Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/VL_sUVNGEMQYYwl9Xv-gftIOtVk.roa
File:                     VL_sUVNGEMQYYwl9Xv-gftIOtVk.roa (raw, json)
Hash identifier:          Nb6N1oOcP6n4dJnS6N2r/DJY5HC1wzR3gXjz4D8FCrM=
Subject key identifier:   54:BF:EC:51:53:46:10:C4:18:63:09:7D:5E:FF:A0:7E:D2:0E:B5:59
Certificate issuer:       /CN=c76c3644741336b01b638563314f40d10c69d30d
Certificate serial:       01942067E74F71A8ADA54B002047142135DB
Authority key identifier: C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/VL_sUVNGEMQYYwl9Xv-gftIOtVk.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31428
IP address blocks:        193.16.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e7:4f:71:a8:ad:a5:4b:00:20:47:14:21:35:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76c3644741336b01b638563314f40d10c69d30d
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54bfec51534610c41863097d5effa07ed20eb559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:44:ae:b0:8c:59:47:42:7c:90:0f:f8:e3:6c:
                    86:bd:b5:cf:87:1b:30:e0:00:e4:5c:04:37:c2:83:
                    95:be:c5:a1:f6:5b:85:06:4c:5c:44:17:93:08:b4:
                    ea:e7:b8:e9:07:ae:52:b7:7a:64:5c:a2:54:7e:bc:
                    d9:8f:05:b7:1b:e2:de:a2:f7:a3:f8:a7:ea:40:f3:
                    84:3e:52:c8:41:4b:3e:cd:9b:de:37:d3:60:57:7e:
                    00:a4:ce:86:86:da:80:1b:3a:d9:d1:89:7d:b7:32:
                    56:92:ce:3c:c6:98:b6:7f:79:62:e4:a0:b9:46:12:
                    44:cf:dc:89:8a:39:20:57:e8:99:30:00:f0:40:99:
                    55:f1:82:53:3d:e1:73:ce:76:46:b0:82:1f:38:14:
                    60:68:3e:75:50:c2:a4:23:fd:47:b2:2c:2e:3d:14:
                    06:41:a1:71:d5:a7:3f:b5:1e:4a:82:b6:7f:06:6a:
                    b5:5b:84:c3:d6:91:ea:0a:d7:72:a8:99:99:a4:93:
                    dd:41:45:51:42:f4:2c:14:e4:64:df:14:5b:23:b9:
                    da:d1:b2:db:1d:5a:cb:e4:1f:fa:a2:51:9a:dc:00:
                    ec:6c:32:b3:7a:c7:53:10:92:de:67:e1:60:3d:7b:
                    da:2a:a1:3a:8f:4f:cd:2d:2b:f8:04:f7:6c:28:2f:
                    3c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:BF:EC:51:53:46:10:C4:18:63:09:7D:5E:FF:A0:7E:D2:0E:B5:59
            X509v3 Authority Key Identifier:
                keyid:C7:6C:36:44:74:13:36:B0:1B:63:85:63:31:4F:40:D1:0C:69:D3:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/VL_sUVNGEMQYYwl9Xv-gftIOtVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7df7c6-decd-4bbc-babc-23697f752f2e/1/x2w2RHQTNrAbY4VjMU9A0Qxp0w0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:ca:b7:52:70:7a:94:13:64:e5:38:a9:d4:8a:84:bd:e9:54:
         bb:a0:6f:4c:c2:19:c1:c5:e0:27:4c:ae:12:b8:6f:60:78:b6:
         91:a2:3f:22:6f:f5:fa:6d:ec:34:fe:9e:05:38:5f:53:5e:2e:
         11:c2:70:d0:6a:5d:c5:ff:b6:8b:8c:b5:0f:54:1e:18:da:1a:
         50:21:45:1a:4a:60:bd:7e:8c:78:6f:6c:f6:9e:c4:0c:a8:27:
         6f:9f:ce:2a:3d:9e:7e:07:29:03:80:64:9d:b0:60:48:bc:04:
         1a:2e:7f:45:f9:f9:f6:b0:d4:8c:71:4a:6b:0f:10:4d:d0:24:
         2a:7c:f7:e3:f6:0c:ba:87:4e:65:a9:db:02:67:96:3c:43:42:
         b4:d5:33:a5:a9:f5:1b:e2:32:c0:12:07:2f:68:f1:b5:f1:27:
         d4:b1:df:c5:cb:13:c1:9e:5e:30:7b:e4:c7:90:79:4b:65:aa:
         21:62:1f:7f:21:f9:cd:54:82:d7:91:ac:7b:06:e1:59:71:7e:
         74:be:50:11:71:e1:c4:04:42:39:6e:42:bb:ee:5c:7d:48:80:
         bb:37:e6:08:ca:1f:a7:5b:92:21:47:eb:2f:0d:8a:b9:a5:32:
         7b:b3:7d:a5:1f:62:45:e9:4c:49:cb:e0:36:87:bb:7b:4e:b1:
         d3:d1:98:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+dPcaitpUsAIEcUITXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmMzNjQ0NzQxMzM2YjAxYjYzODU2MzMxNGY0MGQxMGM2
OWQzMGQwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGJmZWM1MTUzNDYxMGM0MTg2MzA5N2Q1ZWZmYTA3ZWQyMGViNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkSusIxZR0J8kA/442yGvbXPhxsw
4ADkXAQ3woOVvsWh9luFBkxcRBeTCLTq57jpB65St3pkXKJUfrzZjwW3G+Leovej
+KfqQPOEPlLIQUs+zZveN9NgV34ApM6GhtqAGzrZ0Yl9tzJWks48xpi2f3li5KC5
RhJEz9yJijkgV+iZMADwQJlV8YJTPeFzznZGsIIfOBRgaD51UMKkI/1HsiwuPRQG
QaFx1ac/tR5KgrZ/Bmq1W4TD1pHqCtdyqJmZpJPdQUVRQvQsFORk3xRbI7na0bLb
HVrL5B/6olGa3ADsbDKzesdTEJLeZ+FgPXvaKqE6j0/NLSv4BPdsKC88TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFS/7FFTRhDEGGMJfV7/oH7SDrVZMB8GA1UdIwQY
MBaAFMdsNkR0EzawG2OFYzFPQNEMadMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMt
MjM2OTdmNzUyZjJlLzEvVkxfc1VWTkdFTVFZWXdsOVh2LWdmdElPdFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ZGY3YzYtZGVjZC00YmJjLWJhYmMtMjM2OTdmNzUyZjJl
LzEveDJ3MlJIUVROckFiWTRWak1VOUEwUXhwMHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRCZMA0G
CSqGSIb3DQEBCwUAA4IBAQAmyrdScHqUE2TlOKnUioS96VS7oG9MwhnBxeAnTK4S
uG9geLaRoj8ib/X6bew0/p4FOF9TXi4RwnDQal3F/7aLjLUPVB4Y2hpQIUUaSmC9
fox4b2z2nsQMqCdvn84qPZ5+BykDgGSdsGBIvAQaLn9F+fn2sNSMcUprDxBN0CQq
fPfj9gy6h05lqdsCZ5Y8Q0K01TOlqfUb4jLAEgcvaPG18SfUsd/FyxPBnl4we+TH
kHlLZaohYh9/IfnNVILXkax7BuFZcX50vlARceHEBEI5bkK77lx9SIC7N+YIyh+n
W5IhR+svDYq5pTJ7s32lH2JF6UxJy+A2h7t7TrHT0ZiO
-----END CERTIFICATE-----