Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/VNSLVaEs2JND7MBVU_hMkMCe4VI.roa
File:                     VNSLVaEs2JND7MBVU_hMkMCe4VI.roa (raw, json)
Hash identifier:          4Gvp8QZhAi16/ZBLIXqdlQkt02B6CjfvrGyg5V1EIUg=
Subject key identifier:   54:D4:8B:55:A1:2C:D8:93:43:EC:C0:55:53:F8:4C:90:C0:9E:E1:52
Certificate issuer:       /CN=49bd4d28c52c2f12e46a1efbe113241be00ca58f
Certificate serial:       019589470CEADB347975EA21EB2936CC3182
Authority key identifier: 49:BD:4D:28:C5:2C:2F:12:E4:6A:1E:FB:E1:13:24:1B:E0:0C:A5:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/VNSLVaEs2JND7MBVU_hMkMCe4VI.roa
Signing time:             Wed 12 Mar 2025 07:34:49 +0000
ROA not before:           Wed 12 Mar 2025 07:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        193.56.194.0/23 maxlen: 23
                          2a14:9600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:89:47:0c:ea:db:34:79:75:ea:21:eb:29:36:cc:31:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd4d28c52c2f12e46a1efbe113241be00ca58f
        Validity
            Not Before: Mar 12 07:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54d48b55a12cd89343ecc05553f84c90c09ee152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:01:b2:64:18:23:f7:ca:50:6d:8d:8e:18:d9:
                    29:29:b7:9a:a2:57:31:c2:e1:e8:af:0a:8f:47:fa:
                    98:61:76:bd:15:d4:26:e3:b7:72:f0:8e:74:da:54:
                    c8:db:37:d4:b5:82:be:0d:fe:e6:f5:8f:5f:ad:c1:
                    b5:73:d5:e4:e7:ad:51:b1:b6:bc:7e:0b:73:9a:69:
                    ac:62:22:fc:84:23:22:4b:7e:4c:62:f1:28:0a:45:
                    e8:be:1f:94:41:93:8a:f1:a9:09:77:27:7b:fe:78:
                    a7:14:1b:06:c0:95:d6:84:11:fb:27:61:e1:07:86:
                    15:7d:07:84:f8:14:5b:6f:72:b0:01:bc:24:ea:a2:
                    5d:80:b0:d9:03:40:43:35:6c:ea:ce:bd:7f:6c:e3:
                    8f:0d:dc:c0:ca:eb:be:19:5e:b2:fc:f6:b5:24:17:
                    15:ed:26:88:7c:87:75:43:33:9c:4a:04:18:dc:cc:
                    6c:3c:c0:84:42:49:ae:86:31:3a:e0:ea:87:85:16:
                    78:bd:f0:f1:4e:75:42:d8:89:6f:39:2b:65:9e:e4:
                    5c:a4:eb:7b:32:3c:14:2a:d6:11:77:16:38:61:1c:
                    b4:42:2c:92:27:1c:7c:b7:f0:23:09:e0:2e:5b:33:
                    f4:a4:c7:55:23:9c:20:0e:8f:36:fb:e1:1f:ab:18:
                    79:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D4:8B:55:A1:2C:D8:93:43:EC:C0:55:53:F8:4C:90:C0:9E:E1:52
            X509v3 Authority Key Identifier:
                keyid:49:BD:4D:28:C5:2C:2F:12:E4:6A:1E:FB:E1:13:24:1B:E0:0C:A5:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sb1NKMUsLxLkah774RMkG-AMpY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/VNSLVaEs2JND7MBVU_hMkMCe4VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b5af47-9452-4c55-bc2f-5746007cb2a3/1/Sb1NKMUsLxLkah774RMkG-AMpY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.194.0/23
                IPv6:
                  2a14:9600::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:14:83:85:2b:3a:8f:5d:2b:cd:cd:eb:ea:f9:6e:5e:76:ba:
         60:3b:23:2b:57:bb:2d:a8:85:8b:7f:0b:51:10:65:bb:8c:3c:
         36:86:8f:4f:ff:e4:9e:af:f0:ca:a6:14:08:1c:84:ff:63:c6:
         6e:27:0a:dc:44:5f:90:37:e6:2b:c2:90:2b:57:42:32:34:a2:
         31:eb:12:2d:65:9d:2e:11:b4:36:55:7f:bf:b2:99:ce:00:47:
         4e:42:10:71:ec:db:31:d1:66:04:05:bd:49:bc:13:48:3c:fb:
         53:16:d0:a4:88:3c:3f:7b:4f:92:ca:b2:dc:c3:25:2f:8a:a7:
         b1:07:4b:97:fc:c0:64:7e:d1:65:2c:fa:99:0f:ee:71:68:e1:
         3b:bc:30:f8:65:c2:e9:6d:da:b0:2f:57:73:f6:07:fc:94:fd:
         32:15:45:c6:85:27:34:3c:7c:9e:f5:49:df:22:74:10:90:d0:
         55:88:09:47:8a:d4:31:67:d4:1e:87:c0:af:a4:f5:db:79:42:
         23:85:77:fa:ac:9a:79:cb:78:7c:a9:73:01:9f:6c:db:06:dd:
         91:1e:c3:c8:bf:31:16:71:62:f2:d8:71:9f:4c:82:51:1f:b3:
         08:2c:cf:11:52:f9:a4:4c:98:89:f1:e2:e5:b8:f8:5f:9b:55:
         a1:82:3a:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZWJRwzq2zR5deoh6yk2zDGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmQ0ZDI4YzUyYzJmMTJlNDZhMWVmYmUxMTMyNDFiZTAw
Y2E1OGYwHhcNMjUwMzEyMDczNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQ0OGI1NWExMmNkODkzNDNlY2MwNTU1M2Y4NGM5MGMwOWVlMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgGyZBgj98pQbY2OGNkpKbeaolcx
wuHorwqPR/qYYXa9FdQm47dy8I502lTI2zfUtYK+Df7m9Y9frcG1c9Xk561Rsba8
fgtzmmmsYiL8hCMiS35MYvEoCkXovh+UQZOK8akJdyd7/ninFBsGwJXWhBH7J2Hh
B4YVfQeE+BRbb3KwAbwk6qJdgLDZA0BDNWzqzr1/bOOPDdzAyuu+GV6y/Pa1JBcV
7SaIfId1QzOcSgQY3MxsPMCEQkmuhjE64OqHhRZ4vfDxTnVC2IlvOStlnuRcpOt7
MjwUKtYRdxY4YRy0QiySJxx8t/AjCeAuWzP0pMdVI5wgDo82++Efqxh5SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFTUi1WhLNiTQ+zAVVP4TJDAnuFSMB8GA1UdIwQY
MBaAFEm9TSjFLC8S5Goe++ETJBvgDKWPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2IxTktNVXNMeExrYWg3NzRSTWtHLUFNcFk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNWFmNDctOTQ1Mi00YzU1LWJjMmYt
NTc0NjAwN2NiMmEzLzEvVk5TTFZhRXMySk5EN01CVlVfaE1rTUNlNFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNWFmNDctOTQ1Mi00YzU1LWJjMmYtNTc0NjAwN2NiMmEz
LzEvU2IxTktNVXNMeExrYWg3NzRSTWtHLUFNcFk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwTjCMA0E
AgACMAcDBQMqFJYAMA0GCSqGSIb3DQEBCwUAA4IBAQA2FIOFKzqPXSvNzevq+W5e
drpgOyMrV7stqIWLfwtREGW7jDw2ho9P/+Ser/DKphQIHIT/Y8ZuJwrcRF+QN+Yr
wpArV0IyNKIx6xItZZ0uEbQ2VX+/spnOAEdOQhBx7Nsx0WYEBb1JvBNIPPtTFtCk
iDw/e0+SyrLcwyUviqexB0uX/MBkftFlLPqZD+5xaOE7vDD4ZcLpbdqwL1dz9gf8
lP0yFUXGhSc0PHye9UnfInQQkNBViAlHitQxZ9Qeh8CvpPXbeUIjhXf6rJp5y3h8
qXMBn2zbBt2RHsPIvzEWcWLy2HGfTIJRH7MILM8RUvmkTJiJ8eLluPhfm1Whgjr5
-----END CERTIFICATE-----