Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/VWvh8oQqbM3sr_YgNU9ovk9YXAA.roa
File:                     VWvh8oQqbM3sr_YgNU9ovk9YXAA.roa (raw, json)
Hash identifier:          T1v1mXcrdaWQMWpNfocO7FriUxPCLmULf/wIMAuWmIk=
Subject key identifier:   55:6B:E1:F2:84:2A:6C:CD:EC:AF:F6:20:35:4F:68:BE:4F:58:5C:00
Certificate issuer:       /CN=81404c04c6c27d329f9c87a02af06dd986ee767b
Certificate serial:       01942C04662F4978B61BAC59283A493A2D35
Authority key identifier: 81:40:4C:04:C6:C2:7D:32:9F:9C:87:A0:2A:F0:6D:D9:86:EE:76:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUBMBMbCfTKfnIegKvBt2Ybudns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/VWvh8oQqbM3sr_YgNU9ovk9YXAA.roa
Signing time:             Fri 03 Jan 2025 11:54:33 +0000
ROA not before:           Fri 03 Jan 2025 11:54:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.113.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/gUBMBMbCfTKfnIegKvBt2Ybudns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/gUBMBMbCfTKfnIegKvBt2Ybudns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUBMBMbCfTKfnIegKvBt2Ybudns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:04:66:2f:49:78:b6:1b:ac:59:28:3a:49:3a:2d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81404c04c6c27d329f9c87a02af06dd986ee767b
        Validity
            Not Before: Jan  3 11:54:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=556be1f2842a6ccdecaff620354f68be4f585c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0d:5b:d5:26:92:63:f6:80:12:a4:76:db:ec:
                    c1:0b:61:49:ca:eb:81:bb:6e:cf:db:f8:c6:c5:83:
                    fd:db:73:5c:b5:b8:40:29:aa:c6:57:1c:99:4f:51:
                    75:ba:2d:f7:17:41:cf:36:9a:72:fd:14:20:b5:18:
                    db:1c:c4:cf:e5:54:01:64:1b:25:dc:a5:74:03:52:
                    78:07:d2:04:f4:de:7f:19:0d:55:6d:a2:d1:2a:4b:
                    49:06:4c:ce:89:e6:30:a1:0b:f9:a6:40:79:a0:9b:
                    2a:b6:f3:7a:9b:e4:0e:78:87:7c:20:8e:49:0f:e3:
                    9a:dd:24:7c:d5:33:8d:c1:06:af:7f:75:c2:a2:6e:
                    c0:9a:59:bb:c2:39:ad:74:6e:e1:c9:c6:b1:ef:18:
                    2d:3f:93:36:b6:b7:fd:ed:ce:73:37:47:d7:89:54:
                    1f:0e:4b:17:ad:af:b1:b1:e7:f3:cf:f6:9d:bf:4e:
                    a1:18:32:e5:04:73:27:32:7f:4a:a8:25:65:b2:68:
                    52:78:28:58:ef:22:d1:80:2f:82:83:c6:1a:68:64:
                    6c:75:ef:4f:1d:c7:aa:d3:62:ee:04:9b:e2:22:27:
                    72:8e:81:d1:f4:88:08:e3:3b:e0:9d:62:17:e9:2c:
                    7f:f6:5b:f8:e0:66:3f:4d:10:a4:fc:e6:d4:83:25:
                    44:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6B:E1:F2:84:2A:6C:CD:EC:AF:F6:20:35:4F:68:BE:4F:58:5C:00
            X509v3 Authority Key Identifier:
                keyid:81:40:4C:04:C6:C2:7D:32:9F:9C:87:A0:2A:F0:6D:D9:86:EE:76:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUBMBMbCfTKfnIegKvBt2Ybudns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/VWvh8oQqbM3sr_YgNU9ovk9YXAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2bea45-83ec-4bbb-96b7-f468ee331474/1/gUBMBMbCfTKfnIegKvBt2Ybudns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:c1:07:a1:c8:9d:02:24:78:61:1e:da:a5:7b:c1:a4:ff:6b:
         d1:c1:61:31:16:39:51:6c:20:17:ad:0e:85:54:bd:94:b6:dc:
         c3:dc:0d:50:4d:11:55:de:5e:2b:91:99:67:36:23:92:42:52:
         52:e2:b1:11:78:18:a0:b9:c3:9e:bb:91:8f:75:99:a8:d1:d2:
         3c:35:68:d8:9d:ee:3f:2e:d9:76:85:90:6c:7f:f8:ae:85:10:
         a3:ca:8f:c2:01:ca:d3:af:80:0a:b5:65:fb:99:99:13:60:d5:
         dc:ac:bc:3a:15:cc:61:a9:e4:84:84:30:66:a9:24:68:35:a9:
         f8:9c:ef:84:cb:bb:18:c6:14:14:f2:76:c3:eb:fa:83:f4:cb:
         47:68:84:45:af:7f:85:bc:09:e1:5e:01:4c:ff:92:b2:05:d0:
         af:bc:61:fa:3b:16:1d:ee:e9:d0:30:24:58:6f:6f:77:8b:58:
         53:25:92:23:91:70:83:ec:0b:92:85:27:4e:59:6a:14:18:ef:
         a3:79:ef:c4:57:aa:14:70:9a:2c:ad:95:df:fa:ba:17:f3:25:
         98:54:ca:d6:bf:91:52:8f:b3:02:43:87:b0:0f:5c:a8:b5:df:
         97:d0:c6:83:91:18:82:b9:f9:0c:14:8c:97:f1:47:a1:ef:f9:
         45:40:ff:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsBGYvSXi2G6xZKDpJOi01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDA0YzA0YzZjMjdkMzI5ZjljODdhMDJhZjA2ZGQ5ODZl
ZTc2N2IwHhcNMjUwMTAzMTE1NDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTZiZTFmMjg0MmE2Y2NkZWNhZmY2MjAzNTRmNjhiZTRmNTg1YzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg1b1SaSY/aAEqR22+zBC2FJyuuB
u27P2/jGxYP923NctbhAKarGVxyZT1F1ui33F0HPNppy/RQgtRjbHMTP5VQBZBsl
3KV0A1J4B9IE9N5/GQ1VbaLRKktJBkzOieYwoQv5pkB5oJsqtvN6m+QOeId8II5J
D+Oa3SR81TONwQavf3XCom7Amlm7wjmtdG7hycax7xgtP5M2trf97c5zN0fXiVQf
DksXra+xsefzz/adv06hGDLlBHMnMn9KqCVlsmhSeChY7yLRgC+Cg8YaaGRsde9P
Hceq02LuBJviIidyjoHR9IgI4zvgnWIX6Sx/9lv44GY/TRCk/ObUgyVE/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVr4fKEKmzN7K/2IDVPaL5PWFwAMB8GA1UdIwQY
MBaAFIFATATGwn0yn5yHoCrwbdmG7nZ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1VCTUJNYkNmVEtmbkllZ0t2QnQyWWJ1ZG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yYmVhNDUtODNlYy00YmJiLTk2Yjct
ZjQ2OGVlMzMxNDc0LzEvVld2aDhvUXFiTTNzcl9ZZ05VOW92azlZWEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yYmVhNDUtODNlYy00YmJiLTk2YjctZjQ2OGVlMzMxNDc0
LzEvZ1VCTUJNYkNmVEtmbkllZ0t2QnQyWWJ1ZG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXH4MA0G
CSqGSIb3DQEBCwUAA4IBAQCwwQehyJ0CJHhhHtqle8Gk/2vRwWExFjlRbCAXrQ6F
VL2UttzD3A1QTRFV3l4rkZlnNiOSQlJS4rEReBigucOeu5GPdZmo0dI8NWjYne4/
Ltl2hZBsf/iuhRCjyo/CAcrTr4AKtWX7mZkTYNXcrLw6FcxhqeSEhDBmqSRoNan4
nO+Ey7sYxhQU8nbD6/qD9MtHaIRFr3+FvAnhXgFM/5KyBdCvvGH6OxYd7unQMCRY
b293i1hTJZIjkXCD7AuShSdOWWoUGO+jee/EV6oUcJosrZXf+roX8yWYVMrWv5FS
j7MCQ4ewD1yotd+X0MaDkRiCufkMFIyX8Ueh7/lFQP9Z
-----END CERTIFICATE-----