Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VufdicgIFan1jsDCf-sZLGuwp0g.roa
File:                     VufdicgIFan1jsDCf-sZLGuwp0g.roa (raw, json)
Hash identifier:          vJuq8lo3RWIe59gYKl/s0D5AiIhMTyrcU4xMbfyblcY=
Subject key identifier:   56:E7:DD:89:C8:08:15:A9:F5:8E:C0:C2:7F:EB:19:2C:6B:B0:A7:48
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       019424448DA647C3FC697231DDCDA2EFA07F
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VufdicgIFan1jsDCf-sZLGuwp0g.roa
Signing time:             Wed 01 Jan 2025 23:47:39 +0000
ROA not before:           Wed 01 Jan 2025 23:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197177
IP address blocks:        94.240.20.0/24 maxlen: 24
                          94.240.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8d:a6:47:c3:fc:69:72:31:dd:cd:a2:ef:a0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 23:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56e7dd89c80815a9f58ec0c27feb192c6bb0a748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1d:81:77:95:21:8e:d6:12:88:9e:7c:07:6b:
                    95:4f:09:46:2a:19:5b:95:f5:0d:48:52:55:e1:84:
                    64:09:7d:2f:6a:2b:41:5f:50:e8:19:0b:5a:39:53:
                    c0:f2:ea:bb:ce:10:aa:cf:11:96:48:69:5c:7b:31:
                    3d:7d:4a:9c:c9:28:44:c3:4d:fc:95:a2:29:97:85:
                    fd:07:b5:be:d1:26:c1:2d:e9:e8:8f:da:f5:8c:80:
                    99:e1:89:43:1c:0c:18:3f:4b:d7:87:0b:6b:58:6b:
                    a8:56:d0:19:e0:ae:a2:5e:c5:29:1d:ca:1c:77:ed:
                    9a:d5:3a:ea:ca:b7:eb:f3:39:7b:70:8a:bb:3c:ff:
                    a3:eb:86:13:13:42:1d:80:b3:d9:5d:6d:89:ec:6a:
                    5b:de:a5:bb:6f:a9:3f:bf:8b:02:93:b0:e2:0f:37:
                    14:2d:89:b5:cd:34:b2:0d:9e:12:88:4f:77:5b:f9:
                    be:4b:b0:69:a0:51:36:be:69:f6:a4:17:52:dd:a7:
                    49:7c:62:5d:70:b0:91:f9:b7:e9:25:be:2b:65:5a:
                    88:9d:a5:a5:83:22:51:e9:ff:7d:29:75:df:31:ea:
                    5b:a4:d1:16:13:1a:84:34:b4:71:61:3d:e5:b9:ff:
                    b3:00:73:42:85:a3:e7:81:f8:bf:8e:10:1f:c6:ca:
                    86:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E7:DD:89:C8:08:15:A9:F5:8E:C0:C2:7F:EB:19:2C:6B:B0:A7:48
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VufdicgIFan1jsDCf-sZLGuwp0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.20.0/24
                  94.240.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:d8:6a:40:b4:62:13:56:00:77:69:62:46:c9:c4:ea:5d:93:
         c7:52:3e:24:75:d5:f0:53:b9:d8:65:82:40:89:da:f7:2f:e0:
         c3:64:6c:c1:d2:0e:76:1b:95:74:68:a6:a2:d3:e3:6a:67:71:
         08:b4:5c:0a:51:2d:85:c0:f8:86:e7:53:2b:46:f7:74:fa:6e:
         da:a1:b2:11:54:ca:6d:42:5b:38:92:d2:b9:76:7d:b6:97:d4:
         ab:83:ec:35:d0:66:99:80:f6:4a:38:f5:81:05:f8:79:88:85:
         27:d6:0c:7c:24:90:af:98:c1:ea:47:31:55:c4:f6:82:30:28:
         f4:36:85:99:6c:99:aa:6c:c5:33:a2:df:5e:3f:c6:94:77:d8:
         8a:34:7e:dd:7d:05:5d:85:87:bf:22:51:43:1e:72:b1:1d:c9:
         8c:64:db:55:d8:96:4a:95:77:01:b2:27:d5:e1:68:bc:d8:c7:
         13:8c:16:82:05:fc:62:20:0f:79:eb:52:5c:7b:b3:8c:fa:71:
         3f:71:fc:32:2a:38:0d:09:c8:59:fb:a8:bf:1a:6a:bc:7c:4f:
         81:5e:91:b2:99:81:b6:d2:6c:0d:d1:31:85:78:86:65:d4:b7:
         2e:5c:40:79:af:e9:13:47:c7:5c:32:07:44:b9:78:74:5c:32:
         c4:49:a6:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRI2mR8P8aXIx3c2i76B/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjUwMTAxMjM0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmU3ZGQ4OWM4MDgxNWE5ZjU4ZWMwYzI3ZmViMTkyYzZiYjBhNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR2Bd5UhjtYSiJ58B2uVTwlGKhlb
lfUNSFJV4YRkCX0vaitBX1DoGQtaOVPA8uq7zhCqzxGWSGlcezE9fUqcyShEw038
laIpl4X9B7W+0SbBLenoj9r1jICZ4YlDHAwYP0vXhwtrWGuoVtAZ4K6iXsUpHcoc
d+2a1Trqyrfr8zl7cIq7PP+j64YTE0IdgLPZXW2J7Gpb3qW7b6k/v4sCk7DiDzcU
LYm1zTSyDZ4SiE93W/m+S7BpoFE2vmn2pBdS3adJfGJdcLCR+bfpJb4rZVqInaWl
gyJR6f99KXXfMepbpNEWExqENLRxYT3luf+zAHNChaPngfi/jhAfxsqG5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFbn3YnICBWp9Y7Awn/rGSxrsKdIMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvVnVmZGljZ0lGYW4xanNEQ2Ytc1pMR3V3cDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXvAUAwQA
XvAnMA0GCSqGSIb3DQEBCwUAA4IBAQBc2GpAtGITVgB3aWJGycTqXZPHUj4kddXw
U7nYZYJAidr3L+DDZGzB0g52G5V0aKai0+NqZ3EItFwKUS2FwPiG51MrRvd0+m7a
obIRVMptQls4ktK5dn22l9Srg+w10GaZgPZKOPWBBfh5iIUn1gx8JJCvmMHqRzFV
xPaCMCj0NoWZbJmqbMUzot9eP8aUd9iKNH7dfQVdhYe/IlFDHnKxHcmMZNtV2JZK
lXcBsifV4Wi82McTjBaCBfxiIA9561Jce7OM+nE/cfwyKjgNCchZ+6i/Gmq8fE+B
XpGymYG20mwN0TGFeIZl1LcuXEB5r+kTR8dcMgdEuXh0XDLESaaT
-----END CERTIFICATE-----