Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/VgTi5tlMVXsu097Zaw82JIsKmhI.roa
File:                     VgTi5tlMVXsu097Zaw82JIsKmhI.roa (raw, json)
Hash identifier:          yaSgz1DC1PHPNVrBtX09+Wm5+D0DsnRGuOyAfnA8DC0=
Subject key identifier:   56:04:E2:E6:D9:4C:55:7B:2E:D3:DE:D9:6B:0F:36:24:8B:0A:9A:12
Certificate issuer:       /CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
Certificate serial:       019426D974E909AFD14361DF32E1A6BDF1A5
Authority key identifier: C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/VgTi5tlMVXsu097Zaw82JIsKmhI.roa
Signing time:             Thu 02 Jan 2025 11:49:32 +0000
ROA not before:           Thu 02 Jan 2025 11:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        185.136.128.0/22 maxlen: 24
                          2a03:a4e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:74:e9:09:af:d1:43:61:df:32:e1:a6:bd:f1:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
        Validity
            Not Before: Jan  2 11:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5604e2e6d94c557b2ed3ded96b0f36248b0a9a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cb:ae:07:83:c8:2a:59:6d:55:73:bf:7a:d0:
                    4a:88:50:7f:ca:29:22:bb:6f:3d:94:b4:6e:95:f9:
                    07:c7:29:dc:d7:bb:c0:8f:2d:26:34:95:15:32:c3:
                    f3:13:73:70:ab:8d:c1:4d:7b:67:d8:ae:b9:60:5a:
                    0c:98:b5:83:d2:c8:28:1c:73:5e:ea:00:31:5a:1b:
                    9f:22:b0:8d:ac:9f:a9:6d:3d:93:0f:bf:2c:06:54:
                    c5:00:2f:70:b7:a9:2a:da:a2:f1:fa:d6:c7:16:8b:
                    04:68:b2:ae:6f:c5:37:99:e7:32:1a:a7:11:51:78:
                    00:9c:ea:ca:2e:90:89:bd:90:32:33:c4:17:72:b2:
                    91:b1:35:cc:35:c2:32:2d:7a:38:a8:b9:9e:5f:50:
                    be:a2:01:77:47:9a:ad:79:96:5f:30:4f:86:e9:87:
                    ff:f3:2f:00:68:45:82:37:39:98:22:f8:4d:61:1e:
                    cb:13:7c:a4:a5:31:6d:2a:45:5c:f3:50:87:fd:59:
                    51:d4:21:91:8e:8c:78:1a:56:b1:aa:33:d5:dd:c9:
                    a4:60:40:c5:49:e8:91:84:86:bd:a2:45:34:c1:6d:
                    e3:a5:65:4b:70:e9:47:bf:67:d0:ff:11:82:03:06:
                    60:57:4f:cc:9f:d9:45:5e:44:10:0e:59:52:67:7a:
                    9e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:04:E2:E6:D9:4C:55:7B:2E:D3:DE:D9:6B:0F:36:24:8B:0A:9A:12
            X509v3 Authority Key Identifier:
                keyid:C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/VgTi5tlMVXsu097Zaw82JIsKmhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.128.0/22
                IPv6:
                  2a03:a4e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:b9:37:2f:49:57:31:b9:68:d2:5f:d2:15:63:cc:d5:db:2e:
         c5:d7:2c:d4:0b:18:24:f4:df:84:be:6c:bc:74:94:cf:d6:5e:
         97:17:67:e7:0c:f1:62:5f:4e:16:15:8f:da:8a:26:19:f0:60:
         27:b3:14:e6:d2:7d:62:5f:4f:25:98:bc:61:98:9d:f6:b3:51:
         16:4e:64:5b:83:97:e6:69:9e:a0:98:b3:85:cb:e6:f1:8f:55:
         a4:a7:f6:16:84:32:bd:9d:48:de:70:41:bd:78:53:c2:89:b1:
         ad:cd:c3:fb:f0:cd:ac:08:8f:e0:38:94:0e:e8:06:ca:45:a2:
         02:1b:27:6d:2e:76:0a:c0:6e:fc:7c:4c:8a:75:64:90:84:80:
         d7:3d:1b:cd:80:8d:e6:3e:4a:a0:40:0a:4a:87:70:b1:3d:9a:
         0f:d5:2a:b1:5a:fa:bb:5f:73:76:34:dc:36:49:4e:8a:e2:8f:
         6d:f0:49:a9:33:51:99:8a:57:46:06:7b:9b:02:e1:dc:ea:77:
         0e:ca:aa:5c:b3:54:d4:dc:b9:1c:54:fe:57:6d:49:7b:07:6f:
         90:d5:0f:40:2d:e0:25:0e:94:22:47:9c:d1:b8:2e:eb:88:86:
         6d:39:c2:a7:52:98:3c:5b:38:6e:04:4a:82:d5:3f:a1:56:bc:
         be:ed:48:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2XTpCa/RQ2HfMuGmvfGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NTBkN2IxOTc1YTM3MDNhZTI3YjMxYWQyZjkzMmFlNDZh
NGNjOTQwHhcNMjUwMTAyMTE0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA0ZTJlNmQ5NGM1NTdiMmVkM2RlZDk2YjBmMzYyNDhiMGE5YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsuuB4PIKlltVXO/etBKiFB/yiki
u289lLRulfkHxync17vAjy0mNJUVMsPzE3Nwq43BTXtn2K65YFoMmLWD0sgoHHNe
6gAxWhufIrCNrJ+pbT2TD78sBlTFAC9wt6kq2qLx+tbHFosEaLKub8U3mecyGqcR
UXgAnOrKLpCJvZAyM8QXcrKRsTXMNcIyLXo4qLmeX1C+ogF3R5qteZZfME+G6Yf/
8y8AaEWCNzmYIvhNYR7LE3ykpTFtKkVc81CH/VlR1CGRjox4GlaxqjPV3cmkYEDF
SeiRhIa9okU0wW3jpWVLcOlHv2fQ/xGCAwZgV0/Mn9lFXkQQDllSZ3qe2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFYE4ubZTFV7LtPe2WsPNiSLCpoSMB8GA1UdIwQY
MBaAFMlQ17GXWjcDriezGtL5Mq5GpMyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUt
YzZhODgyMWFkZWE5LzEvVmdUaTV0bE1WWHN1MDk3WmF3ODJKSXNLbWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUtYzZhODgyMWFkZWE5
LzEveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYiAMA0E
AgACMAcDBQAqA6TgMA0GCSqGSIb3DQEBCwUAA4IBAQCeuTcvSVcxuWjSX9IVY8zV
2y7F1yzUCxgk9N+Evmy8dJTP1l6XF2fnDPFiX04WFY/aiiYZ8GAnsxTm0n1iX08l
mLxhmJ32s1EWTmRbg5fmaZ6gmLOFy+bxj1Wkp/YWhDK9nUjecEG9eFPCibGtzcP7
8M2sCI/gOJQO6AbKRaICGydtLnYKwG78fEyKdWSQhIDXPRvNgI3mPkqgQApKh3Cx
PZoP1SqxWvq7X3N2NNw2SU6K4o9t8EmpM1GZildGBnubAuHc6ncOyqpcs1TU3Lkc
VP5XbUl7B2+Q1Q9ALeAlDpQiR5zRuC7riIZtOcKnUpg8WzhuBEqC1T+hVry+7Ug5
-----END CERTIFICATE-----