Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/vIhHYLmEHVa7FRdnU3kcgimxEf8.roa
File:                     vIhHYLmEHVa7FRdnU3kcgimxEf8.roa (raw, json)
Hash identifier:          NCzIq7GooEeEiWcAxPp0VOLgVz/cvdDQC34wVi7kJRU=
Subject key identifier:   BC:88:47:60:B9:84:1D:56:BB:15:17:67:53:79:1C:82:29:B1:11:FF
Certificate issuer:       /CN=57494670e956e3fb1511948c5956e2a426793388
Certificate serial:       01978D37A4E2DA27359EB68951C59F9707BC
Authority key identifier: 57:49:46:70:E9:56:E3:FB:15:11:94:8C:59:56:E2:A4:26:79:33:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/vIhHYLmEHVa7FRdnU3kcgimxEf8.roa
Signing time:             Fri 20 Jun 2025 12:02:03 +0000
ROA not before:           Fri 20 Jun 2025 12:02:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209336
IP address blocks:        193.42.44.0/22 maxlen: 22
                          2a0d:de40:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:37:a4:e2:da:27:35:9e:b6:89:51:c5:9f:97:07:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57494670e956e3fb1511948c5956e2a426793388
        Validity
            Not Before: Jun 20 12:02:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc884760b9841d56bb15176753791c8229b111ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:00:2c:fd:e4:e8:fa:64:a1:5a:fd:0f:51:c5:
                    0a:87:3c:b5:57:81:88:66:f5:46:68:50:25:08:1d:
                    01:e9:53:a6:51:b5:8d:f0:c9:10:05:cc:d3:7a:be:
                    7c:b0:cb:88:f1:94:14:d3:d3:8f:90:13:9d:68:8c:
                    72:99:ff:07:62:c4:9f:78:46:40:6d:70:12:f8:ee:
                    0d:16:0a:7b:eb:96:bf:0b:1c:dd:eb:d4:b9:fd:9f:
                    ce:41:ea:bf:21:5a:b2:46:d0:56:7e:6b:0f:ce:3a:
                    95:b1:2f:47:70:df:4d:c9:90:ef:14:ec:bb:fb:6d:
                    e4:f7:db:44:fa:c0:ef:80:42:1c:59:c8:61:61:2e:
                    1a:93:d4:a5:76:71:b8:ee:2a:29:41:eb:c9:94:6e:
                    3c:16:6d:62:58:90:69:c2:0d:50:21:49:78:5f:89:
                    f5:50:0f:eb:02:3c:73:e8:bb:1c:53:d5:1a:3d:27:
                    86:7c:6e:54:38:8c:6e:41:2e:5c:8c:47:ed:ed:17:
                    ce:e8:87:79:40:28:d1:c2:6e:39:16:2d:2b:37:2b:
                    cb:07:d0:16:2f:c8:97:21:44:53:f1:e5:0f:d5:6a:
                    1b:2b:bf:7c:3d:0b:b4:a2:3a:47:13:02:b1:eb:b4:
                    16:73:59:d7:f5:a5:6d:b9:37:84:10:db:66:d3:95:
                    d9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:88:47:60:B9:84:1D:56:BB:15:17:67:53:79:1C:82:29:B1:11:FF
            X509v3 Authority Key Identifier:
                keyid:57:49:46:70:E9:56:E3:FB:15:11:94:8C:59:56:E2:A4:26:79:33:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/vIhHYLmEHVa7FRdnU3kcgimxEf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.44.0/22
                IPv6:
                  2a0d:de40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:49:6c:e8:8a:83:15:7a:93:fe:da:df:47:15:2d:f3:f5:2d:
         23:18:4a:7a:96:35:06:cc:a1:dd:f1:fe:42:01:06:a6:63:48:
         3c:36:2d:6c:bd:00:4c:9d:b1:53:56:72:d7:e8:42:cd:8c:f5:
         4f:8c:02:dd:48:9c:d2:fb:cc:de:87:4c:0e:c7:07:a8:e1:e2:
         fb:dc:f7:1d:52:a0:ab:a7:3a:b2:9f:30:55:9b:1f:36:e1:e3:
         91:9a:fe:82:38:a0:0d:7e:27:1f:15:bc:7e:c6:64:43:17:df:
         4b:f6:3a:b3:f0:3d:2a:86:e6:d1:3f:eb:f8:54:44:c5:2d:46:
         d4:9b:80:3f:1a:ab:f4:42:21:be:98:ab:ec:da:62:21:3c:45:
         49:35:3a:69:ec:94:66:c1:70:08:2d:79:75:94:9a:ee:c5:8c:
         82:0c:37:15:45:c2:d4:77:be:a2:0d:70:99:7a:6f:23:42:78:
         a1:b1:ed:2b:6e:ad:46:3c:f8:dd:f6:39:d2:b4:cf:79:c2:d7:
         ac:02:d1:b2:b1:73:f9:d1:38:23:63:4e:52:5f:5f:2d:cd:a2:
         89:cb:38:7e:8f:d6:14:5c:2a:7d:4c:10:23:de:9c:a1:8f:ae:
         cd:d1:27:77:c4:ec:d0:d7:f7:c9:fd:a6:93:85:cf:f9:0f:15:
         b3:1e:33:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZeNN6Ti2ic1nraJUcWflwe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NDk0NjcwZTk1NmUzZmIxNTExOTQ4YzU5NTZlMmE0MjY3
OTMzODgwHhcNMjUwNjIwMTIwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzg4NDc2MGI5ODQxZDU2YmIxNTE3Njc1Mzc5MWM4MjI5YjExMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgAs/eTo+mShWv0PUcUKhzy1V4GI
ZvVGaFAlCB0B6VOmUbWN8MkQBczTer58sMuI8ZQU09OPkBOdaIxymf8HYsSfeEZA
bXAS+O4NFgp765a/Cxzd69S5/Z/OQeq/IVqyRtBWfmsPzjqVsS9HcN9NyZDvFOy7
+23k99tE+sDvgEIcWchhYS4ak9SldnG47iopQevJlG48Fm1iWJBpwg1QIUl4X4n1
UA/rAjxz6LscU9UaPSeGfG5UOIxuQS5cjEft7RfO6Id5QCjRwm45Fi0rNyvLB9AW
L8iXIURT8eUP1WobK798PQu0ojpHEwKx67QWc1nX9aVtuTeEENtm05XZmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLyIR2C5hB1WuxUXZ1N5HIIpsRH/MB8GA1UdIwQY
MBaAFFdJRnDpVuP7FRGUjFlW4qQmeTOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjBsR2NPbFc0X3NWRVpTTVdWYmlwQ1o1TTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80OTg4MWUtYjBhOS00ZDVmLWIwNzIt
YTUzNzcyYjAxY2IyLzEvdkloSFlMbUVIVmE3RlJkblUza2NnaW14RWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80OTg4MWUtYjBhOS00ZDVmLWIwNzItYTUzNzcyYjAxY2Iy
LzEvVjBsR2NPbFc0X3NWRVpTTVdWYmlwQ1o1TTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwSosMA8E
AgACMAkDBwAqDd5AAAEwDQYJKoZIhvcNAQELBQADggEBAMlJbOiKgxV6k/7a30cV
LfP1LSMYSnqWNQbMod3x/kIBBqZjSDw2LWy9AEydsVNWctfoQs2M9U+MAt1InNL7
zN6HTA7HB6jh4vvc9x1SoKunOrKfMFWbHzbh45Ga/oI4oA1+Jx8VvH7GZEMX30v2
OrPwPSqG5tE/6/hURMUtRtSbgD8aq/RCIb6Yq+zaYiE8RUk1OmnslGbBcAgteXWU
mu7FjIIMNxVFwtR3vqINcJl6byNCeKGx7SturUY8+N32OdK0z3nC16wC0bKxc/nR
OCNjTlJfXy3NoonLOH6P1hRcKn1MECPenKGPrs3RJ3fE7NDX98n9ppOFz/kPFbMe
M5c=
-----END CERTIFICATE-----