Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/V951RqjYUqqNTOCnWY4hHiyU0dI.roa
File:                     V951RqjYUqqNTOCnWY4hHiyU0dI.roa (raw, json)
Hash identifier:          NM+yo7N0AeqhrBUOSbPrA/tZY2hhs3N8wJ0kX4oE1ak=
Subject key identifier:   57:DE:75:46:A8:D8:52:AA:8D:4C:E0:A7:59:8E:21:1E:2C:94:D1:D2
Certificate issuer:       /CN=95151fbb71e41b2d1063d3b11141ada1a844c7f7
Certificate serial:       01941F8C7930F6FBA2AE864202DBAB7D6F3D
Authority key identifier: 95:15:1F:BB:71:E4:1B:2D:10:63:D3:B1:11:41:AD:A1:A8:44:C7:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/V951RqjYUqqNTOCnWY4hHiyU0dI.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38965
IP address blocks:        185.231.57.0/24 maxlen: 24
                          2a10:b880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:79:30:f6:fb:a2:ae:86:42:02:db:ab:7d:6f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95151fbb71e41b2d1063d3b11141ada1a844c7f7
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57de7546a8d852aa8d4ce0a7598e211e2c94d1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e2:1f:98:ba:f9:d1:f3:4c:21:a5:3d:95:f5:
                    79:c5:9b:60:3c:b5:4d:24:be:49:31:73:ad:30:60:
                    7f:ae:fa:fe:43:a0:07:cd:cf:b9:73:19:8e:2c:ba:
                    87:b1:47:29:83:03:5d:b5:ee:ba:4b:40:75:19:01:
                    7d:56:9f:c4:7f:c5:bd:6a:11:c5:2b:be:72:9e:31:
                    9d:05:d3:ea:e9:ff:50:a7:f7:84:ee:48:88:8e:58:
                    27:40:9f:a4:49:e5:78:7f:2b:5d:26:bb:6b:11:ba:
                    2b:67:61:16:2a:d8:66:c6:60:1b:2c:9e:40:b9:89:
                    4b:50:69:14:ba:3f:a6:6f:60:54:f3:2d:ee:2a:d1:
                    2e:f9:4c:16:96:44:49:3e:46:60:ab:5a:9f:29:79:
                    6e:84:2f:69:c5:62:4e:1e:b1:db:19:7f:ec:5b:e0:
                    a3:d3:3f:c7:f4:55:68:53:d1:de:a6:20:43:88:17:
                    2b:52:85:9d:04:5a:2c:77:f5:44:75:ca:6f:1e:f9:
                    c9:61:ed:6f:f8:fd:e1:a7:6b:a7:75:cb:d3:17:04:
                    7a:8e:a9:fc:51:5b:85:5a:33:1a:c6:39:87:23:57:
                    2c:0b:7b:10:87:9e:c8:80:df:39:bb:82:44:af:c5:
                    eb:1c:e9:8e:0a:02:b2:65:b7:17:61:fc:e4:d3:7b:
                    6c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:DE:75:46:A8:D8:52:AA:8D:4C:E0:A7:59:8E:21:1E:2C:94:D1:D2
            X509v3 Authority Key Identifier:
                keyid:95:15:1F:BB:71:E4:1B:2D:10:63:D3:B1:11:41:AD:A1:A8:44:C7:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/V951RqjYUqqNTOCnWY4hHiyU0dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.57.0/24
                IPv6:
                  2a10:b880::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:16:e0:55:47:9d:e2:0a:59:7d:87:80:0f:90:98:68:ff:9e:
         8a:65:80:70:56:ad:41:38:66:15:ee:a5:00:32:d1:c6:e8:ad:
         08:cf:26:b6:4c:5e:29:95:c9:cf:08:ee:60:80:79:41:7a:5d:
         93:a5:b0:74:f6:b8:d9:3b:ae:b3:7b:c2:f2:0e:48:43:b5:5e:
         1f:65:4f:22:3f:28:97:78:7d:2a:f2:6d:6c:42:74:f2:b4:05:
         57:3a:83:d6:b8:c3:20:a0:b1:1e:c2:41:41:0f:34:46:b0:db:
         48:12:d9:98:ca:ae:3c:65:21:05:64:40:72:5c:a3:9e:9b:ba:
         3e:d4:1d:5e:17:6a:00:d2:0f:dc:74:1d:6c:47:14:4f:fe:cc:
         17:b9:1a:02:cb:40:0f:49:a5:1d:08:c5:92:cc:4c:25:82:5a:
         aa:e8:37:43:e4:17:21:a9:41:31:23:91:80:c8:7f:75:34:66:
         c5:7c:26:4a:3e:bf:98:04:70:47:70:26:f9:c2:70:3b:70:27:
         e7:15:62:d3:d3:9f:bd:67:08:33:8f:a2:f5:2b:3a:1b:65:c0:
         f6:00:33:2a:5b:bf:f0:32:a9:cd:b9:95:03:ea:90:89:9c:e0:
         00:fe:57:b6:6d:df:5f:ab:cc:d4:3e:49:80:80:50:92:6e:ab:
         bd:24:e4:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjHkw9vuiroZCAturfW89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTUxZmJiNzFlNDFiMmQxMDYzZDNiMTExNDFhZGExYTg0
NGM3ZjcwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2RlNzU0NmE4ZDg1MmFhOGQ0Y2UwYTc1OThlMjExZTJjOTRkMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuIfmLr50fNMIaU9lfV5xZtgPLVN
JL5JMXOtMGB/rvr+Q6AHzc+5cxmOLLqHsUcpgwNdte66S0B1GQF9Vp/Ef8W9ahHF
K75ynjGdBdPq6f9Qp/eE7kiIjlgnQJ+kSeV4fytdJrtrEborZ2EWKthmxmAbLJ5A
uYlLUGkUuj+mb2BU8y3uKtEu+UwWlkRJPkZgq1qfKXluhC9pxWJOHrHbGX/sW+Cj
0z/H9FVoU9HepiBDiBcrUoWdBFosd/VEdcpvHvnJYe1v+P3hp2undcvTFwR6jqn8
UVuFWjMaxjmHI1csC3sQh57IgN85u4JEr8XrHOmOCgKyZbcXYfzk03tsMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFfedUao2FKqjUzgp1mOIR4slNHSMB8GA1UdIwQY
MBaAFJUVH7tx5BstEGPTsRFBraGoRMf3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJVZnUzSGtHeTBRWTlPeEVVR3RvYWhFeF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xODVmZTktMjUxNy00MzhjLThlMjYt
OWZkODM2ZThiMzY2LzEvVjk1MVJxallVcXFOVE9DbldZNGhIaXlVMGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xODVmZTktMjUxNy00MzhjLThlMjYtOWZkODM2ZThiMzY2
LzEvbFJVZnUzSGtHeTBRWTlPeEVVR3RvYWhFeF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuec5MA0E
AgACMAcDBQAqELiAMA0GCSqGSIb3DQEBCwUAA4IBAQAkFuBVR53iCll9h4APkJho
/56KZYBwVq1BOGYV7qUAMtHG6K0Izya2TF4plcnPCO5ggHlBel2TpbB09rjZO66z
e8LyDkhDtV4fZU8iPyiXeH0q8m1sQnTytAVXOoPWuMMgoLEewkFBDzRGsNtIEtmY
yq48ZSEFZEByXKOem7o+1B1eF2oA0g/cdB1sRxRP/swXuRoCy0APSaUdCMWSzEwl
glqq6DdD5BchqUExI5GAyH91NGbFfCZKPr+YBHBHcCb5wnA7cCfnFWLT05+9Zwgz
j6L1KzobZcD2ADMqW7/wMqnNuZUD6pCJnOAA/le2bd9fq8zUPkmAgFCSbqu9JOTy
-----END CERTIFICATE-----