Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/VoBqKFmkzHKUMH66kT01ur4Okdk.roa
File:                     VoBqKFmkzHKUMH66kT01ur4Okdk.roa (raw, json)
Hash identifier:          wrQGRmCWA6MmV9E979fU5JGLxSuHzNsXWbXUIKZWDCY=
Subject key identifier:   56:80:6A:28:59:A4:CC:72:94:30:7E:BA:91:3D:35:BA:BE:0E:91:D9
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       0195EC4C2BB0AA0D25790FC49D030241E653
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/VoBqKFmkzHKUMH66kT01ur4Okdk.roa
Signing time:             Mon 31 Mar 2025 13:02:49 +0000
ROA not before:           Mon 31 Mar 2025 13:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211726
IP address blocks:        213.169.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:4c:2b:b0:aa:0d:25:79:0f:c4:9d:03:02:41:e6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Mar 31 13:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56806a2859a4cc7294307eba913d35babe0e91d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:05:05:64:72:46:f1:dd:e4:2d:f8:8c:d3:59:
                    27:83:3c:2e:ca:95:71:5f:87:b6:9a:af:cd:fa:99:
                    b4:0d:79:6f:14:03:f5:aa:d8:0b:a7:35:33:35:ab:
                    df:58:fd:1a:83:3f:0f:52:9c:29:53:f4:6a:f8:bd:
                    b3:85:bc:87:b0:cd:fc:e3:b7:31:63:c1:5e:cf:9c:
                    0e:5d:23:70:aa:f4:43:2e:b6:0a:5c:13:83:80:25:
                    3d:77:94:2d:5b:93:7e:06:33:21:98:f4:19:84:e6:
                    86:4f:75:c6:c3:b2:30:df:16:a0:ed:6e:da:fc:34:
                    64:a4:24:7f:71:8f:ac:77:74:77:ec:f0:8b:b8:18:
                    d2:ce:2b:0f:0e:57:23:8d:ff:8c:f8:ec:eb:dc:41:
                    52:e0:7e:5c:d9:aa:2d:17:21:bb:50:c1:e1:46:96:
                    67:12:c4:e5:9f:6b:0a:18:80:f7:8b:e3:15:36:be:
                    9f:3e:e8:f1:f3:66:5b:7b:f9:c9:e2:f3:20:c1:24:
                    3b:f0:bf:0e:51:0b:f3:b8:83:53:18:c9:0b:ad:fc:
                    93:75:16:94:6e:24:3f:80:a9:24:ea:95:83:b2:ff:
                    26:bd:a2:da:f3:f6:f5:f2:48:1a:85:1e:da:2b:ca:
                    26:52:b7:27:b9:46:a7:1f:67:74:11:9f:99:a2:17:
                    76:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:80:6A:28:59:A4:CC:72:94:30:7E:BA:91:3D:35:BA:BE:0E:91:D9
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/VoBqKFmkzHKUMH66kT01ur4Okdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:ae:a0:15:b7:a6:02:67:ff:32:db:8e:36:7b:ec:6c:93:2a:
         f1:22:b0:19:95:f9:5d:34:0a:34:dc:cc:38:78:f0:fa:f4:60:
         22:51:9b:18:dd:1b:80:fa:9c:24:f8:e3:92:50:bb:c6:d8:0d:
         7a:d2:d8:84:b7:7a:94:ac:6d:6e:20:84:59:4b:6f:17:86:8f:
         0e:53:13:3f:45:54:f0:ab:12:ba:e2:e9:dc:aa:31:a0:35:ca:
         33:39:ca:d6:00:95:d8:20:83:a4:e3:6b:91:ce:50:92:ed:c9:
         e2:bb:9a:e4:74:b9:46:b5:0b:44:19:d8:b0:c3:01:25:e1:19:
         cc:fc:d0:e1:1e:f6:d7:72:91:0e:53:ab:44:82:56:18:1a:87:
         c2:e5:18:cf:16:0a:57:e9:3c:02:b1:72:6a:93:d6:d4:c1:2e:
         82:26:61:57:d5:df:41:45:66:fc:63:13:d2:83:b4:62:be:ee:
         35:44:0b:55:10:35:6f:f0:7e:f2:64:30:0d:e9:e0:bf:69:2d:
         d6:7d:cc:4d:53:43:e2:bb:a5:43:15:8f:30:c1:86:3f:db:d2:
         cf:24:98:5f:e7:ab:96:5c:bc:3a:b0:8a:f3:4b:b8:77:94:ae:
         6c:f2:7a:d4:cc:c6:da:49:08:42:47:65:28:58:2e:47:c0:3e:
         e7:f4:b2:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXsTCuwqg0leQ/EnQMCQeZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjUwMzMxMTMwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjgwNmEyODU5YTRjYzcyOTQzMDdlYmE5MTNkMzViYWJlMGU5MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwUFZHJG8d3kLfiM01kngzwuypVx
X4e2mq/N+pm0DXlvFAP1qtgLpzUzNavfWP0agz8PUpwpU/Rq+L2zhbyHsM3847cx
Y8Fez5wOXSNwqvRDLrYKXBODgCU9d5QtW5N+BjMhmPQZhOaGT3XGw7Iw3xag7W7a
/DRkpCR/cY+sd3R37PCLuBjSzisPDlcjjf+M+Ozr3EFS4H5c2aotFyG7UMHhRpZn
EsTln2sKGID3i+MVNr6fPujx82Zbe/nJ4vMgwSQ78L8OUQvzuINTGMkLrfyTdRaU
biQ/gKkk6pWDsv8mvaLa8/b18kgahR7aK8omUrcnuUanH2d0EZ+Zohd2GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaAaihZpMxylDB+upE9Nbq+DpHZMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvVm9CcUtGbWt6SEtVTUg2NmtUMDF1cjRPa2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1amaMA0G
CSqGSIb3DQEBCwUAA4IBAQAWrqAVt6YCZ/8y2442e+xskyrxIrAZlfldNAo03Mw4
ePD69GAiUZsY3RuA+pwk+OOSULvG2A160tiEt3qUrG1uIIRZS28Xho8OUxM/RVTw
qxK64uncqjGgNcozOcrWAJXYIIOk42uRzlCS7cniu5rkdLlGtQtEGdiwwwEl4RnM
/NDhHvbXcpEOU6tEglYYGofC5RjPFgpX6TwCsXJqk9bUwS6CJmFX1d9BRWb8YxPS
g7Rivu41RAtVEDVv8H7yZDAN6eC/aS3WfcxNU0Piu6VDFY8wwYY/29LPJJhf56uW
XLw6sIrzS7h3lK5s8nrUzMbaSQhCR2UoWC5HwD7n9LIz
-----END CERTIFICATE-----