Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/VtgYimUcjc2XeGilZ2hUu6vRmiU.roa
File:                     VtgYimUcjc2XeGilZ2hUu6vRmiU.roa (raw, json)
Hash identifier:          +YSUo5c/6CRbW0eW7UeYX8AGd5VxClS9jGWd6D5ZdZY=
Subject key identifier:   56:D8:18:8A:65:1C:8D:CD:97:78:68:A5:67:68:54:BB:AB:D1:9A:25
Certificate issuer:       /CN=e83a2cce9083e8c15a1d325cf48767559f92b623
Certificate serial:       01978C88C7FDEECD5CFA8F103A67D1DA6A76
Authority key identifier: E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/VtgYimUcjc2XeGilZ2hUu6vRmiU.roa
Signing time:             Fri 20 Jun 2025 08:51:03 +0000
ROA not before:           Fri 20 Jun 2025 08:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34900
IP address blocks:        176.123.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:88:c7:fd:ee:cd:5c:fa:8f:10:3a:67:d1:da:6a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e83a2cce9083e8c15a1d325cf48767559f92b623
        Validity
            Not Before: Jun 20 08:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56d8188a651c8dcd977868a5676854bbabd19a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8b:d5:3f:ab:20:9e:41:3d:5b:43:b6:89:d3:
                    1d:f4:03:c5:b3:83:c3:5c:e9:4e:5e:dd:50:ce:c8:
                    be:70:cf:22:18:f7:e9:b3:96:be:41:2a:f0:c8:74:
                    64:99:78:83:3d:1b:e4:b6:a4:d7:1b:bd:22:65:25:
                    b7:41:7a:c3:16:06:07:1c:3f:bf:80:b5:5b:29:22:
                    7f:b7:9c:9e:16:2d:29:43:ab:2d:c4:3b:5f:6e:4d:
                    94:e9:31:bd:f8:db:23:3c:50:d6:f7:98:7a:89:f7:
                    65:bc:2e:15:96:93:c5:00:f1:b2:a9:87:d5:30:6d:
                    d1:2d:4e:f1:33:ce:a1:28:23:a3:44:79:13:df:ce:
                    36:99:1b:00:e5:63:4f:d3:21:40:87:6d:86:31:f4:
                    93:5e:11:35:30:20:ab:87:8f:89:30:44:00:50:93:
                    fe:5a:48:bf:5f:ca:57:45:03:a3:78:10:db:23:a4:
                    72:a5:7b:55:9b:24:d8:c3:d7:56:05:ae:c5:35:af:
                    0a:4c:d6:e2:dd:b2:03:6c:15:91:da:a9:98:6d:39:
                    d2:2d:23:f6:81:db:3e:60:87:8d:00:59:48:92:5d:
                    64:bd:b7:85:e4:11:b1:3d:70:00:19:c4:03:ae:68:
                    ea:2e:46:5e:df:ff:13:ca:8c:aa:c1:a9:86:b0:f8:
                    ee:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D8:18:8A:65:1C:8D:CD:97:78:68:A5:67:68:54:BB:AB:D1:9A:25
            X509v3 Authority Key Identifier:
                keyid:E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/VtgYimUcjc2XeGilZ2hUu6vRmiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d0:f0:4f:fa:b1:b1:b3:98:fc:dc:85:d3:c5:b4:d1:50:ac:
         50:b7:ee:ec:2c:a7:cf:28:94:f9:21:01:8f:96:bd:37:c0:79:
         7c:44:47:eb:f1:f2:5f:5c:6f:f8:7b:62:4a:8a:3a:d8:6f:4a:
         f5:1d:40:4d:a4:22:23:72:88:32:22:b6:39:4c:8a:2d:65:08:
         78:33:ae:28:6b:06:80:2a:47:06:79:42:b1:3f:ab:60:09:78:
         fe:ad:f9:fe:d2:1b:90:a2:5d:9f:0d:4a:53:d1:d7:07:5e:17:
         1d:16:c6:6c:a7:db:82:18:f0:fd:f2:f6:3f:82:53:5a:3f:df:
         78:c2:3f:c1:03:63:7d:3f:cf:57:52:af:fe:77:d2:07:33:e5:
         7f:35:b8:f4:29:f5:e6:dc:e7:ea:8f:1d:ea:00:11:9f:16:29:
         d5:a7:2d:5f:44:8e:fe:d5:01:a4:ff:66:c5:cf:e1:06:eb:d3:
         9b:44:e5:09:33:07:d9:e5:da:7c:a8:26:0c:3a:dc:e4:c3:4b:
         f5:0b:af:6c:86:a2:f3:0d:51:9b:bb:16:73:0c:2e:40:d7:61:
         d7:c9:04:2a:93:cf:5c:51:e8:e4:e5:18:e7:24:c3:b1:a5:64:
         e4:3a:1c:3e:bf:da:69:54:73:53:a0:a5:a4:ba:f8:13:bf:0d:
         93:78:0a:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMiMf97s1c+o8QOmfR2mp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4M2EyY2NlOTA4M2U4YzE1YTFkMzI1Y2Y0ODc2NzU1OWY5
MmI2MjMwHhcNMjUwNjIwMDg1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ4MTg4YTY1MWM4ZGNkOTc3ODY4YTU2NzY4NTRiYmFiZDE5YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoovVP6sgnkE9W0O2idMd9APFs4PD
XOlOXt1Qzsi+cM8iGPfps5a+QSrwyHRkmXiDPRvktqTXG70iZSW3QXrDFgYHHD+/
gLVbKSJ/t5yeFi0pQ6stxDtfbk2U6TG9+NsjPFDW95h6ifdlvC4VlpPFAPGyqYfV
MG3RLU7xM86hKCOjRHkT3842mRsA5WNP0yFAh22GMfSTXhE1MCCrh4+JMEQAUJP+
Wki/X8pXRQOjeBDbI6RypXtVmyTYw9dWBa7FNa8KTNbi3bIDbBWR2qmYbTnSLSP2
gds+YIeNAFlIkl1kvbeF5BGxPXAAGcQDrmjqLkZe3/8TyoyqwamGsPju1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbYGIplHI3Nl3hopWdoVLur0ZolMB8GA1UdIwQY
MBaAFOg6LM6Qg+jBWh0yXPSHZ1WfkrYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYt
MzU2M2Y5NTQzNDg3LzEvVnRnWWltVWNqYzJYZUdpbFoyaFV1NnZSbWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYtMzU2M2Y5NTQzNDg3
LzEvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHs6MA0G
CSqGSIb3DQEBCwUAA4IBAQAa0PBP+rGxs5j83IXTxbTRUKxQt+7sLKfPKJT5IQGP
lr03wHl8REfr8fJfXG/4e2JKijrYb0r1HUBNpCIjcogyIrY5TIotZQh4M64oawaA
KkcGeUKxP6tgCXj+rfn+0huQol2fDUpT0dcHXhcdFsZsp9uCGPD98vY/glNaP994
wj/BA2N9P89XUq/+d9IHM+V/Nbj0KfXm3Ofqjx3qABGfFinVpy1fRI7+1QGk/2bF
z+EG69ObROUJMwfZ5dp8qCYMOtzkw0v1C69shqLzDVGbuxZzDC5A12HXyQQqk89c
Uejk5RjnJMOxpWTkOhw+v9ppVHNToKWkuvgTvw2TeAoR
-----END CERTIFICATE-----