Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/ruhiE5esObX6k_stPvNx29ymlOA.roa
File:                     ruhiE5esObX6k_stPvNx29ymlOA.roa (raw, json)
Hash identifier:          duE/abl8UVh1pAMXzNt/4RzR850s83vyhbN8tnQtp3Y=
Subject key identifier:   AE:E8:62:13:97:AC:39:B5:FA:93:FB:2D:3E:F3:71:DB:DC:A6:94:E0
Certificate issuer:       /CN=5403e5f8405d6085b8df4bfce1dd9bb3e78c2199
Certificate serial:       0196106249FB2C5AD25E94EC01B3036DC68C
Authority key identifier: 54:03:E5:F8:40:5D:60:85:B8:DF:4B:FC:E1:DD:9B:B3:E7:8C:21:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/ruhiE5esObX6k_stPvNx29ymlOA.roa
Signing time:             Mon 07 Apr 2025 13:13:19 +0000
ROA not before:           Mon 07 Apr 2025 13:13:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        185.189.181.0/24 maxlen: 24
                          2a0b:f380:3e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:10:62:49:fb:2c:5a:d2:5e:94:ec:01:b3:03:6d:c6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5403e5f8405d6085b8df4bfce1dd9bb3e78c2199
        Validity
            Not Before: Apr  7 13:13:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aee8621397ac39b5fa93fb2d3ef371dbdca694e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c1:d5:7f:57:0a:71:73:9c:b8:d0:5c:bd:d3:
                    ce:b3:d1:b1:3d:f6:f6:c2:54:28:0b:32:6a:59:bc:
                    db:b7:73:3a:51:0c:0f:cb:5f:e7:50:41:22:44:e9:
                    01:a4:3a:42:c4:61:3e:e8:8e:ea:9e:c5:6b:c9:b7:
                    09:59:e6:24:b9:da:c4:13:d4:bf:31:32:66:54:d6:
                    a0:df:f7:41:59:4c:ce:5b:bc:af:83:00:3b:89:3b:
                    b1:34:6f:d2:c6:33:b0:69:ff:4a:50:c6:67:53:dc:
                    20:d0:cd:02:bd:ba:cf:10:39:3d:ed:77:cd:cf:2b:
                    96:ca:5f:da:e0:0c:aa:38:c7:c6:59:93:e5:f0:92:
                    ff:c9:9a:11:1c:31:5e:a7:dc:10:27:9d:1b:f0:5e:
                    51:58:e7:48:70:b5:b1:6b:45:ca:e8:74:af:e6:fc:
                    3c:25:9e:08:80:a6:89:45:d8:79:9d:91:51:94:5e:
                    fc:ca:2d:44:4d:b3:4e:bd:40:f1:dd:85:e4:09:3d:
                    ae:0a:92:e2:83:20:b6:9e:7f:7e:44:96:85:4a:f0:
                    a2:5a:b3:4b:b8:0b:ce:df:8c:30:7f:28:fd:3f:d6:
                    1e:96:b3:2f:a0:de:07:2f:d8:30:e2:d7:03:3a:8a:
                    f7:c4:69:c2:31:65:5e:32:d8:74:63:df:21:49:21:
                    63:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E8:62:13:97:AC:39:B5:FA:93:FB:2D:3E:F3:71:DB:DC:A6:94:E0
            X509v3 Authority Key Identifier:
                keyid:54:03:E5:F8:40:5D:60:85:B8:DF:4B:FC:E1:DD:9B:B3:E7:8C:21:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAPl-EBdYIW430v84d2bs-eMIZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/ruhiE5esObX6k_stPvNx29ymlOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/aee8d9-21ed-4db7-bd70-15a42ac9efa8/1/VAPl-EBdYIW430v84d2bs-eMIZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.181.0/24
                IPv6:
                  2a0b:f380:3e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:5f:ac:cf:e5:6b:67:75:64:c8:c0:03:5d:a4:5e:50:a7:60:
         63:97:ce:d3:a0:c2:cf:ad:6e:1f:22:97:bc:0c:29:48:cf:10:
         7c:d0:54:ff:f6:5e:a1:db:3f:57:90:81:77:bb:de:88:a3:dc:
         9e:cb:c8:2e:63:67:63:35:19:69:33:33:c4:ff:dd:19:ff:4c:
         76:4f:42:bc:29:bd:37:7b:ba:36:02:d8:40:13:35:7b:f8:cd:
         90:ab:65:1b:b8:ad:a5:f7:bd:04:7f:66:05:e9:60:16:84:55:
         43:96:29:50:17:6a:f1:b6:6e:98:c2:a3:d9:6a:ff:78:6f:6c:
         b5:1d:72:46:f3:5f:b3:2a:88:48:01:6b:bd:c9:c9:47:6b:fd:
         de:83:a8:d4:3e:32:47:56:a5:1b:78:ab:db:34:58:c2:a1:1e:
         cf:9f:6a:eb:48:fd:67:15:a0:de:cb:89:72:f1:11:7a:2d:1a:
         54:60:89:af:1e:ad:ec:1c:1d:2e:2b:51:6d:6c:12:70:21:71:
         77:89:97:5b:8e:89:1f:bb:fd:d9:0d:02:85:af:de:f0:c7:9d:
         d1:40:a6:5e:8f:90:0d:5d:43:ef:c6:6b:72:be:1c:bc:dd:19:
         9f:90:12:79:08:91:90:71:40:54:96:c5:00:9a:4d:ea:44:71:
         68:a2:60:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZYQYkn7LFrSXpTsAbMDbcaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MDNlNWY4NDA1ZDYwODViOGRmNGJmY2UxZGQ5YmIzZTc4
YzIxOTkwHhcNMjUwNDA3MTMxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWU4NjIxMzk3YWMzOWI1ZmE5M2ZiMmQzZWYzNzFkYmRjYTY5NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8HVf1cKcXOcuNBcvdPOs9GxPfb2
wlQoCzJqWbzbt3M6UQwPy1/nUEEiROkBpDpCxGE+6I7qnsVrybcJWeYkudrEE9S/
MTJmVNag3/dBWUzOW7yvgwA7iTuxNG/SxjOwaf9KUMZnU9wg0M0CvbrPEDk97XfN
zyuWyl/a4AyqOMfGWZPl8JL/yZoRHDFep9wQJ50b8F5RWOdIcLWxa0XK6HSv5vw8
JZ4IgKaJRdh5nZFRlF78yi1ETbNOvUDx3YXkCT2uCpLigyC2nn9+RJaFSvCiWrNL
uAvO34wwfyj9P9YelrMvoN4HL9gw4tcDOor3xGnCMWVeMth0Y98hSSFjKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK7oYhOXrDm1+pP7LT7zcdvcppTgMB8GA1UdIwQY
MBaAFFQD5fhAXWCFuN9L/OHdm7PnjCGZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkFQbC1FQmRZSVc0MzB2ODRkMmJzLWVNSVprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hZWU4ZDktMjFlZC00ZGI3LWJkNzAt
MTVhNDJhYzllZmE4LzEvcnVoaUU1ZXNPYlg2a19zdFB2TngyOXltbE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hZWU4ZDktMjFlZC00ZGI3LWJkNzAtMTVhNDJhYzllZmE4
LzEvVkFQbC1FQmRZSVc0MzB2ODRkMmJzLWVNSVprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAub21MA8E
AgACMAkDBwAqC/OAA+gwDQYJKoZIhvcNAQELBQADggEBADtfrM/la2d1ZMjAA12k
XlCnYGOXztOgws+tbh8il7wMKUjPEHzQVP/2XqHbP1eQgXe73oij3J7LyC5jZ2M1
GWkzM8T/3Rn/THZPQrwpvTd7ujYC2EATNXv4zZCrZRu4raX3vQR/ZgXpYBaEVUOW
KVAXavG2bpjCo9lq/3hvbLUdckbzX7MqiEgBa73JyUdr/d6DqNQ+MkdWpRt4q9s0
WMKhHs+fautI/WcVoN7LiXLxEXotGlRgia8erewcHS4rUW1sEnAhcXeJl1uOiR+7
/dkNAoWv3vDHndFApl6PkA1dQ+/Ga3K+HLzdGZ+QEnkIkZBxQFSWxQCaTepEcWii
YEM=
-----END CERTIFICATE-----