Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/VmXkaG5WzI9Vz_7xcXFAL06DAoc.roa
File:                     VmXkaG5WzI9Vz_7xcXFAL06DAoc.roa (raw, json)
Hash identifier:          uKPs/SrJH/MnTw4fYsxVa8cqGkMc8R9CKa5VOSutc0U=
Subject key identifier:   56:65:E4:68:6E:56:CC:8F:55:CF:FE:F1:71:71:40:2F:4E:83:02:87
Certificate issuer:       /CN=975e5f48f53a8db9ca60fa8f1837d07f3191104f
Certificate serial:       019424B370E55B4953E1DC513A45D01DCBAD
Authority key identifier: 97:5E:5F:48:F5:3A:8D:B9:CA:60:FA:8F:18:37:D0:7F:31:91:10:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l15fSPU6jbnKYPqPGDfQfzGREE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/VmXkaG5WzI9Vz_7xcXFAL06DAoc.roa
Signing time:             Thu 02 Jan 2025 01:48:47 +0000
ROA not before:           Thu 02 Jan 2025 01:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.162.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/l15fSPU6jbnKYPqPGDfQfzGREE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/l15fSPU6jbnKYPqPGDfQfzGREE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l15fSPU6jbnKYPqPGDfQfzGREE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:70:e5:5b:49:53:e1:dc:51:3a:45:d0:1d:cb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=975e5f48f53a8db9ca60fa8f1837d07f3191104f
        Validity
            Not Before: Jan  2 01:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5665e4686e56cc8f55cffef17171402f4e830287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6e:92:d8:48:d9:26:eb:a6:b7:b2:45:b2:ba:
                    0f:e5:ea:95:d4:d2:aa:46:ca:35:6d:9f:b2:ce:a6:
                    71:d4:58:39:1a:11:72:f6:81:c0:c1:5e:60:1f:cc:
                    b0:3b:e1:41:63:b7:18:b3:7b:0f:c2:f9:61:17:da:
                    07:3b:35:d8:66:ca:19:4f:0d:7d:f0:99:20:c4:e6:
                    24:79:49:c8:5c:53:de:8b:ca:c2:01:b5:c1:80:50:
                    8e:90:ea:41:0b:61:86:93:e7:fe:b0:8b:c7:8d:b3:
                    2b:6e:33:1f:a9:19:4a:e6:62:c4:5e:b2:11:73:b4:
                    7d:12:de:bb:60:bb:cd:43:1e:49:8d:47:66:aa:1d:
                    5f:d8:7a:79:cd:4e:0e:1c:5a:6e:49:f4:49:fa:aa:
                    75:cd:9e:8a:54:a7:79:8d:49:a2:92:a4:0c:c1:4b:
                    04:7e:8e:8d:91:8f:32:0d:03:dc:bc:43:37:a7:62:
                    f9:0d:87:2a:03:f1:51:7f:e1:4f:3e:9c:84:1d:58:
                    df:d5:a2:a6:fb:eb:bd:93:69:3b:4b:38:cb:4a:42:
                    66:82:8d:0f:78:22:f8:0f:fd:07:09:44:0a:6b:cf:
                    06:13:e8:15:ab:90:55:6d:90:b5:45:bc:a5:e4:cc:
                    93:78:94:77:ce:db:38:5c:34:22:37:bc:df:51:7a:
                    89:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:65:E4:68:6E:56:CC:8F:55:CF:FE:F1:71:71:40:2F:4E:83:02:87
            X509v3 Authority Key Identifier:
                keyid:97:5E:5F:48:F5:3A:8D:B9:CA:60:FA:8F:18:37:D0:7F:31:91:10:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l15fSPU6jbnKYPqPGDfQfzGREE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/VmXkaG5WzI9Vz_7xcXFAL06DAoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e0b1b5-edef-4aeb-836b-63f5035f3446/1/l15fSPU6jbnKYPqPGDfQfzGREE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:62:f3:0c:c7:9b:0d:13:9f:40:c9:33:e1:cf:fd:da:1e:7e:
         fc:f7:2f:99:c3:93:af:2b:01:0e:87:52:8c:eb:2f:e1:3d:39:
         1c:0c:72:c9:61:79:4d:06:62:d7:17:fb:38:c6:11:f8:60:9d:
         86:89:f8:b0:62:5a:37:a8:2a:fb:7a:5d:a6:43:0c:63:c7:dd:
         80:b8:dd:8f:94:76:66:48:0d:c8:44:dd:18:78:75:0e:01:2c:
         90:eb:2e:7b:12:55:c1:5c:78:5a:2b:55:a7:cc:ca:cf:87:1b:
         2b:0b:50:26:99:e4:8d:ad:fa:aa:7b:a4:26:4f:85:62:55:35:
         c1:24:9c:46:ea:c4:83:0d:58:c6:8e:b4:0c:c9:fc:08:c2:1b:
         c7:ab:eb:f1:63:f3:f2:a5:ec:8f:cc:e3:a8:6c:ff:2b:7a:48:
         f1:bd:b1:cc:25:d5:30:af:f3:7c:33:00:e5:8a:1b:be:3c:b8:
         9f:0d:3a:68:b7:ae:70:72:fc:1a:3e:d1:db:e3:56:43:df:82:
         05:18:83:a4:a0:77:96:7e:60:85:04:44:3c:c3:77:f1:65:5c:
         f7:8a:82:89:b0:0f:4d:39:b1:29:29:c1:9b:56:9e:97:c5:ce:
         c0:7e:84:d5:93:c9:04:33:de:9c:29:32:de:3c:2e:c7:3a:24:
         b4:99:f6:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3DlW0lT4dxROkXQHcutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NWU1ZjQ4ZjUzYThkYjljYTYwZmE4ZjE4MzdkMDdmMzE5
MTEwNGYwHhcNMjUwMTAyMDE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjY1ZTQ2ODZlNTZjYzhmNTVjZmZlZjE3MTcxNDAyZjRlODMwMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm6S2EjZJuumt7JFsroP5eqV1NKq
Rso1bZ+yzqZx1Fg5GhFy9oHAwV5gH8ywO+FBY7cYs3sPwvlhF9oHOzXYZsoZTw19
8JkgxOYkeUnIXFPei8rCAbXBgFCOkOpBC2GGk+f+sIvHjbMrbjMfqRlK5mLEXrIR
c7R9Et67YLvNQx5JjUdmqh1f2Hp5zU4OHFpuSfRJ+qp1zZ6KVKd5jUmikqQMwUsE
fo6NkY8yDQPcvEM3p2L5DYcqA/FRf+FPPpyEHVjf1aKm++u9k2k7SzjLSkJmgo0P
eCL4D/0HCUQKa88GE+gVq5BVbZC1Rbyl5MyTeJR3zts4XDQiN7zfUXqJBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZl5GhuVsyPVc/+8XFxQC9OgwKHMB8GA1UdIwQY
MBaAFJdeX0j1Oo25ymD6jxg30H8xkRBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDE1ZlNQVTZqYm5LWVBxUEdEZlFmekdSRUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lMGIxYjUtZWRlZi00YWViLTgzNmIt
NjNmNTAzNWYzNDQ2LzEvVm1Ya2FHNVd6STlWel83eGNYRkFMMDZEQW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lMGIxYjUtZWRlZi00YWViLTgzNmItNjNmNTAzNWYzNDQ2
LzEvbDE1ZlNQVTZqYm5LWVBxUEdEZlFmekdSRUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaKUMA0G
CSqGSIb3DQEBCwUAA4IBAQCMYvMMx5sNE59AyTPhz/3aHn789y+Zw5OvKwEOh1KM
6y/hPTkcDHLJYXlNBmLXF/s4xhH4YJ2GifiwYlo3qCr7el2mQwxjx92AuN2PlHZm
SA3IRN0YeHUOASyQ6y57ElXBXHhaK1WnzMrPhxsrC1AmmeSNrfqqe6QmT4ViVTXB
JJxG6sSDDVjGjrQMyfwIwhvHq+vxY/PypeyPzOOobP8rekjxvbHMJdUwr/N8MwDl
ihu+PLifDTpot65wcvwaPtHb41ZD34IFGIOkoHeWfmCFBEQ8w3fxZVz3ioKJsA9N
ObEpKcGbVp6Xxc7AfoTVk8kEM96cKTLePC7HOiS0mfYU
-----END CERTIFICATE-----