Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/V-G5n9JBF2fuQBXkHR943IM1SJk.roa
File:                     V-G5n9JBF2fuQBXkHR943IM1SJk.roa (raw, json)
Hash identifier:          PktwOhATCRnu/fMCAW8Roob3cNUQ8DCkE9sG1tOGfQ0=
Subject key identifier:   57:E1:B9:9F:D2:41:17:67:EE:40:15:E4:1D:1F:78:DC:83:35:48:99
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       0196F7CDB214DC1114A9D8E1D1A24EA31DCE
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/V-G5n9JBF2fuQBXkHR943IM1SJk.roa
Signing time:             Thu 22 May 2025 11:42:54 +0000
ROA not before:           Thu 22 May 2025 11:42:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        185.200.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:cd:b2:14:dc:11:14:a9:d8:e1:d1:a2:4e:a3:1d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: May 22 11:42:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e1b99fd2411767ee4015e41d1f78dc83354899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:38:81:c3:cb:14:07:ca:65:ff:45:7b:d7:19:
                    dd:c1:b1:51:4f:58:9e:b5:c1:f4:ad:f5:e6:16:75:
                    6c:4b:cc:e5:5c:3d:66:00:c0:40:e2:f4:ea:3a:e3:
                    41:4d:d7:39:0b:4f:2f:1d:2a:c7:db:00:82:cd:0f:
                    a4:74:da:16:8b:63:e9:48:ad:5a:24:14:0d:d0:4b:
                    a9:28:38:1a:df:ff:1e:a0:85:9c:d3:e5:36:57:39:
                    b2:88:89:ab:33:d3:c8:da:d3:2a:ac:c1:37:49:56:
                    0e:05:1c:13:80:52:c1:2e:c4:03:80:6f:20:93:5b:
                    dc:01:23:f2:10:bc:43:4e:47:93:d7:7a:ba:4b:48:
                    80:81:c1:d0:aa:ac:84:07:e2:b2:3c:e0:c8:f6:2d:
                    c6:ce:a5:3b:f9:f9:b6:1f:62:68:22:f5:b2:ca:fc:
                    3f:cb:a5:84:8b:90:c9:2b:d4:ad:83:23:b4:a1:05:
                    7c:4f:c1:2b:fd:5b:15:ab:d4:a7:6e:53:3d:30:49:
                    e4:27:96:7d:97:4f:73:d2:4b:b2:67:df:d0:1c:46:
                    a6:af:13:9c:da:15:e3:3e:0b:01:07:e0:7b:7e:35:
                    b9:e7:13:3c:2e:15:fa:31:db:3e:a5:57:71:a2:a7:
                    da:ef:22:c1:1e:82:15:4e:a7:52:eb:63:4d:a3:36:
                    f2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E1:B9:9F:D2:41:17:67:EE:40:15:E4:1D:1F:78:DC:83:35:48:99
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/V-G5n9JBF2fuQBXkHR943IM1SJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3b:f7:45:15:ff:20:b0:64:82:bf:5d:2d:24:21:ef:7b:61:
         b3:23:55:d6:d4:68:ba:04:1c:a1:7b:9b:bd:72:a8:8b:44:bf:
         b1:d6:1c:f1:3e:d6:1d:65:ab:d4:72:4d:ce:e3:9f:7a:13:45:
         be:a8:a3:5d:48:b1:c4:a1:10:cf:e1:7d:4d:46:99:68:10:4e:
         c5:32:5b:e6:1b:b4:98:8a:4c:87:37:33:9d:16:29:07:53:c6:
         2f:6a:17:96:88:1a:41:5f:3e:ed:7d:ca:b4:e9:88:68:52:ef:
         93:bf:4b:c1:5c:37:a8:ac:be:3a:56:cd:57:55:fb:58:02:d6:
         df:f1:7a:c9:01:09:e1:83:1c:a2:0c:9f:d4:42:1e:3d:cc:e4:
         4b:34:8b:09:e1:bd:58:81:3b:43:79:c1:44:d7:43:7e:3f:6d:
         6d:5c:b2:f8:4e:97:aa:63:b7:6c:8d:67:84:4a:12:ee:8b:04:
         97:56:e3:96:ef:26:3f:5d:18:60:c8:92:07:90:39:f6:d8:80:
         31:a5:a1:2a:12:6f:4d:ae:97:bf:f8:ac:c9:14:05:24:19:ff:
         23:53:cb:05:53:19:de:54:88:cb:bf:50:ae:0f:65:74:86:61:
         ea:25:aa:7a:e9:35:9f:f4:5a:db:10:ff:56:1c:52:fa:30:a0:
         e5:ee:2e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3zbIU3BEUqdjh0aJOox3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjUwNTIyMTE0MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UxYjk5ZmQyNDExNzY3ZWU0MDE1ZTQxZDFmNzhkYzgzMzU0ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujiBw8sUB8pl/0V71xndwbFRT1ie
tcH0rfXmFnVsS8zlXD1mAMBA4vTqOuNBTdc5C08vHSrH2wCCzQ+kdNoWi2PpSK1a
JBQN0EupKDga3/8eoIWc0+U2VzmyiImrM9PI2tMqrME3SVYOBRwTgFLBLsQDgG8g
k1vcASPyELxDTkeT13q6S0iAgcHQqqyEB+KyPODI9i3GzqU7+fm2H2JoIvWyyvw/
y6WEi5DJK9StgyO0oQV8T8Er/VsVq9SnblM9MEnkJ5Z9l09z0kuyZ9/QHEamrxOc
2hXjPgsBB+B7fjW55xM8LhX6Mds+pVdxoqfa7yLBHoIVTqdS62NNozbyKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfhuZ/SQRdn7kAV5B0feNyDNUiZMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvVi1HNW45SkJGMmZ1UUJYa0hSOTQzSU0xU0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucj0MA0G
CSqGSIb3DQEBCwUAA4IBAQBXO/dFFf8gsGSCv10tJCHve2GzI1XW1Gi6BByhe5u9
cqiLRL+x1hzxPtYdZavUck3O4596E0W+qKNdSLHEoRDP4X1NRploEE7FMlvmG7SY
ikyHNzOdFikHU8YvaheWiBpBXz7tfcq06YhoUu+Tv0vBXDeorL46Vs1XVftYAtbf
8XrJAQnhgxyiDJ/UQh49zORLNIsJ4b1YgTtDecFE10N+P21tXLL4TpeqY7dsjWeE
ShLuiwSXVuOW7yY/XRhgyJIHkDn22IAxpaEqEm9Nrpe/+KzJFAUkGf8jU8sFUxne
VIjLv1CuD2V0hmHqJap66TWf9FrbEP9WHFL6MKDl7i6t
-----END CERTIFICATE-----