Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/vHwCw7oMDPrClYvdX-A30AyKV5Q.roa
File:                     vHwCw7oMDPrClYvdX-A30AyKV5Q.roa (raw, json)
Hash identifier:          rqndv/sj8Hh1XnVuBVWvDlA5Odz01ECXqpzsqO0GIsI=
Subject key identifier:   BC:7C:02:C3:BA:0C:0C:FA:C2:95:8B:DD:5F:E0:37:D0:0C:8A:57:94
Certificate issuer:       /CN=4eeb86abd5374e553098209075b9afecabef333a
Certificate serial:       0196C548467F9E9C7E2A061D2603922BF409
Authority key identifier: 4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/vHwCw7oMDPrClYvdX-A30AyKV5Q.roa
Signing time:             Mon 12 May 2025 16:16:10 +0000
ROA not before:           Mon 12 May 2025 16:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29017
IP address blocks:        78.40.58.0/24 maxlen: 24
                          185.230.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:48:46:7f:9e:9c:7e:2a:06:1d:26:03:92:2b:f4:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eeb86abd5374e553098209075b9afecabef333a
        Validity
            Not Before: May 12 16:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc7c02c3ba0c0cfac2958bdd5fe037d00c8a5794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d9:ba:09:b5:79:6a:d1:93:11:2e:d2:a5:d7:
                    db:7a:bd:05:64:23:0a:fc:ed:8f:a9:41:0f:57:09:
                    92:c2:a2:7a:58:a9:07:dc:1e:e7:22:42:64:c7:81:
                    00:bd:60:40:c6:4e:ad:4c:b3:76:06:60:5a:30:61:
                    a1:31:41:92:10:f1:40:0d:a5:7f:c0:46:c9:b3:06:
                    eb:65:dd:06:41:3d:65:71:cd:57:81:cb:8f:d5:9c:
                    2d:5b:73:f0:3f:76:a7:11:2f:3d:1a:86:05:18:45:
                    ad:e8:e4:f1:87:f8:0f:59:9d:c8:7a:87:f7:23:35:
                    92:2b:e2:32:4d:e2:20:1a:b0:75:da:ed:d5:a8:1a:
                    b8:3f:16:80:14:30:79:9f:de:62:6e:b6:6a:43:4d:
                    1f:dd:f8:1c:a3:9e:00:32:4b:7c:79:ab:91:9f:ff:
                    d6:ae:24:29:72:ce:5f:33:df:32:f1:53:b7:e6:aa:
                    e6:be:52:e3:de:15:25:63:32:0f:3c:10:15:6c:5e:
                    81:7d:26:fd:33:af:16:b8:6f:f1:46:e7:a0:24:7c:
                    5e:3c:d3:44:96:d7:87:14:a2:04:d5:ef:7c:07:7a:
                    f4:43:db:9a:c5:a9:49:19:a1:01:8e:b2:77:ee:e8:
                    0a:b9:77:27:37:51:23:00:08:46:93:e8:7b:2a:0f:
                    5e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7C:02:C3:BA:0C:0C:FA:C2:95:8B:DD:5F:E0:37:D0:0C:8A:57:94
            X509v3 Authority Key Identifier:
                keyid:4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/vHwCw7oMDPrClYvdX-A30AyKV5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.58.0/24
                  185.230.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:18:8e:8a:c3:c5:8a:9c:75:05:71:8d:02:58:2d:c3:c5:6a:
         c1:c5:94:ff:d1:12:4b:ae:9c:42:06:a3:96:95:6e:05:2d:8b:
         01:71:ad:7d:7e:63:37:4c:f6:4e:4d:b8:a6:f5:15:5b:8e:c6:
         42:c4:38:55:db:18:df:11:94:e0:e9:42:4f:87:24:bd:90:57:
         38:80:35:01:fa:b0:09:77:ae:c0:ed:11:6a:fa:68:97:ff:31:
         88:5c:a8:7f:ad:64:bb:00:f5:5e:1f:91:a6:b8:98:e2:71:66:
         69:f7:0a:28:3c:03:32:e3:94:0b:99:97:db:98:17:98:d4:ed:
         61:ad:71:c3:83:ff:c1:49:88:10:30:3f:3b:85:bf:c9:09:23:
         53:3c:d3:7c:94:06:4b:1e:29:af:4d:a1:57:d9:9b:75:10:c9:
         95:9b:18:ac:20:e4:39:13:d3:ab:7a:07:9a:73:3b:fb:66:77:
         a0:9d:c8:48:91:4a:29:f4:b4:71:50:a0:62:1c:08:2b:87:9f:
         2f:31:0a:1e:b5:73:24:eb:f3:15:cf:f0:3e:c6:fd:54:bd:35:
         7f:95:7a:cf:1b:0b:ff:c5:96:94:cf:37:60:a0:7b:e7:5c:4f:
         3b:ea:52:7e:e2:20:66:85:51:71:cc:7d:f4:bb:b9:16:b8:fb:
         2b:6f:c6:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbFSEZ/npx+KgYdJgOSK/QJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWI4NmFiZDUzNzRlNTUzMDk4MjA5MDc1YjlhZmVjYWJl
ZjMzM2EwHhcNMjUwNTEyMTYxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzdjMDJjM2JhMGMwY2ZhYzI5NThiZGQ1ZmUwMzdkMDBjOGE1Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dm6CbV5atGTES7Spdfber0FZCMK
/O2PqUEPVwmSwqJ6WKkH3B7nIkJkx4EAvWBAxk6tTLN2BmBaMGGhMUGSEPFADaV/
wEbJswbrZd0GQT1lcc1XgcuP1ZwtW3PwP3anES89GoYFGEWt6OTxh/gPWZ3Ieof3
IzWSK+IyTeIgGrB12u3VqBq4PxaAFDB5n95ibrZqQ00f3fgco54AMkt8eauRn//W
riQpcs5fM98y8VO35qrmvlLj3hUlYzIPPBAVbF6BfSb9M68WuG/xRuegJHxePNNE
lteHFKIE1e98B3r0Q9uaxalJGaEBjrJ37ugKuXcnN1EjAAhGk+h7Kg9emwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLx8AsO6DAz6wpWL3V/gN9AMileUMB8GA1UdIwQY
MBaAFE7rhqvVN05VMJggkHW5r+yr7zM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEt
YTg5NzhlM2FhZTk4LzEvdkh3Q3c3b01EUHJDbFl2ZFgtQTMwQXlLVjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEtYTg5NzhlM2FhZTk4
LzEvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATig6AwQA
uebcMA0GCSqGSIb3DQEBCwUAA4IBAQC8GI6Kw8WKnHUFcY0CWC3DxWrBxZT/0RJL
rpxCBqOWlW4FLYsBca19fmM3TPZOTbim9RVbjsZCxDhV2xjfEZTg6UJPhyS9kFc4
gDUB+rAJd67A7RFq+miX/zGIXKh/rWS7APVeH5GmuJjicWZp9wooPAMy45QLmZfb
mBeY1O1hrXHDg//BSYgQMD87hb/JCSNTPNN8lAZLHimvTaFX2Zt1EMmVmxisIOQ5
E9Oregeaczv7ZnegnchIkUop9LRxUKBiHAgrh58vMQoetXMk6/MVz/A+xv1UvTV/
lXrPGwv/xZaUzzdgoHvnXE876lJ+4iBmhVFxzH30u7kWuPsrb8bL
-----END CERTIFICATE-----