Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/VBSMUM2E1eY-HeRIXiGsI4i681A.roa
File:                     VBSMUM2E1eY-HeRIXiGsI4i681A.roa (raw, json)
Hash identifier:          9hPqZnbB+hAnaLIqMz7J1BKYjhJ96B3SoRz8LPWNz7c=
Subject key identifier:   54:14:8C:50:CD:84:D5:E6:3E:1D:E4:48:5E:21:AC:23:88:BA:F3:50
Certificate issuer:       /CN=f501b9e20616d686b405da906afa597635063640
Certificate serial:       0194221FDF88671C6870477955D65023A3C7
Authority key identifier: F5:01:B9:E2:06:16:D6:86:B4:05:DA:90:6A:FA:59:76:35:06:36:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QG54gYW1oa0BdqQavpZdjUGNkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/VBSMUM2E1eY-HeRIXiGsI4i681A.roa
Signing time:             Wed 01 Jan 2025 13:48:21 +0000
ROA not before:           Wed 01 Jan 2025 13:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34204
IP address blocks:        195.95.222.0/23 maxlen: 23
                          195.95.222.0/24 maxlen: 24
                          195.95.223.0/24 maxlen: 24
                          195.135.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/9QG54gYW1oa0BdqQavpZdjUGNkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/9QG54gYW1oa0BdqQavpZdjUGNkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QG54gYW1oa0BdqQavpZdjUGNkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:df:88:67:1c:68:70:47:79:55:d6:50:23:a3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f501b9e20616d686b405da906afa597635063640
        Validity
            Not Before: Jan  1 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54148c50cd84d5e63e1de4485e21ac2388baf350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a5:ed:b0:33:be:29:c7:ee:0f:74:ef:8c:f2:
                    21:1b:70:be:9e:88:7f:0f:2a:da:73:c2:d4:9f:6f:
                    18:d3:1b:34:42:2c:d3:e7:90:51:e0:0b:b4:b3:2f:
                    5a:24:e8:24:96:16:af:4c:1c:5e:cd:96:5e:bd:cf:
                    60:a2:02:43:d3:36:30:45:b6:6c:78:65:f0:d3:36:
                    42:f8:58:80:e0:fe:ca:c1:ec:72:80:dc:40:ed:55:
                    c9:bf:20:c7:d0:4d:1f:96:62:a4:0b:a9:5d:1f:0d:
                    31:c5:8f:a0:57:f8:90:29:5f:b9:78:65:5d:68:9d:
                    39:ab:31:cd:eb:74:86:79:22:bb:ad:32:09:e1:09:
                    9b:9b:f8:64:07:42:79:d1:7c:42:aa:e4:6b:dc:2b:
                    1c:cf:1e:5f:76:fd:7e:c8:0a:08:13:7b:db:be:fb:
                    05:f9:27:02:41:ea:c3:01:31:a7:ea:51:b5:02:d8:
                    bc:a4:60:a5:02:c9:22:63:7f:ba:c2:ef:91:b6:c4:
                    25:00:e2:2c:d1:63:4b:38:bd:e6:53:93:8c:d0:d3:
                    99:53:da:f2:46:48:4d:14:6e:b1:51:81:82:07:53:
                    be:b3:0e:17:54:92:91:a8:9f:d2:ce:75:9b:5d:f9:
                    41:7f:f9:fa:4e:e8:c8:a1:0c:e1:f2:08:57:41:7d:
                    45:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:14:8C:50:CD:84:D5:E6:3E:1D:E4:48:5E:21:AC:23:88:BA:F3:50
            X509v3 Authority Key Identifier:
                keyid:F5:01:B9:E2:06:16:D6:86:B4:05:DA:90:6A:FA:59:76:35:06:36:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QG54gYW1oa0BdqQavpZdjUGNkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/VBSMUM2E1eY-HeRIXiGsI4i681A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7afce4-218b-47ed-95ab-75d5843aa489/1/9QG54gYW1oa0BdqQavpZdjUGNkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.222.0/23
                  195.135.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:f2:73:07:59:38:f0:f3:84:67:c8:42:9d:af:b6:d8:ab:d9:
         a1:27:8e:93:74:64:d4:2e:a1:22:84:ee:ac:e2:7b:72:7e:e8:
         69:b0:3f:fe:7f:f5:6f:97:b8:ab:3f:01:1b:1e:59:8a:67:77:
         d9:31:aa:9e:fa:42:5b:14:14:f3:9d:77:b1:26:9c:23:4c:2f:
         f9:50:e4:27:52:8e:4b:39:a6:93:81:9c:01:12:d3:b9:cf:05:
         dd:c5:87:a3:6a:a9:bc:1a:aa:b7:39:f3:53:ac:1d:0b:60:b3:
         2a:0b:27:72:32:50:c8:4c:f6:26:e0:c3:a1:07:5e:f7:dd:18:
         d2:71:1e:8d:3b:38:d3:e9:d9:3f:1f:dd:0a:d3:5b:52:40:e4:
         0f:6d:88:fc:19:0b:8d:ae:d9:b9:69:90:54:81:6e:dd:0b:17:
         b4:9a:a8:16:1b:86:d9:37:54:11:82:3b:18:78:e1:44:21:8e:
         6e:9c:92:28:de:3e:b7:0b:27:66:db:5b:0b:b8:cf:e4:a7:de:
         4c:15:c9:7f:a9:7d:af:b5:ca:f2:03:1c:7b:c3:55:81:46:94:
         38:05:13:06:d6:4c:82:09:9d:8e:63:c1:de:96:5b:26:41:60:
         e4:4a:77:76:42:8c:51:1b:9d:f6:fa:f1:cc:8f:44:2f:f2:b6:
         53:c9:3f:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH9+IZxxocEd5VdZQI6PHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MDFiOWUyMDYxNmQ2ODZiNDA1ZGE5MDZhZmE1OTc2MzUw
NjM2NDAwHhcNMjUwMTAxMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDE0OGM1MGNkODRkNWU2M2UxZGU0NDg1ZTIxYWMyMzg4YmFmMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaXtsDO+KcfuD3TvjPIhG3C+noh/
Dyrac8LUn28Y0xs0QizT55BR4Au0sy9aJOgklhavTBxezZZevc9gogJD0zYwRbZs
eGXw0zZC+FiA4P7KwexygNxA7VXJvyDH0E0flmKkC6ldHw0xxY+gV/iQKV+5eGVd
aJ05qzHN63SGeSK7rTIJ4Qmbm/hkB0J50XxCquRr3Csczx5fdv1+yAoIE3vbvvsF
+ScCQerDATGn6lG1Ati8pGClAskiY3+6wu+RtsQlAOIs0WNLOL3mU5OM0NOZU9ry
RkhNFG6xUYGCB1O+sw4XVJKRqJ/SznWbXflBf/n6TujIoQzh8ghXQX1FjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFQUjFDNhNXmPh3kSF4hrCOIuvNQMB8GA1UdIwQY
MBaAFPUBueIGFtaGtAXakGr6WXY1BjZAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVFHNTRnWVcxb2EwQmRxUWF2cFpkalVHTmtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83YWZjZTQtMjE4Yi00N2VkLTk1YWIt
NzVkNTg0M2FhNDg5LzEvVkJTTVVNMkUxZVktSGVSSVhpR3NJNGk2ODFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83YWZjZTQtMjE4Yi00N2VkLTk1YWItNzVkNTg0M2FhNDg5
LzEvOVFHNTRnWVcxb2EwQmRxUWF2cFpkalVHTmtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw1/eAwQC
w4f0MA0GCSqGSIb3DQEBCwUAA4IBAQAs8nMHWTjw84RnyEKdr7bYq9mhJ46TdGTU
LqEihO6s4ntyfuhpsD/+f/Vvl7irPwEbHlmKZ3fZMaqe+kJbFBTznXexJpwjTC/5
UOQnUo5LOaaTgZwBEtO5zwXdxYejaqm8Gqq3OfNTrB0LYLMqCydyMlDITPYm4MOh
B1733RjScR6NOzjT6dk/H90K01tSQOQPbYj8GQuNrtm5aZBUgW7dCxe0mqgWG4bZ
N1QRgjsYeOFEIY5unJIo3j63Cydm21sLuM/kp95MFcl/qX2vtcryAxx7w1WBRpQ4
BRMG1kyCCZ2OY8HellsmQWDkSnd2QoxRG532+vHMj0Qv8rZTyT/g
-----END CERTIFICATE-----