Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/VNd90Fl0tWahsmhhQvhoAAT8f5U.roa
File:                     VNd90Fl0tWahsmhhQvhoAAT8f5U.roa (raw, json)
Hash identifier:          U+zi8hpH0S9lksZLxaBLhZX/Hg0tdOzYwVmTSHbyaHY=
Subject key identifier:   54:D7:7D:D0:59:74:B5:66:A1:B2:68:61:42:F8:68:00:04:FC:7F:95
Certificate issuer:       /CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Certificate serial:       019424B3CBDE609CFA86C1F63B21EEC2975D
Authority key identifier: AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/VNd90Fl0tWahsmhhQvhoAAT8f5U.roa
Signing time:             Thu 02 Jan 2025 01:49:10 +0000
ROA not before:           Thu 02 Jan 2025 01:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213328
IP address blocks:        185.83.124.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:cb:de:60:9c:fa:86:c1:f6:3b:21:ee:c2:97:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
        Validity
            Not Before: Jan  2 01:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54d77dd05974b566a1b2686142f8680004fc7f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:52:41:c3:7a:d4:e7:50:fb:fa:5d:2c:10:
                    44:04:84:6d:07:ba:6f:fb:c9:f8:9a:74:ad:10:ac:
                    3d:f7:92:b8:5e:15:1a:7b:af:c6:d0:c6:ff:39:d5:
                    46:86:c2:08:64:ce:8e:44:a3:62:5c:2a:6a:ad:0c:
                    2e:75:09:a8:72:58:8c:69:f0:b5:c5:aa:dc:19:27:
                    b7:a2:69:5a:ca:cf:1c:0f:03:e9:fd:78:0c:0a:02:
                    a7:f8:6f:a7:52:4d:01:38:6f:dc:17:db:f1:90:c0:
                    bc:7a:4f:8f:24:a0:34:d0:ad:48:ec:b1:54:f4:51:
                    84:70:f3:92:16:ba:91:89:3a:7f:8e:d8:41:ff:d1:
                    96:24:bb:56:1f:24:41:c8:2b:10:68:2c:49:a8:9f:
                    36:0d:93:2a:a1:a6:66:d5:6b:01:a7:a5:06:4b:c1:
                    7a:56:35:a3:96:8e:3f:bd:48:f9:81:3c:52:db:ed:
                    bc:b6:00:6b:f0:43:2d:c3:33:38:47:23:d0:72:ce:
                    70:c2:20:f0:bc:5f:44:8c:c7:05:5b:56:79:18:68:
                    87:e2:79:4e:d1:7b:8a:1c:a5:f9:57:a4:8e:53:e6:
                    47:03:a9:1d:32:d8:35:53:66:47:63:db:79:24:f4:
                    f3:89:55:f5:cc:24:f1:aa:0b:9a:c7:e7:dc:22:7a:
                    34:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D7:7D:D0:59:74:B5:66:A1:B2:68:61:42:F8:68:00:04:FC:7F:95
            X509v3 Authority Key Identifier:
                keyid:AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/VNd90Fl0tWahsmhhQvhoAAT8f5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:9c:0d:73:b1:95:af:3f:da:9d:e7:a7:8d:36:7c:67:e1:3c:
         50:bf:9c:8e:47:de:84:26:b4:6d:21:d2:ab:4f:12:00:25:ab:
         4c:cd:58:c5:c5:f1:9b:7c:96:cd:3e:52:c0:32:f9:c9:f4:97:
         63:54:5d:31:54:26:09:02:09:44:37:54:d1:03:80:59:25:69:
         ce:e4:d4:5c:0e:97:37:50:b1:58:94:8a:44:ef:c6:ed:e9:43:
         91:d3:9a:0f:8f:e9:e1:bd:a8:8b:bf:b1:b3:55:30:de:f2:56:
         30:d5:5c:76:24:33:43:80:08:eb:46:b2:a2:45:f0:43:04:ef:
         bc:5d:9e:45:f8:54:4a:b0:ec:93:43:dc:29:57:87:8b:24:39:
         4c:32:2e:88:3d:81:bc:ec:cc:7e:46:e3:f8:78:7f:ad:83:d7:
         09:69:1f:0e:68:dd:72:a6:f5:89:de:81:9f:7e:bb:42:9e:d2:
         48:ca:bc:d7:bb:fd:8d:b0:35:bf:56:59:5d:97:4d:62:72:9f:
         3a:37:eb:aa:ed:bb:5a:9c:a8:d6:d3:3d:88:24:39:17:93:4e:
         0c:e9:3b:4f:f4:53:6f:bd:83:57:65:06:9e:b5:2b:bc:ba:44:
         9e:5b:3c:7c:48:bb:1a:7e:c4:47:5d:a2:04:50:3d:ad:56:b2:
         4d:09:00:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8veYJz6hsH2OyHuwpddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNWI0NzFkMGJhMDg5ZDllOWY0NmMyOTEzMTk2NzRmYWM4
MTI4ZDAwHhcNMjUwMTAyMDE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQ3N2RkMDU5NzRiNTY2YTFiMjY4NjE0MmY4NjgwMDA0ZmM3Zjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA5SQcN61OdQ+/pdLBBEBIRtB7pv
+8n4mnStEKw995K4XhUae6/G0Mb/OdVGhsIIZM6ORKNiXCpqrQwudQmocliMafC1
xarcGSe3omlays8cDwPp/XgMCgKn+G+nUk0BOG/cF9vxkMC8ek+PJKA00K1I7LFU
9FGEcPOSFrqRiTp/jthB/9GWJLtWHyRByCsQaCxJqJ82DZMqoaZm1WsBp6UGS8F6
VjWjlo4/vUj5gTxS2+28tgBr8EMtwzM4RyPQcs5wwiDwvF9EjMcFW1Z5GGiH4nlO
0XuKHKX5V6SOU+ZHA6kdMtg1U2ZHY9t5JPTziVX1zCTxqguax+fcIno0lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTXfdBZdLVmobJoYUL4aAAE/H+VMB8GA1UdIwQY
MBaAFKpbRx0LoInZ6fRsKRMZZ0+sgSjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgt
NmYyZTI1MjliZTgyLzEvVk5kOTBGbDB0V2Foc21oaFF2aG9BQVQ4ZjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgtNmYyZTI1MjliZTgy
LzEvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVN8MA0G
CSqGSIb3DQEBCwUAA4IBAQAenA1zsZWvP9qd56eNNnxn4TxQv5yOR96EJrRtIdKr
TxIAJatMzVjFxfGbfJbNPlLAMvnJ9JdjVF0xVCYJAglEN1TRA4BZJWnO5NRcDpc3
ULFYlIpE78bt6UOR05oPj+nhvaiLv7GzVTDe8lYw1Vx2JDNDgAjrRrKiRfBDBO+8
XZ5F+FRKsOyTQ9wpV4eLJDlMMi6IPYG87Mx+RuP4eH+tg9cJaR8OaN1ypvWJ3oGf
frtCntJIyrzXu/2NsDW/Vlldl01icp86N+uq7btanKjW0z2IJDkXk04M6TtP9FNv
vYNXZQaetSu8ukSeWzx8SLsafsRHXaIEUD2tVrJNCQAD
-----END CERTIFICATE-----