Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/VRQ4PinBEDNLT-pfsEGxa28NSpw.roa
File:                     VRQ4PinBEDNLT-pfsEGxa28NSpw.roa (raw, json)
Hash identifier:          UqvkLcy1aPLkeDt+lPoVDiuE9PXhcKRNAC1RRtan+4s=
Subject key identifier:   55:14:38:3E:29:C1:10:33:4B:4F:EA:5F:B0:41:B1:6B:6F:0D:4A:9C
Certificate issuer:       /CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
Certificate serial:       018CC64B1C434422781701D751F932310E27
Authority key identifier: 61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/VRQ4PinBEDNLT-pfsEGxa28NSpw.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3549
IP address blocks:        185.27.249.0/24 maxlen: 24
                          185.27.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1c:43:44:22:78:17:01:d7:51:f9:32:31:0e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5514383e29c110334b4fea5fb041b16b6f0d4a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:24:6f:52:9c:54:3a:e2:68:39:e7:8c:d4:7f:
                    f4:08:b4:83:b8:0a:19:c9:3e:82:f0:27:c7:8c:83:
                    33:70:c3:90:ea:e8:a4:d3:e3:35:46:b4:98:ee:df:
                    23:08:a6:28:9e:15:2c:29:78:93:ae:cf:f2:b8:0a:
                    db:09:7e:c4:93:03:b1:d5:1b:0d:67:94:99:f6:e3:
                    48:4b:5d:ab:f7:c3:cf:5c:a4:62:7e:a9:28:46:ac:
                    79:e5:f5:5b:f1:05:3a:bd:87:db:16:b3:25:54:3c:
                    5c:e7:48:0d:77:bb:04:f8:6e:ac:34:8e:a2:48:37:
                    87:2c:ed:b9:24:43:6b:53:4e:de:0c:18:a5:95:45:
                    84:08:d2:52:20:5b:d1:ad:b6:b3:98:be:38:30:df:
                    bd:27:be:9b:0c:84:6e:62:1d:34:59:9a:1b:98:e7:
                    e3:7b:3c:be:a9:02:1c:c5:ca:97:41:33:b0:c7:c8:
                    49:84:d1:74:73:23:c1:09:c3:43:0b:b8:63:ff:37:
                    60:93:81:f0:29:19:e5:a4:b7:1b:e0:dd:6b:b2:44:
                    f1:f4:a5:a1:22:21:82:ac:41:59:4b:78:07:77:c7:
                    9b:af:69:f0:20:7e:36:6e:ef:a5:73:f4:a9:42:ce:
                    76:5f:9a:5c:f8:c4:85:f1:32:ac:e0:43:6c:59:ce:
                    42:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:14:38:3E:29:C1:10:33:4B:4F:EA:5F:B0:41:B1:6B:6F:0D:4A:9C
            X509v3 Authority Key Identifier:
                keyid:61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/VRQ4PinBEDNLT-pfsEGxa28NSpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.249.0/24
                  185.27.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:30:48:90:b6:b0:34:14:5b:e0:67:c4:5d:b9:2a:19:99:58:
         0c:f2:cb:28:12:e6:ce:65:f4:3f:12:cb:7b:9b:b6:e8:c5:9a:
         51:9e:d4:75:16:cd:84:28:a9:3f:40:98:95:78:1d:1d:b1:c1:
         c3:2d:aa:3a:49:e4:52:bd:25:ab:40:d6:0c:58:f0:35:3a:37:
         96:78:22:4f:12:d4:db:e3:39:cf:6a:96:bb:07:16:3b:87:c4:
         de:1c:5f:88:57:8d:c6:d5:03:08:ec:37:19:ba:68:aa:05:ef:
         90:9d:fa:f7:d4:61:1b:f0:cd:09:f8:3f:5f:c3:f4:a3:bf:b1:
         ee:75:43:f0:a8:9c:83:7b:ea:23:34:44:56:cd:39:36:4c:b2:
         f9:7a:4e:75:35:53:01:45:fc:fb:cd:f5:dc:ee:28:7f:9a:7c:
         b7:75:19:11:9a:78:ac:e2:fe:3d:63:51:9d:49:fa:0c:0a:61:
         03:d1:a0:c4:7f:58:aa:03:15:4c:e8:3b:32:28:78:1d:4d:ea:
         34:9c:ca:58:96:71:17:0f:b6:99:e3:22:6b:2c:a6:d8:35:6d:
         a7:3f:07:d1:0d:29:cf:96:23:31:da:02:b5:39:f8:64:61:02:
         3e:90:da:ef:58:8a:28:b1:93:ef:58:36:80:0c:28:8d:01:7f:
         5b:92:12:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSxxDRCJ4FwHXUfkyMQ4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYTVkMjE3NzU5ZTg2MTY5NmZjNzdlZDlhYTYzYjk0ZWRi
M2JlN2QwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE0MzgzZTI5YzExMDMzNGI0ZmVhNWZiMDQxYjE2YjZmMGQ0YTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSRvUpxUOuJoOeeM1H/0CLSDuAoZ
yT6C8CfHjIMzcMOQ6uik0+M1RrSY7t8jCKYonhUsKXiTrs/yuArbCX7EkwOx1RsN
Z5SZ9uNIS12r98PPXKRifqkoRqx55fVb8QU6vYfbFrMlVDxc50gNd7sE+G6sNI6i
SDeHLO25JENrU07eDBillUWECNJSIFvRrbazmL44MN+9J76bDIRuYh00WZobmOfj
ezy+qQIcxcqXQTOwx8hJhNF0cyPBCcNDC7hj/zdgk4HwKRnlpLcb4N1rskTx9KWh
IiGCrEFZS3gHd8ebr2nwIH42bu+lc/SpQs52X5pc+MSF8TKs4ENsWc5CGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFUUOD4pwRAzS0/qX7BBsWtvDUqcMB8GA1UdIwQY
MBaAFGGl0hd1noYWlvx37ZqmO5Tts759MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEt
NWE2NGE1ZmM4YTY0LzEvVlJRNFBpbkJFRE5MVC1wZnNFR3hhMjhOU3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEtNWE2NGE1ZmM4YTY0
LzEvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRv5AwQA
uRv7MA0GCSqGSIb3DQEBCwUAA4IBAQANMEiQtrA0FFvgZ8RduSoZmVgM8ssoEubO
ZfQ/Est7m7boxZpRntR1Fs2EKKk/QJiVeB0dscHDLao6SeRSvSWrQNYMWPA1OjeW
eCJPEtTb4znPapa7BxY7h8TeHF+IV43G1QMI7DcZumiqBe+Qnfr31GEb8M0J+D9f
w/Sjv7HudUPwqJyDe+ojNERWzTk2TLL5ek51NVMBRfz7zfXc7ih/mny3dRkRmnis
4v49Y1GdSfoMCmED0aDEf1iqAxVM6DsyKHgdTeo0nMpYlnEXD7aZ4yJrLKbYNW2n
PwfRDSnPliMx2gK1OfhkYQI+kNrvWIoosZPvWDaADCiNAX9bkhL0
-----END CERTIFICATE-----