Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/vYaVLKXY1-Vrl86mKkE3Y-3XdFU.roa
File:                     vYaVLKXY1-Vrl86mKkE3Y-3XdFU.roa (raw, json)
Hash identifier:          8y0C99LYt4H2oUrCqNFHSxS/1TMmBVBqFKxb6zfEFoU=
Subject key identifier:   BD:86:95:2C:A5:D8:D7:E5:6B:97:CE:A6:2A:41:37:63:ED:D7:74:55
Certificate issuer:       /CN=7490ce6b6f8f750e03584ebbd7bdad0f11fbe31c
Certificate serial:       019423D6BBB45C784FEE766F1AB6E14A6C70
Authority key identifier: 74:90:CE:6B:6F:8F:75:0E:03:58:4E:BB:D7:BD:AD:0F:11:FB:E3:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJDOa2-PdQ4DWE67172tDxH74xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/vYaVLKXY1-Vrl86mKkE3Y-3XdFU.roa
Signing time:             Wed 01 Jan 2025 21:47:42 +0000
ROA not before:           Wed 01 Jan 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48854
IP address blocks:        185.149.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/dJDOa2-PdQ4DWE67172tDxH74xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/dJDOa2-PdQ4DWE67172tDxH74xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJDOa2-PdQ4DWE67172tDxH74xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bb:b4:5c:78:4f:ee:76:6f:1a:b6:e1:4a:6c:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7490ce6b6f8f750e03584ebbd7bdad0f11fbe31c
        Validity
            Not Before: Jan  1 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd86952ca5d8d7e56b97cea62a413763edd77455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:64:b2:c5:2f:0d:49:14:fc:8b:39:f0:1a:d7:
                    dd:84:a1:2f:8c:ea:47:b4:bf:29:f4:ac:3e:06:ac:
                    68:50:ef:fc:c7:58:24:0b:89:ce:d8:c3:ef:3d:35:
                    47:85:af:38:7b:74:d6:35:d5:ac:77:fe:19:a3:70:
                    7c:a7:22:53:b5:a1:28:93:08:48:a1:8c:0d:be:07:
                    c5:47:c3:c9:db:b3:ee:f3:8d:16:35:30:2e:ba:57:
                    fb:c0:a9:d4:4d:80:ad:11:d0:50:5e:db:04:06:e6:
                    11:b5:b8:1f:d1:34:e3:0e:5b:32:a0:1d:ed:9b:2e:
                    74:45:42:8b:ff:7b:50:6c:de:5d:dd:d0:10:8d:45:
                    c7:4a:db:38:cf:b5:8e:a3:4f:f1:ae:15:e4:80:39:
                    21:15:5f:6b:c6:ff:e5:17:a8:d3:5a:cf:fe:e7:45:
                    e8:5f:ab:3b:4d:c3:30:b0:f0:63:cf:32:c4:a1:d8:
                    d3:7a:83:be:df:d1:0a:b7:d3:75:0a:7b:ce:8c:cf:
                    37:1e:1a:2b:d6:a7:11:03:ea:bd:4c:3f:08:6f:c0:
                    d8:4d:01:86:9b:54:d8:39:57:c5:64:c0:6d:65:6b:
                    97:e9:1c:73:81:ad:33:f5:51:14:83:9b:24:d9:17:
                    07:a5:a7:e0:74:c1:49:45:74:39:76:68:d0:15:a2:
                    da:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:86:95:2C:A5:D8:D7:E5:6B:97:CE:A6:2A:41:37:63:ED:D7:74:55
            X509v3 Authority Key Identifier:
                keyid:74:90:CE:6B:6F:8F:75:0E:03:58:4E:BB:D7:BD:AD:0F:11:FB:E3:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJDOa2-PdQ4DWE67172tDxH74xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/vYaVLKXY1-Vrl86mKkE3Y-3XdFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/ed8eba-6bd4-4438-b3e0-c496f9cafa83/1/dJDOa2-PdQ4DWE67172tDxH74xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f6:22:f6:c1:fd:b1:9d:cb:53:89:de:07:e4:f7:1a:9a:10:
         d8:ea:dc:0b:fc:ec:0a:ce:01:d5:6d:ce:f9:eb:56:22:1d:d3:
         c2:7d:ca:f0:2c:82:94:40:50:e1:5b:37:9f:cc:47:40:51:8e:
         8f:1d:0a:b3:24:50:86:37:b8:c3:a1:3a:32:ce:d0:30:90:77:
         09:10:e8:bd:bc:52:e7:b5:69:29:2d:40:c1:73:88:c1:24:09:
         23:4f:7f:3b:6d:5a:b3:e1:8d:8c:a8:1d:34:71:82:df:b4:58:
         14:b1:13:dc:bf:cc:09:0e:7d:8b:7d:f3:2c:78:b6:11:61:56:
         1e:f9:f0:d0:de:7b:bb:d7:63:92:9a:de:85:d3:78:48:78:07:
         15:20:b9:58:de:ad:3b:cc:75:da:ab:b8:7d:84:f4:3c:f8:3f:
         a6:0e:19:d8:c6:08:3d:ae:a0:a2:70:be:f2:87:0d:1e:85:8b:
         f2:75:3d:73:0f:53:ad:2b:70:08:ab:07:4e:0d:a0:a6:8d:25:
         dd:03:40:04:e1:d1:98:ae:aa:59:a2:02:0a:08:91:6a:e9:42:
         8d:97:2c:e1:fa:26:f0:57:e2:a6:b6:e5:fa:50:66:5b:48:ff:
         96:58:68:b7:cb:ca:63:50:74:47:6d:53:de:ff:86:08:00:78:
         03:d6:b2:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1ru0XHhP7nZvGrbhSmxwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTBjZTZiNmY4Zjc1MGUwMzU4NGViYmQ3YmRhZDBmMTFm
YmUzMWMwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg2OTUyY2E1ZDhkN2U1NmI5N2NlYTYyYTQxMzc2M2VkZDc3NDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmSyxS8NSRT8iznwGtfdhKEvjOpH
tL8p9Kw+BqxoUO/8x1gkC4nO2MPvPTVHha84e3TWNdWsd/4Zo3B8pyJTtaEokwhI
oYwNvgfFR8PJ27Pu840WNTAuulf7wKnUTYCtEdBQXtsEBuYRtbgf0TTjDlsyoB3t
my50RUKL/3tQbN5d3dAQjUXHSts4z7WOo0/xrhXkgDkhFV9rxv/lF6jTWs/+50Xo
X6s7TcMwsPBjzzLEodjTeoO+39EKt9N1CnvOjM83Hhor1qcRA+q9TD8Ib8DYTQGG
m1TYOVfFZMBtZWuX6Rxzga0z9VEUg5sk2RcHpafgdMFJRXQ5dmjQFaLadQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2GlSyl2Nfla5fOpipBN2Pt13RVMB8GA1UdIwQY
MBaAFHSQzmtvj3UOA1hOu9e9rQ8R++McMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpET2EyLVBkUTREV0U2NzE3MnREeEg3NHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9lZDhlYmEtNmJkNC00NDM4LWIzZTAt
YzQ5NmY5Y2FmYTgzLzEvdllhVkxLWFkxLVZybDg2bUtrRTNZLTNYZEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9lZDhlYmEtNmJkNC00NDM4LWIzZTAtYzQ5NmY5Y2FmYTgz
LzEvZEpET2EyLVBkUTREV0U2NzE3MnREeEg3NHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZXkMA0G
CSqGSIb3DQEBCwUAA4IBAQCW9iL2wf2xnctTid4H5PcamhDY6twL/OwKzgHVbc75
61YiHdPCfcrwLIKUQFDhWzefzEdAUY6PHQqzJFCGN7jDoToyztAwkHcJEOi9vFLn
tWkpLUDBc4jBJAkjT387bVqz4Y2MqB00cYLftFgUsRPcv8wJDn2LffMseLYRYVYe
+fDQ3nu712OSmt6F03hIeAcVILlY3q07zHXaq7h9hPQ8+D+mDhnYxgg9rqCicL7y
hw0ehYvydT1zD1OtK3AIqwdODaCmjSXdA0AE4dGYrqpZogIKCJFq6UKNlyzh+ibw
V+KmtuX6UGZbSP+WWGi3y8pjUHRHbVPe/4YIAHgD1rK/
-----END CERTIFICATE-----