Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/VCmh7D4aDnJ3RvUgB4_x96-F7yk.roa
File:                     VCmh7D4aDnJ3RvUgB4_x96-F7yk.roa (raw, json)
Hash identifier:          Fvy+64reQdJIkB2LlOhrfVK5VykM8awZbivVRRObMH8=
Subject key identifier:   54:29:A1:EC:3E:1A:0E:72:77:46:F5:20:07:8F:F1:F7:AF:85:EF:29
Certificate issuer:       /CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
Certificate serial:       019503E87D15166039EE606FC38C90DFB5F9
Authority key identifier: 4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/VCmh7D4aDnJ3RvUgB4_x96-F7yk.roa
Signing time:             Fri 14 Feb 2025 10:02:02 +0000
ROA not before:           Fri 14 Feb 2025 10:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214317
IP address blocks:        94.247.104.0/23 maxlen: 23
                          94.247.104.0/24 maxlen: 24
                          94.247.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:03:e8:7d:15:16:60:39:ee:60:6f:c3:8c:90:df:b5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
        Validity
            Not Before: Feb 14 10:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5429a1ec3e1a0e727746f520078ff1f7af85ef29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6c:20:04:17:b0:8f:62:bb:fd:89:f0:12:19:
                    d8:46:75:0e:63:79:08:74:47:f4:c2:8d:55:7c:73:
                    8b:8e:f3:79:e8:f4:cc:ca:6f:ea:a3:2a:10:9c:52:
                    73:0a:3b:a9:44:28:d6:91:39:d5:c5:e8:71:ed:41:
                    bd:9b:c6:ae:45:db:98:9e:68:4b:56:67:99:03:cb:
                    1f:7b:cf:8c:c1:cb:7c:5a:0d:dc:0d:84:bf:c4:3e:
                    3b:17:ca:b3:d5:05:56:b3:fe:45:ed:c4:94:01:8a:
                    81:a6:6f:1b:58:43:8b:90:92:ae:0a:ed:33:2f:b4:
                    39:7e:cd:c0:93:5b:bc:6c:31:6b:04:8d:5d:2c:58:
                    1c:e5:48:19:5d:43:90:e8:0d:93:d6:03:cf:72:89:
                    0e:e7:0c:43:a1:6b:04:76:9c:c8:1e:c3:e4:2a:ca:
                    4a:4a:0f:52:5f:ea:07:67:37:3d:f4:a4:cf:fe:c3:
                    1f:1e:1a:d2:9b:72:3a:da:35:5b:c2:03:a4:c8:d9:
                    11:c2:d5:c7:f0:8b:4a:00:ef:60:b0:30:b1:b8:d2:
                    ce:33:12:ba:4b:ea:3f:33:41:8a:e5:84:0e:bb:d3:
                    42:c3:28:8f:2d:4c:de:f8:0c:27:09:94:63:d8:47:
                    fd:8d:66:a3:2e:0b:7c:ab:60:75:60:e5:93:c6:63:
                    a0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:29:A1:EC:3E:1A:0E:72:77:46:F5:20:07:8F:F1:F7:AF:85:EF:29
            X509v3 Authority Key Identifier:
                keyid:4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/VCmh7D4aDnJ3RvUgB4_x96-F7yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:90:26:c9:39:a3:02:23:c4:ac:39:43:11:01:0d:5d:95:d7:
         8e:15:42:8f:f7:45:03:3c:86:15:a6:29:10:b3:8d:ef:46:1f:
         20:13:37:06:0c:96:61:86:35:f9:3d:35:ef:40:49:95:2b:fa:
         6a:71:4b:8d:17:e7:5e:8e:db:2e:11:c5:b3:a9:58:bd:0c:59:
         93:10:ff:7e:2f:3f:aa:51:f3:df:17:f7:a1:43:8d:bf:2a:7f:
         24:19:fd:05:f3:87:45:e7:29:73:f4:b6:c7:51:6d:78:dc:ea:
         62:9e:eb:ea:f9:a7:9e:15:6a:94:28:a8:65:08:b3:ff:3c:df:
         e6:26:de:4e:f2:77:b1:97:e9:6b:5d:3b:d6:99:38:e9:ae:c2:
         24:2b:3b:94:f5:66:9a:78:94:78:f2:45:5f:ae:08:53:b9:15:
         ef:b2:d6:8a:a9:69:4a:59:9b:10:a7:46:76:0b:11:f2:3e:f2:
         51:8c:d4:e0:1e:12:92:78:07:71:21:1f:d8:e0:c0:83:b9:fc:
         e1:c5:f7:20:ea:f3:0d:1c:da:84:b4:98:aa:20:46:fe:5f:e6:
         50:75:86:40:15:53:b4:2b:75:08:78:c2:6d:a6:fb:72:9a:ec:
         d8:4b:69:d9:4c:3e:20:9c:26:f3:48:bb:bd:98:14:65:27:ed:
         2e:9d:b0:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUD6H0VFmA57mBvw4yQ37X5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODczODllZjQxZjE4YzFmY2M4Mjc1NDM0OWVhNzA5Njk4
MGIxZTMwHhcNMjUwMjE0MTAwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDI5YTFlYzNlMWEwZTcyNzc0NmY1MjAwNzhmZjFmN2FmODVlZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWwgBBewj2K7/YnwEhnYRnUOY3kI
dEf0wo1VfHOLjvN56PTMym/qoyoQnFJzCjupRCjWkTnVxehx7UG9m8auRduYnmhL
VmeZA8sfe8+Mwct8Wg3cDYS/xD47F8qz1QVWs/5F7cSUAYqBpm8bWEOLkJKuCu0z
L7Q5fs3Ak1u8bDFrBI1dLFgc5UgZXUOQ6A2T1gPPcokO5wxDoWsEdpzIHsPkKspK
Sg9SX+oHZzc99KTP/sMfHhrSm3I62jVbwgOkyNkRwtXH8ItKAO9gsDCxuNLOMxK6
S+o/M0GK5YQOu9NCwyiPLUze+AwnCZRj2Ef9jWajLgt8q2B1YOWTxmOg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQpoew+Gg5yd0b1IAeP8fevhe8pMB8GA1UdIwQY
MBaAFEyHOJ70HxjB/MgnVDSepwlpgLHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTct
ZmZiNzA5Zjc2NjhjLzEvVkNtaDdENGFEbkozUnZVZ0I0X3g5Ni1GN3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTctZmZiNzA5Zjc2Njhj
LzEvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvdoMA0G
CSqGSIb3DQEBCwUAA4IBAQA2kCbJOaMCI8SsOUMRAQ1dldeOFUKP90UDPIYVpikQ
s43vRh8gEzcGDJZhhjX5PTXvQEmVK/pqcUuNF+dejtsuEcWzqVi9DFmTEP9+Lz+q
UfPfF/ehQ42/Kn8kGf0F84dF5ylz9LbHUW143Opinuvq+aeeFWqUKKhlCLP/PN/m
Jt5O8nexl+lrXTvWmTjprsIkKzuU9WaaeJR48kVfrghTuRXvstaKqWlKWZsQp0Z2
CxHyPvJRjNTgHhKSeAdxIR/Y4MCDufzhxfcg6vMNHNqEtJiqIEb+X+ZQdYZAFVO0
K3UIeMJtpvtymuzYS2nZTD4gnCbzSLu9mBRlJ+0unbCf
-----END CERTIFICATE-----