Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/1-_F582pV3yKxQadt6MUu58dvRJk.roa
File:                     1-_F582pV3yKxQadt6MUu58dvRJk.roa (raw, json)
Hash identifier:          m2tGxaa118aaPCzRivBtsZiYg+TYuDycFoN8I9C8ibU=
Subject key identifier:   FB:F1:79:F3:6A:55:DF:22:B1:41:A7:6D:E8:C5:2E:E7:C7:6F:44:99
Certificate issuer:       /CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
Certificate serial:       0197449CD408227F98E2A3C947A8E4798DB9
Authority key identifier: 54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/1-_F582pV3yKxQadt6MUu58dvRJk.roa
Signing time:             Fri 06 Jun 2025 09:40:17 +0000
ROA not before:           Fri 06 Jun 2025 09:40:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        95.85.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:9c:d4:08:22:7f:98:e2:a3:c9:47:a8:e4:79:8d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
        Validity
            Not Before: Jun  6 09:40:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbf179f36a55df22b141a76de8c52ee7c76f4499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:60:e7:42:ac:08:db:54:91:3f:1c:cf:fa:bf:
                    ea:5a:b0:a8:a7:e2:a9:4b:b6:ae:02:aa:e7:fc:4e:
                    c8:ca:3d:c0:83:07:f4:31:35:70:4c:e2:2d:6c:52:
                    e3:0c:70:c4:1e:da:18:0f:d5:35:14:f0:fc:94:bc:
                    2b:2e:f5:7b:c3:56:92:a2:75:df:c0:d5:25:ff:bf:
                    a6:4f:47:64:77:80:0f:55:34:74:7f:ed:19:1c:d2:
                    41:9c:80:48:c5:9d:f4:34:3b:63:ae:d2:3a:ae:9a:
                    76:df:4f:ec:89:e2:4e:ee:f6:aa:e8:e6:be:9d:4a:
                    0e:15:97:69:dd:bc:16:b1:2e:f3:80:1e:3b:57:be:
                    a0:90:f4:a5:c2:ca:73:92:43:63:a1:f5:b1:34:26:
                    7e:92:31:40:2e:b3:98:c6:e2:f8:72:af:0b:aa:5f:
                    98:02:ab:27:62:74:e0:67:7c:1c:88:b0:25:a2:cd:
                    82:a3:f0:6f:1b:93:19:89:2f:7e:7a:52:cb:12:b9:
                    70:51:db:f3:ac:2a:54:66:ae:d8:e2:44:a4:00:2d:
                    4e:19:c5:d7:ff:fb:b9:9f:e1:36:0d:83:47:d1:74:
                    97:b9:47:b9:b9:68:98:c6:bf:81:05:f8:5f:2c:23:
                    22:fb:f9:2e:7a:fe:17:89:f9:02:2c:e0:bd:f1:41:
                    07:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:F1:79:F3:6A:55:DF:22:B1:41:A7:6D:E8:C5:2E:E7:C7:6F:44:99
            X509v3 Authority Key Identifier:
                keyid:54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/1-_F582pV3yKxQadt6MUu58dvRJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ee:9b:9b:35:97:56:99:cb:99:56:35:02:1b:92:0c:cb:d8:
         01:c2:e2:e5:b5:13:12:70:02:e4:44:86:96:a6:e3:9d:db:1d:
         b0:09:5f:57:95:b7:29:1b:d6:81:68:37:d6:17:66:3d:8a:c3:
         65:de:e7:cd:03:76:3d:c3:ac:1e:53:0b:6e:f7:38:f2:a6:cf:
         00:7c:83:bd:ee:53:f1:f2:1c:73:74:4f:c7:60:8e:91:a4:f2:
         7e:e1:4c:e7:97:6f:1a:77:b9:d3:a4:4c:fa:f7:5a:f1:24:32:
         6c:6a:eb:8b:a1:74:bf:0e:14:bc:7b:11:09:a2:78:67:c3:a9:
         f5:3c:e9:3f:cf:92:ab:fc:53:c3:4c:9c:a9:84:12:bb:ea:f9:
         c2:a1:bc:7a:25:1b:0f:db:94:c5:aa:85:e2:bf:31:3c:e9:d6:
         4b:1b:ef:27:df:8f:31:78:be:8e:03:f4:a6:d0:a5:72:d8:72:
         96:42:b8:b0:b0:b1:4d:92:99:57:ed:c8:af:ba:dc:5f:0f:a8:
         76:0a:6c:85:e1:ea:88:4f:58:45:9e:23:8a:23:85:26:a3:68:
         d6:ac:5d:c3:b6:0a:7a:bd:4c:f8:9e:87:2d:d8:05:65:8e:4f:
         79:66:d1:5c:00:ec:2b:07:a0:2d:d5:dd:89:4e:80:9f:7f:52:
         6c:89:59:0a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdEnNQIIn+Y4qPJR6jkeY25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjBiZWM4ZjU4ZGIwY2U1YjkxZjM0NTA1Mjc3ZTQwYmZk
M2FlMTEwHhcNMjUwNjA2MDk0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmYxNzlmMzZhNTVkZjIyYjE0MWE3NmRlOGM1MmVlN2M3NmY0NDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2DnQqwI21SRPxzP+r/qWrCop+Kp
S7auAqrn/E7Iyj3Agwf0MTVwTOItbFLjDHDEHtoYD9U1FPD8lLwrLvV7w1aSonXf
wNUl/7+mT0dkd4APVTR0f+0ZHNJBnIBIxZ30NDtjrtI6rpp230/sieJO7vaq6Oa+
nUoOFZdp3bwWsS7zgB47V76gkPSlwspzkkNjofWxNCZ+kjFALrOYxuL4cq8Lql+Y
AqsnYnTgZ3wciLAlos2Co/BvG5MZiS9+elLLErlwUdvzrCpUZq7Y4kSkAC1OGcXX
//u5n+E2DYNH0XSXuUe5uWiYxr+BBfhfLCMi+/kuev4XifkCLOC98UEH4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvxefNqVd8isUGnbejFLufHb0SZMB8GA1UdIwQY
MBaAFFSwvsj1jbDOW5HzRQUnfkC/064RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUt
MGY0ZGJiODkwYmQwLzEvMS1fRjU4MnBWM3lLeFFhZHQ2TVV1NThkdlJKay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvMmFkMzRlLWIxZTUtNGQ4Yy05NDhlLTBmNGRiYjg5MGJk
MC8xL1ZMQy15UFdOc001YmtmTkZCU2QtUUxfVHJoRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF9V4DAN
BgkqhkiG9w0BAQsFAAOCAQEAlO6bmzWXVpnLmVY1AhuSDMvYAcLi5bUTEnAC5ESG
lqbjndsdsAlfV5W3KRvWgWg31hdmPYrDZd7nzQN2PcOsHlMLbvc48qbPAHyDve5T
8fIcc3RPx2COkaTyfuFM55dvGne506RM+vda8SQybGrri6F0vw4UvHsRCaJ4Z8Op
9TzpP8+Sq/xTw0ycqYQSu+r5wqG8eiUbD9uUxaqF4r8xPOnWSxvvJ9+PMXi+jgP0
ptClcthylkK4sLCxTZKZV+3Ir7rcXw+odgpsheHqiE9YRZ4jiiOFJqNo1qxdw7YK
er1M+J6HLdgFZY5PeWbRXADsKwegLdXdiU6An39SbIlZCg==
-----END CERTIFICATE-----