Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/VPHhytFNuubbFjm4tYvAl8Nd2ZE.roa
File:                     VPHhytFNuubbFjm4tYvAl8Nd2ZE.roa (raw, json)
Hash identifier:          6/FzWhj3KyFvDY5lx/pXSGk3g0b0b2s63jOD/2yTOio=
Subject key identifier:   54:F1:E1:CA:D1:4D:BA:E6:DB:16:39:B8:B5:8B:C0:97:C3:5D:D9:91
Certificate issuer:       /CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
Certificate serial:       0194266ACD6FF5BFEF2AF0E7C81C0053F48A
Authority key identifier: 70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/VPHhytFNuubbFjm4tYvAl8Nd2ZE.roa
Signing time:             Thu 02 Jan 2025 09:48:41 +0000
ROA not before:           Thu 02 Jan 2025 09:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211253
IP address blocks:        185.87.168.0/24 maxlen: 24
                          185.87.169.0/24 maxlen: 24
                          185.87.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:cd:6f:f5:bf:ef:2a:f0:e7:c8:1c:00:53:f4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
        Validity
            Not Before: Jan  2 09:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54f1e1cad14dbae6db1639b8b58bc097c35dd991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2d:b7:2a:c5:3f:d7:e9:e1:1e:ec:9e:f8:ba:
                    27:5b:f1:cc:78:4c:ce:b4:3c:7c:ec:8e:b9:8b:0b:
                    b4:d8:2a:68:84:6d:79:8a:ae:e9:34:8e:0c:bb:71:
                    c8:ed:93:a3:61:5f:ac:f2:03:03:83:7c:9e:39:d3:
                    ba:0d:05:ca:c3:a7:56:e5:24:75:d3:fb:ae:92:3c:
                    b3:ae:a7:c0:bf:da:35:0c:c2:26:93:d0:0a:fa:d7:
                    e4:bd:0e:ed:33:0c:0b:c8:a2:37:7e:3e:7a:37:29:
                    86:cf:cf:a8:ce:7b:90:9f:8b:a0:59:09:25:c4:5e:
                    e9:fe:9d:f0:b1:3f:9c:e3:00:6b:3c:da:00:cf:db:
                    d2:a3:94:12:58:16:22:e4:6d:18:66:40:79:9a:40:
                    38:12:fd:4c:fa:a0:fb:d9:b0:c5:82:1d:08:58:93:
                    fe:df:78:64:70:12:b2:40:f8:67:47:bd:c4:8b:c1:
                    38:0f:83:1f:31:cb:9e:d8:86:bf:a8:4c:5c:68:29:
                    00:de:16:b4:0c:80:a8:ec:37:9b:00:b0:ef:0a:b5:
                    dc:2c:8a:a5:f5:56:1c:03:b8:4f:d2:39:a5:bb:5b:
                    2a:3f:2f:63:7b:8b:68:e6:88:dc:88:46:4f:57:48:
                    89:6b:46:cd:30:f1:c8:d4:ae:db:c5:7f:47:97:9a:
                    0b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F1:E1:CA:D1:4D:BA:E6:DB:16:39:B8:B5:8B:C0:97:C3:5D:D9:91
            X509v3 Authority Key Identifier:
                keyid:70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/VPHhytFNuubbFjm4tYvAl8Nd2ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.168.0-185.87.170.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:9e:21:c3:43:40:be:e7:e9:b7:2f:11:67:7e:72:17:ca:54:
         3e:f5:e9:32:55:5c:28:e2:c3:49:94:24:81:8d:6f:24:d1:54:
         9f:e4:d8:3d:51:7e:85:13:04:94:17:73:0e:38:39:34:06:10:
         32:7e:71:4c:73:b8:60:72:dc:b8:a1:18:50:d3:49:2b:e4:16:
         45:eb:73:54:d6:a8:72:d4:14:e3:b8:43:60:49:b0:f0:7b:97:
         9f:92:b8:e9:42:6f:79:62:af:21:b9:d8:6b:f8:b1:20:5b:55:
         6c:bb:51:4d:0d:9b:66:9f:ff:0f:3c:9e:0f:5d:27:ab:58:d2:
         57:9f:d9:7d:8d:46:70:88:ce:ce:37:22:17:88:5d:28:2e:16:
         00:b0:e5:bf:1e:37:45:58:1c:b3:f7:34:7c:f3:fa:7e:54:16:
         76:fe:18:92:b6:7a:4f:4b:57:df:35:49:e6:a8:6b:b8:e0:b3:
         37:05:9d:43:db:80:b3:05:94:e1:52:6d:96:79:73:b8:51:9c:
         42:62:d3:00:54:e3:0f:58:27:97:05:ba:47:f7:83:27:ac:b4:
         96:9c:35:ea:b2:39:ba:ee:68:bf:a7:08:79:7d:47:bc:f7:cd:
         b2:53:3f:f9:e8:77:a9:04:ec:c3:4a:b2:37:71:cb:db:97:f5:
         99:b1:6c:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmas1v9b/vKvDnyBwAU/SKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmI3ZmVhOGFkMzUxMTFjYTY4N2E5Y2QwMGE0OWY5YTRm
MDQ1OWIwHhcNMjUwMTAyMDk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGYxZTFjYWQxNGRiYWU2ZGIxNjM5YjhiNThiYzA5N2MzNWRkOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy23KsU/1+nhHuye+LonW/HMeEzO
tDx87I65iwu02CpohG15iq7pNI4Mu3HI7ZOjYV+s8gMDg3yeOdO6DQXKw6dW5SR1
0/uukjyzrqfAv9o1DMImk9AK+tfkvQ7tMwwLyKI3fj56NymGz8+oznuQn4ugWQkl
xF7p/p3wsT+c4wBrPNoAz9vSo5QSWBYi5G0YZkB5mkA4Ev1M+qD72bDFgh0IWJP+
33hkcBKyQPhnR73Ei8E4D4MfMcue2Ia/qExcaCkA3ha0DICo7DebALDvCrXcLIql
9VYcA7hP0jmlu1sqPy9je4to5ojciEZPV0iJa0bNMPHI1K7bxX9Hl5oLjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFTx4crRTbrm2xY5uLWLwJfDXdmRMB8GA1UdIwQY
MBaAFHBrf+qK01ERymh6nNAKSfmk8EWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4Mjct
MjYwYzM3N2EzMTRhLzEvVlBIaHl0Rk51dWJiRmptNHRZdkFsOE5kMlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4MjctMjYwYzM3N2EzMTRh
LzEvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5V6gD
BAC5V6owDQYJKoZIhvcNAQELBQADggEBAAueIcNDQL7n6bcvEWd+chfKVD716TJV
XCjiw0mUJIGNbyTRVJ/k2D1RfoUTBJQXcw44OTQGEDJ+cUxzuGBy3LihGFDTSSvk
FkXrc1TWqHLUFOO4Q2BJsPB7l5+SuOlCb3liryG52Gv4sSBbVWy7UU0Nm2af/w88
ng9dJ6tY0lef2X2NRnCIzs43IheIXSguFgCw5b8eN0VYHLP3NHzz+n5UFnb+GJK2
ek9LV981Seaoa7jgszcFnUPbgLMFlOFSbZZ5c7hRnEJi0wBU4w9YJ5cFukf3gyes
tJacNeqyObruaL+nCHl9R7z3zbJTP/nod6kE7MNKsjdxy9uX9ZmxbI8=
-----END CERTIFICATE-----