnvHV+aG+NcIgRhjYURwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVdJXL55ZxvVk5MIFz5OU0R0XGUMB8GA1UdIwQY
MBaAFMV+WMNG57QVVQwTrq3Sz5Dt0HiVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFg1WXcwYm50QlZWREJPdXJkTFBrTzNRZUpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jZWU3MGQtOGI1Mi00YzExLWE3N2Mt
MDc0MzA1NzM1YWMyLzEvVlYwbGN2bmxuRzlXVGt3Z1hQazVUUkhSY1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jZWU3MGQtOGI1Mi00YzExLWE3N2MtMDc0MzA1NzM1YWMy
LzEveFg1WXcwYm50QlZWREJPdXJkTFBrTzNRZUpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTEaMA0G
CSqGSIb3DQEBCwUAA4IBAQC7TDmmRN+8Kjp9f1XYl0brNYibTf3Un6h/S4JVEhIR
CEpEI/wkCQ+HBKlByJJZSqFFpH3Wx2JR0daSD2FBP5yOYHOnLBSUqI+k+gt0IKa8
ET3j43FtgIWgPsz2RJO2nHwxEaA4FKg5GCAMPXHeRjE95BxVhE8zzLMSftmAgMs4
ezybbkAZ4c7GHnAkxE0q439ehcReJmB8JI0snKAwaBWKNqwM6L0XasrdXwSm1fJ4
ez3ZSoDgOgns9t/WMpyzAmow3nOSMMDJAl7lVxfIly/jSVT2HfqRw2mF6jMKjwUw
kerVCCggvIjRvmkeRS/t5k2mHI90sdt8M2wNG397cIwS
-----END CERTIFICATE-----