Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/VtA0sYtoBS8bGZyWtELDxZdV15w.roa
File:                     VtA0sYtoBS8bGZyWtELDxZdV15w.roa (raw, json)
Hash identifier:          qr5xc7yY1HYHlnNGTTUy5XqyOe3bNLkhXLhBpl8oti4=
Subject key identifier:   56:D0:34:B1:8B:68:05:2F:1B:19:9C:96:B4:42:C3:C5:97:55:D7:9C
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C6E135DBED05E528E62912495CC2184
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/VtA0sYtoBS8bGZyWtELDxZdV15w.roa
Signing time:             Mon 28 Apr 2025 12:45:10 +0000
ROA not before:           Mon 28 Apr 2025 12:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210526
IP address blocks:        185.179.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:6e:13:5d:be:d0:5e:52:8e:62:91:24:95:cc:21:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56d034b18b68052f1b199c96b442c3c59755d79c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f4:c3:87:65:5f:9e:dd:05:e0:2e:f1:a7:2d:
                    e8:6a:47:a1:92:78:92:67:ee:46:4e:50:1a:c0:24:
                    59:95:9d:1b:eb:7d:1f:b0:c6:6c:82:ac:b7:86:05:
                    79:33:98:e0:96:1e:26:14:26:27:59:57:b7:21:62:
                    63:2e:b7:69:6d:2c:9f:9d:94:94:fd:fa:b9:55:3b:
                    bb:26:38:13:05:61:e6:2d:73:0c:78:c5:eb:fd:69:
                    d7:ab:15:a4:c1:c0:da:11:fb:9b:c5:a1:67:5f:54:
                    f4:c1:f4:b9:2c:5b:27:27:cb:89:23:db:04:06:7d:
                    98:26:4c:36:01:e5:35:7b:73:ec:35:77:5d:4b:63:
                    3d:25:86:12:55:a6:80:30:aa:2d:11:2d:49:7a:9a:
                    61:47:aa:78:af:bf:ad:4c:83:74:b6:6a:43:0e:05:
                    fa:dd:9c:e7:a3:68:34:bf:c5:a4:07:85:92:64:b2:
                    72:29:81:70:81:11:ed:65:43:79:54:57:74:bf:2c:
                    9c:86:eb:c8:a0:e7:37:76:16:15:b6:7e:81:d7:df:
                    ff:49:76:6b:4c:87:61:03:fd:12:3d:2b:e5:f4:c9:
                    d8:5c:4f:ce:98:e7:16:79:a6:52:be:1e:45:33:8d:
                    c5:b7:f5:91:80:ca:06:e7:e4:08:5e:74:f8:1a:15:
                    7a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D0:34:B1:8B:68:05:2F:1B:19:9C:96:B4:42:C3:C5:97:55:D7:9C
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/VtA0sYtoBS8bGZyWtELDxZdV15w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:21:70:cf:55:69:c3:59:93:73:2b:61:d2:24:34:57:bf:f1:
         bb:bc:5e:17:7d:78:7e:3e:28:1b:29:a1:93:5d:4f:15:9c:ec:
         05:1e:c2:3d:c3:18:7f:0e:9a:82:1b:fa:bc:b3:36:3c:8d:0d:
         75:22:90:1a:33:31:7b:00:ad:e4:67:75:45:41:7a:d3:15:62:
         26:b2:3f:e9:2a:d9:be:2f:af:9f:ff:14:5a:85:98:e9:ec:dc:
         7c:7c:1c:a8:d8:57:e9:7c:2f:71:f6:9f:6c:30:64:3a:d9:96:
         61:2f:84:58:55:b7:b6:8a:17:e2:c2:1b:c1:75:6f:57:e4:86:
         08:49:c3:1e:a5:2a:82:7b:1d:77:a4:8c:c2:02:8e:ef:7c:85:
         4d:9e:f2:ed:d3:64:48:25:b3:74:96:0b:41:81:23:4d:f8:bf:
         49:8b:dd:18:c8:cc:ad:3a:df:5e:8a:e3:e3:22:40:08:16:3f:
         43:88:13:01:08:eb:f5:bd:ef:1d:c1:bb:b0:bd:18:05:09:3e:
         e7:65:54:99:54:cb:85:a0:d3:8a:d8:26:89:df:a1:2d:a4:e4:
         c9:2c:ca:64:55:b0:a7:3a:36:11:2d:bc:f4:b9:d5:87:7e:5f:
         37:f0:d2:c5:b2:e4:f5:fd:38:d8:6c:43:13:ee:5e:58:96:66:
         3a:fd:6a:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8bhNdvtBeUo5ikSSVzCGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQwMzRiMThiNjgwNTJmMWIxOTljOTZiNDQyYzNjNTk3NTVkNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfTDh2Vfnt0F4C7xpy3oakehkniS
Z+5GTlAawCRZlZ0b630fsMZsgqy3hgV5M5jglh4mFCYnWVe3IWJjLrdpbSyfnZSU
/fq5VTu7JjgTBWHmLXMMeMXr/WnXqxWkwcDaEfubxaFnX1T0wfS5LFsnJ8uJI9sE
Bn2YJkw2AeU1e3PsNXddS2M9JYYSVaaAMKotES1JepphR6p4r7+tTIN0tmpDDgX6
3Zzno2g0v8WkB4WSZLJyKYFwgRHtZUN5VFd0vyychuvIoOc3dhYVtn6B19//SXZr
TIdhA/0SPSvl9MnYXE/OmOcWeaZSvh5FM43Ft/WRgMoG5+QIXnT4GhV6uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbQNLGLaAUvGxmclrRCw8WXVdecMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvVnRBMHNZdG9CUzhiR1p5V3RFTER4WmRWMTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPUMA0G
CSqGSIb3DQEBCwUAA4IBAQB1IXDPVWnDWZNzK2HSJDRXv/G7vF4XfXh+PigbKaGT
XU8VnOwFHsI9wxh/DpqCG/q8szY8jQ11IpAaMzF7AK3kZ3VFQXrTFWImsj/pKtm+
L6+f/xRahZjp7Nx8fByo2FfpfC9x9p9sMGQ62ZZhL4RYVbe2ihfiwhvBdW9X5IYI
ScMepSqCex13pIzCAo7vfIVNnvLt02RIJbN0lgtBgSNN+L9Ji90YyMytOt9eiuPj
IkAIFj9DiBMBCOv1ve8dwbuwvRgFCT7nZVSZVMuFoNOK2CaJ36EtpOTJLMpkVbCn
OjYRLbz0udWHfl838NLFsuT1/TjYbEMT7l5YlmY6/WqP
-----END CERTIFICATE-----