Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/Vpoq5ZpSGDP-ZXCmZlKnhArAK_Q.roa
File:                     Vpoq5ZpSGDP-ZXCmZlKnhArAK_Q.roa (raw, json)
Hash identifier:          38YyvusiUhw1DBRUCOnZouY1Y0JBlQCEkMbtx6PZeK4=
Subject key identifier:   56:9A:2A:E5:9A:52:18:33:FE:65:70:A6:66:52:A7:84:0A:C0:2B:F4
Certificate issuer:       /CN=38f23798b67393e4039e3f9555e214d6737c1351
Certificate serial:       01946A3245ACE9D52EB2A8FB94B2E75E8FB9
Authority key identifier: 38:F2:37:98:B6:73:93:E4:03:9E:3F:95:55:E2:14:D6:73:7C:13:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPI3mLZzk-QDnj-VVeIU1nN8E1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/Vpoq5ZpSGDP-ZXCmZlKnhArAK_Q.roa
Signing time:             Wed 15 Jan 2025 13:41:07 +0000
ROA not before:           Wed 15 Jan 2025 13:41:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198085
IP address blocks:        195.66.110.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/OPI3mLZzk-QDnj-VVeIU1nN8E1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/OPI3mLZzk-QDnj-VVeIU1nN8E1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPI3mLZzk-QDnj-VVeIU1nN8E1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:32:45:ac:e9:d5:2e:b2:a8:fb:94:b2:e7:5e:8f:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f23798b67393e4039e3f9555e214d6737c1351
        Validity
            Not Before: Jan 15 13:41:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=569a2ae59a521833fe6570a66652a7840ac02bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8c:95:ca:05:a8:0b:80:0f:6a:22:1f:a1:46:
                    1b:e3:47:51:56:ee:3f:2c:c2:7c:70:bc:73:16:21:
                    44:0c:56:01:ea:f5:b2:e4:f5:e8:fb:93:c6:52:54:
                    7e:8a:11:2b:34:9d:a6:55:61:6e:f1:2e:01:95:09:
                    f2:0c:f7:ab:67:bf:1f:a2:9a:b2:73:82:b1:0f:8c:
                    09:95:a3:60:ba:47:da:82:12:ec:51:bf:46:a9:a8:
                    29:51:c3:bb:08:da:7e:42:bf:2d:c0:51:94:6b:c0:
                    56:ae:17:42:a1:41:59:00:28:09:c4:71:60:92:81:
                    88:9d:24:70:78:a7:28:ff:f1:4d:21:7a:8e:cd:74:
                    cd:94:c4:d0:6f:ff:6d:bb:f9:6c:c6:29:2c:fa:35:
                    11:23:97:27:3a:c9:ba:e7:b8:4a:72:0b:58:1b:b7:
                    10:f2:5f:0a:16:5a:03:4c:f5:03:1d:fe:7e:ae:91:
                    54:d9:cd:ac:19:c5:12:f5:3b:7f:3a:06:a8:89:f7:
                    e3:35:62:d7:59:3a:37:fd:e4:ed:52:92:68:57:a3:
                    d0:73:3c:97:56:09:1f:56:81:29:fd:35:8a:d5:64:
                    37:a3:98:70:8f:52:da:ee:f4:28:c9:67:63:7b:f9:
                    b4:34:1e:be:36:16:99:7e:e2:3b:a8:56:f0:51:3e:
                    73:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:9A:2A:E5:9A:52:18:33:FE:65:70:A6:66:52:A7:84:0A:C0:2B:F4
            X509v3 Authority Key Identifier:
                keyid:38:F2:37:98:B6:73:93:E4:03:9E:3F:95:55:E2:14:D6:73:7C:13:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPI3mLZzk-QDnj-VVeIU1nN8E1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/Vpoq5ZpSGDP-ZXCmZlKnhArAK_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9ab4c9-0c10-4671-bdd4-730fcd0e5dca/1/OPI3mLZzk-QDnj-VVeIU1nN8E1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:8f:5b:ab:f5:10:26:9e:46:df:07:5a:52:79:29:08:61:f5:
         c2:f4:77:dd:ee:35:11:1c:ef:d2:83:96:bd:9d:f0:e6:d0:c8:
         10:78:02:3b:0c:89:d2:40:44:92:10:e6:f8:cc:99:34:70:76:
         cf:8d:0c:a5:f8:c3:91:61:32:21:83:bb:45:81:9d:84:1c:d1:
         83:f5:58:b1:8a:1f:34:94:e3:ee:48:36:81:7b:b8:58:aa:81:
         c8:9f:c1:90:15:d4:44:d5:f9:05:07:ec:09:b6:14:d9:61:93:
         98:b5:2e:1c:9d:3c:eb:4a:46:2c:a8:8a:41:45:cb:42:7c:8e:
         59:bb:9c:f6:4f:f0:35:96:e9:1e:6d:fa:51:b9:de:7d:77:b3:
         87:e0:67:0d:4e:9c:bf:6b:1b:2b:bb:ca:c1:5f:90:d9:4f:91:
         a5:54:c2:73:c1:fb:6c:fc:74:34:3c:94:d7:a6:e2:ee:58:e1:
         50:73:62:19:9e:b6:af:e3:4b:ed:24:80:e4:63:01:5a:ee:47:
         3c:7e:9c:84:05:b9:54:bf:00:45:09:14:db:c7:52:fe:6f:c5:
         87:2a:99:ec:51:da:92:87:c4:ee:90:74:e0:2e:01:8a:70:66:
         c4:3f:10:21:95:5e:99:bb:85:46:a9:91:e0:70:3e:95:17:8d:
         04:55:3a:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRqMkWs6dUusqj7lLLnXo+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjIzNzk4YjY3MzkzZTQwMzllM2Y5NTU1ZTIxNGQ2NzM3
YzEzNTEwHhcNMjUwMTE1MTM0MTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjlhMmFlNTlhNTIxODMzZmU2NTcwYTY2NjUyYTc4NDBhYzAyYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YyVygWoC4APaiIfoUYb40dRVu4/
LMJ8cLxzFiFEDFYB6vWy5PXo+5PGUlR+ihErNJ2mVWFu8S4BlQnyDPerZ78fopqy
c4KxD4wJlaNgukfaghLsUb9GqagpUcO7CNp+Qr8twFGUa8BWrhdCoUFZACgJxHFg
koGInSRweKco//FNIXqOzXTNlMTQb/9tu/lsxiks+jURI5cnOsm657hKcgtYG7cQ
8l8KFloDTPUDHf5+rpFU2c2sGcUS9Tt/OgaoiffjNWLXWTo3/eTtUpJoV6PQczyX
VgkfVoEp/TWK1WQ3o5hwj1La7vQoyWdje/m0NB6+NhaZfuI7qFbwUT5zbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaaKuWaUhgz/mVwpmZSp4QKwCv0MB8GA1UdIwQY
MBaAFDjyN5i2c5PkA54/lVXiFNZzfBNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BJM21MWnprLVFEbmotVlZlSVUxbk44RTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy85YWI0YzktMGMxMC00NjcxLWJkZDQt
NzMwZmNkMGU1ZGNhLzEvVnBvcTVacFNHRFAtWlhDbVpsS25oQXJBS19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy85YWI0YzktMGMxMC00NjcxLWJkZDQtNzMwZmNkMGU1ZGNh
LzEvT1BJM21MWnprLVFEbmotVlZlSVUxbk44RTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JuMA0G
CSqGSIb3DQEBCwUAA4IBAQDHj1ur9RAmnkbfB1pSeSkIYfXC9Hfd7jURHO/Sg5a9
nfDm0MgQeAI7DInSQESSEOb4zJk0cHbPjQyl+MORYTIhg7tFgZ2EHNGD9Vixih80
lOPuSDaBe7hYqoHIn8GQFdRE1fkFB+wJthTZYZOYtS4cnTzrSkYsqIpBRctCfI5Z
u5z2T/A1lukebfpRud59d7OH4GcNTpy/axsru8rBX5DZT5GlVMJzwfts/HQ0PJTX
puLuWOFQc2IZnrav40vtJIDkYwFa7kc8fpyEBblUvwBFCRTbx1L+b8WHKpnsUdqS
h8TukHTgLgGKcGbEPxAhlV6Zu4VGqZHgcD6VF40EVTpa
-----END CERTIFICATE-----