Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/VMysSyLNDVGWd0vcTeYPwlMA5rc.roa
File:                     VMysSyLNDVGWd0vcTeYPwlMA5rc.roa (raw, json)
Hash identifier:          6+DEgCnpiKyTQCIOlcuNMISjTH2qj/1LJFyn3yXus8Y=
Subject key identifier:   54:CC:AC:4B:22:CD:0D:51:96:77:4B:DC:4D:E6:0F:C2:53:00:E6:B7
Certificate issuer:       /CN=356d9a95bace19785c40647663f31d9056261c2f
Certificate serial:       01942369E7202ADF10CAE2C008A240071475
Authority key identifier: 35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/VMysSyLNDVGWd0vcTeYPwlMA5rc.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62739
IP address blocks:        185.32.193.0/24 maxlen: 24
                          185.32.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e7:20:2a:df:10:ca:e2:c0:08:a2:40:07:14:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=356d9a95bace19785c40647663f31d9056261c2f
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54ccac4b22cd0d5196774bdc4de60fc25300e6b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:44:cf:82:c6:14:3c:39:22:0a:34:16:1e:93:
                    b2:9e:49:42:23:a7:29:3b:55:a8:c4:8d:c5:a4:08:
                    f9:f6:bc:7e:b1:cf:12:5e:8d:9d:0a:1a:bf:71:2c:
                    5e:eb:a1:8b:b0:48:5f:a1:31:1a:2f:eb:79:6c:df:
                    50:05:50:f9:b4:a0:3b:24:73:27:91:20:71:a3:8f:
                    db:de:cf:db:b7:a9:fb:43:ca:fe:33:4b:5a:4b:02:
                    0e:c7:26:00:fb:4b:f1:fd:fd:fc:4e:a7:e0:ce:03:
                    9a:0f:6f:fd:78:2e:9d:e2:3a:b5:e5:de:fb:bc:dd:
                    83:84:d6:cd:55:6d:be:af:73:e9:f4:c7:e7:f8:33:
                    fd:cb:2c:86:f2:48:21:04:8a:6c:33:0f:33:fb:fb:
                    2a:9a:c3:53:a9:11:92:b8:e7:f4:87:83:55:69:a1:
                    a9:9a:75:57:af:e9:0f:7a:f8:85:da:4d:ca:11:4a:
                    ed:69:3f:f8:eb:dc:95:7e:dd:0a:0d:c4:92:ec:ce:
                    4a:35:75:b8:a3:6b:f8:32:99:7b:2a:d5:30:2b:94:
                    c8:35:a6:d2:d6:5a:39:75:21:8c:4e:52:22:b9:f4:
                    0b:bd:11:2e:62:8f:06:69:8c:0b:9a:f2:3b:7d:bc:
                    e6:3c:fe:f8:b7:64:c1:40:93:a8:ee:47:7e:6f:45:
                    e6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CC:AC:4B:22:CD:0D:51:96:77:4B:DC:4D:E6:0F:C2:53:00:E6:B7
            X509v3 Authority Key Identifier:
                keyid:35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/VMysSyLNDVGWd0vcTeYPwlMA5rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.193.0-185.32.194.255

    Signature Algorithm: sha256WithRSAEncryption
         24:69:57:02:1c:b2:0d:3e:32:c1:12:82:d6:fd:44:55:14:51:
         a7:ac:a6:6a:e8:d4:b6:14:62:7a:ec:b9:65:87:51:d7:90:ec:
         32:b6:1b:b3:3c:5c:26:65:54:08:ea:69:bf:f1:39:5d:c8:3c:
         45:cf:8c:c7:d3:0a:d6:ef:fa:d3:5c:fa:33:30:f1:15:19:3d:
         6b:24:32:34:17:3c:cf:6d:32:4f:1f:05:5f:a7:04:94:0c:9a:
         9b:f7:14:e8:5b:15:75:2f:69:09:67:ef:00:34:16:92:50:cd:
         41:f4:03:3e:63:17:d7:4c:b6:b9:45:d2:63:a0:94:2a:1a:53:
         9e:bc:84:cd:89:a0:42:9a:bf:86:31:40:3d:77:86:2d:3d:a6:
         d4:a1:9d:c5:3e:bc:0d:fa:b3:09:10:4e:51:5f:e4:a6:a4:23:
         9d:6d:bb:19:55:13:c3:c9:50:04:9e:67:90:e7:9e:8a:23:79:
         7a:6e:cd:07:1a:48:45:3c:09:86:96:4c:db:94:8a:02:00:af:
         06:eb:0b:ce:e9:84:b4:91:d4:e7:d8:9e:7b:e5:03:d8:8c:58:
         03:77:db:26:71:88:fe:a0:f1:30:2a:d3:86:74:48:15:48:fb:
         1b:34:9d:8a:b0:36:d7:74:35:34:22:6e:4b:fc:7a:1e:59:96:
         87:2d:6f:3d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQjaecgKt8QyuLACKJABxR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NmQ5YTk1YmFjZTE5Nzg1YzQwNjQ3NjYzZjMxZDkwNTYy
NjFjMmYwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGNjYWM0YjIyY2QwZDUxOTY3NzRiZGM0ZGU2MGZjMjUzMDBlNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ETPgsYUPDkiCjQWHpOynklCI6cp
O1WoxI3FpAj59rx+sc8SXo2dChq/cSxe66GLsEhfoTEaL+t5bN9QBVD5tKA7JHMn
kSBxo4/b3s/bt6n7Q8r+M0taSwIOxyYA+0vx/f38TqfgzgOaD2/9eC6d4jq15d77
vN2DhNbNVW2+r3Pp9Mfn+DP9yyyG8kghBIpsMw8z+/sqmsNTqRGSuOf0h4NVaaGp
mnVXr+kPeviF2k3KEUrtaT/469yVft0KDcSS7M5KNXW4o2v4Mpl7KtUwK5TINabS
1lo5dSGMTlIiufQLvREuYo8GaYwLmvI7fbzmPP74t2TBQJOo7kd+b0XmiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFTMrEsizQ1RlndL3E3mD8JTAOa3MB8GA1UdIwQY
MBaAFDVtmpW6zhl4XEBkdmPzHZBWJhwvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlcyYWxick9HWGhjUUdSMllfTWRrRlltSEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9kZDljOTAtMzFhOS00OTk1LTlkYTMt
NGVmZGU2ZWIzMmQ0LzEvVk15c1N5TE5EVkdXZDB2Y1RlWVB3bE1BNXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9kZDljOTAtMzFhOS00OTk1LTlkYTMtNGVmZGU2ZWIzMmQ0
LzEvTlcyYWxick9HWGhjUUdSMllfTWRrRlltSEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IMED
BAC5IMIwDQYJKoZIhvcNAQELBQADggEBACRpVwIcsg0+MsESgtb9RFUUUaespmro
1LYUYnrsuWWHUdeQ7DK2G7M8XCZlVAjqab/xOV3IPEXPjMfTCtbv+tNc+jMw8RUZ
PWskMjQXPM9tMk8fBV+nBJQMmpv3FOhbFXUvaQln7wA0FpJQzUH0Az5jF9dMtrlF
0mOglCoaU568hM2JoEKav4YxQD13hi09ptShncU+vA36swkQTlFf5KakI51tuxlV
E8PJUASeZ5DnnoojeXpuzQcaSEU8CYaWTNuUigIArwbrC87phLSR1OfYnnvlA9iM
WAN32yZxiP6g8TAq04Z0SBVI+xs0nYqwNtd0NTQibkv8eh5Zloctbz0=
-----END CERTIFICATE-----