Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/VUK_f0elDZdoSIZHnD9HhrYTHA8.roa
File:                     VUK_f0elDZdoSIZHnD9HhrYTHA8.roa (raw, json)
Hash identifier:          lpa52rCEucL0lMNmSaUZnzAowBcR8hv1p80UvuyqRFU=
Subject key identifier:   55:42:BF:7F:47:A5:0D:97:68:48:86:47:9C:3F:47:86:B6:13:1C:0F
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC794219CAB10BF0A036903D84D9D1E28
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/VUK_f0elDZdoSIZHnD9HhrYTHA8.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24984
IP address blocks:        194.176.60.0/24 maxlen: 24
                          195.12.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:21:9c:ab:10:bf:0a:03:69:03:d8:4d:9d:1e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5542bf7f47a50d97684886479c3f4786b6131c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b0:0e:93:6c:ec:35:e0:97:21:04:5d:25:f7:
                    ca:ae:9d:45:53:dc:39:31:78:b0:54:a3:cd:36:df:
                    76:3a:40:b6:ff:7e:62:19:10:71:4e:ec:72:ef:f1:
                    de:b1:2f:14:44:82:9d:07:c8:25:6b:30:1c:53:fc:
                    5e:b3:0a:2d:da:13:1b:04:11:cd:02:57:50:87:59:
                    af:30:bd:bb:3e:f3:ae:e2:89:94:65:03:1a:0d:e5:
                    71:db:2f:02:28:a8:19:5b:b5:1d:88:79:5b:88:27:
                    54:2e:ce:20:ef:2c:8f:72:94:88:54:fe:13:3a:ce:
                    d2:2b:88:ef:45:1d:da:2f:50:f5:5b:6a:57:34:61:
                    79:b0:64:a7:e5:d3:d3:3c:8a:0e:c0:6d:d0:40:fe:
                    9d:05:a7:7c:7d:b6:90:69:7f:83:b2:f3:8b:29:69:
                    0b:d0:c7:42:08:44:e5:14:70:10:48:fc:e4:99:55:
                    11:73:26:df:43:8f:c0:93:6b:5f:dc:29:ee:fb:3c:
                    1c:8e:9f:b6:43:f4:71:65:88:8b:6c:97:07:e1:92:
                    15:d8:20:94:87:ec:75:72:fd:2d:51:47:1a:85:a6:
                    99:4f:0d:8d:19:12:c5:d0:87:8a:ef:74:ef:f6:35:
                    09:62:6c:4d:4b:ba:e9:70:13:2f:59:1b:84:35:94:
                    64:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:42:BF:7F:47:A5:0D:97:68:48:86:47:9C:3F:47:86:B6:13:1C:0F
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/VUK_f0elDZdoSIZHnD9HhrYTHA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.60.0/24
                  195.12.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:98:f8:71:bc:6f:86:2d:88:1f:64:e5:6d:3b:88:ec:81:c8:
         14:1b:b8:2e:35:78:04:df:b8:41:7c:db:ed:4b:92:28:4a:cb:
         22:1e:fa:e8:7e:db:4b:29:4a:d4:68:3d:fa:51:60:c0:85:4c:
         a5:89:c6:5e:0e:14:6b:0a:0e:e8:d4:69:7a:43:bd:79:7e:40:
         0a:29:ef:f3:8a:0a:35:c2:84:be:57:81:bc:f3:5b:20:de:0d:
         d3:23:ad:3d:29:25:f4:f3:6a:4e:31:13:68:9b:9c:57:d1:e8:
         b0:48:7c:e4:23:11:b8:4b:c1:73:fc:38:df:91:0c:6d:13:20:
         90:58:3b:88:ec:9a:5a:d8:2e:59:27:a7:c9:ff:67:6e:0b:ee:
         ab:ad:4c:af:2d:87:be:d2:1b:d1:5f:e0:5d:ab:03:c3:44:d1:
         28:bb:48:1d:1b:76:e1:a7:8f:e3:8f:18:83:25:c2:fc:bb:d9:
         89:b9:fa:d4:63:bc:89:80:75:9e:6e:f3:29:a1:a1:69:bc:50:
         74:37:0e:d4:8f:73:8c:98:7c:cb:38:67:c3:38:75:94:f3:d5:
         60:96:a4:6c:6b:d6:0f:29:e3:76:8a:73:31:df:0e:90:36:8d:
         74:bc:32:67:4d:fa:52:80:61:ab:7f:50:8f:4c:d2:85:be:26:
         73:94:5d:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlCGcqxC/CgNpA9hNnR4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQyYmY3ZjQ3YTUwZDk3Njg0ODg2NDc5YzNmNDc4NmI2MTMxYzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurAOk2zsNeCXIQRdJffKrp1FU9w5
MXiwVKPNNt92OkC2/35iGRBxTuxy7/HesS8URIKdB8glazAcU/xeswot2hMbBBHN
AldQh1mvML27PvOu4omUZQMaDeVx2y8CKKgZW7UdiHlbiCdULs4g7yyPcpSIVP4T
Os7SK4jvRR3aL1D1W2pXNGF5sGSn5dPTPIoOwG3QQP6dBad8fbaQaX+DsvOLKWkL
0MdCCETlFHAQSPzkmVURcybfQ4/Ak2tf3Cnu+zwcjp+2Q/RxZYiLbJcH4ZIV2CCU
h+x1cv0tUUcahaaZTw2NGRLF0IeK73Tv9jUJYmxNS7rpcBMvWRuENZRk7QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFVCv39HpQ2XaEiGR5w/R4a2ExwPMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL1ZVS19mMGVsRFpkb1NJWkhuRDlIaHJZVEhBOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADCsDwD
BADDDLIwDQYJKoZIhvcNAQELBQADggEBAIeY+HG8b4YtiB9k5W07iOyByBQbuC41
eATfuEF82+1LkihKyyIe+uh+20spStRoPfpRYMCFTKWJxl4OFGsKDujUaXpDvXl+
QAop7/OKCjXChL5XgbzzWyDeDdMjrT0pJfTzak4xE2ibnFfR6LBIfOQjEbhLwXP8
ON+RDG0TIJBYO4jsmlrYLlknp8n/Z24L7qutTK8th77SG9Ff4F2rA8NE0Si7SB0b
duGnj+OPGIMlwvy72Ym5+tRjvImAdZ5u8ymhoWm8UHQ3DtSPc4yYfMs4Z8M4dZTz
1WCWpGxr1g8p43aKczHfDpA2jXS8MmdN+lKAYat/UI9M0oW+JnOUXUY=
-----END CERTIFICATE-----