Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/VUqvat4WtfuUczhMBY4TDvxEK_s.roa
File:                     VUqvat4WtfuUczhMBY4TDvxEK_s.roa (raw, json)
Hash identifier:          Zqzw2dEApvnq4zRqyWAKudIEokzGJ+rSfWzcaKX+at0=
Subject key identifier:   55:4A:AF:6A:DE:16:B5:FB:94:73:38:4C:05:8E:13:0E:FC:44:2B:FB
Certificate issuer:       /CN=2a0cc46301c8b1fd4639293018fba53653a265b2
Certificate serial:       019424455BFF373890F6E37860EC0DFD1AF4
Authority key identifier: 2A:0C:C4:63:01:C8:B1:FD:46:39:29:30:18:FB:A5:36:53:A2:65:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KgzEYwHIsf1GOSkwGPulNlOiZbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/VUqvat4WtfuUczhMBY4TDvxEK_s.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57118
IP address blocks:        185.72.236.0/23 maxlen: 23
                          185.95.216.0/22 maxlen: 24
                          2a05:fc80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/KgzEYwHIsf1GOSkwGPulNlOiZbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/KgzEYwHIsf1GOSkwGPulNlOiZbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KgzEYwHIsf1GOSkwGPulNlOiZbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5b:ff:37:38:90:f6:e3:78:60:ec:0d:fd:1a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a0cc46301c8b1fd4639293018fba53653a265b2
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=554aaf6ade16b5fb9473384c058e130efc442bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:62:ba:df:71:ad:ff:43:1e:95:fa:1d:bb:b3:
                    2b:7d:c7:85:a1:3f:28:ff:65:c0:95:13:b2:b0:d3:
                    9d:fa:d9:90:6c:43:7e:55:f7:20:d3:80:0c:cd:34:
                    58:44:af:67:8f:9e:94:c5:0b:c1:03:1a:ae:e1:fe:
                    22:8a:48:4d:a2:7a:92:ad:9d:5f:a7:18:3b:8d:6f:
                    da:9b:eb:91:52:fa:26:0a:26:f8:3c:d3:74:f3:18:
                    3c:9b:f6:c3:50:73:67:8a:02:d8:cf:a9:ec:4c:3e:
                    00:c0:36:26:75:ba:92:f2:fd:2b:fa:b8:99:8c:96:
                    da:fe:75:e5:51:56:de:f1:3d:1b:aa:ff:c2:bd:fe:
                    e0:71:df:a6:cd:57:5f:67:45:0a:ac:a8:65:e6:e5:
                    a7:af:0f:7d:7d:b9:f1:2b:f5:b1:cd:53:e4:8f:bd:
                    08:bf:41:70:70:c9:eb:42:76:28:a6:27:ad:bb:7a:
                    f7:3f:bf:15:23:e9:ca:3f:46:de:4d:3e:f2:91:4f:
                    cc:ba:d4:03:80:7b:17:5b:8c:c5:92:08:45:d3:12:
                    28:7c:fa:ad:8f:c1:5a:39:e3:78:25:09:e2:99:91:
                    6c:a3:2c:d4:3d:17:45:ca:0d:79:f1:86:20:45:a1:
                    57:9f:65:fb:2c:6f:27:14:d7:8f:6d:ca:37:bc:52:
                    da:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:4A:AF:6A:DE:16:B5:FB:94:73:38:4C:05:8E:13:0E:FC:44:2B:FB
            X509v3 Authority Key Identifier:
                keyid:2A:0C:C4:63:01:C8:B1:FD:46:39:29:30:18:FB:A5:36:53:A2:65:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KgzEYwHIsf1GOSkwGPulNlOiZbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/VUqvat4WtfuUczhMBY4TDvxEK_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/2862d1-2cc9-4565-86c2-2bb5597a2435/1/KgzEYwHIsf1GOSkwGPulNlOiZbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.236.0/23
                  185.95.216.0/22
                IPv6:
                  2a05:fc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:68:fe:17:48:58:ea:0a:3e:01:a7:76:37:74:c2:5e:80:31:
         ff:cf:07:ba:1b:a7:76:19:15:d3:03:ca:60:e7:38:92:2e:fe:
         c4:d6:24:ee:eb:ad:c9:7b:fe:67:5c:2a:12:73:4e:36:bc:9b:
         5b:49:54:e8:81:3e:ec:69:bd:e5:c8:99:c3:79:e0:44:78:44:
         a5:fe:c5:4e:21:bc:a2:81:46:10:f2:8e:d5:f0:ac:9e:60:e8:
         0c:00:20:59:b9:fe:dd:96:7b:79:e3:fb:64:24:c6:83:6c:e9:
         32:19:bf:2a:b8:0b:84:b0:26:53:b7:01:7f:8c:ec:6d:26:c6:
         a2:52:c4:7c:24:42:10:59:02:60:53:0a:c5:68:46:75:61:3f:
         87:b2:a3:6a:34:c0:9e:3b:a4:39:2a:82:e4:3b:e3:cf:1c:11:
         14:4b:30:2a:50:12:f7:79:88:67:ec:5a:34:76:2d:e4:1a:cf:
         a4:cb:8d:08:1a:e2:26:df:e2:ea:bc:15:fc:60:f6:23:e0:c9:
         cf:88:08:3d:5b:f3:10:04:55:27:70:5b:c5:c5:97:47:4e:1c:
         74:9b:b2:d7:1f:7a:80:34:4d:0b:37:ff:02:f7:1b:ee:78:e0:
         d7:57:9a:af:3a:94:aa:75:ae:42:4d:d1:8c:ef:42:bb:2c:d9:
         2d:47:2a:af
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRVv/NziQ9uN4YOwN/Rr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMGNjNDYzMDFjOGIxZmQ0NjM5MjkzMDE4ZmJhNTM2NTNh
MjY1YjIwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTRhYWY2YWRlMTZiNWZiOTQ3MzM4NGMwNThlMTMwZWZjNDQyYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmK633Gt/0Melfodu7MrfceFoT8o
/2XAlROysNOd+tmQbEN+Vfcg04AMzTRYRK9nj56UxQvBAxqu4f4iikhNonqSrZ1f
pxg7jW/am+uRUvomCib4PNN08xg8m/bDUHNnigLYz6nsTD4AwDYmdbqS8v0r+riZ
jJba/nXlUVbe8T0bqv/Cvf7gcd+mzVdfZ0UKrKhl5uWnrw99fbnxK/WxzVPkj70I
v0FwcMnrQnYopietu3r3P78VI+nKP0beTT7ykU/MutQDgHsXW4zFkghF0xIofPqt
j8FaOeN4JQnimZFsoyzUPRdFyg158YYgRaFXn2X7LG8nFNePbco3vFLaXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFVKr2reFrX7lHM4TAWOEw78RCv7MB8GA1UdIwQY
MBaAFCoMxGMByLH9RjkpMBj7pTZTomWyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2d6RVl3SElzZjFHT1Nrd0dQdWxObE9pWmJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8yODYyZDEtMmNjOS00NTY1LTg2YzIt
MmJiNTU5N2EyNDM1LzEvVlVxdmF0NFd0ZnVVY3poTUJZNFREdnhFS19zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8yODYyZDEtMmNjOS00NTY1LTg2YzItMmJiNTU5N2EyNDM1
LzEvS2d6RVl3SElzZjFHT1Nrd0dQdWxObE9pWmJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBuUjsAwQC
uV/YMA0EAgACMAcDBQMqBfyAMA0GCSqGSIb3DQEBCwUAA4IBAQBQaP4XSFjqCj4B
p3Y3dMJegDH/zwe6G6d2GRXTA8pg5ziSLv7E1iTu663Je/5nXCoSc042vJtbSVTo
gT7sab3lyJnDeeBEeESl/sVOIbyigUYQ8o7V8KyeYOgMACBZuf7dlnt54/tkJMaD
bOkyGb8quAuEsCZTtwF/jOxtJsaiUsR8JEIQWQJgUwrFaEZ1YT+HsqNqNMCeO6Q5
KoLkO+PPHBEUSzAqUBL3eYhn7Fo0di3kGs+ky40IGuIm3+LqvBX8YPYj4MnPiAg9
W/MQBFUncFvFxZdHThx0m7LXH3qANE0LN/8C9xvueODXV5qvOpSqda5CTdGM70K7
LNktRyqv
-----END CERTIFICATE-----