Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/o__H7M8VZiG7jjoQONL50KrCZVw.roa
File:                     o__H7M8VZiG7jjoQONL50KrCZVw.roa (raw, json)
Hash identifier:          YTpt3hRG+sfj7Si3/s4kIj/IDSmcLhLHakS4hQjlY/A=
Subject key identifier:   A3:FF:C7:EC:CF:15:66:21:BB:8E:3A:10:38:D2:F9:D0:AA:C2:65:5C
Certificate issuer:       /CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
Certificate serial:       01991370D018AE7634F1622DD1B4FA735877
Authority key identifier: 54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/o__H7M8VZiG7jjoQONL50KrCZVw.roa
Signing time:             Thu 04 Sep 2025 06:36:24 +0000
ROA not before:           Thu 04 Sep 2025 06:36:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16589
IP address blocks:        95.85.192.0/19 maxlen: 19
                          95.85.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:13:70:d0:18:ae:76:34:f1:62:2d:d1:b4:fa:73:58:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
        Validity
            Not Before: Sep  4 06:36:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3ffc7eccf156621bb8e3a1038d2f9d0aac2655c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cc:07:2c:1f:69:86:32:eb:a8:43:06:e5:fb:
                    0a:1f:2c:b5:7f:d0:89:86:01:81:59:dd:bd:6e:d5:
                    8e:00:da:9c:ec:39:0c:df:e8:b9:1c:40:7c:59:63:
                    74:44:f8:5b:97:89:5f:08:a3:7a:2e:13:e4:8a:f1:
                    a1:1e:a2:c9:e0:b1:00:c1:03:3e:5c:ac:d8:e3:be:
                    bb:de:d0:64:0b:d7:fd:4d:f3:81:99:04:72:db:80:
                    16:de:85:4c:a7:6f:a1:4e:73:59:9b:3a:3d:2f:33:
                    24:f7:58:cb:4c:f4:f8:3a:05:84:cc:a4:ce:64:24:
                    f1:0b:5a:79:bc:f4:71:dc:7f:07:9a:a1:2d:bc:80:
                    84:2d:82:5b:57:10:fd:8d:8d:f3:a0:a3:a3:f1:da:
                    79:f1:d6:d3:04:5a:96:a1:40:08:d9:88:86:ae:e5:
                    a7:60:d0:6f:5f:cb:0c:4b:8a:ae:2c:03:c4:57:47:
                    b1:a2:7c:43:a9:a7:a4:13:fd:e9:f9:2a:38:8a:7e:
                    06:b0:0a:79:e4:63:70:4e:ee:ee:8d:62:a2:11:3e:
                    fa:68:60:32:00:23:94:7a:93:2d:94:57:e0:87:d0:
                    94:e0:26:70:a2:81:b3:90:dd:97:a8:6a:41:dd:b2:
                    a4:b1:db:b7:c1:bf:04:4b:90:e9:10:bc:9e:85:d6:
                    92:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FF:C7:EC:CF:15:66:21:BB:8E:3A:10:38:D2:F9:D0:AA:C2:65:5C
            X509v3 Authority Key Identifier:
                keyid:54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/o__H7M8VZiG7jjoQONL50KrCZVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5c:b2:aa:78:e0:08:c9:d7:b2:f4:fd:39:bc:3b:05:35:d8:c8:
         d9:41:67:e9:03:36:0c:20:92:a8:e9:ad:d1:4f:59:de:b3:7c:
         84:00:05:7b:d9:2f:7e:b2:17:60:a7:89:e6:9f:87:73:c2:c9:
         01:85:26:5c:0d:e0:3f:cc:d7:0c:e6:e0:1f:b0:41:df:e7:65:
         03:39:24:09:e9:7c:b1:82:9e:e2:33:62:8e:dc:5b:9e:df:bf:
         7a:ff:2d:f2:d7:a5:93:19:45:6b:2c:b9:90:f7:3a:51:84:d4:
         35:54:ff:b4:bb:25:de:30:7a:c5:a2:19:30:ea:1a:98:64:d4:
         52:d7:3a:7e:0a:cf:b5:30:e3:bd:ab:36:51:2c:5e:5b:b1:c9:
         0c:9c:ed:b1:88:b3:9b:b9:92:d5:e0:6e:07:97:22:de:fb:dd:
         24:16:23:bb:5f:c7:76:79:b6:66:5e:4f:48:e6:fb:c1:f0:29:
         49:80:aa:6b:6f:54:35:65:98:66:c8:45:fc:93:db:87:b1:c3:
         1b:1a:13:1b:9b:cb:9e:11:19:3e:19:9b:32:d6:fa:13:d6:ec:
         28:be:2d:3d:66:63:42:58:1d:db:f4:e1:e7:e8:2d:8f:3b:0a:
         84:ea:12:46:f7:42:b0:41:24:30:5f:7b:a1:70:4a:c5:4e:b6:
         2c:18:ff:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkTcNAYrnY08WIt0bT6c1h3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjBiZWM4ZjU4ZGIwY2U1YjkxZjM0NTA1Mjc3ZTQwYmZk
M2FlMTEwHhcNMjUwOTA0MDYzNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZmYzdlY2NmMTU2NjIxYmI4ZTNhMTAzOGQyZjlkMGFhYzI2NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8wHLB9phjLrqEMG5fsKHyy1f9CJ
hgGBWd29btWOANqc7DkM3+i5HEB8WWN0RPhbl4lfCKN6LhPkivGhHqLJ4LEAwQM+
XKzY47673tBkC9f9TfOBmQRy24AW3oVMp2+hTnNZmzo9LzMk91jLTPT4OgWEzKTO
ZCTxC1p5vPRx3H8HmqEtvICELYJbVxD9jY3zoKOj8dp58dbTBFqWoUAI2YiGruWn
YNBvX8sMS4quLAPEV0exonxDqaekE/3p+So4in4GsAp55GNwTu7ujWKiET76aGAy
ACOUepMtlFfgh9CU4CZwooGzkN2XqGpB3bKksdu3wb8ES5DpELyehdaSBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP/x+zPFWYhu446EDjS+dCqwmVcMB8GA1UdIwQY
MBaAFFSwvsj1jbDOW5HzRQUnfkC/064RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUt
MGY0ZGJiODkwYmQwLzEvb19fSDdNOFZaaUc3ampvUU9OTDUwS3JDWlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUtMGY0ZGJiODkwYmQw
LzEvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGX1XAMA0G
CSqGSIb3DQEBCwUAA4IBAQBcsqp44AjJ17L0/Tm8OwU12MjZQWfpAzYMIJKo6a3R
T1nes3yEAAV72S9+shdgp4nmn4dzwskBhSZcDeA/zNcM5uAfsEHf52UDOSQJ6Xyx
gp7iM2KO3Fue3796/y3y16WTGUVrLLmQ9zpRhNQ1VP+0uyXeMHrFohkw6hqYZNRS
1zp+Cs+1MOO9qzZRLF5bsckMnO2xiLObuZLV4G4HlyLe+90kFiO7X8d2ebZmXk9I
5vvB8ClJgKprb1Q1ZZhmyEX8k9uHscMbGhMbm8ueERk+GZsy1voT1uwovi09ZmNC
WB3b9OHn6C2POwqE6hJG90KwQSQwX3uhcErFTrYsGP8h
-----END CERTIFICATE-----