Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/VM8iNIPAK1gceHYBC6UTJ0oubJk.roa
File:                     VM8iNIPAK1gceHYBC6UTJ0oubJk.roa (raw, json)
Hash identifier:          mqZXcR34R810uEv+4/cBz9V4eZISHr2d9EqXL39avwo=
Subject key identifier:   54:CF:22:34:83:C0:2B:58:1C:78:76:01:0B:A5:13:27:4A:2E:6C:99
Certificate issuer:       /CN=ff58a98db777cb916ca56397ec3d87c986367310
Certificate serial:       0194258E9E44BF3E1F8ED5A253E74AECCD70
Authority key identifier: FF:58:A9:8D:B7:77:CB:91:6C:A5:63:97:EC:3D:87:C9:86:36:73:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1ipjbd3y5FspWOX7D2HyYY2cxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/VM8iNIPAK1gceHYBC6UTJ0oubJk.roa
Signing time:             Thu 02 Jan 2025 05:48:11 +0000
ROA not before:           Thu 02 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200191
IP address blocks:        185.21.184.0/24 maxlen: 24
                          185.21.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/_1ipjbd3y5FspWOX7D2HyYY2cxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/_1ipjbd3y5FspWOX7D2HyYY2cxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_1ipjbd3y5FspWOX7D2HyYY2cxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:9e:44:bf:3e:1f:8e:d5:a2:53:e7:4a:ec:cd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff58a98db777cb916ca56397ec3d87c986367310
        Validity
            Not Before: Jan  2 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54cf223483c02b581c7876010ba513274a2e6c99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:53:6c:22:29:e4:2c:0e:00:42:f0:6f:b2:ec:
                    3e:7f:7d:ab:83:f8:1d:85:e1:ce:12:18:e1:84:f3:
                    a4:be:3a:bf:f7:57:75:fd:28:91:31:45:2c:0b:1b:
                    ea:2f:4d:50:52:89:73:8e:cc:5f:fe:a5:3f:30:2c:
                    c7:93:61:b4:83:c5:cd:38:cc:f7:67:95:46:a5:07:
                    bd:0c:b2:0e:64:72:32:43:6c:df:c6:8c:bf:14:80:
                    77:c3:f5:a8:58:22:53:c6:db:b1:ef:75:c2:10:d3:
                    ba:ed:d2:2c:9b:d7:52:f2:4c:59:7d:8d:79:63:cc:
                    f5:f4:5c:34:98:0d:18:ce:b8:72:51:c6:8b:f8:21:
                    09:17:64:9b:24:db:4d:ca:71:12:7e:22:58:f5:b9:
                    ca:0b:e2:53:77:af:3a:38:e2:0c:da:3a:97:0c:96:
                    ba:ac:ab:de:55:c9:94:f3:a9:32:68:b0:01:7c:37:
                    91:d7:08:20:f3:06:0f:2f:0f:1f:93:ce:54:d2:f1:
                    e3:45:83:18:6c:ca:1b:bd:69:53:fd:53:73:ba:0c:
                    e1:b6:34:56:b5:de:45:04:a3:f3:4b:d7:e7:b2:e9:
                    2f:1a:3f:18:f0:36:b9:0b:6f:05:86:e8:e7:f2:9c:
                    fb:ca:fd:a4:45:46:ed:b0:4b:80:03:16:6c:2c:18:
                    de:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CF:22:34:83:C0:2B:58:1C:78:76:01:0B:A5:13:27:4A:2E:6C:99
            X509v3 Authority Key Identifier:
                keyid:FF:58:A9:8D:B7:77:CB:91:6C:A5:63:97:EC:3D:87:C9:86:36:73:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1ipjbd3y5FspWOX7D2HyYY2cxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/VM8iNIPAK1gceHYBC6UTJ0oubJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/5305c8-c6a8-40e3-b43e-2d6eef905607/1/_1ipjbd3y5FspWOX7D2HyYY2cxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:45:3c:92:11:ef:80:7d:10:13:81:63:6a:d5:27:bc:17:cd:
         a3:38:3d:25:e5:94:dd:00:79:ee:49:29:28:6b:02:a1:a0:ed:
         c6:4b:ec:a3:7e:b8:5b:cf:89:25:90:f8:4c:19:26:dd:f2:2b:
         61:70:5d:27:63:e9:dd:02:c0:fb:e6:1e:e3:19:43:9a:dc:a4:
         ee:dd:00:be:3c:4c:b8:00:34:68:4a:5f:79:4a:77:50:ef:30:
         f5:7a:d0:3a:6d:51:31:d7:7f:68:dd:7a:28:96:1a:38:5e:66:
         84:7d:58:cb:0d:b5:45:1a:50:59:6c:51:da:34:2f:22:b5:dc:
         1a:0e:22:f0:4d:68:30:7a:26:cc:5f:79:75:8f:74:5d:0a:f3:
         ab:c7:cb:69:f2:c3:7b:a2:65:c5:85:17:13:51:bc:48:23:a5:
         76:07:a1:4b:e6:ea:d1:4c:4e:f9:21:fb:7d:f0:d9:63:c4:63:
         6c:48:18:4c:42:fa:4c:59:78:69:78:21:aa:8b:35:1a:0c:32:
         41:d2:3c:c7:66:72:17:6a:fa:44:d5:e1:ec:ed:ea:1e:fd:33:
         9e:04:16:e1:9e:d6:25:05:86:f1:95:7f:fa:62:b4:c2:2c:07:
         2a:75:48:d8:79:99:00:31:2f:70:4b:c1:22:48:f2:37:8e:68:
         c8:84:67:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljp5Evz4fjtWiU+dK7M1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNThhOThkYjc3N2NiOTE2Y2E1NjM5N2VjM2Q4N2M5ODYz
NjczMTAwHhcNMjUwMTAyMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGNmMjIzNDgzYzAyYjU4MWM3ODc2MDEwYmE1MTMyNzRhMmU2Yzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1NsIinkLA4AQvBvsuw+f32rg/gd
heHOEhjhhPOkvjq/91d1/SiRMUUsCxvqL01QUolzjsxf/qU/MCzHk2G0g8XNOMz3
Z5VGpQe9DLIOZHIyQ2zfxoy/FIB3w/WoWCJTxtux73XCENO67dIsm9dS8kxZfY15
Y8z19Fw0mA0YzrhyUcaL+CEJF2SbJNtNynESfiJY9bnKC+JTd686OOIM2jqXDJa6
rKveVcmU86kyaLABfDeR1wgg8wYPLw8fk85U0vHjRYMYbMobvWlT/VNzugzhtjRW
td5FBKPzS9fnsukvGj8Y8Da5C28Fhujn8pz7yv2kRUbtsEuAAxZsLBjeWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTPIjSDwCtYHHh2AQulEydKLmyZMB8GA1UdIwQY
MBaAFP9YqY23d8uRbKVjl+w9h8mGNnMQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFpcGpiZDN5NUZzcFdPWDdEMkh5WVkyY3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81MzA1YzgtYzZhOC00MGUzLWI0M2Ut
MmQ2ZWVmOTA1NjA3LzEvVk04aU5JUEFLMWdjZUhZQkM2VVRKMG91YkprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81MzA1YzgtYzZhOC00MGUzLWI0M2UtMmQ2ZWVmOTA1NjA3
LzEvXzFpcGpiZDN5NUZzcFdPWDdEMkh5WVkyY3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRW4MA0G
CSqGSIb3DQEBCwUAA4IBAQAyRTySEe+AfRATgWNq1Se8F82jOD0l5ZTdAHnuSSko
awKhoO3GS+yjfrhbz4klkPhMGSbd8ithcF0nY+ndAsD75h7jGUOa3KTu3QC+PEy4
ADRoSl95SndQ7zD1etA6bVEx139o3Xoolho4XmaEfVjLDbVFGlBZbFHaNC8itdwa
DiLwTWgweibMX3l1j3RdCvOrx8tp8sN7omXFhRcTUbxII6V2B6FL5urRTE75Ift9
8NljxGNsSBhMQvpMWXhpeCGqizUaDDJB0jzHZnIXavpE1eHs7eoe/TOeBBbhntYl
BYbxlX/6YrTCLAcqdUjYeZkAMS9wS8EiSPI3jmjIhGfc
-----END CERTIFICATE-----