Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/vchHJIw7jZ4Wv-xZM5fwqPOc5MI.roa
File:                     vchHJIw7jZ4Wv-xZM5fwqPOc5MI.roa (raw, json)
Hash identifier:          FaIi1AdW4pumZbm44kEE9unKxXXirWba//1QTHPOeME=
Subject key identifier:   BD:C8:47:24:8C:3B:8D:9E:16:BF:EC:59:33:97:F0:A8:F3:9C:E4:C2
Certificate issuer:       /CN=787aac71f17ef033cb6536795338fdc7bc0f2263
Certificate serial:       01942068186B96ECA78CECDAD1D7EBBDADA8
Authority key identifier: 78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/vchHJIw7jZ4Wv-xZM5fwqPOc5MI.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35571
IP address blocks:        87.236.86.0/23 maxlen: 23
                          185.141.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:18:6b:96:ec:a7:8c:ec:da:d1:d7:eb:bd:ad:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=787aac71f17ef033cb6536795338fdc7bc0f2263
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdc847248c3b8d9e16bfec593397f0a8f39ce4c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:27:32:7e:e4:46:41:bc:5f:fc:b3:28:e4:8f:
                    30:84:e9:1a:3e:92:e0:eb:07:e9:b3:bb:21:e5:69:
                    0a:94:f4:13:26:8e:e4:a6:90:b6:fa:6c:36:cb:8e:
                    82:f9:62:a8:c3:86:00:41:92:46:8d:79:3a:1f:4b:
                    81:05:75:cb:f4:b8:23:02:c2:d1:f5:b5:d8:ab:3b:
                    1a:3c:2a:8f:70:68:28:88:44:01:42:10:39:c9:b0:
                    f9:60:80:e9:17:38:1b:ee:d9:df:ec:24:98:be:bd:
                    ba:63:bd:cc:be:31:30:1c:7e:05:b8:4c:a9:1c:eb:
                    e0:da:d9:fa:71:ba:7f:c3:73:6a:f7:cb:9d:33:03:
                    ee:0d:bd:16:ad:59:ab:f1:e9:6b:54:a8:ee:ba:71:
                    c1:19:72:c8:9f:85:f7:42:3f:b9:86:a7:af:a4:3f:
                    57:a0:e2:b2:50:68:b1:b1:97:d6:45:45:32:cc:30:
                    64:36:88:a2:0f:45:2e:27:4c:37:01:8f:81:8e:b9:
                    51:a7:03:77:85:6b:fe:06:32:df:55:14:57:27:20:
                    be:26:23:95:eb:e4:f2:36:3f:e6:ae:df:f9:b9:b9:
                    e8:1f:b6:2c:6d:a7:1b:e9:48:39:3d:c5:34:99:0b:
                    9a:5d:a3:66:6d:f6:43:3f:7a:eb:64:b1:45:70:40:
                    42:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C8:47:24:8C:3B:8D:9E:16:BF:EC:59:33:97:F0:A8:F3:9C:E4:C2
            X509v3 Authority Key Identifier:
                keyid:78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/vchHJIw7jZ4Wv-xZM5fwqPOc5MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.86.0/23
                  185.141.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:38:94:f3:b0:3c:cf:94:eb:20:1c:7c:16:af:70:b0:2d:b5:
         26:39:f2:4c:c0:70:b5:f6:24:a6:d3:11:fe:77:b3:f3:6a:6f:
         3e:af:56:3f:9a:e0:44:99:68:a5:b5:03:33:73:3f:03:cc:93:
         36:8b:f4:99:42:b2:5c:97:06:3b:05:2c:95:80:a2:b6:b6:55:
         59:56:f8:2f:4a:59:6a:82:f3:32:59:a2:0f:53:7e:7a:63:11:
         77:ec:75:32:12:50:74:90:f0:df:22:59:18:87:d6:3e:ea:f0:
         69:41:31:1a:fd:84:30:4f:fc:e7:b1:30:ad:07:03:24:8b:8c:
         68:ed:e2:da:e1:80:9e:97:35:28:4e:6e:1e:91:a3:03:64:b3:
         90:4a:e9:f0:29:6f:5e:5d:e8:7a:d2:fc:bb:bc:83:93:d1:49:
         70:82:03:08:25:bc:55:64:66:d4:fb:75:f1:8e:ec:67:2f:17:
         3f:09:27:c2:36:24:62:89:1b:3c:46:81:aa:42:89:a6:f4:34:
         bd:0e:3a:be:cc:02:c6:7c:f2:37:98:89:e7:3d:42:39:5e:a1:
         62:a6:5a:e8:de:12:9c:58:b7:78:7c:9b:0e:ab:9d:72:c2:53:
         e2:f7:e6:93:65:27:44:98:3f:8f:f9:be:f0:b8:c1:3f:1e:91:
         0c:55:dd:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaBhrluynjOza0dfrva2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4N2FhYzcxZjE3ZWYwMzNjYjY1MzY3OTUzMzhmZGM3YmMw
ZjIyNjMwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM4NDcyNDhjM2I4ZDllMTZiZmVjNTkzMzk3ZjBhOGYzOWNlNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqScyfuRGQbxf/LMo5I8whOkaPpLg
6wfps7sh5WkKlPQTJo7kppC2+mw2y46C+WKow4YAQZJGjXk6H0uBBXXL9LgjAsLR
9bXYqzsaPCqPcGgoiEQBQhA5ybD5YIDpFzgb7tnf7CSYvr26Y73MvjEwHH4FuEyp
HOvg2tn6cbp/w3Nq98udMwPuDb0WrVmr8elrVKjuunHBGXLIn4X3Qj+5hqevpD9X
oOKyUGixsZfWRUUyzDBkNoiiD0UuJ0w3AY+BjrlRpwN3hWv+BjLfVRRXJyC+JiOV
6+TyNj/mrt/5ubnoH7Ysbacb6Ug5PcU0mQuaXaNmbfZDP3rrZLFFcEBC1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL3IRySMO42eFr/sWTOX8KjznOTCMB8GA1UdIwQY
MBaAFHh6rHHxfvAzy2U2eVM4/ce8DyJjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEt
ZDEyODY3YjQ2NzMzLzEvdmNoSEpJdzdqWjRXdi14Wk01ZndxUE9jNU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEtZDEyODY3YjQ2NzMz
LzEvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV+xWAwQC
uY20MA0GCSqGSIb3DQEBCwUAA4IBAQCGOJTzsDzPlOsgHHwWr3CwLbUmOfJMwHC1
9iSm0xH+d7Pzam8+r1Y/muBEmWiltQMzcz8DzJM2i/SZQrJclwY7BSyVgKK2tlVZ
VvgvSllqgvMyWaIPU356YxF37HUyElB0kPDfIlkYh9Y+6vBpQTEa/YQwT/znsTCt
BwMki4xo7eLa4YCelzUoTm4ekaMDZLOQSunwKW9eXeh60vy7vIOT0UlwggMIJbxV
ZGbU+3XxjuxnLxc/CSfCNiRiiRs8RoGqQomm9DS9Djq+zALGfPI3mInnPUI5XqFi
plro3hKcWLd4fJsOq51ywlPi9+aTZSdEmD+P+b7wuME/HpEMVd12
-----END CERTIFICATE-----