Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/VWgiKeUlZyr_tkfBtwpTnh3j5es.roa
File:                     VWgiKeUlZyr_tkfBtwpTnh3j5es.roa (raw, json)
Hash identifier:          F+rSoMMmSh1ZRMmb8OY6V8ChtegfB1X8DkMugPNoNpA=
Subject key identifier:   55:68:22:29:E5:25:67:2A:FF:B6:47:C1:B7:0A:53:9E:1D:E3:E5:EB
Certificate issuer:       /CN=0b356087c20c7a325416fda803cb76f3da7947a9
Certificate serial:       0196D4194E91220993EE05291F7CBFAA3DA8
Authority key identifier: 0B:35:60:87:C2:0C:7A:32:54:16:FD:A8:03:CB:76:F3:DA:79:47:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/VWgiKeUlZyr_tkfBtwpTnh3j5es.roa
Signing time:             Thu 15 May 2025 13:19:10 +0000
ROA not before:           Thu 15 May 2025 13:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42446
IP address blocks:        91.199.247.0/24 maxlen: 24
                          193.142.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:44:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:19:4e:91:22:09:93:ee:05:29:1f:7c:bf:aa:3d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b356087c20c7a325416fda803cb76f3da7947a9
        Validity
            Not Before: May 15 13:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55682229e525672affb647c1b70a539e1de3e5eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:23:32:a0:08:79:99:1a:16:5f:e4:30:2d:90:
                    34:ff:f8:93:b0:46:79:4b:c0:08:24:63:f5:da:c9:
                    f2:cb:e6:60:0c:bb:df:fb:ee:ab:a0:1e:31:09:02:
                    5e:7a:1d:bf:f9:f6:97:af:b4:18:ac:52:76:d9:81:
                    19:5d:9a:fb:11:12:43:2e:46:bf:ed:6d:a7:16:e9:
                    5f:55:74:b3:6c:d6:a0:b6:41:e6:b9:c8:bf:45:9e:
                    01:cc:b8:3b:ad:ac:92:4f:bf:bd:99:7d:49:de:13:
                    ff:6c:e0:7c:8b:03:b7:31:1c:70:87:17:d8:49:6e:
                    af:7e:58:da:2e:01:6d:06:bd:8a:76:19:67:29:eb:
                    da:c2:31:9f:70:bd:23:14:af:74:41:45:a9:7d:aa:
                    42:aa:c3:41:b6:a6:e6:a1:de:eb:77:db:1c:46:e3:
                    41:3c:7c:c9:e2:9c:a9:60:2d:e6:26:06:09:10:a8:
                    f9:16:ce:11:e0:13:f7:89:cb:0a:ac:79:06:7c:cf:
                    0c:80:97:b5:50:b8:1e:3f:8e:cd:d5:58:9f:d5:ab:
                    70:4b:79:bf:64:47:7d:5a:f0:4f:b0:d8:f0:a2:f6:
                    e8:7e:b2:3a:c2:35:78:b8:62:03:c5:b0:60:60:79:
                    0f:c8:d4:29:b3:8e:9b:ec:38:e1:dc:68:c8:a7:5c:
                    09:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:68:22:29:E5:25:67:2A:FF:B6:47:C1:B7:0A:53:9E:1D:E3:E5:EB
            X509v3 Authority Key Identifier:
                keyid:0B:35:60:87:C2:0C:7A:32:54:16:FD:A8:03:CB:76:F3:DA:79:47:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/VWgiKeUlZyr_tkfBtwpTnh3j5es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.247.0/24
                  193.142.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:86:33:cc:05:80:ea:fa:0e:44:d3:c0:58:51:27:73:2c:02:
         65:01:45:9e:a4:88:36:e4:aa:34:2e:9b:a7:20:cc:73:34:38:
         26:60:17:56:63:80:92:0f:9c:a0:3e:d1:48:b0:cd:0b:80:f2:
         75:97:91:67:4c:d5:d1:66:91:0c:51:3e:43:21:a9:00:83:77:
         9c:0a:11:eb:b4:b9:28:23:3e:55:ee:08:35:fb:e4:78:d1:ee:
         e5:12:0d:be:e9:41:d9:ec:72:44:d6:66:e7:c6:cc:5b:78:ca:
         da:64:56:8d:9b:3f:e2:14:d4:b2:d5:16:7e:90:49:43:5f:4b:
         98:be:e1:5f:34:d5:6c:1c:a8:b0:0f:23:07:63:e4:ff:6e:ae:
         77:13:fd:72:b4:8c:37:96:14:2e:4e:34:8c:75:2d:50:44:c9:
         f7:ea:bc:e4:26:f3:c8:32:af:c6:f9:37:d8:6e:3f:7e:cf:59:
         f6:55:58:5e:d2:0e:b6:69:ae:96:7c:36:21:dd:95:3a:02:05:
         11:de:c1:8e:4c:9c:08:a3:ff:03:8e:89:fd:0c:66:79:39:98:
         48:26:83:65:e1:e1:f3:8f:f1:09:7a:51:c2:a0:c5:51:5f:f9:
         04:0e:62:2d:73:e4:94:71:2a:74:d1:3a:f7:f6:b9:8a:60:b2:
         30:29:39:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbUGU6RIgmT7gUpH3y/qj2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzU2MDg3YzIwYzdhMzI1NDE2ZmRhODAzY2I3NmYzZGE3
OTQ3YTkwHhcNMjUwNTE1MTMxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTY4MjIyOWU1MjU2NzJhZmZiNjQ3YzFiNzBhNTM5ZTFkZTNlNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCMyoAh5mRoWX+QwLZA0//iTsEZ5
S8AIJGP12snyy+ZgDLvf++6roB4xCQJeeh2/+faXr7QYrFJ22YEZXZr7ERJDLka/
7W2nFulfVXSzbNagtkHmuci/RZ4BzLg7rayST7+9mX1J3hP/bOB8iwO3MRxwhxfY
SW6vfljaLgFtBr2KdhlnKevawjGfcL0jFK90QUWpfapCqsNBtqbmod7rd9scRuNB
PHzJ4pypYC3mJgYJEKj5Fs4R4BP3icsKrHkGfM8MgJe1ULgeP47N1Vif1atwS3m/
ZEd9WvBPsNjwovbofrI6wjV4uGIDxbBgYHkPyNQps46b7Djh3GjIp1wJMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFVoIinlJWcq/7ZHwbcKU54d4+XrMB8GA1UdIwQY
MBaAFAs1YIfCDHoyVBb9qAPLdvPaeUepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pWZ2g4SU1lakpVRnYyb0E4dDI4OXA1UjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kN2NmOTQtYWM2MS00ZmJmLWFkZjAt
NTdlYWY4MzNhYjBiLzEvVldnaUtlVWxaeXJfdGtmQnR3cFRuaDNqNWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kN2NmOTQtYWM2MS00ZmJmLWFkZjAtNTdlYWY4MzNhYjBi
LzEvQ3pWZ2g4SU1lakpVRnYyb0E4dDI4OXA1UjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8f3AwQA
wY4AMA0GCSqGSIb3DQEBCwUAA4IBAQBHhjPMBYDq+g5E08BYUSdzLAJlAUWepIg2
5Ko0LpunIMxzNDgmYBdWY4CSD5ygPtFIsM0LgPJ1l5FnTNXRZpEMUT5DIakAg3ec
ChHrtLkoIz5V7gg1++R40e7lEg2+6UHZ7HJE1mbnxsxbeMraZFaNmz/iFNSy1RZ+
kElDX0uYvuFfNNVsHKiwDyMHY+T/bq53E/1ytIw3lhQuTjSMdS1QRMn36rzkJvPI
Mq/G+TfYbj9+z1n2VVhe0g62aa6WfDYh3ZU6AgUR3sGOTJwIo/8Djon9DGZ5OZhI
JoNl4eHzj/EJelHCoMVRX/kEDmItc+SUcSp00Tr39rmKYLIwKTml
-----END CERTIFICATE-----