Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/VqA7lyAHWNtQ3ogFkewoyEBQOWc.roa
File:                     VqA7lyAHWNtQ3ogFkewoyEBQOWc.roa (raw, json)
Hash identifier:          bguSk3S53RTNNFAYb+rXc/ucdN2WyoXSCoqeBHfSv9c=
Subject key identifier:   56:A0:3B:97:20:07:58:DB:50:DE:88:05:91:EC:28:C8:40:50:39:67
Certificate issuer:       /CN=e7aabcdac3ad9fb32d24ad60c8a26cb9eab8d585
Certificate serial:       018CC500A0881A0A58EF33D35442F6F6280C
Authority key identifier: E7:AA:BC:DA:C3:AD:9F:B3:2D:24:AD:60:C8:A2:6C:B9:EA:B8:D5:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/56q82sOtn7MtJK1gyKJsueq41YU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/VqA7lyAHWNtQ3ogFkewoyEBQOWc.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201393
IP address blocks:        185.76.112.0/24 maxlen: 24
                          185.76.112.0/22 maxlen: 22
                          185.76.113.0/24 maxlen: 24
                          185.76.114.0/24 maxlen: 24
                          185.76.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/56q82sOtn7MtJK1gyKJsueq41YU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/56q82sOtn7MtJK1gyKJsueq41YU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/56q82sOtn7MtJK1gyKJsueq41YU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a0:88:1a:0a:58:ef:33:d3:54:42:f6:f6:28:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7aabcdac3ad9fb32d24ad60c8a26cb9eab8d585
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a03b97200758db50de880591ec28c840503967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:77:b1:94:18:80:91:43:0c:5c:9b:47:a2:91:
                    6b:bb:3b:d8:e6:3d:ab:ce:9e:8d:07:7b:74:19:6a:
                    21:d3:28:d9:7b:4f:c5:09:7f:a1:ff:01:1d:b2:99:
                    b3:14:63:8a:be:d6:f2:93:13:fa:8c:e1:3e:c1:c6:
                    eb:3a:7d:21:f0:a9:a8:36:89:a4:f2:50:31:11:e9:
                    2c:4a:43:cb:4a:e1:28:f7:fe:01:70:c6:e1:e5:b4:
                    3f:16:84:c6:da:3a:96:6f:40:5d:c9:81:09:1d:22:
                    61:cc:d6:a6:a5:e4:a7:da:e2:d4:cf:15:9a:6f:ff:
                    a1:1c:93:be:96:c6:30:01:dd:cf:1a:f4:43:65:11:
                    ed:4f:3f:30:0b:bb:8d:e7:4f:f7:49:04:ae:cf:78:
                    ca:23:15:8d:55:73:5f:ab:80:e0:ce:60:16:29:0b:
                    c3:c3:75:42:b2:5c:d8:75:c8:15:76:bb:dd:0a:8f:
                    bb:fe:79:04:96:5a:9d:5b:8f:14:d2:90:02:d2:24:
                    3c:19:1d:1b:9d:8b:c0:e5:21:0f:c7:c9:4f:c3:f4:
                    ff:a7:c6:ed:c3:d6:35:ac:b3:cd:3c:4d:3a:4e:0f:
                    41:4e:90:d0:e1:73:67:24:72:60:7a:3d:15:82:c6:
                    4b:db:19:90:3a:58:41:17:d8:c9:4f:45:6b:fb:ee:
                    c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A0:3B:97:20:07:58:DB:50:DE:88:05:91:EC:28:C8:40:50:39:67
            X509v3 Authority Key Identifier:
                keyid:E7:AA:BC:DA:C3:AD:9F:B3:2D:24:AD:60:C8:A2:6C:B9:EA:B8:D5:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/56q82sOtn7MtJK1gyKJsueq41YU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/VqA7lyAHWNtQ3ogFkewoyEBQOWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/5d93ba-bf59-4e78-a4a2-e36d0b9b645d/1/56q82sOtn7MtJK1gyKJsueq41YU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:d7:94:5c:21:c5:09:ed:ca:ca:d3:bb:bb:99:a6:d3:f0:43:
         52:9a:01:b2:17:d5:f1:1c:a9:ff:2e:00:e9:eb:26:35:06:df:
         31:b8:20:ab:31:50:d1:a7:cd:f5:b0:94:e9:3b:e5:78:0f:f2:
         60:be:99:b5:fe:81:0c:0e:cc:15:22:3c:6a:d1:22:4a:90:16:
         bd:48:e6:f1:fe:6b:89:0d:30:c8:2d:e9:25:d2:0e:de:e5:5d:
         82:b6:31:0c:b3:3c:11:a6:e9:27:db:76:5c:53:4c:91:11:79:
         2e:da:c1:28:8a:30:3d:4c:ed:04:f4:a9:8c:c6:ee:14:c0:8a:
         56:7b:90:30:85:6d:aa:df:aa:fc:e7:14:72:9a:34:50:a3:a1:
         04:21:23:e2:b6:38:09:1b:a3:38:53:44:64:22:0e:9b:80:4b:
         4d:9d:fa:49:cb:41:57:4b:45:55:52:3d:dd:3f:ab:8f:c8:e8:
         5a:db:5e:19:55:73:53:26:cc:e2:f7:6c:81:8a:7d:6b:a0:31:
         85:79:44:58:42:f4:68:c5:b3:b2:eb:a4:7c:ac:8f:4d:41:03:
         87:ce:c4:8a:cd:c6:5c:0c:f7:54:a3:94:7e:f4:0d:b5:3f:ae:
         75:cf:0a:3b:b1:d9:ae:a5:ae:b6:dc:95:e6:e1:84:ac:2d:d7:
         ca:78:fc:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAKCIGgpY7zPTVEL29igMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YWFiY2RhYzNhZDlmYjMyZDI0YWQ2MGM4YTI2Y2I5ZWFi
OGQ1ODUwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmEwM2I5NzIwMDc1OGRiNTBkZTg4MDU5MWVjMjhjODQwNTAzOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3exlBiAkUMMXJtHopFruzvY5j2r
zp6NB3t0GWoh0yjZe0/FCX+h/wEdspmzFGOKvtbykxP6jOE+wcbrOn0h8KmoNomk
8lAxEeksSkPLSuEo9/4BcMbh5bQ/FoTG2jqWb0BdyYEJHSJhzNampeSn2uLUzxWa
b/+hHJO+lsYwAd3PGvRDZRHtTz8wC7uN50/3SQSuz3jKIxWNVXNfq4DgzmAWKQvD
w3VCslzYdcgVdrvdCo+7/nkEllqdW48U0pAC0iQ8GR0bnYvA5SEPx8lPw/T/p8bt
w9Y1rLPNPE06Tg9BTpDQ4XNnJHJgej0VgsZL2xmQOlhBF9jJT0Vr++7JRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFagO5cgB1jbUN6IBZHsKMhAUDlnMB8GA1UdIwQY
MBaAFOeqvNrDrZ+zLSStYMiibLnquNWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTZxODJzT3RuN010SksxZ3lLSnN1ZXE0MVlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81ZDkzYmEtYmY1OS00ZTc4LWE0YTIt
ZTM2ZDBiOWI2NDVkLzEvVnFBN2x5QUhXTnRRM29nRmtld295RUJRT1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81ZDkzYmEtYmY1OS00ZTc4LWE0YTItZTM2ZDBiOWI2NDVk
LzEvNTZxODJzT3RuN010SksxZ3lLSnN1ZXE0MVlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUxwMA0G
CSqGSIb3DQEBCwUAA4IBAQA715RcIcUJ7crK07u7mabT8ENSmgGyF9XxHKn/LgDp
6yY1Bt8xuCCrMVDRp831sJTpO+V4D/Jgvpm1/oEMDswVIjxq0SJKkBa9SObx/muJ
DTDILekl0g7e5V2CtjEMszwRpukn23ZcU0yREXku2sEoijA9TO0E9KmMxu4UwIpW
e5AwhW2q36r85xRymjRQo6EEISPitjgJG6M4U0RkIg6bgEtNnfpJy0FXS0VVUj3d
P6uPyOha214ZVXNTJszi92yBin1roDGFeURYQvRoxbOy66R8rI9NQQOHzsSKzcZc
DPdUo5R+9A21P651zwo7sdmupa623JXm4YSsLdfKePzh
-----END CERTIFICATE-----