Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/VxNwA8Z3jbKMhaAGUeXpgoaonqQ.roa
File:                     VxNwA8Z3jbKMhaAGUeXpgoaonqQ.roa (raw, json)
Hash identifier:          8UE5cV5HAo/dNocvJBP3QpumV7Y6GlI34sUC4Tk5UYU=
Subject key identifier:   57:13:70:03:C6:77:8D:B2:8C:85:A0:06:51:E5:E9:82:86:A8:9E:A4
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       0192303BA8BCC4706A53ACFABF1FB5ED52AF
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/VxNwA8Z3jbKMhaAGUeXpgoaonqQ.roa
Signing time:             Thu 26 Sep 2024 21:27:49 +0000
ROA not before:           Thu 26 Sep 2024 21:27:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214728
IP address blocks:        185.170.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:30:3b:a8:bc:c4:70:6a:53:ac:fa:bf:1f:b5:ed:52:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Sep 26 21:27:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57137003c6778db28c85a00651e5e98286a89ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8a:14:bb:32:aa:51:c2:33:ba:f3:ff:2d:6b:
                    17:02:cc:69:4a:c5:77:fe:71:99:32:5c:21:a3:d0:
                    8f:8a:3c:b0:63:c0:23:cc:df:26:16:0e:91:10:2f:
                    f8:ed:e6:bf:63:bf:05:19:a0:f0:54:9a:76:dc:7f:
                    ed:e3:d3:0c:07:89:22:7e:3d:96:06:fb:78:14:10:
                    b0:41:59:1d:87:49:66:90:3b:e4:b9:6a:5f:9d:47:
                    b4:2e:0b:83:2d:fd:20:83:cf:5b:02:db:1e:1c:ff:
                    95:57:f2:eb:45:42:9f:20:12:5f:43:54:74:26:7a:
                    2f:d7:7d:1d:c1:05:e8:d2:fc:24:fc:79:73:7b:ea:
                    19:e6:7b:24:4c:8c:b0:a5:75:19:4e:3b:1d:18:41:
                    be:24:b2:ba:03:89:d6:d5:66:e6:85:c9:c0:e0:6e:
                    95:c4:0c:ec:af:36:00:48:7a:e4:a7:ae:1e:96:be:
                    7c:e5:f2:5c:68:49:8c:21:b2:80:27:82:bd:b9:b0:
                    d5:2a:a2:35:81:36:bc:bd:5f:63:93:d0:6b:b5:d2:
                    ba:7f:d5:dc:55:40:1a:ac:b9:69:bd:ed:48:74:68:
                    3e:2b:07:66:c2:2a:d8:23:d1:99:fa:d0:86:31:54:
                    54:61:21:49:48:1f:ec:d4:f6:91:f4:6d:7c:04:39:
                    55:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:13:70:03:C6:77:8D:B2:8C:85:A0:06:51:E5:E9:82:86:A8:9E:A4
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/VxNwA8Z3jbKMhaAGUeXpgoaonqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c6:6c:72:6a:4a:3f:cb:6c:34:aa:10:0c:9a:4b:b0:5d:a0:
         d7:f7:4f:a0:44:fb:1f:88:21:23:6a:79:fa:bd:57:23:89:5c:
         4f:3a:30:92:4f:31:23:90:ee:d2:52:d2:6a:0b:38:8b:ea:97:
         df:92:46:aa:17:a0:a7:d3:60:35:2c:b2:a8:f8:91:3d:9b:67:
         04:20:7f:52:55:29:6e:73:81:6a:71:d2:e1:68:dc:bf:e9:6c:
         ec:80:5f:b6:f4:82:08:12:0f:1e:5a:af:e1:b7:26:1d:77:ca:
         e7:6d:80:4b:01:0f:dd:99:62:57:91:1f:c1:c8:af:a5:ca:40:
         d0:9f:65:1c:03:ab:88:9b:a9:b7:fb:d1:35:0f:49:11:b3:81:
         f5:db:81:12:ec:d0:fd:5e:3a:26:7b:aa:11:c1:80:12:b8:0b:
         38:3a:73:77:26:80:a9:87:dc:01:fb:58:dc:f2:c9:aa:41:8b:
         de:46:1a:ba:32:a1:d3:70:cd:8e:ea:72:48:33:f0:32:ed:6e:
         82:04:fd:ab:21:ea:f2:7b:f3:b2:0b:b4:c9:23:c6:52:69:e6:
         bc:3c:f9:17:fa:6b:7b:0d:bb:2b:07:aa:b7:6f:7a:a5:65:b8:
         b0:61:06:df:dd:4f:69:77:90:50:b4:4f:de:ea:92:4b:d2:ab:
         06:ff:d0:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIwO6i8xHBqU6z6vx+17VKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwOTI2MjEyNzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzEzNzAwM2M2Nzc4ZGIyOGM4NWEwMDY1MWU1ZTk4Mjg2YTg5ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4oUuzKqUcIzuvP/LWsXAsxpSsV3
/nGZMlwho9CPijywY8AjzN8mFg6REC/47ea/Y78FGaDwVJp23H/t49MMB4kifj2W
Bvt4FBCwQVkdh0lmkDvkuWpfnUe0LguDLf0gg89bAtseHP+VV/LrRUKfIBJfQ1R0
Jnov130dwQXo0vwk/Hlze+oZ5nskTIywpXUZTjsdGEG+JLK6A4nW1WbmhcnA4G6V
xAzsrzYASHrkp64elr585fJcaEmMIbKAJ4K9ubDVKqI1gTa8vV9jk9BrtdK6f9Xc
VUAarLlpve1IdGg+KwdmwirYI9GZ+tCGMVRUYSFJSB/s1PaR9G18BDlVzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcTcAPGd42yjIWgBlHl6YKGqJ6kMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvVnhOd0E4WjNqYktNaGFBR1VlWHBnb2FvbnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqBMA0G
CSqGSIb3DQEBCwUAA4IBAQALxmxyako/y2w0qhAMmkuwXaDX90+gRPsfiCEjann6
vVcjiVxPOjCSTzEjkO7SUtJqCziL6pffkkaqF6Cn02A1LLKo+JE9m2cEIH9SVSlu
c4FqcdLhaNy/6WzsgF+29IIIEg8eWq/htyYdd8rnbYBLAQ/dmWJXkR/ByK+lykDQ
n2UcA6uIm6m3+9E1D0kRs4H124ES7ND9Xjome6oRwYASuAs4OnN3JoCph9wB+1jc
8smqQYveRhq6MqHTcM2O6nJIM/Ay7W6CBP2rIerye/OyC7TJI8ZSaea8PPkX+mt7
DbsrB6q3b3qlZbiwYQbf3U9pd5BQtE/e6pJL0qsG/9DZ
-----END CERTIFICATE-----