Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/VbCNSXfumxuKIfFNd1vmCYg612M.roa
File:                     VbCNSXfumxuKIfFNd1vmCYg612M.roa (raw, json)
Hash identifier:          0MsbSsuXWqfYIGLbdE/XuHzbIJQ4fzXdJx9/pk+KRPM=
Subject key identifier:   55:B0:8D:49:77:EE:9B:1B:8A:21:F1:4D:77:5B:E6:09:88:3A:D7:63
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD53D3A59D4A83C3BC2D1D1F7CBC45
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/VbCNSXfumxuKIfFNd1vmCYg612M.roa
Signing time:             Thu 02 Jan 2025 07:49:06 +0000
ROA not before:           Thu 02 Jan 2025 07:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43581
IP address blocks:        194.226.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:53:d3:a5:9d:4a:83:c3:bc:2d:1d:1f:7c:bc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55b08d4977ee9b1b8a21f14d775be609883ad763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c8:b7:a5:d3:98:05:e4:9d:f3:02:36:63:2f:
                    7d:8b:e6:cd:2b:bb:fd:8e:c3:39:78:e2:ec:e9:41:
                    69:fe:63:a4:76:1d:23:e9:05:f8:e1:43:cd:8d:9e:
                    2f:38:3d:8d:d1:7b:1e:76:fb:67:3a:fa:85:c5:a8:
                    77:4f:d7:44:b4:5d:6a:43:dc:1e:d1:32:62:9b:cb:
                    26:c2:9b:29:31:35:47:ee:05:97:f4:6d:00:99:69:
                    f6:c6:ee:50:94:7a:12:eb:ec:11:db:1d:18:2a:94:
                    67:d2:47:89:e7:92:93:73:be:68:4f:e0:83:69:96:
                    2a:ba:12:13:90:66:e4:56:c9:53:93:16:d0:9c:92:
                    6b:58:15:bb:63:28:fd:91:6c:12:79:e7:e1:39:c3:
                    b6:09:7a:04:5e:85:80:59:aa:09:67:3d:b8:da:87:
                    69:ea:4b:4e:70:a7:6c:97:e0:16:a5:9e:5c:5d:93:
                    95:ce:a1:78:a7:43:20:ec:df:46:a7:df:c5:3b:77:
                    04:6e:1d:05:7f:01:3a:1c:45:c9:7b:75:4c:bf:77:
                    1a:fb:96:9f:6b:39:2d:1d:b8:05:3f:11:5e:80:a3:
                    23:ee:02:26:a4:8a:6a:db:74:a6:85:4b:a8:cf:2d:
                    2e:ef:33:67:de:bb:cf:5c:6d:32:83:07:75:9f:38:
                    ac:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B0:8D:49:77:EE:9B:1B:8A:21:F1:4D:77:5B:E6:09:88:3A:D7:63
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/VbCNSXfumxuKIfFNd1vmCYg612M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:76:65:f7:3d:4f:e0:bf:0d:08:c4:d1:96:44:8a:df:29:c0:
         d9:75:ec:e1:6b:7e:99:0b:39:ac:79:db:67:df:f1:f2:d4:02:
         3c:7c:4e:6e:88:7c:6f:8b:f8:90:1f:6a:3c:a2:4f:a6:30:63:
         e1:52:86:be:23:3d:d0:f6:9e:a1:2e:0d:ac:68:5d:40:89:b7:
         01:78:50:3b:ff:54:70:95:fa:3f:16:55:ff:9e:2b:09:36:24:
         35:db:61:6d:f8:e6:a5:ef:df:9b:24:43:70:75:6b:3f:5f:e6:
         40:44:98:da:3f:f9:5f:d6:63:9f:20:43:42:54:a6:d9:7e:73:
         8f:93:29:3f:38:c1:7e:61:27:38:31:82:bf:dc:16:b2:59:6d:
         6c:b9:07:0c:80:06:49:c7:92:8a:2c:f0:79:cc:2f:a2:2a:a3:
         11:e4:c5:33:2b:df:0b:fe:79:13:85:03:6c:ea:75:f7:d7:54:
         01:68:e4:b8:43:e6:7f:d2:f5:6e:c4:e8:69:8c:ca:30:65:f8:
         c9:fd:ef:63:2e:22:23:3b:0a:31:c9:d3:72:a2:04:b7:cd:cd:
         ca:de:be:e1:3e:02:a5:54:fc:7a:46:e8:5d:ee:79:78:f8:36:
         ce:da:3c:68:12:48:86:8c:7e:c7:ea:78:3e:1d:90:28:37:7d:
         47:3b:79:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VPTpZ1Kg8O8LR0ffLxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWIwOGQ0OTc3ZWU5YjFiOGEyMWYxNGQ3NzViZTYwOTg4M2FkNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsi3pdOYBeSd8wI2Yy99i+bNK7v9
jsM5eOLs6UFp/mOkdh0j6QX44UPNjZ4vOD2N0XsedvtnOvqFxah3T9dEtF1qQ9we
0TJim8smwpspMTVH7gWX9G0AmWn2xu5QlHoS6+wR2x0YKpRn0keJ55KTc75oT+CD
aZYquhITkGbkVslTkxbQnJJrWBW7Yyj9kWwSeefhOcO2CXoEXoWAWaoJZz242odp
6ktOcKdsl+AWpZ5cXZOVzqF4p0Mg7N9Gp9/FO3cEbh0FfwE6HEXJe3VMv3ca+5af
azktHbgFPxFegKMj7gImpIpq23SmhUuozy0u7zNn3rvPXG0ygwd1nzisywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWwjUl37psbiiHxTXdb5gmIOtdjMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvVmJDTlNYZnVteHVLSWZGTmQxdm1DWWc2MTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuIxMA0G
CSqGSIb3DQEBCwUAA4IBAQBXdmX3PU/gvw0IxNGWRIrfKcDZdezha36ZCzmsedtn
3/Hy1AI8fE5uiHxvi/iQH2o8ok+mMGPhUoa+Iz3Q9p6hLg2saF1AibcBeFA7/1Rw
lfo/FlX/nisJNiQ122Ft+Oal79+bJENwdWs/X+ZARJjaP/lf1mOfIENCVKbZfnOP
kyk/OMF+YSc4MYK/3BayWW1suQcMgAZJx5KKLPB5zC+iKqMR5MUzK98L/nkThQNs
6nX311QBaOS4Q+Z/0vVuxOhpjMowZfjJ/e9jLiIjOwoxydNyogS3zc3K3r7hPgKl
VPx6Ruhd7nl4+DbO2jxoEkiGjH7H6ng+HZAoN31HO3mR
-----END CERTIFICATE-----