Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/vld0ebErMCPKI9Y4LD8_cLIWaOM.roa
File:                     vld0ebErMCPKI9Y4LD8_cLIWaOM.roa (raw, json)
Hash identifier:          wzpFx+k2Gs1HYxiCiFKxLWQewXLLyvLVnzEmKOsRn8M=
Subject key identifier:   BE:57:74:79:B1:2B:30:23:CA:23:D6:38:2C:3F:3F:70:B2:16:68:E3
Certificate issuer:       /CN=1d87f30274951cadfb5b737e1333c73d64b04256
Certificate serial:       01941FFA9B2143FFEECE8C9C1CE4F69DBA83
Authority key identifier: 1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/vld0ebErMCPKI9Y4LD8_cLIWaOM.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49964
IP address blocks:        91.220.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9b:21:43:ff:ee:ce:8c:9c:1c:e4:f6:9d:ba:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d87f30274951cadfb5b737e1333c73d64b04256
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be577479b12b3023ca23d6382c3f3f70b21668e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:52:f9:0c:3f:15:46:73:53:1a:e8:63:ff:7b:
                    36:02:c8:07:d7:71:83:a1:fa:45:ed:04:1e:eb:6f:
                    ad:04:86:28:92:36:82:a1:91:b5:f1:8e:07:5d:f4:
                    2e:28:b8:c8:4e:e1:e2:bc:65:05:6e:dc:8d:0e:c4:
                    a5:bb:fb:c6:3a:41:f3:2b:ae:29:da:8a:23:ae:0f:
                    2b:fb:37:d0:5b:da:c3:f1:c0:7f:98:a7:f6:c2:f9:
                    c6:63:82:2c:75:21:66:44:1d:39:c1:f0:67:fc:20:
                    57:5e:17:db:c0:e7:e0:d5:9d:97:55:f8:a5:b3:28:
                    70:03:a1:be:64:4e:9e:43:04:da:b2:9b:81:66:fa:
                    3a:ef:18:97:00:21:f3:9a:d9:17:8b:cf:7d:9a:3b:
                    9a:e5:2b:b8:70:b4:db:72:4a:24:b1:d4:cf:2e:c1:
                    b6:ac:45:9e:38:df:cc:08:b6:88:fe:e0:05:5d:82:
                    41:84:99:41:9f:3a:5e:8d:ac:67:eb:8e:56:59:f7:
                    ab:b4:c8:84:c1:13:0e:67:60:68:0e:2f:ba:25:d7:
                    6e:cb:7b:50:d4:8e:97:6a:c6:b5:b3:63:2b:e9:bc:
                    7d:1c:b3:95:39:7a:c5:71:0f:30:3c:91:08:c1:42:
                    11:86:60:7e:f8:ee:30:b6:d0:c6:cb:f8:f9:d4:73:
                    1e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:57:74:79:B1:2B:30:23:CA:23:D6:38:2C:3F:3F:70:B2:16:68:E3
            X509v3 Authority Key Identifier:
                keyid:1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/vld0ebErMCPKI9Y4LD8_cLIWaOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e0:bb:99:6e:3d:cc:0e:0f:a4:39:9e:58:e6:d3:0f:03:1b:
         dd:34:b4:a8:3a:d1:63:ee:65:33:cb:9e:fc:78:4e:0a:ce:d1:
         02:b0:f3:fa:77:46:48:89:88:ce:c2:1d:05:b4:9e:e9:f0:6c:
         26:b5:f0:e5:20:88:4f:ce:6e:5b:a5:80:28:9c:f8:e3:f5:e5:
         81:89:42:f9:03:4d:da:22:ef:4e:64:aa:24:58:ff:af:aa:f7:
         10:9c:df:24:d8:be:2d:9f:e3:b5:f4:a9:1a:b2:44:a3:ff:98:
         5e:31:41:c2:cb:de:10:47:c9:52:9a:80:e0:f0:6e:a6:84:ca:
         21:74:fc:77:04:9d:8c:32:b3:5b:ce:59:b8:20:1d:64:c2:e2:
         97:3d:25:50:44:af:85:e8:89:83:17:fb:09:9d:7a:3e:85:64:
         e7:a2:fc:a0:eb:e1:94:d3:5d:c5:4c:48:58:80:4b:09:84:7b:
         6c:73:54:63:16:f7:e4:f8:3b:63:a0:31:45:10:4f:a7:fa:f5:
         2e:13:47:ee:f6:b5:f6:bf:be:ea:ed:ba:09:5d:3d:66:ac:80:
         b6:ce:04:bc:9d:fe:5a:fb:bd:7a:bc:b5:7b:b9:53:be:ee:ac:
         95:ed:ba:f7:8a:52:5a:0b:56:cc:9e:50:73:fc:97:f2:bb:b9:
         3d:20:f0:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pshQ//uzoycHOT2nbqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODdmMzAyNzQ5NTFjYWRmYjViNzM3ZTEzMzNjNzNkNjRi
MDQyNTYwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU3NzQ3OWIxMmIzMDIzY2EyM2Q2MzgyYzNmM2Y3MGIyMTY2OGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVL5DD8VRnNTGuhj/3s2AsgH13GD
ofpF7QQe62+tBIYokjaCoZG18Y4HXfQuKLjITuHivGUFbtyNDsSlu/vGOkHzK64p
2oojrg8r+zfQW9rD8cB/mKf2wvnGY4IsdSFmRB05wfBn/CBXXhfbwOfg1Z2XVfil
syhwA6G+ZE6eQwTaspuBZvo67xiXACHzmtkXi899mjua5Su4cLTbckoksdTPLsG2
rEWeON/MCLaI/uAFXYJBhJlBnzpejaxn645WWfertMiEwRMOZ2BoDi+6Jdduy3tQ
1I6Xasa1s2Mr6bx9HLOVOXrFcQ8wPJEIwUIRhmB++O4wttDGy/j51HMe1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5XdHmxKzAjyiPWOCw/P3CyFmjjMB8GA1UdIwQY
MBaAFB2H8wJ0lRyt+1tzfhMzxz1ksEJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUt
ZmU0NDAxMTFkODA3LzEvdmxkMGViRXJNQ1BLSTlZNExEOF9jTElXYU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUtZmU0NDAxMTFkODA3
LzEvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xvMA0G
CSqGSIb3DQEBCwUAA4IBAQBL4LuZbj3MDg+kOZ5Y5tMPAxvdNLSoOtFj7mUzy578
eE4KztECsPP6d0ZIiYjOwh0FtJ7p8GwmtfDlIIhPzm5bpYAonPjj9eWBiUL5A03a
Iu9OZKokWP+vqvcQnN8k2L4tn+O19KkaskSj/5heMUHCy94QR8lSmoDg8G6mhMoh
dPx3BJ2MMrNbzlm4IB1kwuKXPSVQRK+F6ImDF/sJnXo+hWTnovyg6+GU013FTEhY
gEsJhHtsc1RjFvfk+DtjoDFFEE+n+vUuE0fu9rX2v77q7boJXT1mrIC2zgS8nf5a
+716vLV7uVO+7qyV7br3ilJaC1bMnlBz/Jfyu7k9IPCV
-----END CERTIFICATE-----