Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/PvXyotkF7CUuPU9IpGsqtPRuTDs.roa
File:                     PvXyotkF7CUuPU9IpGsqtPRuTDs.roa (raw, json)
Hash identifier:          hlW2pG80ndqwHM6JsZ8rS5M7wLdO6b8IAZvrk0uvgBY=
Subject key identifier:   3E:F5:F2:A2:D9:05:EC:25:2E:3D:4F:48:A4:6B:2A:B4:F4:6E:4C:3B
Certificate issuer:       /CN=be40b3c2be7835d7b37b5826102f8746a5199d49
Certificate serial:       01966367367C070327649640086B34BBB7B8
Authority key identifier: BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/PvXyotkF7CUuPU9IpGsqtPRuTDs.roa
Signing time:             Wed 23 Apr 2025 16:07:10 +0000
ROA not before:           Wed 23 Apr 2025 16:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        185.87.76.0/24 maxlen: 24
                          185.87.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:67:36:7c:07:03:27:64:96:40:08:6b:34:bb:b7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be40b3c2be7835d7b37b5826102f8746a5199d49
        Validity
            Not Before: Apr 23 16:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ef5f2a2d905ec252e3d4f48a46b2ab4f46e4c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:47:f1:ad:a4:e0:39:dd:e0:e7:c5:d0:95:03:
                    2a:6e:2c:93:80:8c:56:23:18:5f:29:f9:07:ec:36:
                    a6:06:99:f5:ac:a6:9c:b2:47:25:b2:7d:0c:89:a9:
                    a6:af:8b:07:d2:92:e1:ea:db:8c:a5:7f:fb:a7:cb:
                    d3:78:4d:91:02:39:25:0a:c6:82:bb:70:a8:9d:80:
                    a0:65:50:0f:fb:ed:c8:a1:fc:1a:1c:ac:95:c7:c2:
                    51:94:02:31:cb:50:56:c9:99:ad:d3:db:0f:64:ca:
                    f3:85:d6:75:08:25:60:1b:2e:9c:f1:40:97:cd:a5:
                    cd:e0:e0:83:f4:1e:d1:e0:23:1e:a6:36:95:6c:00:
                    08:b4:2c:9a:2d:38:eb:dd:8e:48:44:3c:ca:a6:c2:
                    19:f5:e6:d3:1d:10:fa:41:d0:bf:01:d0:02:58:36:
                    84:06:b9:d1:a1:c2:8f:fa:49:dc:1f:2b:9f:5b:1e:
                    92:46:56:69:cd:a1:90:06:a0:83:df:6d:bc:b8:d3:
                    39:fb:c4:38:2a:db:e6:39:36:82:48:54:5b:f0:a2:
                    92:14:3e:bc:d2:38:ac:23:5f:ee:c8:f6:75:e1:26:
                    06:6b:a6:d2:75:2c:e1:a5:de:ed:4b:4b:84:3d:2e:
                    1b:be:d8:db:7c:bb:95:f3:9f:48:ce:45:bd:04:ee:
                    a1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F5:F2:A2:D9:05:EC:25:2E:3D:4F:48:A4:6B:2A:B4:F4:6E:4C:3B
            X509v3 Authority Key Identifier:
                keyid:BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/PvXyotkF7CUuPU9IpGsqtPRuTDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:6d:cf:51:44:43:9d:13:c8:bb:7c:82:0a:97:47:48:d0:79:
         e3:3c:d1:6a:e2:56:80:e2:36:d3:b8:17:8e:22:70:13:66:49:
         5d:6d:07:1f:ef:2a:85:d7:f6:a1:4d:0b:d4:e5:08:d7:20:11:
         8d:d2:bf:14:81:13:f8:73:29:77:fd:a3:22:57:c9:cd:f8:88:
         92:68:86:6d:bb:69:b9:25:15:6a:b3:ac:83:89:cb:01:37:61:
         a8:fc:51:ca:96:34:b6:88:b3:5d:d8:db:c4:cf:97:06:f6:5e:
         d9:20:2a:55:ac:11:cb:2d:1a:51:ad:14:b4:ca:7a:3e:f7:e4:
         fe:5c:ef:82:bf:df:f3:9b:ec:61:c6:54:4f:c4:89:a1:16:34:
         c5:19:fb:d6:47:d7:70:30:ce:ed:2a:99:32:d9:84:ac:ab:05:
         2f:3a:41:20:88:b9:7b:2a:18:f4:5e:6a:2b:cb:a6:9e:15:9f:
         53:8f:e4:32:40:b0:ad:0f:34:23:f9:42:2d:b6:11:b1:aa:4f:
         45:6b:ab:24:ce:be:94:cf:c4:f4:4f:df:b1:33:60:6c:b6:15:
         60:73:17:f4:3d:aa:49:d5:4a:00:32:d1:6a:16:f9:ab:f5:ef:
         1d:88:2d:d4:4e:f0:fc:fb:f6:99:dc:56:54:d4:24:2c:4c:73:
         dc:45:ba:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZjZzZ8BwMnZJZACGs0u7e4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDBiM2MyYmU3ODM1ZDdiMzdiNTgyNjEwMmY4NzQ2YTUx
OTlkNDkwHhcNMjUwNDIzMTYwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY1ZjJhMmQ5MDVlYzI1MmUzZDRmNDhhNDZiMmFiNGY0NmU0YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUfxraTgOd3g58XQlQMqbiyTgIxW
IxhfKfkH7DamBpn1rKacskclsn0Miammr4sH0pLh6tuMpX/7p8vTeE2RAjklCsaC
u3ConYCgZVAP++3IofwaHKyVx8JRlAIxy1BWyZmt09sPZMrzhdZ1CCVgGy6c8UCX
zaXN4OCD9B7R4CMepjaVbAAItCyaLTjr3Y5IRDzKpsIZ9ebTHRD6QdC/AdACWDaE
BrnRocKP+kncHyufWx6SRlZpzaGQBqCD3228uNM5+8Q4KtvmOTaCSFRb8KKSFD68
0jisI1/uyPZ14SYGa6bSdSzhpd7tS0uEPS4bvtjbfLuV859IzkW9BO6hAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD718qLZBewlLj1PSKRrKrT0bkw7MB8GA1UdIwQY
MBaAFL5As8K+eDXXs3tYJhAvh0alGZ1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgt
YjgzNGZhZjZhY2VkLzEvUHZYeW90a0Y3Q1V1UFU5SXBHc3F0UFJ1VERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgtYjgzNGZhZjZhY2Vk
LzEvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVdMMA0G
CSqGSIb3DQEBCwUAA4IBAQBPbc9RREOdE8i7fIIKl0dI0HnjPNFq4laA4jbTuBeO
InATZkldbQcf7yqF1/ahTQvU5QjXIBGN0r8UgRP4cyl3/aMiV8nN+IiSaIZtu2m5
JRVqs6yDicsBN2Go/FHKljS2iLNd2NvEz5cG9l7ZICpVrBHLLRpRrRS0yno+9+T+
XO+Cv9/zm+xhxlRPxImhFjTFGfvWR9dwMM7tKpky2YSsqwUvOkEgiLl7Khj0Xmor
y6aeFZ9Tj+QyQLCtDzQj+UItthGxqk9Fa6skzr6Uz8T0T9+xM2BsthVgcxf0PapJ
1UoAMtFqFvmr9e8diC3UTvD8+/aZ3FZU1CQsTHPcRbrk
-----END CERTIFICATE-----