Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/VhykJr3iGtJe14xyVuqvvCapaNo.roa
File:                     VhykJr3iGtJe14xyVuqvvCapaNo.roa (raw, json)
Hash identifier:          kzFiZWS6t+iaz12TBNlwLt+jTollGPfCjhtGoJB0BAA=
Subject key identifier:   56:1C:A4:26:BD:E2:1A:D2:5E:D7:8C:72:56:EA:AF:BC:26:A9:68:DA
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0194D5F1D5A21B445EA1755B5BFDC8B32040
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/VhykJr3iGtJe14xyVuqvvCapaNo.roa
Signing time:             Wed 05 Feb 2025 11:49:43 +0000
ROA not before:           Wed 05 Feb 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        144.56.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:f1:d5:a2:1b:44:5e:a1:75:5b:5b:fd:c8:b3:20:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Feb  5 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=561ca426bde21ad25ed78c7256eaafbc26a968da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:05:5e:79:f1:90:d9:83:75:ef:59:9c:f3:47:
                    32:70:30:a0:67:14:f7:18:39:ae:b0:93:a6:bf:4f:
                    fb:11:40:24:b1:b1:a7:c6:92:cf:15:ef:eb:81:20:
                    87:c2:16:9d:8a:c0:d9:10:19:5d:92:0c:f5:07:53:
                    f3:19:9b:0d:14:4b:1e:55:77:e6:a7:9e:08:5f:95:
                    ab:84:fa:bf:24:53:0e:36:18:68:2a:72:04:24:b7:
                    d7:68:10:83:29:5f:50:dd:78:9e:f8:71:1c:b5:db:
                    4d:51:8e:a5:30:98:31:f2:c9:df:7b:4b:37:29:66:
                    68:ad:c1:f1:d0:cf:59:db:29:26:64:66:39:8f:83:
                    27:38:68:23:1f:b1:d0:9a:7e:83:d4:29:ee:33:1e:
                    e9:5b:21:78:46:42:64:d1:d6:d5:9f:59:2a:7e:3f:
                    2a:b6:b5:98:c5:d5:eb:6c:22:7c:08:ee:14:e0:d3:
                    09:a7:2e:14:5c:64:93:b2:72:96:3e:05:e0:88:35:
                    21:e5:2a:9f:5d:07:5a:fd:50:2a:87:11:c5:f6:32:
                    8d:8f:ab:92:d1:58:4d:fa:fb:3c:72:b0:17:02:b9:
                    09:9c:c5:c1:25:07:db:be:bb:40:4e:20:c5:7d:f4:
                    6d:ca:6e:22:83:6b:96:fd:33:48:7e:ee:6a:fd:13:
                    e0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:1C:A4:26:BD:E2:1A:D2:5E:D7:8C:72:56:EA:AF:BC:26:A9:68:DA
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/VhykJr3iGtJe14xyVuqvvCapaNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:39:51:ec:83:3b:80:22:6f:0a:93:dd:3c:09:a9:9b:b7:5a:
         dc:8e:7e:b0:78:04:d4:a3:fa:27:3e:06:63:86:2f:63:0b:ab:
         b2:61:9c:83:8a:35:91:04:de:7e:1a:0f:61:bc:89:c7:50:63:
         68:7f:7f:17:25:28:70:74:a6:11:88:c2:b8:e3:37:5f:0a:6a:
         4f:c2:16:0b:2e:f9:ad:59:c8:d5:63:e5:10:8b:02:9f:e7:2a:
         4e:48:8f:b2:65:f6:d3:16:71:d5:d2:25:9d:c5:31:f6:29:e7:
         35:a4:df:74:f6:3b:93:70:53:33:b5:42:81:20:66:c7:fc:0c:
         e3:a6:31:a1:b6:89:05:71:58:f1:aa:52:80:30:f5:2b:09:f8:
         8b:36:f7:ff:c9:48:b5:55:a6:f4:03:2c:f2:d6:34:9d:9f:a6:
         ae:ed:f0:69:8b:20:80:71:da:fb:21:28:e7:27:38:15:5a:c6:
         04:d8:47:31:c3:9e:98:79:16:b8:25:46:c2:b9:8d:90:fb:ad:
         d8:7b:ef:2a:ee:43:61:c0:b4:cd:1a:a2:5d:b7:1d:cc:4e:81:
         dc:56:cd:55:5c:81:3d:79:d4:1f:c7:f8:39:3a:22:53:87:0a:
         37:25:9e:fc:b9:85:e7:b2:fe:9f:c5:7d:df:c9:be:b2:6f:89:
         4d:68:55:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTV8dWiG0ReoXVbW/3IsyBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwMjA1MTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjFjYTQyNmJkZTIxYWQyNWVkNzhjNzI1NmVhYWZiYzI2YTk2OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AVeefGQ2YN171mc80cycDCgZxT3
GDmusJOmv0/7EUAksbGnxpLPFe/rgSCHwhadisDZEBldkgz1B1PzGZsNFEseVXfm
p54IX5WrhPq/JFMONhhoKnIEJLfXaBCDKV9Q3Xie+HEctdtNUY6lMJgx8snfe0s3
KWZorcHx0M9Z2ykmZGY5j4MnOGgjH7HQmn6D1CnuMx7pWyF4RkJk0dbVn1kqfj8q
trWYxdXrbCJ8CO4U4NMJpy4UXGSTsnKWPgXgiDUh5SqfXQda/VAqhxHF9jKNj6uS
0VhN+vs8crAXArkJnMXBJQfbvrtATiDFffRtym4ig2uW/TNIfu5q/RPg4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYcpCa94hrSXteMclbqr7wmqWjaMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvVmh5a0pyM2lHdEplMTR4eVZ1cXZ2Q2FwYU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgPMA0G
CSqGSIb3DQEBCwUAA4IBAQC7OVHsgzuAIm8Kk908Cambt1rcjn6weATUo/onPgZj
hi9jC6uyYZyDijWRBN5+Gg9hvInHUGNof38XJShwdKYRiMK44zdfCmpPwhYLLvmt
WcjVY+UQiwKf5ypOSI+yZfbTFnHV0iWdxTH2Kec1pN909juTcFMztUKBIGbH/Azj
pjGhtokFcVjxqlKAMPUrCfiLNvf/yUi1Vab0Ayzy1jSdn6au7fBpiyCAcdr7ISjn
JzgVWsYE2Ecxw56YeRa4JUbCuY2Q+63Ye+8q7kNhwLTNGqJdtx3MToHcVs1VXIE9
edQfx/g5OiJThwo3JZ78uYXnsv6fxX3fyb6yb4lNaFWw
-----END CERTIFICATE-----