Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/VGUAWcdE_uWGBzoEXuUWxSaeofE.roa
File:                     VGUAWcdE_uWGBzoEXuUWxSaeofE.roa (raw, json)
Hash identifier:          ldYqKdQLO9amLNP7UTQrP4DX3OqZoopvjfltJwygHwg=
Subject key identifier:   54:65:00:59:C7:44:FE:E5:86:07:3A:04:5E:E5:16:C5:26:9E:A1:F1
Certificate issuer:       /CN=7de98f48e988790d0e0793537941b413d2e60306
Certificate serial:       01941FFA31972526D1F49AB217D9F2FC033A
Authority key identifier: 7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/VGUAWcdE_uWGBzoEXuUWxSaeofE.roa
Signing time:             Wed 01 Jan 2025 03:47:57 +0000
ROA not before:           Wed 01 Jan 2025 03:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35762
IP address blocks:        5.252.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:31:97:25:26:d1:f4:9a:b2:17:d9:f2:fc:03:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7de98f48e988790d0e0793537941b413d2e60306
        Validity
            Not Before: Jan  1 03:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54650059c744fee586073a045ee516c5269ea1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:18:a7:34:3f:fd:1b:b1:bd:0d:71:2d:e5:62:
                    cf:77:91:a0:65:9c:31:0c:2b:82:ff:eb:a2:67:71:
                    9e:b2:66:35:de:f3:3f:c2:ea:92:32:cd:35:a5:c6:
                    7b:24:7d:f6:e3:99:2d:3f:a3:7c:f0:b0:ba:e3:1d:
                    13:e1:fa:c7:ea:5e:fe:d0:68:ad:3f:e4:12:df:fd:
                    df:13:a0:b3:e5:b0:d7:ba:d7:cb:61:86:20:50:1a:
                    4e:73:1c:a2:8d:ee:d9:9f:54:f7:2b:49:41:ad:00:
                    93:00:ee:c5:63:2e:be:e4:d8:04:57:59:9b:ad:f7:
                    78:47:9b:b4:95:86:2f:e8:29:77:ab:18:6c:ac:07:
                    90:4d:e0:26:b7:b6:b2:1a:ef:ed:25:fa:16:be:53:
                    a6:7b:8c:43:bb:75:cc:6a:bd:a9:17:b0:61:e3:61:
                    9d:43:7d:30:09:39:e5:07:f9:30:80:f3:b1:90:00:
                    d5:03:3d:b3:49:e2:28:54:31:13:c9:52:62:71:5c:
                    db:50:2d:af:2b:ce:4e:ae:95:8d:3a:53:2d:cc:dc:
                    7d:d8:34:14:e0:af:02:33:d6:66:1a:63:54:90:1a:
                    0d:f9:3f:1f:e7:9a:0f:b1:ee:4d:dc:0f:7f:83:d1:
                    e5:30:96:1d:d6:3b:6d:59:c6:80:48:b2:aa:02:07:
                    e4:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:65:00:59:C7:44:FE:E5:86:07:3A:04:5E:E5:16:C5:26:9E:A1:F1
            X509v3 Authority Key Identifier:
                keyid:7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/VGUAWcdE_uWGBzoEXuUWxSaeofE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:5d:26:be:58:ec:ad:19:d5:73:5a:99:16:c9:49:73:85:
         6a:29:3b:4e:d6:56:28:e6:0f:7e:d9:08:05:10:bb:7e:9e:41:
         ce:01:0d:a8:14:df:af:fc:a4:16:97:08:36:d0:6c:e7:52:80:
         95:1f:3d:37:7f:43:12:4f:c2:57:6b:a4:34:6d:b5:41:18:77:
         d5:ac:6d:c0:19:a7:95:a1:00:0f:7e:4e:67:a0:39:95:9e:53:
         6f:dc:b4:19:e1:71:e9:11:c7:eb:0c:47:73:33:c9:d4:f1:b4:
         5c:30:a2:5f:17:34:0e:ac:aa:4d:b5:7d:c1:1f:85:2e:61:d6:
         16:74:e7:15:7f:ce:95:34:64:5c:72:e9:02:76:55:1c:d7:06:
         aa:69:67:f8:37:2b:1e:9c:7c:82:a0:4b:85:7f:0b:b1:dc:a8:
         53:ab:83:53:c4:b4:33:ba:45:8e:39:3d:68:4f:c8:bd:00:dc:
         00:76:33:28:ba:ef:e2:a4:fd:41:9e:ea:44:4d:6a:8b:11:88:
         55:bc:2f:1b:84:9e:4a:ed:40:5d:46:79:81:44:f0:24:80:8f:
         6d:10:c4:53:66:1c:ec:ed:f0:a8:a9:8b:68:6a:55:5d:3c:5a:
         7a:0b:e5:8a:2e:c8:a4:d5:56:6f:b7:4e:3d:40:09:7a:73:f3:
         ac:53:4e:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jGXJSbR9JqyF9ny/AM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZTk4ZjQ4ZTk4ODc5MGQwZTA3OTM1Mzc5NDFiNDEzZDJl
NjAzMDYwHhcNMjUwMTAxMDM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY1MDA1OWM3NDRmZWU1ODYwNzNhMDQ1ZWU1MTZjNTI2OWVhMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRinND/9G7G9DXEt5WLPd5GgZZwx
DCuC/+uiZ3GesmY13vM/wuqSMs01pcZ7JH3245ktP6N88LC64x0T4frH6l7+0Git
P+QS3/3fE6Cz5bDXutfLYYYgUBpOcxyije7Zn1T3K0lBrQCTAO7FYy6+5NgEV1mb
rfd4R5u0lYYv6Cl3qxhsrAeQTeAmt7ayGu/tJfoWvlOme4xDu3XMar2pF7Bh42Gd
Q30wCTnlB/kwgPOxkADVAz2zSeIoVDETyVJicVzbUC2vK85OrpWNOlMtzNx92DQU
4K8CM9ZmGmNUkBoN+T8f55oPse5N3A9/g9HlMJYd1jttWcaASLKqAgfkEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRlAFnHRP7lhgc6BF7lFsUmnqHxMB8GA1UdIwQY
MBaAFH3pj0jpiHkNDgeTU3lBtBPS5gMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4Yjkt
NDc2MzJjYjViODU0LzEvVkdVQVdjZEVfdVdHQnpvRVh1VVd4U2Flb2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4YjktNDc2MzJjYjViODU0
LzEvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwsMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SV0mvljsrRnVc1qZFslJc4VqKTtO1lYo5g9+2QgF
ELt+nkHOAQ2oFN+v/KQWlwg20GznUoCVHz03f0MST8JXa6Q0bbVBGHfVrG3AGaeV
oQAPfk5noDmVnlNv3LQZ4XHpEcfrDEdzM8nU8bRcMKJfFzQOrKpNtX3BH4UuYdYW
dOcVf86VNGRccukCdlUc1waqaWf4NysenHyCoEuFfwux3KhTq4NTxLQzukWOOT1o
T8i9ANwAdjMouu/ipP1BnupETWqLEYhVvC8bhJ5K7UBdRnmBRPAkgI9tEMRTZhzs
7fCoqYtoalVdPFp6C+WKLsik1VZvt049QAl6c/OsU04o
-----END CERTIFICATE-----