Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/VAFUCoUK_BVxyNjCRQWaoFAcB9M.roa
File:                     VAFUCoUK_BVxyNjCRQWaoFAcB9M.roa (raw, json)
Hash identifier:          vDTV3bo0aODJvLN0QwS2mzTjLvwXVgvjezjkUwqmkNs=
Subject key identifier:   54:01:54:0A:85:0A:FC:15:71:C8:D8:C2:45:05:9A:A0:50:1C:07:D3
Certificate issuer:       /CN=30160a1fc6282f5782a7a8a7ea0ed206b9444123
Certificate serial:       0194468E4F4DE5FF70000F1F5F0BEC21C5C9
Authority key identifier: 30:16:0A:1F:C6:28:2F:57:82:A7:A8:A7:EA:0E:D2:06:B9:44:41:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MBYKH8YoL1eCp6in6g7SBrlEQSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/VAFUCoUK_BVxyNjCRQWaoFAcB9M.roa
Signing time:             Wed 08 Jan 2025 15:35:19 +0000
ROA not before:           Wed 08 Jan 2025 15:35:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     66496
IP address blocks:        195.184.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/MBYKH8YoL1eCp6in6g7SBrlEQSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/MBYKH8YoL1eCp6in6g7SBrlEQSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MBYKH8YoL1eCp6in6g7SBrlEQSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:8e:4f:4d:e5:ff:70:00:0f:1f:5f:0b:ec:21:c5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30160a1fc6282f5782a7a8a7ea0ed206b9444123
        Validity
            Not Before: Jan  8 15:35:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5401540a850afc1571c8d8c245059aa0501c07d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4f:f3:51:0c:1f:b5:49:2e:22:fa:34:ec:e1:
                    e2:45:cb:19:2f:a0:18:90:1a:1e:2b:89:4b:32:c3:
                    c7:39:3f:46:27:62:87:f6:f8:2f:e8:db:0b:22:45:
                    af:3f:77:d3:4e:81:b0:16:9f:0e:ab:a9:72:c6:7d:
                    96:41:b2:0a:c6:35:54:60:fe:c2:b2:17:94:1d:30:
                    2f:6c:31:35:24:1a:1a:84:63:2f:89:60:1f:81:97:
                    53:48:c4:74:28:13:f0:81:75:85:d6:fd:af:3c:46:
                    dd:b2:a7:3d:e3:d1:9b:62:42:4d:a2:8f:27:36:43:
                    d9:24:af:25:c5:1a:cc:3e:15:00:5a:64:a8:28:86:
                    5c:7c:07:41:56:9a:cd:d2:fa:90:26:40:a6:de:0f:
                    73:c1:47:a3:e5:60:60:9b:c7:8a:09:e4:bd:f9:c6:
                    5a:09:93:32:c7:8e:8c:70:96:11:4a:83:2a:da:79:
                    24:8f:a7:b9:5c:c4:1e:4b:02:2f:f0:91:55:5c:51:
                    93:b8:b0:01:86:8d:4c:d4:b4:2a:03:fa:51:9a:4d:
                    63:b3:76:5b:8f:6c:d1:93:63:31:13:d5:e3:b7:8c:
                    47:c8:80:ef:a4:29:20:d4:3f:45:f5:ce:e3:a4:5e:
                    b7:be:ba:63:86:bf:19:ff:3d:e1:f9:3a:18:30:c3:
                    31:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:01:54:0A:85:0A:FC:15:71:C8:D8:C2:45:05:9A:A0:50:1C:07:D3
            X509v3 Authority Key Identifier:
                keyid:30:16:0A:1F:C6:28:2F:57:82:A7:A8:A7:EA:0E:D2:06:B9:44:41:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MBYKH8YoL1eCp6in6g7SBrlEQSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/VAFUCoUK_BVxyNjCRQWaoFAcB9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/ccdc8f-285d-43b6-8def-4b39fcabc371/1/MBYKH8YoL1eCp6in6g7SBrlEQSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:41:16:d9:bc:7f:44:6c:0f:43:58:5c:c5:b1:c9:8f:df:0f:
         22:46:ff:5d:cf:46:ae:ff:44:4d:e4:a2:fa:41:16:d9:2d:33:
         61:db:ee:8c:34:47:4f:08:e4:e4:ae:77:ec:39:1d:7e:ae:f4:
         04:9c:e2:0e:74:95:46:72:cc:36:17:84:64:93:32:03:8f:fc:
         cc:72:e0:72:bc:55:d5:b3:cf:69:09:1c:ea:42:6e:16:d2:ca:
         3f:59:cc:8b:ac:c9:3a:7a:ec:e2:34:5c:e2:a1:e7:7e:4f:de:
         4c:b6:e1:7c:b9:78:08:7c:22:2c:7e:aa:fb:7c:a3:ef:7c:29:
         31:1e:2f:3c:d4:db:9d:2f:64:4c:83:db:05:d0:5e:d9:f5:73:
         e6:42:ec:9e:3c:2f:ec:74:7f:e6:9e:39:c1:c5:fc:9b:48:aa:
         98:f8:26:15:36:52:3a:74:ab:45:94:15:0c:ad:7f:af:96:a8:
         1e:34:a8:d5:8c:28:f0:57:9c:ed:4f:19:41:e7:1d:9d:30:c5:
         d1:6d:ad:58:97:2a:52:93:f1:f6:5f:74:de:ce:b1:0e:a7:f5:
         b3:62:3e:b1:ec:c9:2c:00:ad:e0:ff:ae:11:f5:77:cc:89:00:
         2e:60:9e:8b:72:a6:f1:d9:a7:cc:e3:ce:50:63:5e:57:a7:85:
         1e:53:9a:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRGjk9N5f9wAA8fXwvsIcXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMTYwYTFmYzYyODJmNTc4MmE3YThhN2VhMGVkMjA2Yjk0
NDQxMjMwHhcNMjUwMTA4MTUzNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDAxNTQwYTg1MGFmYzE1NzFjOGQ4YzI0NTA1OWFhMDUwMWMwN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU/zUQwftUkuIvo07OHiRcsZL6AY
kBoeK4lLMsPHOT9GJ2KH9vgv6NsLIkWvP3fTToGwFp8Oq6lyxn2WQbIKxjVUYP7C
sheUHTAvbDE1JBoahGMviWAfgZdTSMR0KBPwgXWF1v2vPEbdsqc949GbYkJNoo8n
NkPZJK8lxRrMPhUAWmSoKIZcfAdBVprN0vqQJkCm3g9zwUej5WBgm8eKCeS9+cZa
CZMyx46McJYRSoMq2nkkj6e5XMQeSwIv8JFVXFGTuLABho1M1LQqA/pRmk1js3Zb
j2zRk2MxE9Xjt4xHyIDvpCkg1D9F9c7jpF63vrpjhr8Z/z3h+ToYMMMxiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQBVAqFCvwVccjYwkUFmqBQHAfTMB8GA1UdIwQY
MBaAFDAWCh/GKC9Xgqeop+oO0ga5REEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUJZS0g4WW9MMWVDcDZpbjZnN1NCcmxFUVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jY2RjOGYtMjg1ZC00M2I2LThkZWYt
NGIzOWZjYWJjMzcxLzEvVkFGVUNvVUtfQlZ4eU5qQ1JRV2FvRkFjQjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jY2RjOGYtMjg1ZC00M2I2LThkZWYtNGIzOWZjYWJjMzcx
LzEvTUJZS0g4WW9MMWVDcDZpbjZnN1NCcmxFUVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7j5MA0G
CSqGSIb3DQEBCwUAA4IBAQAFQRbZvH9EbA9DWFzFscmP3w8iRv9dz0au/0RN5KL6
QRbZLTNh2+6MNEdPCOTkrnfsOR1+rvQEnOIOdJVGcsw2F4RkkzIDj/zMcuByvFXV
s89pCRzqQm4W0so/WcyLrMk6euziNFzioed+T95MtuF8uXgIfCIsfqr7fKPvfCkx
Hi881NudL2RMg9sF0F7Z9XPmQuyePC/sdH/mnjnBxfybSKqY+CYVNlI6dKtFlBUM
rX+vlqgeNKjVjCjwV5ztTxlB5x2dMMXRba1YlypSk/H2X3TezrEOp/WzYj6x7Mks
AK3g/64R9XfMiQAuYJ6Lcqbx2afM485QY15Xp4UeU5o9
-----END CERTIFICATE-----