Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/VNqmap2cBv5ChNgOn9ms1SN0H5o.roa
File:                     VNqmap2cBv5ChNgOn9ms1SN0H5o.roa (raw, json)
Hash identifier:          w05TtavIfxX9TdHISFDvez7dGIfRkXGhTg1l75h/Dg4=
Subject key identifier:   54:DA:A6:6A:9D:9C:06:FE:42:84:D8:0E:9F:D9:AC:D5:23:74:1F:9A
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       019424B2633EEE6B4C9C2002F065825A775D
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/VNqmap2cBv5ChNgOn9ms1SN0H5o.roa
Signing time:             Thu 02 Jan 2025 01:47:38 +0000
ROA not before:           Thu 02 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49367
IP address blocks:        185.213.20.0/24 maxlen: 24
                          185.213.21.0/24 maxlen: 24
                          2a11:840:23::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:63:3e:ee:6b:4c:9c:20:02:f0:65:82:5a:77:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  2 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54daa66a9d9c06fe4284d80e9fd9acd523741f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1b:1f:8c:8e:cc:bc:15:d2:c9:62:b2:d6:ab:
                    bc:86:9b:d1:4c:a6:a7:e3:6c:77:2c:72:96:3f:15:
                    e2:d9:67:c8:95:03:ff:7d:03:1f:2b:48:5a:e0:e2:
                    28:ed:b6:6a:4d:96:ad:c8:86:a8:44:b0:03:ce:bc:
                    2f:fb:24:1f:dd:67:64:24:25:9a:3a:a8:53:8a:4e:
                    4d:b2:aa:39:d2:e3:e5:9f:82:17:f0:42:5c:f7:52:
                    77:4f:6a:f7:6d:50:99:bd:55:f6:04:5d:f4:a1:49:
                    09:70:14:d4:c5:2a:f0:ee:9e:85:7b:d0:09:b4:a0:
                    91:77:15:85:2b:10:ff:ec:8b:eb:3f:1c:a4:05:56:
                    45:b4:f2:ff:9d:55:c1:50:23:18:4a:23:07:ff:b2:
                    9c:b6:d5:82:06:e2:75:b3:df:0f:05:1e:8d:5b:8c:
                    5a:da:73:38:89:f5:2f:6e:e0:25:97:b4:eb:dc:c0:
                    66:5a:04:bb:1a:7d:6c:a0:d4:d0:b0:dc:04:66:a1:
                    0e:93:91:ef:e9:14:06:46:05:94:4a:61:2b:72:a8:
                    9f:94:cd:74:7a:72:cb:69:0c:d4:28:e7:7e:1a:41:
                    30:56:41:ae:90:ac:71:a3:ac:3d:b9:ae:96:a1:96:
                    5d:df:f7:e0:59:8a:76:85:75:95:e5:4b:c8:32:37:
                    8f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:DA:A6:6A:9D:9C:06:FE:42:84:D8:0E:9F:D9:AC:D5:23:74:1F:9A
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/VNqmap2cBv5ChNgOn9ms1SN0H5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.20.0/23
                IPv6:
                  2a11:840:23::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:11:b9:37:39:f8:1a:90:e8:05:be:84:14:35:54:18:f1:61:
         5b:52:12:9a:d8:3d:15:17:b3:b3:d0:56:2a:f5:34:5e:9c:cc:
         e6:81:c5:e9:4a:0d:26:6e:97:53:c2:2e:17:22:3c:2a:71:09:
         8e:51:a2:28:88:9a:a8:ac:f2:79:0b:8d:be:11:49:31:eb:4e:
         28:a8:9c:47:46:49:51:4f:da:eb:77:62:ba:c1:14:93:b5:70:
         f7:3c:f7:5b:64:7e:21:83:fa:c8:68:b6:0c:0f:ca:7f:f3:95:
         26:53:a4:35:be:47:7f:91:e0:b7:8b:05:ef:ac:2b:96:e0:c8:
         30:8a:a7:6d:2c:ce:c5:68:e3:69:d6:92:80:c2:64:a0:9e:83:
         09:25:33:15:73:c1:b0:64:a5:80:43:0c:64:6b:9e:0b:6b:8f:
         2d:d3:85:dd:10:e2:27:62:22:a0:d2:8c:49:a7:ba:fd:ba:6a:
         47:10:e2:5a:3f:31:73:37:c7:e6:c2:0d:fa:9a:5d:b9:b0:3d:
         46:24:2f:20:2f:c5:3d:89:68:42:87:d4:a9:47:aa:4f:76:60:
         9b:b6:e6:5e:f6:30:ff:b4:1b:6f:d2:21:39:59:a7:62:eb:10:
         b2:fd:9d:89:d0:8f:3e:c7:ae:42:ec:84:f9:63:15:d3:a7:9e:
         39:42:84:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQksmM+7mtMnCAC8GWCWnddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjUwMTAyMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGRhYTY2YTlkOWMwNmZlNDI4NGQ4MGU5ZmQ5YWNkNTIzNzQxZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhsfjI7MvBXSyWKy1qu8hpvRTKan
42x3LHKWPxXi2WfIlQP/fQMfK0ha4OIo7bZqTZatyIaoRLADzrwv+yQf3WdkJCWa
OqhTik5Nsqo50uPln4IX8EJc91J3T2r3bVCZvVX2BF30oUkJcBTUxSrw7p6Fe9AJ
tKCRdxWFKxD/7IvrPxykBVZFtPL/nVXBUCMYSiMH/7KcttWCBuJ1s98PBR6NW4xa
2nM4ifUvbuAll7Tr3MBmWgS7Gn1soNTQsNwEZqEOk5Hv6RQGRgWUSmErcqiflM10
enLLaQzUKOd+GkEwVkGukKxxo6w9ua6WoZZd3/fgWYp2hXWV5UvIMjeP3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFTapmqdnAb+QoTYDp/ZrNUjdB+aMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvVk5xbWFwMmNCdjVDaE5nT245bXMxU04wSDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBudUUMA8E
AgACMAkDBwAqEQhAACMwDQYJKoZIhvcNAQELBQADggEBAFcRuTc5+BqQ6AW+hBQ1
VBjxYVtSEprYPRUXs7PQVir1NF6czOaBxelKDSZul1PCLhciPCpxCY5RoiiImqis
8nkLjb4RSTHrTiionEdGSVFP2ut3YrrBFJO1cPc891tkfiGD+shotgwPyn/zlSZT
pDW+R3+R4LeLBe+sK5bgyDCKp20szsVo42nWkoDCZKCegwklMxVzwbBkpYBDDGRr
ngtrjy3Thd0Q4idiIqDSjEmnuv26akcQ4lo/MXM3x+bCDfqaXbmwPUYkLyAvxT2J
aEKH1KlHqk92YJu25l72MP+0G2/SITlZp2LrELL9nYnQjz7HrkLshPljFdOnnjlC
hDk=
-----END CERTIFICATE-----