Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/vNOS5vUWCqJEMFsm4Huo1TSEvCc.roa
File:                     vNOS5vUWCqJEMFsm4Huo1TSEvCc.roa (raw, json)
Hash identifier:          yDPHPi4lOHCdMJ+/kRIvQ07jiloiQq/r5yFG565XkNs=
Subject key identifier:   BC:D3:92:E6:F5:16:0A:A2:44:30:5B:26:E0:7B:A8:D5:34:84:BC:27
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       019424B3B3FD6403786DFE97508BF36B2BF1
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/vNOS5vUWCqJEMFsm4Huo1TSEvCc.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        176.57.212.0/24 maxlen: 24
                          185.247.18.0/24 maxlen: 24
                          185.247.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b3:fd:64:03:78:6d:fe:97:50:8b:f3:6b:2b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcd392e6f5160aa244305b26e07ba8d53484bc27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a1:94:54:22:83:64:a7:5d:75:ef:20:64:d6:
                    60:a3:38:bf:2c:ac:61:1c:a6:8b:90:79:35:e9:ec:
                    34:de:95:bc:83:85:8d:bf:2d:b5:8e:b7:52:44:cc:
                    64:0a:3c:a0:0c:22:45:35:a9:b1:de:c1:f8:33:5b:
                    b2:ef:74:bc:ce:14:26:ae:9b:ec:ac:88:2b:7f:7a:
                    c8:04:1b:89:60:9d:e6:5c:a4:16:54:d4:03:67:70:
                    60:96:76:ba:4c:89:9b:1c:2a:e7:f2:0b:82:a3:74:
                    8a:90:a9:79:45:82:10:2b:76:6e:c9:fb:10:4d:84:
                    fb:dd:ea:1a:c1:f3:69:fa:91:cf:71:b7:a4:ac:f8:
                    fa:40:d9:84:4f:8e:cd:7a:d7:dc:c3:ce:7b:66:a5:
                    f7:50:c4:c4:2e:30:2c:23:d4:3a:6e:72:c4:e6:95:
                    33:09:db:92:77:e0:74:47:e4:17:6f:b4:d0:fc:ff:
                    12:32:6f:83:d1:83:5d:e5:88:2e:54:6c:d3:85:dc:
                    57:37:d3:29:7a:02:02:28:51:6b:85:98:16:cb:2d:
                    6d:7a:da:c9:73:75:6a:35:eb:49:ec:8f:d3:31:0d:
                    57:47:e7:4d:83:3e:a1:c7:e3:a9:ec:42:12:ee:b6:
                    39:78:b6:a1:89:46:1b:84:a9:99:38:01:1c:f8:4b:
                    03:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D3:92:E6:F5:16:0A:A2:44:30:5B:26:E0:7B:A8:D5:34:84:BC:27
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/vNOS5vUWCqJEMFsm4Huo1TSEvCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.212.0/24
                  185.247.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:dc:ff:f9:aa:1f:4e:37:43:05:ff:dd:be:3a:4f:35:fb:23:
         4e:90:bd:20:6e:e0:20:cc:1a:4e:e1:1c:81:8a:17:88:24:6e:
         82:a6:45:b6:e4:2e:c9:e8:bb:3b:03:b7:81:29:b6:76:3f:07:
         21:5d:cb:36:72:a7:51:55:60:27:b1:21:99:dc:91:a4:e5:93:
         11:ad:86:e5:8f:61:4d:10:99:76:f6:1e:3e:e9:b6:8a:68:55:
         3a:58:a9:34:40:87:9b:40:19:29:6e:af:7c:38:18:c5:14:a4:
         3a:f9:8d:11:3d:48:de:c6:c0:dc:ed:c3:16:c5:7b:a8:6d:35:
         75:26:2f:bb:45:a4:4c:0f:f8:cb:61:18:1e:e7:4a:2e:4a:e1:
         da:e3:a0:d2:6e:4d:bd:16:b2:e1:fd:41:42:d4:fd:e2:98:b1:
         42:34:39:f3:24:14:96:07:b9:f3:3e:9f:ce:38:2f:66:cc:9c:
         56:24:97:fd:27:f8:89:33:73:47:53:07:05:1d:c1:ec:a0:99:
         d6:db:57:94:e6:99:14:23:b1:fc:11:b2:89:1f:e5:dc:6b:fe:
         d6:32:e4:11:62:1a:e4:76:88:ff:16:b6:b3:aa:17:05:af:f5:
         24:67:39:2e:f0:74:93:ba:7b:48:75:3d:06:f5:ae:9b:b1:41:
         05:5b:d2:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks7P9ZAN4bf6XUIvzayvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2QzOTJlNmY1MTYwYWEyNDQzMDViMjZlMDdiYThkNTM0ODRiYzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKGUVCKDZKddde8gZNZgozi/LKxh
HKaLkHk16ew03pW8g4WNvy21jrdSRMxkCjygDCJFNamx3sH4M1uy73S8zhQmrpvs
rIgrf3rIBBuJYJ3mXKQWVNQDZ3Bglna6TImbHCrn8guCo3SKkKl5RYIQK3ZuyfsQ
TYT73eoawfNp+pHPcbekrPj6QNmET47Netfcw857ZqX3UMTELjAsI9Q6bnLE5pUz
CduSd+B0R+QXb7TQ/P8SMm+D0YNd5YguVGzThdxXN9MpegICKFFrhZgWyy1tetrJ
c3VqNetJ7I/TMQ1XR+dNgz6hx+Op7EIS7rY5eLahiUYbhKmZOAEc+EsDewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLzTkub1FgqiRDBbJuB7qNU0hLwnMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvdk5PUzV2VVdDcUpFTUZzbTRIdW8xVFNFdkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsDnUAwQB
ufcSMA0GCSqGSIb3DQEBCwUAA4IBAQBG3P/5qh9ON0MF/92+Ok81+yNOkL0gbuAg
zBpO4RyBiheIJG6CpkW25C7J6Ls7A7eBKbZ2PwchXcs2cqdRVWAnsSGZ3JGk5ZMR
rYblj2FNEJl29h4+6baKaFU6WKk0QIebQBkpbq98OBjFFKQ6+Y0RPUjexsDc7cMW
xXuobTV1Ji+7RaRMD/jLYRge50ouSuHa46DSbk29FrLh/UFC1P3imLFCNDnzJBSW
B7nzPp/OOC9mzJxWJJf9J/iJM3NHUwcFHcHsoJnW21eU5pkUI7H8EbKJH+Xca/7W
MuQRYhrkdoj/FrazqhcFr/UkZzku8HSTuntIdT0G9a6bsUEFW9Jn
-----END CERTIFICATE-----