Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/VzSRXIJg549082TDLwuDhpZSHdM.roa
File:                     VzSRXIJg549082TDLwuDhpZSHdM.roa (raw, json)
Hash identifier:          A7LBmXbBqDdzugUEkji9OFm2eXNsHo+v5p497CjSCCA=
Subject key identifier:   57:34:91:5C:82:60:E7:8F:74:F3:64:C3:2F:0B:83:86:96:52:1D:D3
Certificate issuer:       /CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
Certificate serial:       019420D5D04C7F2EBEEAC207BE44BAE038F8
Authority key identifier: E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/VzSRXIJg549082TDLwuDhpZSHdM.roa
Signing time:             Wed 01 Jan 2025 07:47:50 +0000
ROA not before:           Wed 01 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.191.0/24 maxlen: 24
                          2001:7f8:105::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d0:4c:7f:2e:be:ea:c2:07:be:44:ba:e0:38:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
        Validity
            Not Before: Jan  1 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5734915c8260e78f74f364c32f0b838696521dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:10:62:7c:98:41:97:6b:7d:c6:ba:f9:f4:86:
                    83:47:f3:31:25:17:3d:00:95:86:58:15:bd:8a:67:
                    e9:41:32:53:41:ba:f8:4d:dd:ab:dd:88:48:de:fd:
                    a6:38:bc:c3:35:30:ef:69:c4:b6:fd:7d:0b:84:e0:
                    26:5f:ce:1c:34:89:a1:6c:d2:2f:00:af:0e:76:7b:
                    8c:ee:77:77:bf:86:67:88:83:34:74:5b:30:ab:56:
                    18:2e:c4:78:b3:9f:dd:49:c9:b7:11:a2:c4:75:28:
                    94:c2:24:d7:10:77:b3:84:c1:60:1e:1b:e7:75:ba:
                    1c:45:ad:d9:6b:ee:8b:11:8e:61:5a:56:d6:dd:ae:
                    83:82:0f:e6:2d:77:0b:4f:23:43:2e:3e:0a:13:f0:
                    6c:08:51:da:0d:68:e7:bd:67:04:c2:ea:ac:32:47:
                    d2:82:68:f3:77:35:3d:0e:1a:da:d8:c4:e5:b8:24:
                    b0:0e:08:95:12:54:95:1f:be:25:a5:d0:be:12:df:
                    b3:cf:58:b1:dc:00:ae:54:dc:38:9c:dd:32:39:c9:
                    cd:56:10:af:33:e0:3d:c4:e7:f9:32:b0:cb:e1:f9:
                    25:b3:9b:95:a9:ae:3e:ae:13:29:15:82:11:73:74:
                    b3:81:e5:bd:0e:8b:61:9e:0b:e4:1a:dd:34:65:83:
                    fa:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:34:91:5C:82:60:E7:8F:74:F3:64:C3:2F:0B:83:86:96:52:1D:D3
            X509v3 Authority Key Identifier:
                keyid:E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/VzSRXIJg549082TDLwuDhpZSHdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.191.0/24
                IPv6:
                  2001:7f8:105::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:75:f0:1f:75:91:84:86:c3:9f:ee:98:7c:85:6b:6c:e5:24:
         74:c7:36:ee:f3:26:1a:ca:76:aa:10:17:38:7e:1b:e3:86:39:
         73:5b:50:65:6a:8e:85:26:f8:43:b4:29:82:98:5d:83:75:88:
         93:67:57:5e:ef:1c:4e:29:c3:54:04:84:3f:73:9f:96:73:9c:
         14:60:2f:12:35:94:78:74:30:09:6f:27:00:34:b4:c4:b6:7e:
         7a:ac:de:06:f6:31:9a:c1:fb:67:39:4f:00:fc:0f:8b:3c:2c:
         f4:1d:d8:03:96:0c:c8:d6:fd:1f:f6:be:82:26:21:4c:9d:5d:
         45:89:d9:1c:78:a5:11:76:05:65:27:3e:6c:32:a8:04:29:81:
         0a:00:58:ca:6a:63:d1:7e:bc:8e:2d:10:c0:b6:8a:ae:82:6a:
         82:32:bf:7a:a6:c4:81:6b:59:e8:8a:6c:e7:6c:d4:a3:cf:fc:
         b1:71:42:13:f0:bd:01:5c:d5:08:58:17:ae:70:24:59:f8:ad:
         61:9e:ed:bb:f4:0d:93:b9:93:14:84:d9:0b:62:e4:d4:7a:43:
         c9:88:ef:57:3b:bc:7a:14:7d:dc:d7:4c:d3:28:2f:ef:7c:70:
         24:33:41:8b:bd:50:cd:d1:cc:2d:c9:4b:d6:02:d7:25:38:5f:
         02:8d:e4:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1dBMfy6+6sIHvkS64Dj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzQ2MTZlZGJkNjAxNTRmYTNkYWM3N2VhOTBkYmQ3YzY4
YTEzMmQwHhcNMjUwMTAxMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzM0OTE1YzgyNjBlNzhmNzRmMzY0YzMyZjBiODM4Njk2NTIxZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRBifJhBl2t9xrr59IaDR/MxJRc9
AJWGWBW9imfpQTJTQbr4Td2r3YhI3v2mOLzDNTDvacS2/X0LhOAmX84cNImhbNIv
AK8OdnuM7nd3v4ZniIM0dFswq1YYLsR4s5/dScm3EaLEdSiUwiTXEHezhMFgHhvn
dbocRa3Za+6LEY5hWlbW3a6Dgg/mLXcLTyNDLj4KE/BsCFHaDWjnvWcEwuqsMkfS
gmjzdzU9Dhra2MTluCSwDgiVElSVH74lpdC+Et+zz1ix3ACuVNw4nN0yOcnNVhCv
M+A9xOf5MrDL4fkls5uVqa4+rhMpFYIRc3SzgeW9DothngvkGt00ZYP6YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFc0kVyCYOePdPNkwy8Lg4aWUh3TMB8GA1UdIwQY
MBaAFOY0YW7b1gFU+j2sd+qQ29fGihMtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQt
ZDk5MjMxZTQ2NDU3LzEvVnpTUlhJSmc1NDkwODJUREx3dURocFpTSGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQtZDk5MjMxZTQ2NDU3
LzEvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQG/MA8E
AgACMAkDBwAgAQf4AQUwDQYJKoZIhvcNAQELBQADggEBAIF18B91kYSGw5/umHyF
a2zlJHTHNu7zJhrKdqoQFzh+G+OGOXNbUGVqjoUm+EO0KYKYXYN1iJNnV17vHE4p
w1QEhD9zn5ZznBRgLxI1lHh0MAlvJwA0tMS2fnqs3gb2MZrB+2c5TwD8D4s8LPQd
2AOWDMjW/R/2voImIUydXUWJ2Rx4pRF2BWUnPmwyqAQpgQoAWMpqY9F+vI4tEMC2
iq6CaoIyv3qmxIFrWeiKbOds1KPP/LFxQhPwvQFc1QhYF65wJFn4rWGe7bv0DZO5
kxSE2Qti5NR6Q8mI71c7vHoUfdzXTNMoL+98cCQzQYu9UM3RzC3JS9YC1yU4XwKN
5K0=
-----END CERTIFICATE-----