Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/VGm3ErGKm6tUo4YFp6q8zAkxW-A.roa
File:                     VGm3ErGKm6tUo4YFp6q8zAkxW-A.roa (raw, json)
Hash identifier:          mTwbwPysXWi/fjDRR83nehRSSzlqjgrfxfjlnGiXO3Q=
Subject key identifier:   54:69:B7:12:B1:8A:9B:AB:54:A3:86:05:A7:AA:BC:CC:09:31:5B:E0
Certificate issuer:       /CN=3087d2e1cc08a95174bf794e2f2de6e3d03ef82a
Certificate serial:       019469CC20107081AA3F73A063FF4A1A4A4D
Authority key identifier: 30:87:D2:E1:CC:08:A9:51:74:BF:79:4E:2F:2D:E6:E3:D0:3E:F8:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/VGm3ErGKm6tUo4YFp6q8zAkxW-A.roa
Signing time:             Wed 15 Jan 2025 11:49:32 +0000
ROA not before:           Wed 15 Jan 2025 11:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56491
IP address blocks:        185.223.168.0/23 maxlen: 23
                          185.223.170.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:69:cc:20:10:70:81:aa:3f:73:a0:63:ff:4a:1a:4a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3087d2e1cc08a95174bf794e2f2de6e3d03ef82a
        Validity
            Not Before: Jan 15 11:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5469b712b18a9bab54a38605a7aabccc09315be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d2:12:4a:4d:6e:de:32:31:8d:12:f7:00:70:
                    8b:d0:f3:fa:fb:7c:2e:10:b9:62:44:fa:04:8f:46:
                    c3:73:8e:11:07:f6:78:30:80:43:8c:5b:f8:e6:97:
                    fd:39:83:74:33:84:42:e4:7e:f5:24:03:c0:b4:36:
                    03:e0:59:b6:ae:5e:72:ed:d3:dd:50:3d:72:72:18:
                    c4:46:e0:ec:54:2b:00:ca:56:74:e0:04:b1:98:1e:
                    f0:7c:db:77:50:a5:ce:fd:41:d7:42:79:27:5a:51:
                    34:4a:32:4a:e0:5f:63:44:2a:74:50:16:48:73:bd:
                    65:32:33:6f:1a:fc:77:23:06:94:18:9e:d6:a4:7d:
                    c8:c2:09:f6:ee:e2:78:3b:36:8e:d0:f6:e4:9e:47:
                    bb:4f:4f:f2:21:e4:d8:8e:fa:61:53:d8:22:24:53:
                    84:55:b5:1f:fc:0a:9e:ec:e0:43:d0:4a:2e:9e:0b:
                    a8:14:39:ba:9d:5c:97:23:36:ad:23:b3:4a:4f:77:
                    1f:18:e5:a3:d3:ff:27:ae:9d:ec:ca:f2:ce:65:90:
                    52:a7:78:9e:bb:f6:e5:1d:fd:e8:90:dd:3a:72:92:
                    21:98:b4:b6:1a:a4:b5:ea:15:0f:10:92:9a:e8:b3:
                    0c:3f:51:ee:76:96:6f:0d:9c:74:ef:b0:14:ea:2f:
                    76:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:69:B7:12:B1:8A:9B:AB:54:A3:86:05:A7:AA:BC:CC:09:31:5B:E0
            X509v3 Authority Key Identifier:
                keyid:30:87:D2:E1:CC:08:A9:51:74:BF:79:4E:2F:2D:E6:E3:D0:3E:F8:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/VGm3ErGKm6tUo4YFp6q8zAkxW-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:99:b1:94:d5:6a:71:3a:e2:48:df:cc:4b:a0:65:c7:51:24:
         14:85:89:d9:c7:af:29:42:3c:1c:ef:ed:66:7a:a9:42:37:9d:
         4b:0b:a4:85:fe:10:50:4e:af:5b:dd:ce:b3:f9:55:fe:c5:1e:
         f1:33:21:d1:6b:96:51:68:18:a0:4f:17:1f:3b:10:b0:d8:ea:
         42:bf:dc:c1:03:5e:b7:61:fd:3b:64:2b:cf:2a:11:51:cd:39:
         6c:24:51:c6:56:79:f0:e6:41:3a:fe:72:e2:82:94:b3:87:83:
         33:56:95:5b:88:87:91:fa:b3:ff:17:69:8a:1b:47:4d:a4:06:
         b1:48:36:9c:5e:01:04:12:81:9d:51:3e:00:bb:f7:59:c4:2b:
         bc:fd:16:d3:6f:aa:15:d3:a8:75:29:6a:97:a4:43:cc:3d:6b:
         43:60:de:8e:b3:15:13:31:30:da:db:5f:23:fc:6d:a4:ee:1d:
         6a:19:0f:4e:56:d9:d9:b5:8b:66:51:58:ba:18:0c:54:51:d9:
         3a:f7:44:5e:84:b2:fb:15:48:b5:36:1f:cf:5e:c9:cb:a6:1c:
         76:50:08:67:12:24:bb:0a:94:76:17:cf:f7:53:a0:f4:f9:82:
         2b:6b:b9:48:bc:44:e0:4c:20:4a:ac:3b:b5:ff:16:c7:d1:7b:
         b5:d7:fa:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRpzCAQcIGqP3OgY/9KGkpNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwODdkMmUxY2MwOGE5NTE3NGJmNzk0ZTJmMmRlNmUzZDAz
ZWY4MmEwHhcNMjUwMTE1MTE0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY5YjcxMmIxOGE5YmFiNTRhMzg2MDVhN2FhYmNjYzA5MzE1YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dISSk1u3jIxjRL3AHCL0PP6+3wu
ELliRPoEj0bDc44RB/Z4MIBDjFv45pf9OYN0M4RC5H71JAPAtDYD4Fm2rl5y7dPd
UD1ychjERuDsVCsAylZ04ASxmB7wfNt3UKXO/UHXQnknWlE0SjJK4F9jRCp0UBZI
c71lMjNvGvx3IwaUGJ7WpH3Iwgn27uJ4OzaO0Pbknke7T0/yIeTYjvphU9giJFOE
VbUf/Aqe7OBD0EounguoFDm6nVyXIzatI7NKT3cfGOWj0/8nrp3syvLOZZBSp3ie
u/blHf3okN06cpIhmLS2GqS16hUPEJKa6LMMP1HudpZvDZx077AU6i92VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRptxKxipurVKOGBaeqvMwJMVvgMB8GA1UdIwQY
MBaAFDCH0uHMCKlRdL95Ti8t5uPQPvgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUlmUzRjd0lxVkYwdjNsT0x5M200OUEtLUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8xYmE5YTYtZjYxNi00ZTc0LTk2N2Qt
N2U3MTkwZmZjNGM5LzEvVkdtM0VyR0ttNnRVbzRZRnA2cTh6QWt4Vy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8xYmE5YTYtZjYxNi00ZTc0LTk2N2QtN2U3MTkwZmZjNGM5
LzEvTUlmUzRjd0lxVkYwdjNsT0x5M200OUEtLUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud+oMA0G
CSqGSIb3DQEBCwUAA4IBAQANmbGU1WpxOuJI38xLoGXHUSQUhYnZx68pQjwc7+1m
eqlCN51LC6SF/hBQTq9b3c6z+VX+xR7xMyHRa5ZRaBigTxcfOxCw2OpCv9zBA163
Yf07ZCvPKhFRzTlsJFHGVnnw5kE6/nLigpSzh4MzVpVbiIeR+rP/F2mKG0dNpAax
SDacXgEEEoGdUT4Au/dZxCu8/RbTb6oV06h1KWqXpEPMPWtDYN6OsxUTMTDa218j
/G2k7h1qGQ9OVtnZtYtmUVi6GAxUUdk690RehLL7FUi1Nh/PXsnLphx2UAhnEiS7
CpR2F8/3U6D0+YIra7lIvETgTCBKrDu1/xbH0Xu11/om
-----END CERTIFICATE-----