Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/V-GIRa4RhBB5m370Enq6or4JiHM.roa
File:                     V-GIRa4RhBB5m370Enq6or4JiHM.roa (raw, json)
Hash identifier:          UFAtbOA2t0xq9xi4Z+YcT3sVB/rcW17aDpzABEqf3T0=
Subject key identifier:   57:E1:88:45:AE:11:84:10:79:9B:7E:F4:12:7A:BA:A2:BE:09:88:73
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0196A99F981AC1F4AF53DF4F14E796244B84
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/V-GIRa4RhBB5m370Enq6or4JiHM.roa
Signing time:             Wed 07 May 2025 07:22:10 +0000
ROA not before:           Wed 07 May 2025 07:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.49.107.0/24 maxlen: 24
                          185.118.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:9f:98:1a:c1:f4:af:53:df:4f:14:e7:96:24:4b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: May  7 07:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e18845ae118410799b7ef4127abaa2be098873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0e:f6:64:a5:3e:8d:d8:cb:56:00:83:c1:65:
                    b7:26:f2:b8:f0:4e:10:4e:95:dd:28:4f:ef:35:95:
                    95:b4:f8:0c:76:c1:2f:78:e0:2a:78:87:dd:13:e1:
                    ab:9f:3b:13:59:7f:34:50:15:96:c2:a4:4c:81:48:
                    f4:f7:72:f6:99:41:a0:78:5d:5d:27:1a:14:68:fe:
                    56:6a:c9:01:3c:79:9a:6e:a1:42:80:60:82:dc:c7:
                    42:5b:8e:cd:84:2c:d6:61:cb:66:50:32:5d:ed:66:
                    09:1e:83:89:79:34:40:89:5c:f9:80:62:4c:4a:aa:
                    3d:7b:cf:57:d0:92:75:fb:8a:f1:c1:7a:2c:eb:9b:
                    c8:e4:c9:d5:a2:56:86:81:c7:42:22:48:cf:9d:fc:
                    0a:11:c4:69:be:78:6a:f5:79:5a:b6:91:80:94:2f:
                    9f:53:ba:15:2d:f1:61:2a:14:26:5c:da:b6:54:bc:
                    f3:6e:e5:54:f5:c1:b2:3d:4d:b2:91:91:9b:ba:d6:
                    ed:f8:c3:27:fe:f7:12:04:2f:68:e1:91:bb:16:09:
                    fd:a9:b2:b6:1e:7d:f5:b7:f6:36:26:9a:e8:34:a1:
                    2b:67:a2:11:f7:9c:c4:d7:2f:99:ea:08:7d:26:1c:
                    1a:04:6b:54:ca:0b:58:a6:17:24:78:aa:48:26:37:
                    31:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E1:88:45:AE:11:84:10:79:9B:7E:F4:12:7A:BA:A2:BE:09:88:73
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/V-GIRa4RhBB5m370Enq6or4JiHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.107.0/24
                  185.118.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:32:3f:8f:8e:cb:0f:66:0e:95:a5:29:40:44:44:d3:e4:b3:
         86:21:b2:2d:e7:48:2b:f5:33:bb:3a:c9:e0:46:e0:19:9b:de:
         dc:fc:06:9c:d4:c9:0f:d0:b4:af:37:7b:40:13:18:1f:fc:4e:
         9b:99:73:64:c2:38:0f:84:b0:9a:2d:64:a7:aa:7c:b9:cf:dd:
         99:8b:2c:88:dd:b0:dc:2a:5a:3d:4e:f1:db:4e:0d:ad:0f:e4:
         92:cb:bc:b7:52:73:bf:70:b2:b3:e5:c0:63:f6:2c:93:ba:88:
         fe:4c:76:2a:d6:81:a9:90:95:d5:c8:d6:e3:93:b9:5a:85:7f:
         10:fb:57:9c:5e:2f:6b:d6:f5:01:2a:45:3f:02:94:8d:8f:67:
         b3:21:59:52:26:3a:54:7e:bb:51:c7:1b:0e:cb:7d:a6:cd:f5:
         70:cd:4b:c3:49:13:d7:b0:32:da:24:b3:6a:f3:37:65:43:6f:
         9c:30:11:9d:d8:ff:c2:40:aa:e4:87:0b:b4:40:83:6d:84:f2:
         2d:3a:54:33:7f:f0:be:38:cc:3a:22:b3:18:b0:9b:ae:95:da:
         57:80:b1:d0:7d:bd:53:ee:48:91:e9:bb:f5:86:c7:22:41:99:
         47:dc:30:93:b1:1b:d3:9c:13:26:e6:a7:0b:43:95:b1:0f:3e:
         67:0e:4c:ad
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZapn5gawfSvU99PFOeWJEuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjUwNTA3MDcyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UxODg0NWFlMTE4NDEwNzk5YjdlZjQxMjdhYmFhMmJlMDk4ODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ72ZKU+jdjLVgCDwWW3JvK48E4Q
TpXdKE/vNZWVtPgMdsEveOAqeIfdE+GrnzsTWX80UBWWwqRMgUj093L2mUGgeF1d
JxoUaP5WaskBPHmabqFCgGCC3MdCW47NhCzWYctmUDJd7WYJHoOJeTRAiVz5gGJM
Sqo9e89X0JJ1+4rxwXos65vI5MnVolaGgcdCIkjPnfwKEcRpvnhq9XlatpGAlC+f
U7oVLfFhKhQmXNq2VLzzbuVU9cGyPU2ykZGbutbt+MMn/vcSBC9o4ZG7Fgn9qbK2
Hn31t/Y2JproNKErZ6IR95zE1y+Z6gh9JhwaBGtUygtYphckeKpIJjcxCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFfhiEWuEYQQeZt+9BJ6uqK+CYhzMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL1YtR0lSYTRSaEJCNW0zNzBFbnE2b3I0SmlITS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC5MWsD
BAC5dgwwDQYJKoZIhvcNAQELBQADggEBAHEyP4+Oyw9mDpWlKUBERNPks4Yhsi3n
SCv1M7s6yeBG4Bmb3tz8BpzUyQ/QtK83e0ATGB/8TpuZc2TCOA+EsJotZKeqfLnP
3ZmLLIjdsNwqWj1O8dtODa0P5JLLvLdSc79wsrPlwGP2LJO6iP5MdirWgamQldXI
1uOTuVqFfxD7V5xeL2vW9QEqRT8ClI2PZ7MhWVImOlR+u1HHGw7LfabN9XDNS8NJ
E9ewMtoks2rzN2VDb5wwEZ3Y/8JAquSHC7RAg22E8i06VDN/8L44zDoisxiwm66V
2leAsdB9vVPuSJHpu/WGxyJBmUfcMJOxG9OcEybmpwtDlbEPPmcOTK0=
-----END CERTIFICATE-----