Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/vGF2KAvK3aprRRdgwH5KABdGMAU.roa
File:                     vGF2KAvK3aprRRdgwH5KABdGMAU.roa (raw, json)
Hash identifier:          RXv+kUD5G+c5aahHL6+Y+Di5kkYa37mIJ1HvrhSMRbM=
Subject key identifier:   BC:61:76:28:0B:CA:DD:AA:6B:45:17:60:C0:7E:4A:00:17:46:30:05
Certificate issuer:       /CN=11b048aaf5bb42f6c4d9d387ad27a7eb219f3882
Certificate serial:       01973978F4FDB22036ECF7D1D23BC4B83B1B
Authority key identifier: 11:B0:48:AA:F5:BB:42:F6:C4:D9:D3:87:AD:27:A7:EB:21:9F:38:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbBIqvW7QvbE2dOHrSen6yGfOII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/vGF2KAvK3aprRRdgwH5KABdGMAU.roa
Signing time:             Wed 04 Jun 2025 05:45:17 +0000
ROA not before:           Wed 04 Jun 2025 05:45:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        185.196.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/EbBIqvW7QvbE2dOHrSen6yGfOII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/EbBIqvW7QvbE2dOHrSen6yGfOII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EbBIqvW7QvbE2dOHrSen6yGfOII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:39:78:f4:fd:b2:20:36:ec:f7:d1:d2:3b:c4:b8:3b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b048aaf5bb42f6c4d9d387ad27a7eb219f3882
        Validity
            Not Before: Jun  4 05:45:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc6176280bcaddaa6b451760c07e4a0017463005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:03:b7:ad:44:fe:76:27:59:6e:8a:e1:9b:b6:
                    99:77:b2:03:96:11:cc:5e:e6:4b:66:63:b5:b8:ed:
                    95:63:a9:df:f8:79:88:e7:47:ff:50:ab:28:ed:a4:
                    a5:ec:67:12:f2:fd:f7:24:2e:4a:02:1a:0d:4a:d8:
                    99:d4:ce:7c:be:6d:ba:02:ca:32:89:17:f3:76:2a:
                    9a:ea:ad:ab:1d:42:c7:49:4a:97:6e:9d:27:8e:dd:
                    d4:1b:3b:8d:51:3e:4d:87:d1:16:cb:f1:66:30:2d:
                    7c:29:05:c4:ed:86:35:7b:93:59:8d:96:56:4f:3a:
                    16:6b:63:d9:41:80:7d:3e:53:cf:1e:78:ed:98:8c:
                    5a:13:61:f3:8e:d7:05:46:05:9a:83:37:62:91:e1:
                    34:e7:ab:4a:21:d9:24:3e:fe:32:69:7e:ad:09:e7:
                    3b:83:cd:6e:91:4a:91:08:1f:4f:83:fd:66:8e:2c:
                    5a:57:2a:03:a4:77:44:1e:96:cc:a7:55:12:29:5b:
                    ff:00:a7:9b:2e:79:8d:87:63:ae:46:97:f2:2d:22:
                    f2:21:ef:f0:96:12:d4:21:37:89:b4:10:8f:ae:67:
                    d5:57:5b:de:e0:90:fd:23:65:8a:de:b7:fd:9a:53:
                    33:b7:fc:7b:47:bf:26:b6:ae:26:2e:d8:76:6b:b2:
                    3f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:61:76:28:0B:CA:DD:AA:6B:45:17:60:C0:7E:4A:00:17:46:30:05
            X509v3 Authority Key Identifier:
                keyid:11:B0:48:AA:F5:BB:42:F6:C4:D9:D3:87:AD:27:A7:EB:21:9F:38:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbBIqvW7QvbE2dOHrSen6yGfOII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/vGF2KAvK3aprRRdgwH5KABdGMAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/7be9b2-2e19-4fe0-b17a-5cf3e76a1ebc/1/EbBIqvW7QvbE2dOHrSen6yGfOII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:3f:ba:74:a3:cd:78:e6:c0:7b:94:32:5f:17:f3:18:e4:0d:
         1e:7a:0d:60:04:37:a0:d3:13:1e:37:1e:e6:42:4a:f0:c1:42:
         8b:e8:03:e8:e6:38:ce:c0:23:8c:f5:79:ca:fa:8b:71:d5:b7:
         42:24:36:20:b5:b5:61:9e:58:2d:ee:b4:1f:45:0e:b3:82:79:
         80:d2:64:c5:a1:22:a2:70:62:9d:b1:65:ea:39:4a:f8:57:ae:
         e4:50:0b:c1:7b:fa:18:00:75:bc:60:8e:83:c2:7e:ca:85:31:
         ff:d4:1d:dd:f0:ce:ed:15:0c:3c:b9:e8:8f:df:ba:eb:fb:62:
         d9:bb:9e:57:a2:a0:22:93:6b:e9:1f:4d:9a:03:f5:99:77:d0:
         2e:56:15:67:ab:d6:a7:0e:3c:2e:8d:cc:01:17:f7:ac:4c:f9:
         e0:65:a3:b7:0e:9b:a6:dc:46:7b:e6:63:69:9c:28:f9:7e:f4:
         16:b4:1f:ce:6c:65:ad:6b:71:f6:e5:1c:da:32:41:0d:2f:26:
         57:2f:35:22:86:0b:29:bb:52:40:7b:a3:30:8d:cc:e8:aa:aa:
         2c:d9:8c:94:97:4c:ae:07:d1:86:72:db:f4:57:77:0d:84:9d:
         96:d4:e2:28:7f:07:02:fa:2d:c9:f3:ee:e6:bb:a8:51:7d:01:
         58:2e:09:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc5ePT9siA27PfR0jvEuDsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjA0OGFhZjViYjQyZjZjNGQ5ZDM4N2FkMjdhN2ViMjE5
ZjM4ODIwHhcNMjUwNjA0MDU0NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzYxNzYyODBiY2FkZGFhNmI0NTE3NjBjMDdlNGEwMDE3NDYzMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAO3rUT+didZborhm7aZd7IDlhHM
XuZLZmO1uO2VY6nf+HmI50f/UKso7aSl7GcS8v33JC5KAhoNStiZ1M58vm26Asoy
iRfzdiqa6q2rHULHSUqXbp0njt3UGzuNUT5Nh9EWy/FmMC18KQXE7YY1e5NZjZZW
TzoWa2PZQYB9PlPPHnjtmIxaE2HzjtcFRgWagzdikeE056tKIdkkPv4yaX6tCec7
g81ukUqRCB9Pg/1mjixaVyoDpHdEHpbMp1USKVv/AKebLnmNh2OuRpfyLSLyIe/w
lhLUITeJtBCPrmfVV1ve4JD9I2WK3rf9mlMzt/x7R78mtq4mLth2a7I/9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxhdigLyt2qa0UXYMB+SgAXRjAFMB8GA1UdIwQY
MBaAFBGwSKr1u0L2xNnTh60np+shnziCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJCSXF2VzdRdmJFMmRPSHJTZW42eUdmT0lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS83YmU5YjItMmUxOS00ZmUwLWIxN2Et
NWNmM2U3NmExZWJjLzEvdkdGMktBdkszYXByUlJkZ3dINUtBQmRHTUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS83YmU5YjItMmUxOS00ZmUwLWIxN2EtNWNmM2U3NmExZWJj
LzEvRWJCSXF2VzdRdmJFMmRPSHJTZW42eUdmT0lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucQsMA0G
CSqGSIb3DQEBCwUAA4IBAQBuP7p0o8145sB7lDJfF/MY5A0eeg1gBDeg0xMeNx7m
QkrwwUKL6APo5jjOwCOM9XnK+otx1bdCJDYgtbVhnlgt7rQfRQ6zgnmA0mTFoSKi
cGKdsWXqOUr4V67kUAvBe/oYAHW8YI6Dwn7KhTH/1B3d8M7tFQw8ueiP37rr+2LZ
u55XoqAik2vpH02aA/WZd9AuVhVnq9anDjwujcwBF/esTPngZaO3Dpum3EZ75mNp
nCj5fvQWtB/ObGWta3H25RzaMkENLyZXLzUihgspu1JAe6Mwjczoqqos2YyUl0yu
B9GGctv0V3cNhJ2W1OIofwcC+i3J8+7mu6hRfQFYLgnK
-----END CERTIFICATE-----