Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/VLc-SgDlYIxohlXjDbt6Cy_zWsw.roa
File:                     VLc-SgDlYIxohlXjDbt6Cy_zWsw.roa (raw, json)
Hash identifier:          1GGAgoBHOK3LWxVfLYqeKLwLa4IxnmItSs5+Vstn7Lw=
Subject key identifier:   54:B7:3E:4A:00:E5:60:8C:68:86:55:E3:0D:BB:7A:0B:2F:F3:5A:CC
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747ED327474304B47E678C8DD449C2F
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/VLc-SgDlYIxohlXjDbt6Cy_zWsw.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44203
IP address blocks:        185.211.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ed:32:74:74:30:4b:47:e6:78:c8:dd:44:9c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54b73e4a00e5608c688655e30dbb7a0b2ff35acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9f:f8:3f:38:f4:a2:6c:98:ee:1a:1a:a8:4a:
                    6b:84:e4:89:1a:97:e6:4b:1f:d4:46:31:7f:4b:15:
                    fa:be:ef:f1:c8:b4:e7:be:06:e8:d6:d4:d7:78:a6:
                    72:73:2e:dc:f2:78:67:a0:fe:fc:ca:1d:25:e7:4c:
                    a8:f3:3c:7e:dc:e0:27:f3:bf:87:9e:60:da:9e:04:
                    7e:56:8a:25:05:a3:1d:27:f8:45:79:c8:bc:10:47:
                    a1:9d:7e:87:51:39:a2:99:43:29:e0:c6:24:c4:89:
                    29:5d:d2:2f:5d:b9:2b:35:11:92:be:c0:ff:e7:79:
                    37:8a:9d:c5:9d:3e:f7:4c:2d:f1:00:53:e4:51:96:
                    0c:24:6b:3f:0b:73:7e:3c:15:fd:24:63:b3:81:90:
                    18:f2:61:dc:52:b3:da:4c:2a:f7:65:5e:ab:5b:bb:
                    5a:4d:5c:39:38:c5:00:23:a9:e2:00:b3:c3:03:3d:
                    0d:9c:b7:ef:7a:43:a1:17:58:7f:2c:6a:69:fb:71:
                    a7:79:36:bf:07:19:26:bd:d8:66:36:b8:d0:da:90:
                    41:74:c3:c9:1a:de:84:fe:98:1d:63:21:6d:8c:5f:
                    50:6f:d6:97:af:4d:6b:4c:8b:c2:2a:72:31:2b:b8:
                    eb:9d:ef:4b:ef:33:18:2d:f9:a3:a1:53:a7:5c:7f:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:B7:3E:4A:00:E5:60:8C:68:86:55:E3:0D:BB:7A:0B:2F:F3:5A:CC
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/VLc-SgDlYIxohlXjDbt6Cy_zWsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:2b:0d:79:57:fe:ee:cd:3f:47:f9:ef:b2:5e:a8:97:9f:42:
         ec:84:1a:22:38:e1:ff:2e:96:12:9e:0b:3d:56:ef:c9:23:72:
         b8:d4:f1:45:52:44:d9:aa:5e:13:a8:a0:d2:ee:0c:fe:43:da:
         f2:40:5a:f8:47:21:83:35:91:ff:26:82:81:24:85:53:6d:00:
         aa:ef:87:9d:c0:5a:7b:db:aa:95:b8:ac:6b:01:d4:e2:a8:1c:
         fe:da:ee:a2:a6:5c:8a:fb:a8:6d:66:5e:b5:d0:44:76:d5:78:
         4c:ab:e0:b1:ff:2a:e2:ff:26:31:d7:19:d1:23:62:6d:82:73:
         30:60:36:ad:c2:bb:21:c5:b5:7a:ac:dd:90:30:53:78:87:e7:
         e0:62:56:36:04:6c:ff:94:9e:c1:13:87:07:80:04:50:21:fc:
         fd:da:a0:f7:53:79:1b:7e:f4:1c:ef:e0:01:ff:f9:da:64:79:
         25:f6:f7:68:62:f5:5f:d3:6d:74:18:57:9c:32:2e:bc:81:b7:
         cf:88:53:71:fd:e5:41:a9:37:85:8c:5f:18:d3:cf:4e:e0:e8:
         80:e3:1e:b7:e2:24:af:be:9a:5c:72:6d:5c:03:61:f0:c1:37:
         91:98:18:bd:2b:51:42:c9:5c:e8:bd:7a:ad:4a:76:05:30:33:
         7c:15:1d:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+0ydHQwS0fmeMjdRJwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGI3M2U0YTAwZTU2MDhjNjg4NjU1ZTMwZGJiN2EwYjJmZjM1YWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5/4Pzj0omyY7hoaqEprhOSJGpfm
Sx/URjF/SxX6vu/xyLTnvgbo1tTXeKZycy7c8nhnoP78yh0l50yo8zx+3OAn87+H
nmDangR+VoolBaMdJ/hFeci8EEehnX6HUTmimUMp4MYkxIkpXdIvXbkrNRGSvsD/
53k3ip3FnT73TC3xAFPkUZYMJGs/C3N+PBX9JGOzgZAY8mHcUrPaTCr3ZV6rW7ta
TVw5OMUAI6niALPDAz0NnLfvekOhF1h/LGpp+3GneTa/BxkmvdhmNrjQ2pBBdMPJ
Gt6E/pgdYyFtjF9Qb9aXr01rTIvCKnIxK7jrne9L7zMYLfmjoVOnXH+MNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFS3PkoA5WCMaIZV4w27egsv81rMMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvVkxjLVNnRGxZSXhvaGxYakRidDZDeV96V3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudPKMA0G
CSqGSIb3DQEBCwUAA4IBAQCmKw15V/7uzT9H+e+yXqiXn0LshBoiOOH/LpYSngs9
Vu/JI3K41PFFUkTZql4TqKDS7gz+Q9ryQFr4RyGDNZH/JoKBJIVTbQCq74edwFp7
26qVuKxrAdTiqBz+2u6iplyK+6htZl610ER21XhMq+Cx/yri/yYx1xnRI2JtgnMw
YDatwrshxbV6rN2QMFN4h+fgYlY2BGz/lJ7BE4cHgARQIfz92qD3U3kbfvQc7+AB
//naZHkl9vdoYvVf0210GFecMi68gbfPiFNx/eVBqTeFjF8Y089O4OiA4x634iSv
vppccm1cA2HwwTeRmBi9K1FCyVzovXqtSnYFMDN8FR1t
-----END CERTIFICATE-----