Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vIiphgAqT_dUC_AwmjGvoBdo9FA.roa
File:                     vIiphgAqT_dUC_AwmjGvoBdo9FA.roa (raw, json)
Hash identifier:          7W7FdUnIOACsfSnfPWAxqXeXEqBBHWzCss0LZj1WAyo=
Subject key identifier:   BC:88:A9:86:00:2A:4F:F7:54:0B:F0:30:9A:31:AF:A0:17:68:F4:50
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BE81193CD27CDFA45324A4A01E759
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vIiphgAqT_dUC_AwmjGvoBdo9FA.roa
Signing time:             Thu 02 Jan 2025 09:49:53 +0000
ROA not before:           Thu 02 Jan 2025 09:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199910
IP address blocks:        85.202.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e8:11:93:cd:27:cd:fa:45:32:4a:4a:01:e7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc88a986002a4ff7540bf0309a31afa01768f450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0e:27:39:10:fe:78:3a:a7:ef:21:97:65:7e:
                    74:68:14:4d:b1:9d:eb:5b:fc:25:4b:50:15:40:52:
                    a3:63:17:66:51:a9:ac:68:f2:fc:4d:95:64:45:f2:
                    49:dc:b9:10:01:3b:7f:3e:cb:2a:49:e9:4b:d7:de:
                    4e:3a:69:49:c3:0d:4a:e7:c8:13:d0:35:b3:d4:f0:
                    c7:5a:b7:db:5e:45:79:56:a2:fe:39:af:5b:e5:5f:
                    6a:4b:d8:42:85:40:28:19:f7:90:91:bc:04:2c:0e:
                    a5:55:8e:fe:e8:91:f7:03:75:22:c4:7d:20:e3:32:
                    2d:cf:e6:fd:97:da:37:52:d9:ff:db:ee:9f:5d:1f:
                    3e:f9:ee:9d:75:76:4f:57:87:93:ed:89:15:91:03:
                    73:2c:6a:8a:1d:de:5f:cb:e6:0d:da:c1:af:23:8f:
                    ad:3d:48:9a:e5:a7:5b:c2:6c:1e:9b:ad:be:bf:ab:
                    70:ea:9b:c9:76:b4:27:6d:22:4c:19:37:a6:5a:fd:
                    f3:15:ec:30:11:b1:32:87:61:ed:9c:34:67:36:54:
                    c5:fa:3e:db:33:4a:a2:4c:0e:aa:57:38:9b:5d:8b:
                    7f:75:00:ae:99:c2:d3:00:bb:ff:9e:57:78:4c:d5:
                    a4:60:ee:8b:42:34:6f:9e:dd:c8:b5:c3:e4:63:a2:
                    b1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:88:A9:86:00:2A:4F:F7:54:0B:F0:30:9A:31:AF:A0:17:68:F4:50
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vIiphgAqT_dUC_AwmjGvoBdo9FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9f:75:61:ab:48:03:07:9d:18:19:03:e1:35:6c:c0:93:53:
         f1:8b:18:54:0a:50:1c:61:be:22:5d:18:04:44:fb:7b:5c:09:
         06:7a:8c:4e:d5:56:47:07:26:10:88:c9:51:ad:b6:3a:6f:0e:
         72:d7:46:39:69:15:20:76:3f:58:53:21:fe:e2:17:33:f9:3b:
         f5:5a:21:74:fc:50:f9:0a:8d:a8:62:3e:3b:d9:00:18:c6:b0:
         ac:ff:4b:12:54:d7:2c:a5:a5:66:76:ae:49:b6:8d:ba:22:c3:
         44:49:fc:9f:65:35:67:18:de:db:ba:cf:40:e0:09:49:3b:9e:
         94:9d:0b:a3:5e:a0:2b:e6:c7:e7:28:18:a5:ad:fb:7f:41:4d:
         77:d2:e1:db:63:5b:2e:56:3b:94:ca:08:cf:37:86:f6:70:b9:
         13:a8:69:01:07:15:40:14:d8:49:fc:47:0b:96:cf:ff:bd:fc:
         b2:cf:e1:8e:f0:65:b4:4d:95:be:fe:38:07:08:35:37:24:30:
         9e:08:d4:dc:6c:59:8b:ef:2a:de:15:5a:1d:0f:d1:2a:f4:97:
         08:2f:b3:6d:dd:ca:91:d0:5d:c6:c8:21:01:d7:84:cf:a9:7d:
         7b:d9:8b:ee:47:47:2d:a4:d6:5b:02:b3:1b:c2:ca:a0:39:55:
         ec:63:d4:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+gRk80nzfpFMkpKAedZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzg4YTk4NjAwMmE0ZmY3NTQwYmYwMzA5YTMxYWZhMDE3NjhmNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg4nORD+eDqn7yGXZX50aBRNsZ3r
W/wlS1AVQFKjYxdmUamsaPL8TZVkRfJJ3LkQATt/PssqSelL195OOmlJww1K58gT
0DWz1PDHWrfbXkV5VqL+Oa9b5V9qS9hChUAoGfeQkbwELA6lVY7+6JH3A3UixH0g
4zItz+b9l9o3Utn/2+6fXR8++e6ddXZPV4eT7YkVkQNzLGqKHd5fy+YN2sGvI4+t
PUia5adbwmwem62+v6tw6pvJdrQnbSJMGTemWv3zFewwEbEyh2HtnDRnNlTF+j7b
M0qiTA6qVzibXYt/dQCumcLTALv/nld4TNWkYO6LQjRvnt3ItcPkY6KxGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyIqYYAKk/3VAvwMJoxr6AXaPRQMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvdklpcGhnQXFUX2RVQ19Bd21qR3ZvQmRvOUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcozMA0G
CSqGSIb3DQEBCwUAA4IBAQAOn3Vhq0gDB50YGQPhNWzAk1PxixhUClAcYb4iXRgE
RPt7XAkGeoxO1VZHByYQiMlRrbY6bw5y10Y5aRUgdj9YUyH+4hcz+Tv1WiF0/FD5
Co2oYj472QAYxrCs/0sSVNcspaVmdq5Jto26IsNESfyfZTVnGN7bus9A4AlJO56U
nQujXqAr5sfnKBilrft/QU130uHbY1suVjuUygjPN4b2cLkTqGkBBxVAFNhJ/EcL
ls//vfyyz+GO8GW0TZW+/jgHCDU3JDCeCNTcbFmL7yreFVodD9Eq9JcIL7Nt3cqR
0F3GyCEB14TPqX172YvuR0ctpNZbArMbwsqgOVXsY9Qb
-----END CERTIFICATE-----