Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/vNstzceOXGplN-vBnPrAujnN1Ks.roa
File:                     vNstzceOXGplN-vBnPrAujnN1Ks.roa (raw, json)
Hash identifier:          A1jnUd+2zoPrt/m5wPvY6xxOOy1gAscK2t40BFmGG10=
Subject key identifier:   BC:DB:2D:CD:C7:8E:5C:6A:65:37:EB:C1:9C:FA:C0:BA:39:CD:D4:AB
Certificate issuer:       /CN=1f4af2b479815f07cd82e9f82bab2fea13fb21b1
Certificate serial:       01941FFA1992D6C1A9079746A7467D7DB387
Authority key identifier: 1F:4A:F2:B4:79:81:5F:07:CD:82:E9:F8:2B:AB:2F:EA:13:FB:21:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/vNstzceOXGplN-vBnPrAujnN1Ks.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        195.130.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:19:92:d6:c1:a9:07:97:46:a7:46:7d:7d:b3:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4af2b479815f07cd82e9f82bab2fea13fb21b1
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcdb2dcdc78e5c6a6537ebc19cfac0ba39cdd4ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:be:bd:83:b3:ba:1a:b1:a7:98:93:ab:07:ae:
                    e4:c8:d3:b3:e2:60:8e:b7:08:73:db:7a:de:4e:7d:
                    2d:73:0e:83:cb:2d:ec:66:72:4a:29:89:a0:b5:51:
                    49:ac:cd:aa:38:24:5c:e2:d4:ca:72:1b:b0:ca:ee:
                    ba:4d:05:77:d8:20:b3:62:ae:d1:be:f6:60:e6:00:
                    6c:e4:a1:13:8a:50:16:83:b6:e3:1f:2b:de:3a:76:
                    d5:9e:b4:5a:72:91:f4:9d:7d:94:46:db:33:45:65:
                    43:a4:4d:82:ff:1c:2d:31:f7:84:53:11:00:8a:a2:
                    6b:bf:93:61:05:d8:69:55:ef:9e:70:c7:9b:a3:ad:
                    70:73:aa:e8:da:e3:8c:35:c6:4f:b8:0e:2f:62:51:
                    de:13:4a:b2:b9:46:16:39:bc:c7:b4:fb:07:74:50:
                    e1:ff:bb:55:7f:97:59:59:b7:82:96:4e:f9:e4:b3:
                    33:ad:1c:fd:1a:da:fc:23:61:45:ae:f1:be:e5:ce:
                    d8:a8:f8:81:dd:75:86:51:bd:5d:8a:4e:4d:9b:6d:
                    10:67:3f:af:05:63:8b:b0:af:78:e4:fe:40:a4:f1:
                    f8:81:4a:09:d6:bf:5f:de:42:37:63:53:6b:1e:db:
                    f4:84:30:87:78:d0:fa:13:76:fb:fc:1f:3e:e1:72:
                    ee:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DB:2D:CD:C7:8E:5C:6A:65:37:EB:C1:9C:FA:C0:BA:39:CD:D4:AB
            X509v3 Authority Key Identifier:
                keyid:1F:4A:F2:B4:79:81:5F:07:CD:82:E9:F8:2B:AB:2F:EA:13:FB:21:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/vNstzceOXGplN-vBnPrAujnN1Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:73:6f:92:40:f9:1f:79:e2:98:8e:1b:57:b9:d2:b7:1a:21:
         a7:54:d6:57:31:7f:a9:c1:98:5d:a6:c7:97:12:c7:b7:ad:37:
         c2:e8:b3:2e:cd:d4:71:d0:0b:b4:43:a1:f2:14:09:50:02:c2:
         72:63:f9:59:5d:9f:f9:85:e2:19:0c:4f:9b:f9:d9:82:20:4e:
         93:b3:99:b5:29:b6:5f:a8:80:c1:40:71:ff:4b:8f:55:e8:bd:
         5d:58:bb:61:94:7a:90:40:54:67:37:0f:44:65:bb:5c:7b:14:
         01:ea:3b:5e:ff:85:18:ae:2e:f6:16:35:c8:ad:ab:84:34:bd:
         3e:b3:67:8f:b4:43:c8:56:36:9d:36:91:96:57:7b:9a:5f:ec:
         37:97:83:77:f2:24:e2:21:f6:d5:91:ae:35:8e:3c:3b:ca:ef:
         d8:18:b1:08:51:f3:61:a7:a3:85:33:63:6e:6f:74:6b:f1:eb:
         4e:f9:4b:12:b5:2f:ca:0c:3e:16:19:d1:bd:72:cf:fe:c4:ac:
         bd:7b:56:55:c7:1e:8d:02:6a:06:cd:b6:24:d9:bb:a3:a0:e6:
         14:14:ed:66:57:b4:89:51:f7:69:99:32:dc:3c:17:d7:c1:5f:
         d2:86:f7:c6:35:a0:85:91:14:b0:ed:00:cf:48:89:74:7d:52:
         10:86:73:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hmS1sGpB5dGp0Z9fbOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNGFmMmI0Nzk4MTVmMDdjZDgyZTlmODJiYWIyZmVhMTNm
YjIxYjEwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RiMmRjZGM3OGU1YzZhNjUzN2ViYzE5Y2ZhYzBiYTM5Y2RkNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL69g7O6GrGnmJOrB67kyNOz4mCO
twhz23reTn0tcw6Dyy3sZnJKKYmgtVFJrM2qOCRc4tTKchuwyu66TQV32CCzYq7R
vvZg5gBs5KETilAWg7bjHyveOnbVnrRacpH0nX2URtszRWVDpE2C/xwtMfeEUxEA
iqJrv5NhBdhpVe+ecMebo61wc6ro2uOMNcZPuA4vYlHeE0qyuUYWObzHtPsHdFDh
/7tVf5dZWbeClk755LMzrRz9Gtr8I2FFrvG+5c7YqPiB3XWGUb1dik5Nm20QZz+v
BWOLsK945P5ApPH4gUoJ1r9f3kI3Y1NrHtv0hDCHeND6E3b7/B8+4XLurwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzbLc3HjlxqZTfrwZz6wLo5zdSrMB8GA1UdIwQY
MBaAFB9K8rR5gV8HzYLp+CurL+oT+yGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDByeXRIbUJYd2ZOZ3VuNEs2c3Y2aFA3SWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wZjI1YjctNGY4MS00ZjQxLWExNjIt
MDg2YzE2ZjczNmIxLzEvdk5zdHpjZU9YR3BsTi12Qm5QckF1am5OMUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wZjI1YjctNGY4MS00ZjQxLWExNjItMDg2YzE2ZjczNmIx
LzEvSDByeXRIbUJYd2ZOZ3VuNEs2c3Y2aFA3SWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4LfMA0G
CSqGSIb3DQEBCwUAA4IBAQBYc2+SQPkfeeKYjhtXudK3GiGnVNZXMX+pwZhdpseX
Ese3rTfC6LMuzdRx0Au0Q6HyFAlQAsJyY/lZXZ/5heIZDE+b+dmCIE6Ts5m1KbZf
qIDBQHH/S49V6L1dWLthlHqQQFRnNw9EZbtcexQB6jte/4UYri72FjXIrauENL0+
s2ePtEPIVjadNpGWV3uaX+w3l4N38iTiIfbVka41jjw7yu/YGLEIUfNhp6OFM2Nu
b3Rr8etO+UsStS/KDD4WGdG9cs/+xKy9e1ZVxx6NAmoGzbYk2bujoOYUFO1mV7SJ
UfdpmTLcPBfXwV/ShvfGNaCFkRSw7QDPSIl0fVIQhnMk
-----END CERTIFICATE-----