Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/VQjQkTkLXx2PM7AXiDEtCRX7BD4.roa
File:                     VQjQkTkLXx2PM7AXiDEtCRX7BD4.roa (raw, json)
Hash identifier:          JEN4BR7aSsYhB3PsaV5Lgj3YGaN/BXoWBAWcYvNGUik=
Subject key identifier:   55:08:D0:91:39:0B:5F:1D:8F:33:B0:17:88:31:2D:09:15:FB:04:3E
Certificate issuer:       /CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
Certificate serial:       018D1C7C67FB9C8CB619038C7F20FEE0AF04
Authority key identifier: 11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/VQjQkTkLXx2PM7AXiDEtCRX7BD4.roa
Signing time:             Thu 18 Jan 2024 12:12:11 +0000
ROA not before:           Thu 18 Jan 2024 12:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        185.125.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:7c:67:fb:9c:8c:b6:19:03:8c:7f:20:fe:e0:af:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
        Validity
            Not Before: Jan 18 12:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5508d091390b5f1d8f33b01788312d0915fb043e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fb:55:0a:7d:79:eb:10:6f:36:cc:c7:ea:10:
                    5a:b8:48:77:d7:9d:88:a6:fd:93:b2:e6:67:9d:44:
                    b2:79:a2:ea:2d:56:28:03:6d:02:36:29:3a:16:c7:
                    84:c7:5a:93:d2:1f:02:65:2d:6e:00:7e:05:ae:af:
                    89:c4:39:4a:c0:52:d4:d1:27:21:00:47:58:7e:7d:
                    f0:61:bd:10:9c:6c:86:cc:66:8b:66:5c:bf:36:8c:
                    09:79:cf:86:49:46:b5:c4:52:16:44:64:2c:56:5a:
                    14:54:e6:26:fa:cf:7f:75:56:ea:de:b4:88:bf:a3:
                    7b:51:c5:56:8a:0d:06:f6:07:09:82:01:b3:51:79:
                    da:23:a5:de:55:2d:9a:09:24:a9:aa:3b:f5:07:42:
                    b1:0f:51:e2:f5:64:94:e0:6c:4d:28:4a:27:e1:17:
                    5d:61:5d:5f:7c:3c:4a:88:d8:2e:67:89:d2:a2:20:
                    cf:ef:2a:bf:41:fc:93:4e:6b:33:33:9a:47:1d:d7:
                    6b:c5:9e:b0:1c:03:64:ce:7b:49:fc:e3:00:dd:fb:
                    38:0e:2c:2a:f0:37:2d:14:e2:80:9d:d3:14:bd:2f:
                    ef:35:95:e5:55:70:f2:c5:ec:59:11:13:7c:a0:bb:
                    a5:23:bf:a0:69:ba:c2:8b:16:63:a2:9e:b0:5c:63:
                    e9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:08:D0:91:39:0B:5F:1D:8F:33:B0:17:88:31:2D:09:15:FB:04:3E
            X509v3 Authority Key Identifier:
                keyid:11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/VQjQkTkLXx2PM7AXiDEtCRX7BD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:44:0d:37:7b:63:ed:93:ae:c6:b3:3a:5f:df:05:d4:04:72:
         c9:77:4e:ab:80:fb:54:fa:e8:2d:55:55:8c:26:b2:d5:e0:27:
         03:d3:06:bc:d3:e9:2e:4e:4a:43:e6:79:e8:e5:17:df:94:08:
         5b:ea:d6:4f:04:9e:f3:bd:c2:3f:b8:4a:94:9c:51:64:d1:bb:
         c1:6d:7b:72:8c:73:49:11:99:22:7a:3c:5d:66:d3:18:44:a2:
         82:03:89:75:1a:36:f1:8b:03:a1:7f:f6:8f:0c:15:92:c5:40:
         e1:c3:4a:bb:12:49:35:27:39:17:7d:d1:49:83:46:a1:7c:40:
         c5:dd:b8:35:9f:e0:35:f6:3c:99:3d:7d:ac:b5:04:2e:cf:d0:
         3c:b8:48:5c:9d:3a:32:d7:51:ec:f1:34:ba:af:0c:f0:8f:bc:
         34:ce:82:2f:ec:cd:6a:60:23:01:0d:1f:84:4f:8c:57:c7:ad:
         5f:cd:34:81:f4:05:0a:b4:92:ca:da:f3:42:08:8b:34:36:38:
         8e:2e:b1:19:c9:80:6d:db:4a:c6:7c:bd:f0:39:02:a6:87:1c:
         35:4b:5b:58:76:59:de:75:a7:ee:f1:bc:fc:2d:e9:39:57:c5:
         15:70:ca:c1:5b:69:a2:d1:c9:4e:a2:31:50:53:a8:36:70:19:
         51:63:7a:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0cfGf7nIy2GQOMfyD+4K8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWUwY2JiZTVkMWMwYTA5NDY1MDk1ZTQ0NGZiYzFjNzkz
MmM2ODMwHhcNMjQwMTE4MTIxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTA4ZDA5MTM5MGI1ZjFkOGYzM2IwMTc4ODMxMmQwOTE1ZmIwNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArftVCn156xBvNszH6hBauEh3152I
pv2TsuZnnUSyeaLqLVYoA20CNik6FseEx1qT0h8CZS1uAH4Frq+JxDlKwFLU0Sch
AEdYfn3wYb0QnGyGzGaLZly/NowJec+GSUa1xFIWRGQsVloUVOYm+s9/dVbq3rSI
v6N7UcVWig0G9gcJggGzUXnaI6XeVS2aCSSpqjv1B0KxD1Hi9WSU4GxNKEon4Rdd
YV1ffDxKiNguZ4nSoiDP7yq/QfyTTmszM5pHHddrxZ6wHANkzntJ/OMA3fs4Diwq
8DctFOKAndMUvS/vNZXlVXDyxexZERN8oLulI7+gabrCixZjop6wXGPphQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUI0JE5C18djzOwF4gxLQkV+wQ+MB8GA1UdIwQY
MBaAFBEeDLvl0cCglGUJXkRPvBx5MsaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3Nzgt
ZDE1ZTUxNmRjNDVjLzEvVlFqUWtUa0xYeDJQTTdBWGlERXRDUlg3QkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3NzgtZDE1ZTUxNmRjNDVj
LzEvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX0qMA0G
CSqGSIb3DQEBCwUAA4IBAQATRA03e2Ptk67Gszpf3wXUBHLJd06rgPtU+ugtVVWM
JrLV4CcD0wa80+kuTkpD5nno5RfflAhb6tZPBJ7zvcI/uEqUnFFk0bvBbXtyjHNJ
EZkiejxdZtMYRKKCA4l1GjbxiwOhf/aPDBWSxUDhw0q7Ekk1JzkXfdFJg0ahfEDF
3bg1n+A19jyZPX2stQQuz9A8uEhcnToy11Hs8TS6rwzwj7w0zoIv7M1qYCMBDR+E
T4xXx61fzTSB9AUKtJLK2vNCCIs0NjiOLrEZyYBt20rGfL3wOQKmhxw1S1tYdlne
dafu8bz8Lek5V8UVcMrBW2mi0clOojFQU6g2cBlRY3qO
-----END CERTIFICATE-----