Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/VRhNfgI9-BwH8m7ksh2m3MATykA.roa
File:                     VRhNfgI9-BwH8m7ksh2m3MATykA.roa (raw, json)
Hash identifier:          wejBUeK3+S3Mz6iwzpBhD87O0DPRFfKNaXI/JYMbNt8=
Subject key identifier:   55:18:4D:7E:02:3D:F8:1C:07:F2:6E:E4:B2:1D:A6:DC:C0:13:CA:40
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       019422FC13F3F3B770A157A31D8B60BC309E
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/VRhNfgI9-BwH8m7ksh2m3MATykA.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203984
IP address blocks:        185.145.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:13:f3:f3:b7:70:a1:57:a3:1d:8b:60:bc:30:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55184d7e023df81c07f26ee4b21da6dcc013ca40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e3:ec:20:68:0e:a1:29:2d:4f:e0:72:cf:d2:
                    c3:19:ca:2a:41:75:4d:75:b0:f7:b4:49:19:d2:63:
                    be:e9:99:6f:b0:5c:03:9d:32:1f:a5:d2:d0:ea:8e:
                    c3:36:1f:04:de:42:23:1c:a6:03:39:56:36:64:e0:
                    89:cd:1c:6a:37:02:1a:59:8f:a8:f0:99:e6:c3:61:
                    85:c8:dd:8c:b3:74:3d:2d:95:fc:ca:ea:86:83:61:
                    07:18:c8:ad:08:b3:16:01:e7:be:d7:53:96:14:73:
                    99:f0:a2:8c:65:3d:3e:05:75:da:12:fb:71:44:1d:
                    1d:b7:bf:6a:d7:5c:b6:2c:86:3a:7f:fb:00:bb:73:
                    54:62:70:12:ca:54:4f:4c:38:be:b4:4c:09:8e:ed:
                    4c:04:bc:db:f9:e3:d5:29:36:16:89:43:6f:8e:1b:
                    85:90:de:ec:47:e8:0d:f7:3b:9b:92:8e:a0:1a:a8:
                    6f:3b:43:61:88:85:55:0c:95:4c:10:1b:cc:b7:2c:
                    08:15:72:e3:29:2b:4c:00:e9:dc:77:b2:59:da:c2:
                    0c:2e:a2:67:e2:99:60:03:7f:dc:a9:3d:84:17:5e:
                    30:87:b3:cf:92:64:68:d1:24:3d:1b:c1:59:34:c6:
                    69:26:11:30:06:4c:4a:01:3c:ed:25:5f:2f:1a:6f:
                    ff:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:18:4D:7E:02:3D:F8:1C:07:F2:6E:E4:B2:1D:A6:DC:C0:13:CA:40
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/VRhNfgI9-BwH8m7ksh2m3MATykA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:85:3e:17:99:85:dd:40:14:de:36:79:b7:9e:67:26:34:cc:
         ce:26:27:ff:fe:65:58:03:2c:86:64:f3:d0:e8:af:1e:41:4c:
         49:2a:19:b5:70:19:7d:f2:3a:24:42:95:79:4d:66:6b:cf:fe:
         df:46:5d:38:70:92:59:d9:ba:6f:50:0c:84:fa:a5:8b:0d:33:
         cb:78:36:9b:47:41:42:17:9d:1e:9e:28:a4:3d:3e:d0:0c:60:
         a6:30:db:31:c6:51:2e:2d:a6:0a:0f:3a:90:65:c2:85:3b:f2:
         59:2d:c9:92:42:5d:4a:58:64:b0:ff:de:d7:5e:1c:4c:29:2b:
         ca:6a:30:80:27:9b:59:9c:a6:b3:45:6e:9d:80:88:6d:f9:8b:
         b5:e9:42:63:fc:17:98:ea:4a:97:e0:2f:6d:89:80:a8:a7:bf:
         44:05:37:ad:44:9b:ed:23:c2:7a:b4:6f:0e:73:29:74:86:c0:
         7f:5c:37:94:0c:ab:61:93:dd:8e:bb:42:8b:e2:34:42:ba:b8:
         69:9e:8f:87:69:2d:1a:af:dc:0f:99:77:90:02:0e:1a:b3:c1:
         8c:34:a9:81:f4:1c:fa:9f:24:27:dc:93:49:08:9e:2d:dc:4a:
         a4:65:1b:b1:01:f2:63:c2:a9:27:35:7a:1e:0d:0f:70:dd:1f:
         5e:22:e5:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BPz87dwoVejHYtgvDCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE4NGQ3ZTAyM2RmODFjMDdmMjZlZTRiMjFkYTZkY2MwMTNjYTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOPsIGgOoSktT+Byz9LDGcoqQXVN
dbD3tEkZ0mO+6ZlvsFwDnTIfpdLQ6o7DNh8E3kIjHKYDOVY2ZOCJzRxqNwIaWY+o
8Jnmw2GFyN2Ms3Q9LZX8yuqGg2EHGMitCLMWAee+11OWFHOZ8KKMZT0+BXXaEvtx
RB0dt79q11y2LIY6f/sAu3NUYnASylRPTDi+tEwJju1MBLzb+ePVKTYWiUNvjhuF
kN7sR+gN9zubko6gGqhvO0NhiIVVDJVMEBvMtywIFXLjKStMAOncd7JZ2sIMLqJn
4plgA3/cqT2EF14wh7PPkmRo0SQ9G8FZNMZpJhEwBkxKATztJV8vGm//0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUYTX4CPfgcB/Ju5LIdptzAE8pAMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvVlJoTmZnSTktQndIOG03a3NoMm0zTUFUeWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFMMA0G
CSqGSIb3DQEBCwUAA4IBAQBUhT4XmYXdQBTeNnm3nmcmNMzOJif//mVYAyyGZPPQ
6K8eQUxJKhm1cBl98jokQpV5TWZrz/7fRl04cJJZ2bpvUAyE+qWLDTPLeDabR0FC
F50eniikPT7QDGCmMNsxxlEuLaYKDzqQZcKFO/JZLcmSQl1KWGSw/97XXhxMKSvK
ajCAJ5tZnKazRW6dgIht+Yu16UJj/BeY6kqX4C9tiYCop79EBTetRJvtI8J6tG8O
cyl0hsB/XDeUDKthk92Ou0KL4jRCurhpno+HaS0ar9wPmXeQAg4as8GMNKmB9Bz6
nyQn3JNJCJ4t3EqkZRuxAfJjwqknNXoeDQ9w3R9eIuXA
-----END CERTIFICATE-----