Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/vEaUcgTOmvxT4RwiTozd0tA5mdY.roa
File:                     vEaUcgTOmvxT4RwiTozd0tA5mdY.roa (raw, json)
Hash identifier:          NlBiID9/yPQCEPkEu0Pfr8aESCT+/QAEDOmwYhde0qs=
Subject key identifier:   BC:46:94:72:04:CE:9A:FC:53:E1:1C:22:4E:8C:DD:D2:D0:39:99:D6
Certificate issuer:       /CN=3e6a00bb3ed907c526addb5aabd9ad764b2c3d9e
Certificate serial:       0196B537B9EB86993BEADF912EA73D004938
Authority key identifier: 3E:6A:00:BB:3E:D9:07:C5:26:AD:DB:5A:AB:D9:AD:76:4B:2C:3D:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/vEaUcgTOmvxT4RwiTozd0tA5mdY.roa
Signing time:             Fri 09 May 2025 13:24:10 +0000
ROA not before:           Fri 09 May 2025 13:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215162
IP address blocks:        130.185.166.0/23 maxlen: 24
                          2a0c:d6c0::/39 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b5:37:b9:eb:86:99:3b:ea:df:91:2e:a7:3d:00:49:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6a00bb3ed907c526addb5aabd9ad764b2c3d9e
        Validity
            Not Before: May  9 13:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc46947204ce9afc53e11c224e8cddd2d03999d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:20:c1:0b:d2:a9:8d:66:22:e4:e2:a3:76:6e:
                    84:a1:35:4a:92:7b:36:2e:13:8d:13:66:f3:8c:1a:
                    7c:60:89:83:46:09:6e:89:7d:51:89:45:d5:73:e1:
                    30:6a:1a:86:d0:53:de:25:fa:aa:ea:12:c4:59:62:
                    cb:70:71:ab:d4:51:0a:e8:a7:b2:09:71:5d:38:48:
                    0e:37:2f:8f:72:32:e4:b6:33:61:4c:1e:85:f9:4d:
                    eb:18:5b:f6:98:5b:51:83:55:99:2b:f4:76:13:50:
                    80:71:a0:32:0f:31:df:5c:d9:32:7d:98:4b:83:52:
                    af:c8:69:c5:02:c0:cc:20:17:7a:f6:dd:5d:26:e0:
                    b1:42:aa:bb:32:74:48:1a:0a:86:d8:2f:70:1e:53:
                    63:22:f7:66:52:07:ac:b4:7e:fe:a8:a1:67:d3:b9:
                    7d:7b:e1:f1:9a:eb:6f:11:90:cd:b0:e0:99:d8:35:
                    2e:86:e5:26:5b:ed:b2:a8:35:03:ef:07:6e:8e:8f:
                    e6:df:ab:1b:7b:16:c8:a5:e2:1b:0d:40:20:d9:e9:
                    62:13:66:a3:5e:5d:66:01:4c:c7:04:63:d7:4c:3a:
                    01:fc:9c:68:da:98:d6:0e:a3:ac:98:6a:1a:26:bd:
                    09:0e:ce:fc:98:fc:99:65:25:8e:a4:2c:4d:5b:5f:
                    79:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:46:94:72:04:CE:9A:FC:53:E1:1C:22:4E:8C:DD:D2:D0:39:99:D6
            X509v3 Authority Key Identifier:
                keyid:3E:6A:00:BB:3E:D9:07:C5:26:AD:DB:5A:AB:D9:AD:76:4B:2C:3D:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/vEaUcgTOmvxT4RwiTozd0tA5mdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b3b106-774a-4690-a03c-35c1c79aa1dc/1/PmoAuz7ZB8Umrdtaq9mtdkssPZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.166.0/23
                IPv6:
                  2a0c:d6c0::/39

    Signature Algorithm: sha256WithRSAEncryption
         99:c0:1f:22:60:a6:03:f2:8a:da:7d:81:97:5c:33:94:83:2e:
         52:99:8f:59:47:8d:3b:17:91:43:02:cd:5e:9c:30:5c:2d:3c:
         9c:50:e3:03:22:3d:81:38:c9:8b:06:9e:3f:f8:bb:4e:c1:f6:
         89:10:62:ac:40:b4:be:46:8a:a2:ee:e6:aa:cb:f0:5a:83:93:
         27:f4:86:97:d2:76:c4:dd:ed:93:53:3c:91:32:b1:9b:a6:30:
         ad:91:13:8b:4b:6d:bd:db:83:ed:d0:62:9c:4b:db:25:5c:74:
         1a:36:e8:53:e3:25:1d:81:0f:9b:c9:7b:d5:a5:39:02:c5:0e:
         5b:1b:c7:c8:35:f7:e6:fd:35:c9:a4:c8:30:f7:bc:69:0e:a5:
         26:a1:64:bb:fd:2a:0c:7b:7d:b3:fc:c8:cb:7e:8a:04:0a:ff:
         65:f0:aa:14:61:67:f4:56:c3:f1:81:34:03:e9:e6:a0:56:55:
         6c:8b:68:c1:94:14:3c:45:10:b4:5b:72:59:4f:32:f9:78:1b:
         9b:be:3c:d4:fb:36:7e:97:f5:e0:d8:ee:08:17:24:28:64:67:
         60:12:43:16:5f:8e:ff:9c:20:18:30:50:f7:e9:b6:37:48:9c:
         d1:12:93:b9:87:4b:51:da:bd:f2:ed:1b:a5:b1:8e:0b:fa:81:
         bb:0b:1e:d5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZa1N7nrhpk76t+RLqc9AEk4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNmEwMGJiM2VkOTA3YzUyNmFkZGI1YWFiZDlhZDc2NGIy
YzNkOWUwHhcNMjUwNTA5MTMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzQ2OTQ3MjA0Y2U5YWZjNTNlMTFjMjI0ZThjZGRkMmQwMzk5OWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyDBC9KpjWYi5OKjdm6EoTVKkns2
LhONE2bzjBp8YImDRgluiX1RiUXVc+EwahqG0FPeJfqq6hLEWWLLcHGr1FEK6Key
CXFdOEgONy+PcjLktjNhTB6F+U3rGFv2mFtRg1WZK/R2E1CAcaAyDzHfXNkyfZhL
g1KvyGnFAsDMIBd69t1dJuCxQqq7MnRIGgqG2C9wHlNjIvdmUgestH7+qKFn07l9
e+HxmutvEZDNsOCZ2DUuhuUmW+2yqDUD7wdujo/m36sbexbIpeIbDUAg2eliE2aj
Xl1mAUzHBGPXTDoB/Jxo2pjWDqOsmGoaJr0JDs78mPyZZSWOpCxNW195lQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLxGlHIEzpr8U+EcIk6M3dLQOZnWMB8GA1UdIwQY
MBaAFD5qALs+2QfFJq3bWqvZrXZLLD2eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1vQXV6N1pCOFVtcmR0YXE5bXRka3NzUFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9iM2IxMDYtNzc0YS00NjkwLWEwM2Mt
MzVjMWM3OWFhMWRjLzEvdkVhVWNnVE9tdnhUNFJ3aVRvemQwdEE1bWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9iM2IxMDYtNzc0YS00NjkwLWEwM2MtMzVjMWM3OWFhMWRj
LzEvUG1vQXV6N1pCOFVtcmR0YXE5bXRka3NzUFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBgrmmMA4E
AgACMAgDBgEqDNbAADANBgkqhkiG9w0BAQsFAAOCAQEAmcAfImCmA/KK2n2Bl1wz
lIMuUpmPWUeNOxeRQwLNXpwwXC08nFDjAyI9gTjJiwaeP/i7TsH2iRBirEC0vkaK
ou7mqsvwWoOTJ/SGl9J2xN3tk1M8kTKxm6YwrZETi0ttvduD7dBinEvbJVx0Gjbo
U+MlHYEPm8l71aU5AsUOWxvHyDX35v01yaTIMPe8aQ6lJqFku/0qDHt9s/zIy36K
BAr/ZfCqFGFn9FbD8YE0A+nmoFZVbItowZQUPEUQtFtyWU8y+Xgbm7481Ps2fpf1
4NjuCBckKGRnYBJDFl+O/5wgGDBQ9+m2N0ic0RKTuYdLUdq98u0bpbGOC/qBuwse
1Q==
-----END CERTIFICATE-----