Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vapzFUrrI6AeHjyMy_7FVDotd04.roa
File:                     vapzFUrrI6AeHjyMy_7FVDotd04.roa (raw, json)
Hash identifier:          duStscGJ+Tbahw/BkPtyz/vhUgo89BBRmCdvuOnEfsg=
Subject key identifier:   BD:AA:73:15:4A:EB:23:A0:1E:1E:3C:8C:CB:FE:C5:54:3A:2D:77:4E
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8C8B7C8D292FA056E355402C736BE
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vapzFUrrI6AeHjyMy_7FVDotd04.roa
Signing time:             Mon 01 Jan 2024 20:30:47 +0000
ROA not before:           Mon 01 Jan 2024 20:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201079
IP address blocks:        185.254.53.0/24 maxlen: 24
                          185.254.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 00:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c8:b7:c8:d2:92:fa:05:6e:35:54:02:c7:36:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdaa73154aeb23a01e1e3c8ccbfec5543a2d774e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:64:4c:7c:84:6a:b7:fc:70:06:82:95:2f:44:
                    74:ea:28:b4:4c:c8:df:a7:71:f4:e2:7c:50:f3:e8:
                    e1:5b:44:9d:b7:d6:2e:51:d3:75:2f:e3:f2:57:17:
                    4d:b5:5d:ea:98:77:2b:45:07:95:4a:a6:2b:63:40:
                    00:15:1c:92:fc:c3:54:44:49:a9:35:78:81:f3:99:
                    42:dd:e1:23:bc:b6:c1:56:9a:d0:f0:f8:60:3a:2a:
                    30:18:12:0f:81:15:cd:2c:d4:fb:08:eb:dc:8a:69:
                    e0:8a:fd:99:6d:96:26:d8:29:b4:ee:85:ea:bb:97:
                    15:a9:af:17:9e:8e:11:75:19:86:61:a4:a0:3e:47:
                    0a:7b:2b:c1:9c:67:dc:26:69:af:7a:cc:b2:aa:ea:
                    01:ec:ed:3d:a1:40:6e:11:58:44:0a:a2:b5:87:4c:
                    62:00:63:de:e1:57:eb:6a:fb:04:df:fb:34:a1:f8:
                    ca:61:72:d1:bc:75:06:73:38:41:7e:df:e1:43:85:
                    75:45:78:8a:25:0b:af:4b:d8:7a:79:35:02:60:87:
                    e2:1d:cb:5b:cf:73:0a:76:35:82:bc:ff:f9:55:fa:
                    e1:a6:4b:b6:29:cf:d6:3d:2c:e0:54:9a:ea:81:2d:
                    87:bd:1f:0f:1d:72:36:02:74:30:e4:51:14:de:3f:
                    02:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:AA:73:15:4A:EB:23:A0:1E:1E:3C:8C:CB:FE:C5:54:3A:2D:77:4E
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vapzFUrrI6AeHjyMy_7FVDotd04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.53.0/24
                  185.254.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:03:3b:a7:ae:1d:a0:2a:6e:5c:fa:6c:23:bb:cd:9e:e6:df:
         29:42:4d:d7:6c:05:30:3c:0e:39:67:2f:74:9c:45:26:a3:3a:
         e0:c8:24:b1:87:97:86:63:e6:8c:61:49:cd:f8:ef:9c:ad:df:
         32:40:76:14:a5:c6:43:2a:5a:96:fd:c4:00:c9:36:43:0c:fc:
         27:f1:47:3b:ef:65:c4:42:62:6a:26:a4:bb:bf:82:13:ad:7d:
         f8:74:c4:79:34:82:0d:e9:1a:43:2c:f6:55:47:b8:8d:51:93:
         1a:7c:b5:26:f7:d1:bf:dd:b8:d8:3a:39:ad:67:c6:07:a7:eb:
         68:ec:82:9d:26:5b:b8:94:88:98:c0:50:7f:05:36:7e:14:c0:
         bb:12:1e:b8:c1:95:40:b1:c9:a7:1d:69:1b:85:be:5c:e5:25:
         4d:f3:91:ec:7c:71:fe:a9:15:f0:28:66:f6:b3:23:29:b4:c2:
         1b:a6:a2:be:82:b0:70:cc:72:73:3f:4f:66:ee:f2:bc:dd:15:
         5b:64:70:bb:52:da:76:10:c2:49:87:ad:16:56:ea:4d:9a:62:
         cc:ec:fa:fe:49:79:22:dd:a7:40:22:32:36:34:1f:47:6c:09:
         71:70:4a:0f:8c:3b:0a:43:37:f0:8a:7a:f2:48:11:44:8e:c7:
         27:5d:b2:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuMi3yNKS+gVuNVQCxza+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGFhNzMxNTRhZWIyM2EwMWUxZTNjOGNjYmZlYzU1NDNhMmQ3NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmRMfIRqt/xwBoKVL0R06ii0TMjf
p3H04nxQ8+jhW0Sdt9YuUdN1L+PyVxdNtV3qmHcrRQeVSqYrY0AAFRyS/MNUREmp
NXiB85lC3eEjvLbBVprQ8PhgOiowGBIPgRXNLNT7COvcimngiv2ZbZYm2Cm07oXq
u5cVqa8Xno4RdRmGYaSgPkcKeyvBnGfcJmmvesyyquoB7O09oUBuEVhECqK1h0xi
AGPe4VfravsE3/s0ofjKYXLRvHUGczhBft/hQ4V1RXiKJQuvS9h6eTUCYIfiHctb
z3MKdjWCvP/5Vfrhpku2Kc/WPSzgVJrqgS2HvR8PHXI2AnQw5FEU3j8CGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL2qcxVK6yOgHh48jMv+xVQ6LXdOMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvdmFwekZVcnJJNkFlSGp5TXlfN0ZWRG90ZDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf41AwQA
uf43MA0GCSqGSIb3DQEBCwUAA4IBAQC5Azunrh2gKm5c+mwju82e5t8pQk3XbAUw
PA45Zy90nEUmozrgyCSxh5eGY+aMYUnN+O+crd8yQHYUpcZDKlqW/cQAyTZDDPwn
8Uc772XEQmJqJqS7v4ITrX34dMR5NIIN6RpDLPZVR7iNUZMafLUm99G/3bjYOjmt
Z8YHp+to7IKdJlu4lIiYwFB/BTZ+FMC7Eh64wZVAscmnHWkbhb5c5SVN85HsfHH+
qRXwKGb2syMptMIbpqK+grBwzHJzP09m7vK83RVbZHC7Utp2EMJJh60WVupNmmLM
7Pr+SXki3adAIjI2NB9HbAlxcEoPjDsKQzfwinrySBFEjscnXbIU
-----END CERTIFICATE-----