Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/vJU7TYTNdrKazsGkyXHeqona0Pg.roa
File:                     vJU7TYTNdrKazsGkyXHeqona0Pg.roa (raw, json)
Hash identifier:          iL9E8+h90/3EbQ79KJw98Dj0cUBdo61gLVaVCxN/WHk=
Subject key identifier:   BC:95:3B:4D:84:CD:76:B2:9A:CE:C1:A4:C9:71:DE:AA:89:DA:D0:F8
Certificate issuer:       /CN=c2fd2c74ad6fae2ddd0f6e9c39fde831893ae6f9
Certificate serial:       019421B184BE467C1FDDE2423090CDC8A5C8
Authority key identifier: C2:FD:2C:74:AD:6F:AE:2D:DD:0F:6E:9C:39:FD:E8:31:89:3A:E6:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/vJU7TYTNdrKazsGkyXHeqona0Pg.roa
Signing time:             Wed 01 Jan 2025 11:47:49 +0000
ROA not before:           Wed 01 Jan 2025 11:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39729
IP address blocks:        185.110.66.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:84:be:46:7c:1f:dd:e2:42:30:90:cd:c8:a5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2fd2c74ad6fae2ddd0f6e9c39fde831893ae6f9
        Validity
            Not Before: Jan  1 11:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc953b4d84cd76b29acec1a4c971deaa89dad0f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d7:88:23:3c:60:2b:39:36:b4:60:e0:eb:ba:
                    02:b1:ae:01:af:ea:1b:0c:27:70:54:17:97:0a:8d:
                    3c:2a:85:41:fb:a7:2d:64:4a:b7:fa:fb:b0:9d:00:
                    3b:d6:90:3e:bd:44:0c:6d:c0:82:9f:4c:32:38:b9:
                    ec:7e:ae:f9:52:ca:5d:4a:b2:cd:0f:b7:53:dd:34:
                    52:57:05:3c:27:c3:4c:86:e8:43:2f:16:ad:75:c0:
                    ad:bd:a9:51:0d:58:32:2c:fd:2f:4e:61:5b:58:07:
                    5c:26:2a:36:9a:64:54:ff:d3:8f:f4:cf:d2:5f:f2:
                    a1:78:9e:ba:46:04:05:90:c1:5c:8b:1f:7d:0e:82:
                    32:16:36:92:31:5e:af:da:ba:6b:1f:9a:9a:b0:c7:
                    f6:22:fa:08:2d:66:1d:f7:e2:17:94:ae:ce:5d:e7:
                    0f:91:39:de:26:d8:e2:91:f8:2d:bc:8f:40:e6:0f:
                    21:96:91:b4:ed:ba:dc:a6:06:40:ef:bd:e2:b1:05:
                    4d:43:0e:df:58:40:ff:50:fb:da:9c:a5:e7:1f:b9:
                    11:1d:49:12:e3:87:3b:da:78:a0:1a:c3:79:7f:1e:
                    51:c1:58:bc:d1:b7:8f:a6:3d:4d:9b:1c:52:43:53:
                    09:64:3c:22:05:61:c7:da:0f:b1:71:9b:3a:58:3d:
                    4c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:95:3B:4D:84:CD:76:B2:9A:CE:C1:A4:C9:71:DE:AA:89:DA:D0:F8
            X509v3 Authority Key Identifier:
                keyid:C2:FD:2C:74:AD:6F:AE:2D:DD:0F:6E:9C:39:FD:E8:31:89:3A:E6:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wv0sdK1vri3dD26cOf3oMYk65vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/vJU7TYTNdrKazsGkyXHeqona0Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/542603-5462-4b8d-8bc4-535cc0c102f0/1/wv0sdK1vri3dD26cOf3oMYk65vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:a6:8e:36:12:9d:c0:3e:f6:29:02:b8:fc:37:4e:b8:22:8d:
         55:dc:fa:bd:b8:7c:7f:81:65:1a:41:83:2e:d7:98:78:53:56:
         28:a5:e9:19:ba:95:a0:3f:5e:0b:42:0f:02:3f:b5:64:a0:ad:
         6e:0c:ff:91:2b:9a:ec:1c:10:4f:b7:82:8b:ed:45:f9:be:42:
         77:70:ec:ef:15:65:2d:3e:12:1e:e7:b1:6b:37:20:85:15:9b:
         2d:10:3c:96:a5:9b:ed:78:af:cb:88:78:3b:07:dc:54:bd:4e:
         fa:69:4f:15:74:3f:62:0a:e9:d0:7d:88:ff:d2:95:ae:50:12:
         b4:e1:09:fc:ef:40:50:75:27:d8:ee:8a:48:97:a3:a8:0f:53:
         6a:bb:e3:07:28:95:b7:49:7f:0c:ff:46:88:a7:6d:ee:74:0d:
         2a:53:47:73:c1:3e:53:be:34:a4:c2:da:b7:c9:2e:97:09:dd:
         7c:b4:b4:af:22:07:2b:4a:fe:02:62:01:9c:13:ef:96:a6:e5:
         54:28:51:2c:01:e8:c7:99:52:c7:46:b6:22:a4:ea:05:38:3d:
         4b:93:e3:4f:8e:6e:c7:d5:a7:2f:4f:08:d8:57:a9:e9:e1:54:
         c6:58:71:ec:d3:f0:e2:4f:be:d0:c0:6a:ca:77:2a:65:3a:57:
         28:48:2e:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsYS+Rnwf3eJCMJDNyKXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZmQyYzc0YWQ2ZmFlMmRkZDBmNmU5YzM5ZmRlODMxODkz
YWU2ZjkwHhcNMjUwMTAxMTE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzk1M2I0ZDg0Y2Q3NmIyOWFjZWMxYTRjOTcxZGVhYTg5ZGFkMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdeIIzxgKzk2tGDg67oCsa4Br+ob
DCdwVBeXCo08KoVB+6ctZEq3+vuwnQA71pA+vUQMbcCCn0wyOLnsfq75UspdSrLN
D7dT3TRSVwU8J8NMhuhDLxatdcCtvalRDVgyLP0vTmFbWAdcJio2mmRU/9OP9M/S
X/KheJ66RgQFkMFcix99DoIyFjaSMV6v2rprH5qasMf2IvoILWYd9+IXlK7OXecP
kTneJtjikfgtvI9A5g8hlpG07brcpgZA773isQVNQw7fWED/UPvanKXnH7kRHUkS
44c72nigGsN5fx5RwVi80bePpj1NmxxSQ1MJZDwiBWHH2g+xcZs6WD1MdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyVO02EzXayms7BpMlx3qqJ2tD4MB8GA1UdIwQY
MBaAFML9LHStb64t3Q9unDn96DGJOub5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Ywc2RLMXZyaTNkRDI2Y09mM29NWWs2NXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NDI2MDMtNTQ2Mi00YjhkLThiYzQt
NTM1Y2MwYzEwMmYwLzEvdkpVN1RZVE5kckthenNHa3lYSGVxb25hMFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NDI2MDMtNTQ2Mi00YjhkLThiYzQtNTM1Y2MwYzEwMmYw
LzEvd3Ywc2RLMXZyaTNkRDI2Y09mM29NWWs2NXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW5CMA0G
CSqGSIb3DQEBCwUAA4IBAQC+po42Ep3APvYpArj8N064Io1V3Pq9uHx/gWUaQYMu
15h4U1YopekZupWgP14LQg8CP7VkoK1uDP+RK5rsHBBPt4KL7UX5vkJ3cOzvFWUt
PhIe57FrNyCFFZstEDyWpZvteK/LiHg7B9xUvU76aU8VdD9iCunQfYj/0pWuUBK0
4Qn870BQdSfY7opIl6OoD1Nqu+MHKJW3SX8M/0aIp23udA0qU0dzwT5TvjSkwtq3
yS6XCd18tLSvIgcrSv4CYgGcE++WpuVUKFEsAejHmVLHRrYipOoFOD1Lk+NPjm7H
1acvTwjYV6np4VTGWHHs0/DiT77QwGrKdyplOlcoSC6g
-----END CERTIFICATE-----