Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4Q_qfvmlznSdytDqTmGS-WS_VCA.roa
File:                     4Q_qfvmlznSdytDqTmGS-WS_VCA.roa (raw, json)
Hash identifier:          0KPBBw2fyE5p7piNF93UHkOyD0W+5e8awHIZgEJ6l/M=
Subject key identifier:   E1:0F:EA:7E:F9:A5:CE:74:9D:CA:D0:EA:4E:61:92:F9:64:BF:54:20
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0196F863D77027EC73015549911B29B3DCE6
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4Q_qfvmlznSdytDqTmGS-WS_VCA.roa
Signing time:             Thu 22 May 2025 14:26:54 +0000
ROA not before:           Thu 22 May 2025 14:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        91.200.221.0/24 maxlen: 24
                          109.122.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:63:d7:70:27:ec:73:01:55:49:91:1b:29:b3:dc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 22 14:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e10fea7ef9a5ce749dcad0ea4e6192f964bf5420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2b:54:db:8b:00:07:06:ca:5e:50:04:b3:c9:
                    f1:b2:ba:6d:4c:af:af:2e:00:bf:ec:ac:7d:7d:e0:
                    8a:de:07:a2:a4:d4:d0:3b:a9:54:b4:55:35:9e:30:
                    bb:96:d6:c2:da:b5:45:48:36:fd:fe:0c:44:47:ee:
                    dc:65:27:07:69:17:06:b4:b8:fd:65:db:fe:ec:cb:
                    4f:ca:77:3c:a8:98:1c:49:96:de:d1:15:19:0d:c0:
                    6f:93:3a:eb:08:b4:aa:2b:cf:7f:0b:aa:fb:f9:c8:
                    20:4c:93:0d:8e:e8:4c:68:dc:42:39:fd:45:f5:9b:
                    54:8b:80:32:b8:a4:11:47:84:ff:8a:53:1d:c9:5f:
                    4a:83:4b:e6:bb:fc:06:dd:11:14:3b:3c:36:9f:4d:
                    4c:fc:ae:72:2f:55:b2:28:aa:09:8e:94:38:f6:fa:
                    d0:b0:39:b3:a8:18:3a:b8:fd:54:eb:a7:19:cd:7b:
                    a4:f9:c8:3c:9e:86:66:6f:63:04:ef:fe:a1:58:fe:
                    12:f7:71:ce:fb:20:d8:a6:6a:8c:83:fc:45:d3:32:
                    6d:45:18:53:74:18:b5:ee:54:5c:e1:65:9e:27:c4:
                    ed:4a:93:0a:38:2a:de:0f:22:fa:b7:51:51:26:c3:
                    6b:a0:d8:d2:cf:47:0d:b9:a1:c6:99:f1:a5:a9:c6:
                    ff:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:0F:EA:7E:F9:A5:CE:74:9D:CA:D0:EA:4E:61:92:F9:64:BF:54:20
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4Q_qfvmlznSdytDqTmGS-WS_VCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.221.0/24
                  109.122.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:93:c1:39:5b:3f:90:88:08:a5:fa:bd:e8:cd:c0:bf:b6:f6:
         64:00:e1:0e:f0:8d:55:6f:56:df:52:eb:ac:fc:0e:39:52:3e:
         db:3c:c0:e4:37:86:75:4d:54:ae:ad:d2:7e:0f:46:03:b7:6d:
         64:72:1b:bc:ea:8f:aa:41:9a:68:c8:69:4f:a8:be:4c:59:f3:
         55:36:d2:52:d3:e7:aa:9d:0b:d5:c4:7f:19:9b:32:6b:4d:c8:
         92:3d:54:e4:dd:36:8d:0d:c3:33:08:e1:e4:2f:73:ad:34:f5:
         9a:35:ce:8c:b2:98:21:2a:44:6c:53:49:83:ec:10:97:ee:64:
         5b:a4:c3:e1:5f:e4:9c:a9:f9:74:d6:37:1b:da:a2:d1:60:ec:
         76:d5:d8:f4:2f:d8:11:20:23:e5:f1:1d:56:d0:36:e2:fd:ac:
         b3:d7:98:8c:b3:64:cc:90:a2:2b:d3:a0:f5:1a:8e:48:d3:a7:
         90:79:6a:d6:a1:f5:b0:a0:b0:d3:f6:40:75:86:78:f6:db:4e:
         9b:c1:b4:ce:8a:7a:6a:cd:35:92:83:ac:4f:6e:c2:04:4c:43:
         af:23:a9:16:64:7c:64:60:92:6f:a8:6c:73:e3:08:c1:6e:19:
         53:de:90:ca:03:db:b1:76:d3:0b:b5:a1:70:d1:cf:30:c7:32:
         e0:85:9d:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb4Y9dwJ+xzAVVJkRsps9zmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNTIyMTQyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTBmZWE3ZWY5YTVjZTc0OWRjYWQwZWE0ZTYxOTJmOTY0YmY1NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2itU24sABwbKXlAEs8nxsrptTK+v
LgC/7Kx9feCK3geipNTQO6lUtFU1njC7ltbC2rVFSDb9/gxER+7cZScHaRcGtLj9
Zdv+7MtPync8qJgcSZbe0RUZDcBvkzrrCLSqK89/C6r7+cggTJMNjuhMaNxCOf1F
9ZtUi4AyuKQRR4T/ilMdyV9Kg0vmu/wG3REUOzw2n01M/K5yL1WyKKoJjpQ49vrQ
sDmzqBg6uP1U66cZzXuk+cg8noZmb2ME7/6hWP4S93HO+yDYpmqMg/xF0zJtRRhT
dBi17lRc4WWeJ8TtSpMKOCreDyL6t1FRJsNroNjSz0cNuaHGmfGlqcb/uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOEP6n75pc50ncrQ6k5hkvlkv1QgMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNFFfcWZ2bWx6blNkeXREcVRtR1MtV1NfVkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8jdAwQA
bXoqMA0GCSqGSIb3DQEBCwUAA4IBAQANk8E5Wz+QiAil+r3ozcC/tvZkAOEO8I1V
b1bfUuus/A45Uj7bPMDkN4Z1TVSurdJ+D0YDt21kchu86o+qQZpoyGlPqL5MWfNV
NtJS0+eqnQvVxH8ZmzJrTciSPVTk3TaNDcMzCOHkL3OtNPWaNc6MspghKkRsU0mD
7BCX7mRbpMPhX+Scqfl01jcb2qLRYOx21dj0L9gRICPl8R1W0Dbi/ayz15iMs2TM
kKIr06D1Go5I06eQeWrWofWwoLDT9kB1hnj2206bwbTOinpqzTWSg6xPbsIETEOv
I6kWZHxkYJJvqGxz4wjBbhlT3pDKA9uxdtMLtaFw0c8wxzLghZ1m
-----END CERTIFICATE-----