Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/Vn0PoWq91day6d--kuy39s7CP5U.roa
File:                     Vn0PoWq91day6d--kuy39s7CP5U.roa (raw, json)
Hash identifier:          daOIdL4b5N4GukWwie8JBBD3OBe/sdcGSiKd1pWKhtI=
Subject key identifier:   56:7D:0F:A1:6A:BD:D5:D6:B2:E9:DF:BE:92:EC:B7:F6:CE:C2:3F:95
Certificate issuer:       /CN=4e42466070ff8c3cc967da48e14da12df71b2671
Certificate serial:       01942747E91331DD8AF61ED116A24A97EDE5
Authority key identifier: 4E:42:46:60:70:FF:8C:3C:C9:67:DA:48:E1:4D:A1:2D:F7:1B:26:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/Vn0PoWq91day6d--kuy39s7CP5U.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15600
IP address blocks:        5.153.240.0/21 maxlen: 21
                          185.74.152.0/22 maxlen: 22
                          2a00:d560::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e9:13:31:dd:8a:f6:1e:d1:16:a2:4a:97:ed:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e42466070ff8c3cc967da48e14da12df71b2671
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=567d0fa16abdd5d6b2e9dfbe92ecb7f6cec23f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dd:5d:eb:b6:72:64:51:92:3d:d6:d6:a5:26:
                    8f:d7:99:c2:6b:81:5a:0f:f4:6c:a9:77:e4:78:95:
                    83:ad:47:51:d6:af:02:9b:52:de:1c:01:71:ee:72:
                    12:4a:1f:82:ec:69:c3:6c:e2:c4:38:fb:4f:cb:cb:
                    36:e9:bc:a3:6c:d6:6f:b3:55:ca:2f:e7:0b:c5:c8:
                    95:76:ed:d6:e1:b8:08:15:11:21:75:00:db:d6:e1:
                    27:7b:33:ab:16:52:7d:f1:de:86:df:2f:a4:b4:0f:
                    e2:f8:35:59:ee:47:ce:65:66:8f:9d:25:6f:3a:ca:
                    ec:c7:0b:04:b2:b3:a4:22:d2:f8:3a:5f:9b:5d:b3:
                    27:dc:a0:1e:72:9c:39:80:65:0b:8a:e2:06:fb:43:
                    60:b3:21:18:7d:bb:c5:37:58:c5:80:86:aa:f2:e1:
                    c1:46:0c:15:37:5e:06:19:51:18:30:01:f1:29:74:
                    7e:c4:bf:c8:05:d1:48:f2:93:cb:15:b6:97:2e:c4:
                    b1:75:ad:63:c5:c9:d6:53:cd:d9:ed:19:c5:a4:a6:
                    62:ff:10:93:51:81:84:db:66:87:51:e0:e2:d9:1a:
                    5e:13:4c:b5:09:fc:98:a1:20:bb:37:0c:6c:41:6d:
                    3e:d5:d1:de:45:39:fd:0e:1a:00:5d:94:f1:9b:77:
                    a1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7D:0F:A1:6A:BD:D5:D6:B2:E9:DF:BE:92:EC:B7:F6:CE:C2:3F:95
            X509v3 Authority Key Identifier:
                keyid:4E:42:46:60:70:FF:8C:3C:C9:67:DA:48:E1:4D:A1:2D:F7:1B:26:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/Vn0PoWq91day6d--kuy39s7CP5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/26b619-55cf-4489-a9b3-58a20f34f2ec/1/TkJGYHD_jDzJZ9pI4U2hLfcbJnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.240.0/21
                  185.74.152.0/22
                IPv6:
                  2a00:d560::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:da:e6:93:51:e8:02:71:bd:40:22:d2:c0:01:2f:74:69:e7:
         f5:08:bd:ea:57:15:84:f9:55:7b:82:5b:94:e5:05:93:7b:1c:
         a7:a8:0e:25:88:d7:f9:e5:bd:05:5e:a0:a4:c9:b6:19:c8:02:
         2c:49:d9:ef:ad:43:83:95:b6:c0:70:4d:78:96:27:1c:a9:38:
         f3:4c:7b:57:27:cb:0a:1d:cd:26:dd:df:07:29:18:f1:2d:46:
         5f:f3:86:36:00:a7:ad:7b:be:d5:8b:5e:92:42:b8:63:1b:7f:
         f0:d6:7c:ad:ff:5b:1e:54:7d:81:b7:d1:b4:38:ce:72:9e:1e:
         c3:ac:32:dd:2c:c0:26:6e:fb:8f:b9:4b:b0:90:08:ef:27:4f:
         71:6d:98:c7:d2:e4:45:0e:f4:9f:ca:bb:1f:1c:87:66:fd:d0:
         1c:4c:4d:ce:5b:02:27:77:6c:51:2b:f1:37:b5:aa:df:9c:c9:
         84:f7:38:ce:6f:81:b1:6b:be:ee:0a:74:1c:f8:6d:d0:ad:7a:
         17:05:ea:48:ee:6b:be:23:64:da:84:72:8f:86:b1:22:f9:63:
         4f:41:ab:a7:0f:ae:d6:39:50:e0:6e:c7:19:81:f2:8a:4c:4f:
         21:3e:25:06:2c:78:b0:a0:95:1c:af:d3:12:61:87:9e:f8:48:
         26:e9:69:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnR+kTMd2K9h7RFqJKl+3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNDI0NjYwNzBmZjhjM2NjOTY3ZGE0OGUxNGRhMTJkZjcx
YjI2NzEwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdkMGZhMTZhYmRkNWQ2YjJlOWRmYmU5MmVjYjdmNmNlYzIzZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld1d67ZyZFGSPdbWpSaP15nCa4Fa
D/RsqXfkeJWDrUdR1q8Cm1LeHAFx7nISSh+C7GnDbOLEOPtPy8s26byjbNZvs1XK
L+cLxciVdu3W4bgIFREhdQDb1uEnezOrFlJ98d6G3y+ktA/i+DVZ7kfOZWaPnSVv
OsrsxwsEsrOkItL4Ol+bXbMn3KAecpw5gGULiuIG+0NgsyEYfbvFN1jFgIaq8uHB
RgwVN14GGVEYMAHxKXR+xL/IBdFI8pPLFbaXLsSxda1jxcnWU83Z7RnFpKZi/xCT
UYGE22aHUeDi2RpeE0y1CfyYoSC7NwxsQW0+1dHeRTn9DhoAXZTxm3ehBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFZ9D6FqvdXWsunfvpLst/bOwj+VMB8GA1UdIwQY
MBaAFE5CRmBw/4w8yWfaSOFNoS33GyZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGtKR1lIRF9qRHpKWjlwSTRVMmhMZmNiSm5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yNmI2MTktNTVjZi00NDg5LWE5YjMt
NThhMjBmMzRmMmVjLzEvVm4wUG9XcTkxZGF5NmQtLWt1eTM5czdDUDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yNmI2MTktNTVjZi00NDg5LWE5YjMtNThhMjBmMzRmMmVj
LzEvVGtKR1lIRF9qRHpKWjlwSTRVMmhMZmNiSm5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBZnwAwQC
uUqYMA0EAgACMAcDBQMqANVgMA0GCSqGSIb3DQEBCwUAA4IBAQAy2uaTUegCcb1A
ItLAAS90aef1CL3qVxWE+VV7gluU5QWTexynqA4liNf55b0FXqCkybYZyAIsSdnv
rUODlbbAcE14liccqTjzTHtXJ8sKHc0m3d8HKRjxLUZf84Y2AKete77Vi16SQrhj
G3/w1nyt/1seVH2Bt9G0OM5ynh7DrDLdLMAmbvuPuUuwkAjvJ09xbZjH0uRFDvSf
yrsfHIdm/dAcTE3OWwInd2xRK/E3tarfnMmE9zjOb4Gxa77uCnQc+G3QrXoXBepI
7mu+I2TahHKPhrEi+WNPQaunD67WOVDgbscZgfKKTE8hPiUGLHiwoJUcr9MSYYee
+Egm6Wn3
-----END CERTIFICATE-----