Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/VyNeUy6tq_jIRY1YJKRvMXsWiI4.roa
File:                     VyNeUy6tq_jIRY1YJKRvMXsWiI4.roa (raw, json)
Hash identifier:          L2brqLB1njCywrmBc5vem11X5wcNBihJcHyImRYcVf4=
Subject key identifier:   57:23:5E:53:2E:AD:AB:F8:C8:45:8D:58:24:A4:6F:31:7B:16:88:8E
Certificate issuer:       /CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
Certificate serial:       0193504DB4F16496EC81656230CB79460E06
Authority key identifier: C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/VyNeUy6tq_jIRY1YJKRvMXsWiI4.roa
Signing time:             Thu 21 Nov 2024 19:58:10 +0000
ROA not before:           Thu 21 Nov 2024 19:58:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58007
IP address blocks:        95.141.249.0/24 maxlen: 24
                          194.8.28.0/24 maxlen: 24
                          2a13:4380::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:50:4d:b4:f1:64:96:ec:81:65:62:30:cb:79:46:0e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
        Validity
            Not Before: Nov 21 19:58:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57235e532eadabf8c8458d5824a46f317b16888e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b3:75:0b:8e:20:45:cb:95:1f:d8:38:f9:52:
                    b2:7a:2c:b2:c9:93:26:0f:00:77:da:f3:a1:42:04:
                    ae:0e:00:a9:74:80:88:6d:58:a3:04:73:7a:6c:60:
                    6f:2c:4c:88:84:f6:ee:97:f3:88:25:6c:9f:c2:17:
                    bf:f7:21:4e:bc:f3:c7:bb:91:11:4b:05:59:86:cc:
                    25:df:84:30:d8:7e:bf:1a:07:2e:be:02:50:e6:69:
                    f6:94:18:d4:5b:95:ed:f6:2b:eb:7f:95:88:5c:de:
                    d2:69:72:9e:c7:00:d1:cf:24:7f:75:95:c3:d7:91:
                    d2:81:d5:e7:0a:ef:70:44:df:f0:9c:e3:fd:76:80:
                    a6:9f:3f:c0:2b:db:09:1f:b3:b5:16:6e:14:61:5f:
                    f4:d1:d8:95:d6:ce:97:9a:c8:e3:d7:27:c2:fb:62:
                    2e:dc:56:bd:5d:c8:64:ce:e3:fe:b3:cb:69:3b:17:
                    7d:1f:01:cc:33:91:78:bd:ee:23:4d:0c:58:14:1f:
                    ea:ca:4e:33:41:58:e6:42:76:57:56:4a:c4:69:22:
                    e2:fb:e9:d6:4a:3b:73:32:66:aa:24:6d:45:d7:67:
                    50:74:c3:e2:84:99:a5:75:3b:b8:b4:60:a8:9d:4d:
                    3b:d3:10:16:d8:ee:99:4f:3f:9e:29:34:6b:dc:2c:
                    74:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:23:5E:53:2E:AD:AB:F8:C8:45:8D:58:24:A4:6F:31:7B:16:88:8E
            X509v3 Authority Key Identifier:
                keyid:C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/VyNeUy6tq_jIRY1YJKRvMXsWiI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.249.0/24
                  194.8.28.0/24
                IPv6:
                  2a13:4380::/33

    Signature Algorithm: sha256WithRSAEncryption
         46:b7:d3:45:7a:f3:1f:fe:f7:38:56:5b:37:ae:06:49:80:61:
         91:48:8a:72:c2:79:c7:70:a7:69:c6:51:ca:8c:02:c7:4f:aa:
         31:5d:eb:90:6e:60:6c:d9:4b:52:90:66:9e:a3:90:3e:8c:86:
         e2:8b:f5:37:5c:f5:81:5b:28:7a:7e:1f:1d:f0:bf:b4:d3:6d:
         1d:49:42:51:b3:f5:85:9c:f3:28:4b:bc:bd:13:1b:32:1f:ec:
         09:c9:ca:d6:06:95:8d:af:f7:e4:16:f3:aa:fc:3f:8c:e8:70:
         3c:b9:1e:fe:b0:7d:3f:c5:98:9f:c3:0f:b3:14:72:c4:11:07:
         db:ef:9b:ae:f7:11:88:1d:6a:8c:2a:27:bb:6e:71:ad:ff:4f:
         7b:a0:51:45:b0:7e:62:02:99:27:a9:ff:ab:df:b8:6d:1c:e8:
         3a:bd:4e:b8:fe:08:78:f9:bc:4f:a5:93:37:af:6d:b2:9a:b6:
         fd:69:89:c3:c7:da:3e:b4:1d:a8:67:0c:ba:32:21:4f:d2:d1:
         82:6d:02:c2:d0:d5:5c:13:8e:cb:59:cb:70:ae:dc:5f:8b:d3:
         48:59:47:c0:0d:4b:6e:f7:d3:d9:d6:2c:4f:a9:ff:35:64:d2:
         9a:24:37:e3:3c:23:40:7e:e1:5b:ba:7e:43:9c:10:27:26:fe:
         91:4c:e5:22
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZNQTbTxZJbsgWViMMt5Rg4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDZjNGJlZmUwZmJiZTM2MjRiZDc0ODI5NmI1ZmUyZTdl
YzJkNjgwHhcNMjQxMTIxMTk1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzIzNWU1MzJlYWRhYmY4Yzg0NThkNTgyNGE0NmYzMTdiMTY4ODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbN1C44gRcuVH9g4+VKyeiyyyZMm
DwB32vOhQgSuDgCpdICIbVijBHN6bGBvLEyIhPbul/OIJWyfwhe/9yFOvPPHu5ER
SwVZhswl34Qw2H6/GgcuvgJQ5mn2lBjUW5Xt9ivrf5WIXN7SaXKexwDRzyR/dZXD
15HSgdXnCu9wRN/wnOP9doCmnz/AK9sJH7O1Fm4UYV/00diV1s6Xmsjj1yfC+2Iu
3Fa9XchkzuP+s8tpOxd9HwHMM5F4ve4jTQxYFB/qyk4zQVjmQnZXVkrEaSLi++nW
SjtzMmaqJG1F12dQdMPihJmldTu4tGConU070xAW2O6ZTz+eKTRr3Cx0XwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFFcjXlMurav4yEWNWCSkbzF7FoiOMB8GA1UdIwQY
MBaAFMlGxL7+D7vjYkvXSClrX+Ln7C1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODkt
NmJiYjI3MDgxZGUyLzEvVnlOZVV5NnRxX2pJUlkxWUpLUnZNWHNXaUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODktNmJiYjI3MDgxZGUy
LzEveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAX435AwQA
wggcMA4EAgACMAgDBgcqE0OAADANBgkqhkiG9w0BAQsFAAOCAQEARrfTRXrzH/73
OFZbN64GSYBhkUiKcsJ5x3CnacZRyowCx0+qMV3rkG5gbNlLUpBmnqOQPoyG4ov1
N1z1gVsoen4fHfC/tNNtHUlCUbP1hZzzKEu8vRMbMh/sCcnK1gaVja/35Bbzqvw/
jOhwPLke/rB9P8WYn8MPsxRyxBEH2++brvcRiB1qjConu25xrf9Pe6BRRbB+YgKZ
J6n/q9+4bRzoOr1OuP4IePm8T6WTN69tspq2/WmJw8faPrQdqGcMujIhT9LRgm0C
wtDVXBOOy1nLcK7cX4vTSFlHwA1LbvfT2dYsT6n/NWTSmiQ34zwjQH7hW7p+Q5wQ
Jyb+kUzlIg==
-----END CERTIFICATE-----