Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/vhuqt87dQlwpLm6mImrsEtoMnS0.roa
File:                     vhuqt87dQlwpLm6mImrsEtoMnS0.roa (raw, json)
Hash identifier:          OYcjE2mSIdir4/5GLlaTPE0qszgr/jJDU6iPw1A8rm0=
Subject key identifier:   BE:1B:AA:B7:CE:DD:42:5C:29:2E:6E:A6:22:6A:EC:12:DA:0C:9D:2D
Certificate issuer:       /CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
Certificate serial:       019424B3B097CB568E2F0C59B7B5FD08A642
Authority key identifier: E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/vhuqt87dQlwpLm6mImrsEtoMnS0.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30790
IP address blocks:        194.54.184.0/24 maxlen: 24
                          194.54.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b0:97:cb:56:8e:2f:0c:59:b7:b5:fd:08:a6:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be1baab7cedd425c292e6ea6226aec12da0c9d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:18:a4:12:ee:a5:5c:1c:26:34:2e:b2:84:1c:
                    68:02:ed:48:98:11:0a:63:c7:12:03:c8:6d:69:fb:
                    55:72:fe:7b:a5:be:44:ff:2c:3b:0a:4b:bd:bc:37:
                    e7:44:a1:52:e4:f6:4b:70:63:97:92:9b:39:39:01:
                    70:e1:23:d6:6c:f0:d7:20:6d:f2:eb:2b:72:ea:a7:
                    34:20:ed:df:a2:ec:41:6e:24:2d:20:65:37:4a:f2:
                    4c:be:a2:b2:42:57:06:0c:43:8b:b5:7d:80:f1:bf:
                    6e:60:be:27:6f:f9:05:ee:a1:74:19:73:bf:f5:99:
                    00:30:75:99:13:de:08:af:37:87:ee:a8:4e:0f:97:
                    38:ad:4b:72:8f:e5:be:b0:25:bf:73:23:c4:5a:6d:
                    3d:29:25:a9:e4:2a:7a:96:e0:3f:64:c6:e5:31:90:
                    83:21:ad:30:8d:2b:e0:83:b6:d0:4b:fc:cf:5d:a5:
                    64:42:67:81:1b:d9:bf:11:e9:84:e5:20:aa:c4:07:
                    09:f2:0a:0b:a2:2d:cb:6c:3a:cd:2c:84:cc:66:66:
                    76:51:15:ac:33:03:36:f1:95:68:49:ce:58:4f:6d:
                    3f:4c:2a:4b:a4:fe:f9:79:f7:18:96:81:73:ab:00:
                    df:df:9a:c2:4d:c5:bc:9e:71:40:ab:2f:82:32:44:
                    4a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:1B:AA:B7:CE:DD:42:5C:29:2E:6E:A6:22:6A:EC:12:DA:0C:9D:2D
            X509v3 Authority Key Identifier:
                keyid:E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/vhuqt87dQlwpLm6mImrsEtoMnS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:99:67:5a:6f:a2:1c:f9:45:19:cf:d3:b5:90:1f:21:86:be:
         fb:31:ff:6c:ec:2e:ea:51:a7:7d:33:7d:88:b8:3d:39:c2:b1:
         c8:73:87:0d:62:62:1c:cf:94:93:36:6a:dd:28:4d:61:7d:d9:
         12:4a:5f:3c:38:e8:22:7e:c5:ca:e7:14:71:1b:a7:4c:2d:9d:
         77:29:14:cf:bf:cf:13:94:14:35:41:16:49:67:8f:a6:c3:58:
         04:32:17:78:5d:1d:02:f6:cc:b9:b7:cb:1d:c7:19:67:12:9b:
         92:f9:4f:ec:fa:12:3a:a0:6a:1a:4e:61:f0:b0:2a:1d:10:6e:
         a0:e4:5f:c1:b0:83:b3:31:4c:46:3c:5f:03:1a:29:54:bb:8c:
         b7:21:47:ad:53:6f:f9:21:71:09:cf:3b:96:5f:c5:90:56:d0:
         e3:49:d6:04:90:05:18:4a:20:04:0b:f5:da:3b:ff:32:32:36:
         c0:cb:0c:3f:8f:22:f5:51:fa:76:61:26:3c:1f:73:31:d0:a1:
         b1:c9:66:3c:e1:09:e9:82:86:0d:54:60:7b:14:f8:ad:31:50:
         41:18:9c:67:29:88:2f:f3:16:b9:85:11:27:c4:06:e2:5c:de:
         a0:af:20:34:96:7d:74:0f:82:83:46:69:41:a8:e6:f2:68:18:
         e5:68:c1:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7CXy1aOLwxZt7X9CKZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ODBmYjk1MzBhMzZmZjdiNzQzMGQ1MGQ0NGI4ZmI2ZDZk
Y2E5MzcwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTFiYWFiN2NlZGQ0MjVjMjkyZTZlYTYyMjZhZWMxMmRhMGM5ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BikEu6lXBwmNC6yhBxoAu1ImBEK
Y8cSA8htaftVcv57pb5E/yw7Cku9vDfnRKFS5PZLcGOXkps5OQFw4SPWbPDXIG3y
6yty6qc0IO3fouxBbiQtIGU3SvJMvqKyQlcGDEOLtX2A8b9uYL4nb/kF7qF0GXO/
9ZkAMHWZE94IrzeH7qhOD5c4rUtyj+W+sCW/cyPEWm09KSWp5Cp6luA/ZMblMZCD
Ia0wjSvgg7bQS/zPXaVkQmeBG9m/EemE5SCqxAcJ8goLoi3LbDrNLITMZmZ2URWs
MwM28ZVoSc5YT20/TCpLpP75efcYloFzqwDf35rCTcW8nnFAqy+CMkRKCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4bqrfO3UJcKS5upiJq7BLaDJ0tMB8GA1UdIwQY
MBaAFOmA+5Uwo2/3t0MNUNRLj7bW3Kk3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEt
NDhmMzlmZGUwZWVhLzEvdmh1cXQ4N2RRbHdwTG02bUltcnNFdG9NblMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEtNDhmMzlmZGUwZWVh
LzEvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwja4MA0G
CSqGSIb3DQEBCwUAA4IBAQCwmWdab6Ic+UUZz9O1kB8hhr77Mf9s7C7qUad9M32I
uD05wrHIc4cNYmIcz5STNmrdKE1hfdkSSl88OOgifsXK5xRxG6dMLZ13KRTPv88T
lBQ1QRZJZ4+mw1gEMhd4XR0C9sy5t8sdxxlnEpuS+U/s+hI6oGoaTmHwsCodEG6g
5F/BsIOzMUxGPF8DGilUu4y3IUetU2/5IXEJzzuWX8WQVtDjSdYEkAUYSiAEC/Xa
O/8yMjbAyww/jyL1Ufp2YSY8H3Mx0KGxyWY84QnpgoYNVGB7FPitMVBBGJxnKYgv
8xa5hREnxAbiXN6gryA0ln10D4KDRmlBqObyaBjlaMFT
-----END CERTIFICATE-----