Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/1-VHrNTKPE5li_5D6_S7bqwdp74.roa
File:                     1-VHrNTKPE5li_5D6_S7bqwdp74.roa (raw, json)
Hash identifier:          D8+eyIa/n1dX91YGJmeaTQ892LZ6O4dV4y7sAsmFXOY=
Subject key identifier:   D7:E5:47:AC:D4:CA:3C:4E:65:8B:FE:43:EB:F4:BB:6E:AC:1D:A7:BE
Certificate issuer:       /CN=311f85188d082fd5640b5c3fe1221f60c501edb5
Certificate serial:       019422FBE2D32FA3CFC32429E325DA2AED78
Authority key identifier: 31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/1-VHrNTKPE5li_5D6_S7bqwdp74.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197033
IP address blocks:        5.183.18.0/24 maxlen: 24
                          5.183.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e2:d3:2f:a3:cf:c3:24:29:e3:25:da:2a:ed:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311f85188d082fd5640b5c3fe1221f60c501edb5
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7e547acd4ca3c4e658bfe43ebf4bb6eac1da7be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9d:22:42:f5:e4:7c:52:51:81:e8:e3:6a:65:
                    8c:c1:ba:a4:05:77:c4:25:6f:24:69:94:24:56:c7:
                    f5:d4:5f:c7:c7:a3:87:cf:cf:2e:92:69:b8:d3:03:
                    86:bb:92:bb:d7:ce:50:c5:fc:4e:95:8c:c3:c0:84:
                    11:bc:f3:90:b7:94:dc:0c:90:b4:2a:ef:95:ee:0a:
                    96:00:62:18:35:40:4c:7d:9d:d6:cf:0f:78:2d:bd:
                    24:a6:86:a6:4b:ec:92:00:d5:32:1e:92:e9:2d:ad:
                    dc:5b:a6:82:77:94:8f:85:48:29:89:f0:9a:f6:40:
                    ac:cd:24:8c:df:36:57:9d:63:e1:5f:0e:e3:6d:47:
                    50:fe:40:8c:64:32:a2:dc:7d:2c:15:30:56:9a:9c:
                    30:66:d5:e0:3c:89:42:b5:06:af:8e:52:ed:4d:bf:
                    fb:2d:93:b5:52:aa:51:3d:a5:be:e9:05:e8:05:6e:
                    22:7b:0e:61:73:f7:fc:8b:9a:85:d8:07:65:2a:60:
                    db:cb:b1:48:df:55:93:d9:70:70:11:da:8e:72:ff:
                    a4:0e:16:9d:b0:8e:2f:80:b6:af:7c:65:1e:62:5c:
                    15:20:b5:9b:ca:3a:8f:d2:25:97:66:78:44:11:82:
                    ed:47:94:a7:18:8b:02:84:02:f0:b3:6f:9c:90:84:
                    b6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E5:47:AC:D4:CA:3C:4E:65:8B:FE:43:EB:F4:BB:6E:AC:1D:A7:BE
            X509v3 Authority Key Identifier:
                keyid:31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/1-VHrNTKPE5li_5D6_S7bqwdp74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:0b:5e:73:fe:5a:a3:d5:d0:62:85:aa:1a:d5:e2:67:b6:24:
         78:39:14:5e:0f:fb:a7:18:04:b3:f6:b7:5c:6b:eb:c1:a7:2f:
         ed:bf:b4:37:af:a9:3b:02:bb:20:ec:a3:ba:58:05:e5:38:6d:
         0e:b3:98:08:3c:03:ec:0a:3e:a1:ab:b5:b5:48:53:9f:b5:94:
         17:c6:3f:79:72:b4:57:e7:ca:77:ce:be:93:38:d7:f8:06:43:
         08:2a:e5:32:2a:9b:7b:e5:7e:1c:b5:73:8a:66:e6:dd:71:f5:
         3d:86:d7:d8:f4:43:7f:d4:da:a8:2f:85:dc:7c:72:33:fa:c0:
         14:ff:d9:16:01:05:02:8a:59:9b:3f:07:5e:6e:65:c0:94:26:
         5d:2c:3d:c8:82:5d:7d:0a:b0:21:5c:2f:51:a1:2f:c5:21:7b:
         b7:99:6b:77:f4:f3:13:26:53:15:79:6f:1f:ec:9d:31:e8:24:
         f3:aa:1d:70:e1:55:cf:d9:9f:ef:2e:08:19:b1:8e:6d:d3:e7:
         26:e9:0e:d4:f3:57:5d:b2:76:b3:ce:b2:6a:ec:3a:bd:ff:10:
         24:05:c5:43:03:b7:f3:4a:a2:51:a2:18:d1:d0:38:cb:fa:aa:
         2b:55:52:bf:61:e8:d1:b9:57:f8:44:8b:4d:b7:18:74:dd:fb:
         81:57:b5:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++LTL6PPwyQp4yXaKu14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWY4NTE4OGQwODJmZDU2NDBiNWMzZmUxMjIxZjYwYzUw
MWVkYjUwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U1NDdhY2Q0Y2EzYzRlNjU4YmZlNDNlYmY0YmI2ZWFjMWRhN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp0iQvXkfFJRgejjamWMwbqkBXfE
JW8kaZQkVsf11F/Hx6OHz88ukmm40wOGu5K7185QxfxOlYzDwIQRvPOQt5TcDJC0
Ku+V7gqWAGIYNUBMfZ3Wzw94Lb0kpoamS+ySANUyHpLpLa3cW6aCd5SPhUgpifCa
9kCszSSM3zZXnWPhXw7jbUdQ/kCMZDKi3H0sFTBWmpwwZtXgPIlCtQavjlLtTb/7
LZO1UqpRPaW+6QXoBW4iew5hc/f8i5qF2AdlKmDby7FI31WT2XBwEdqOcv+kDhad
sI4vgLavfGUeYlwVILWbyjqP0iWXZnhEEYLtR5SnGIsChALws2+ckIS2TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNflR6zUyjxOZYv+Q+v0u26sHae+MB8GA1UdIwQY
MBaAFDEfhRiNCC/VZAtcP+EiH2DFAe21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUt
OWJiZDFlZWJlMzNlLzEvMS1WSHJOVEtQRTVsaV81RDZfUzdicXdkcDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUtOWJiZDFlZWJlMzNl
LzEvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbcSMA0G
CSqGSIb3DQEBCwUAA4IBAQCEC15z/lqj1dBihaoa1eJntiR4ORReD/unGASz9rdc
a+vBpy/tv7Q3r6k7Arsg7KO6WAXlOG0Os5gIPAPsCj6hq7W1SFOftZQXxj95crRX
58p3zr6TONf4BkMIKuUyKpt75X4ctXOKZubdcfU9htfY9EN/1NqoL4XcfHIz+sAU
/9kWAQUCilmbPwdebmXAlCZdLD3Igl19CrAhXC9RoS/FIXu3mWt39PMTJlMVeW8f
7J0x6CTzqh1w4VXP2Z/vLggZsY5t0+cm6Q7U81ddsnazzrJq7Dq9/xAkBcVDA7fz
SqJRohjR0DjL+qorVVK/YejRuVf4RItNtxh03fuBV7Ua
-----END CERTIFICATE-----