Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/fVFqHVP_QiliJMl-kIcrOxmuCro.roa
File:                     fVFqHVP_QiliJMl-kIcrOxmuCro.roa (raw, json)
Hash identifier:          GkKxdagAYy+CINxI1Dp6ck9rxu8bkF9hmUyqgByM5jo=
Subject key identifier:   7D:51:6A:1D:53:FF:42:29:62:24:C9:7E:90:87:2B:3B:19:AE:0A:BA
Certificate issuer:       /CN=2f95a0589b2846ebfc7366c06c644b46a2d8d32b
Certificate serial:       0194236A229924BC06C4BA654CDAE38B64A0
Authority key identifier: 2F:95:A0:58:9B:28:46:EB:FC:73:66:C0:6C:64:4B:46:A2:D8:D3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/fVFqHVP_QiliJMl-kIcrOxmuCro.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        185.227.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:22:99:24:bc:06:c4:ba:65:4c:da:e3:8b:64:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f95a0589b2846ebfc7366c06c644b46a2d8d32b
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d516a1d53ff42296224c97e90872b3b19ae0aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3a:ab:c3:b9:38:7e:d9:2f:b8:49:79:60:79:
                    6d:6c:82:b2:4e:21:a2:03:ff:fb:c0:3d:f1:54:b0:
                    5a:3f:05:79:68:61:27:ee:eb:06:fc:83:32:52:8f:
                    82:14:ee:4e:49:2e:00:c7:1d:50:8d:96:98:82:17:
                    37:62:cc:ee:c0:e2:64:a9:71:3b:5f:42:3e:07:36:
                    ad:cf:89:81:93:23:a5:4c:e2:a9:eb:61:5a:de:85:
                    57:6f:d8:96:75:f3:e0:79:8a:12:1b:78:92:a9:17:
                    3d:06:e7:ae:65:04:e0:e8:af:ba:b1:0a:be:64:6c:
                    77:32:c0:bb:d8:be:fc:fe:d7:0a:67:8b:20:a3:fb:
                    3a:1e:45:05:b2:0b:b4:00:e2:0f:38:95:75:fd:bf:
                    27:8a:92:34:47:7d:d6:77:df:5a:19:79:db:4b:5d:
                    70:6a:9c:d5:7b:6f:0f:cb:a6:b8:e9:17:04:cb:7a:
                    9e:c1:30:06:2d:ba:12:47:3b:0a:cb:3b:64:6c:55:
                    13:ad:2a:a0:bb:d1:7e:03:4d:ee:b4:a5:5f:89:34:
                    93:1f:f5:bd:2e:6a:7d:14:92:52:ce:3e:78:5c:90:
                    49:59:7a:02:0e:32:fc:87:a6:bb:e3:38:2b:20:f0:
                    23:1d:5d:24:34:59:59:32:dd:9c:19:8d:7c:42:a2:
                    5e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:51:6A:1D:53:FF:42:29:62:24:C9:7E:90:87:2B:3B:19:AE:0A:BA
            X509v3 Authority Key Identifier:
                keyid:2F:95:A0:58:9B:28:46:EB:FC:73:66:C0:6C:64:4B:46:A2:D8:D3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5WgWJsoRuv8c2bAbGRLRqLY0ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/fVFqHVP_QiliJMl-kIcrOxmuCro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/d6a552-e035-4721-9ecf-93fe5bf6daff/1/L5WgWJsoRuv8c2bAbGRLRqLY0ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:32:13:78:7a:c9:2d:91:93:2c:ee:cf:0e:2c:b3:16:d8:17:
         75:14:6f:d1:b2:f0:c4:6f:b8:74:16:92:e5:26:8c:b6:8f:c5:
         9d:42:b1:68:10:d5:eb:fd:fa:cf:90:ea:6a:51:34:09:33:5d:
         1c:0e:1e:34:49:04:cd:52:62:fb:19:98:27:1f:30:a2:77:5f:
         31:bb:3b:a7:82:4b:ca:fb:b6:2f:94:19:d9:22:7c:d7:13:e1:
         fe:99:be:a3:e0:49:ed:41:dd:24:95:2d:a9:11:19:8f:52:21:
         3e:c1:c9:63:d8:a7:b7:fd:c8:6a:b5:84:53:64:6a:27:9c:3e:
         8a:6c:33:62:7a:df:18:03:7a:6a:36:71:87:ac:b2:c5:6e:17:
         6d:21:af:cf:b9:e3:02:cb:78:f6:ba:46:76:99:74:4f:c2:47:
         3f:e2:0f:3e:a5:b0:6c:60:10:ed:19:26:a7:07:cd:59:6c:20:
         2c:04:f0:3a:90:d0:3a:d4:bc:e5:49:82:5e:e6:27:9d:92:ea:
         57:2f:48:e7:11:f3:d6:3d:8a:53:69:6b:e5:e4:68:38:87:19:
         fd:86:75:c5:d4:ba:0c:f7:65:28:3e:a5:5b:56:e8:9c:40:e2:
         46:73:b9:bf:47:7f:c7:c7:15:94:b3:32:54:ea:90:40:31:bb:
         b6:21:1a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiKZJLwGxLplTNrji2SgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTVhMDU4OWIyODQ2ZWJmYzczNjZjMDZjNjQ0YjQ2YTJk
OGQzMmIwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDUxNmExZDUzZmY0MjI5NjIyNGM5N2U5MDg3MmIzYjE5YWUwYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Dqrw7k4ftkvuEl5YHltbIKyTiGi
A//7wD3xVLBaPwV5aGEn7usG/IMyUo+CFO5OSS4Axx1QjZaYghc3YszuwOJkqXE7
X0I+Bzatz4mBkyOlTOKp62Fa3oVXb9iWdfPgeYoSG3iSqRc9BueuZQTg6K+6sQq+
ZGx3MsC72L78/tcKZ4sgo/s6HkUFsgu0AOIPOJV1/b8nipI0R33Wd99aGXnbS11w
apzVe28Py6a46RcEy3qewTAGLboSRzsKyztkbFUTrSqgu9F+A03utKVfiTSTH/W9
Lmp9FJJSzj54XJBJWXoCDjL8h6a74zgrIPAjHV0kNFlZMt2cGY18QqJemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1Rah1T/0IpYiTJfpCHKzsZrgq6MB8GA1UdIwQY
MBaAFC+VoFibKEbr/HNmwGxkS0ai2NMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVXZ1dKc29SdXY4YzJiQWJHUkxScUxZMHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9kNmE1NTItZTAzNS00NzIxLTllY2Yt
OTNmZTViZjZkYWZmLzEvZlZGcUhWUF9RaWxpSk1sLWtJY3JPeG11Q3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9kNmE1NTItZTAzNS00NzIxLTllY2YtOTNmZTViZjZkYWZm
LzEvTDVXZ1dKc29SdXY4YzJiQWJHUkxScUxZMHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueOjMA0G
CSqGSIb3DQEBCwUAA4IBAQAFMhN4esktkZMs7s8OLLMW2Bd1FG/RsvDEb7h0FpLl
Joy2j8WdQrFoENXr/frPkOpqUTQJM10cDh40SQTNUmL7GZgnHzCid18xuzungkvK
+7YvlBnZInzXE+H+mb6j4EntQd0klS2pERmPUiE+wclj2Ke3/chqtYRTZGonnD6K
bDNiet8YA3pqNnGHrLLFbhdtIa/PueMCy3j2ukZ2mXRPwkc/4g8+pbBsYBDtGSan
B81ZbCAsBPA6kNA61LzlSYJe5iedkupXL0jnEfPWPYpTaWvl5Gg4hxn9hnXF1LoM
92UoPqVbVuicQOJGc7m/R3/HxxWUszJU6pBAMbu2IRqG
-----END CERTIFICATE-----