Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/Vtno6vek4R1iYxrs_iTCKNXbvV4.roa
File:                     Vtno6vek4R1iYxrs_iTCKNXbvV4.roa (raw, json)
Hash identifier:          yuyPRcKOieLl5HUe7kBKDY9ApeZ5pBE7VliV6ltXJ/I=
Subject key identifier:   56:D9:E8:EA:F7:A4:E1:1D:62:63:1A:EC:FE:24:C2:28:D5:DB:BD:5E
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       0194282803574067A357D9C1704D878C5313
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/Vtno6vek4R1iYxrs_iTCKNXbvV4.roa
Signing time:             Thu 02 Jan 2025 17:54:58 +0000
ROA not before:           Thu 02 Jan 2025 17:54:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        185.69.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:03:57:40:67:a3:57:d9:c1:70:4d:87:8c:53:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  2 17:54:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56d9e8eaf7a4e11d62631aecfe24c228d5dbbd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0a:19:e5:49:b1:d7:4b:f8:83:67:c8:c7:9d:
                    a7:33:4e:88:59:c2:de:98:ac:dc:bc:48:86:7c:7b:
                    7a:50:5a:dc:42:70:69:a2:e3:51:5e:40:6a:2d:ac:
                    e1:18:d8:23:0d:d7:93:3b:ad:67:58:4e:96:2c:36:
                    71:01:83:38:d6:52:01:26:04:cc:8b:b4:cc:5e:74:
                    cb:9d:66:93:ce:e0:ba:c4:f5:b5:8d:41:23:3c:1c:
                    84:cb:4b:99:f9:ef:a0:3f:be:8f:f2:2d:8f:2b:b7:
                    1c:99:12:a3:88:90:42:1e:db:43:50:97:93:6d:75:
                    b3:d5:b5:b5:75:ed:c4:6e:65:b3:49:67:b8:7a:a5:
                    d6:01:df:70:9b:c8:7b:5d:9d:f6:90:a8:8d:9a:1f:
                    9f:d9:4d:fc:8e:65:2e:92:71:d7:71:4c:46:d7:4b:
                    6b:b6:64:25:1d:46:55:8d:bf:ea:80:eb:04:d1:e1:
                    6e:99:9a:e9:36:3d:dc:ab:71:ba:79:3a:2f:70:4e:
                    e1:12:52:ba:49:a9:1a:ca:15:75:6b:35:7e:f3:41:
                    59:57:50:e7:39:fe:c6:74:42:6c:08:41:63:6b:68:
                    29:61:30:95:2e:f8:fc:de:2a:f9:90:06:34:13:a9:
                    85:10:75:84:9e:8b:92:5e:d2:63:4b:76:d0:4b:fe:
                    7f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D9:E8:EA:F7:A4:E1:1D:62:63:1A:EC:FE:24:C2:28:D5:DB:BD:5E
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/Vtno6vek4R1iYxrs_iTCKNXbvV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:22:ca:96:4b:08:28:c2:1e:cf:34:c6:15:1c:b2:01:8f:99:
         1c:20:bb:0a:8c:10:0a:4f:be:ad:c8:63:ae:22:ad:ef:93:7f:
         36:18:d0:e5:32:02:e4:d3:5e:95:2a:53:7a:3b:bc:9f:d5:93:
         bb:8e:4f:23:d9:d4:ad:4e:c8:60:cc:36:c8:c2:56:00:e8:70:
         e5:c7:ec:34:7b:0a:5f:b7:40:f8:fc:46:e6:25:f9:7e:1d:87:
         c7:71:8f:79:4b:a4:77:cf:78:b6:7c:7f:53:e4:f8:5b:ff:c9:
         cf:c6:10:2c:c0:b9:68:e6:1b:ef:ab:2d:42:fc:9b:8e:08:25:
         ca:71:1b:4b:98:52:e4:6c:e3:3f:f8:08:be:9c:a3:be:fb:4b:
         0d:80:e0:47:88:85:dc:c8:3d:d6:1b:bc:0e:87:e3:db:cb:5a:
         88:70:55:5b:7d:f8:49:e6:25:b1:d2:ba:4a:60:7a:30:5d:94:
         99:32:3e:a1:7c:66:e0:5c:f3:4f:77:95:a8:43:98:95:de:cf:
         8b:24:22:07:c6:f5:cf:31:cd:f0:29:67:5c:0d:c0:bf:b8:50:
         c4:a4:32:1e:c3:7a:1d:15:2c:51:07:f5:5b:a7:45:22:6e:5a:
         45:75:9a:7f:6b:73:1b:b7:a8:83:e5:02:d1:e0:bf:20:c6:c0:
         f6:96:b8:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKANXQGejV9nBcE2HjFMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwMTAyMTc1NDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ5ZThlYWY3YTRlMTFkNjI2MzFhZWNmZTI0YzIyOGQ1ZGJiZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQoZ5Umx10v4g2fIx52nM06IWcLe
mKzcvEiGfHt6UFrcQnBpouNRXkBqLazhGNgjDdeTO61nWE6WLDZxAYM41lIBJgTM
i7TMXnTLnWaTzuC6xPW1jUEjPByEy0uZ+e+gP76P8i2PK7ccmRKjiJBCHttDUJeT
bXWz1bW1de3EbmWzSWe4eqXWAd9wm8h7XZ32kKiNmh+f2U38jmUuknHXcUxG10tr
tmQlHUZVjb/qgOsE0eFumZrpNj3cq3G6eTovcE7hElK6SakayhV1azV+80FZV1Dn
Of7GdEJsCEFja2gpYTCVLvj83ir5kAY0E6mFEHWEnouSXtJjS3bQS/5/XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbZ6Or3pOEdYmMa7P4kwijV271eMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvVnRubzZ2ZWs0UjFpWXhyc19pVENLTlhidlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUXcMA0G
CSqGSIb3DQEBCwUAA4IBAQA0IsqWSwgowh7PNMYVHLIBj5kcILsKjBAKT76tyGOu
Iq3vk382GNDlMgLk016VKlN6O7yf1ZO7jk8j2dStTshgzDbIwlYA6HDlx+w0ewpf
t0D4/EbmJfl+HYfHcY95S6R3z3i2fH9T5Phb/8nPxhAswLlo5hvvqy1C/JuOCCXK
cRtLmFLkbOM/+Ai+nKO++0sNgOBHiIXcyD3WG7wOh+Pby1qIcFVbffhJ5iWx0rpK
YHowXZSZMj6hfGbgXPNPd5WoQ5iV3s+LJCIHxvXPMc3wKWdcDcC/uFDEpDIew3od
FSxRB/Vbp0UiblpFdZp/a3Mbt6iD5QLR4L8gxsD2lrgE
-----END CERTIFICATE-----