Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/VevHPwAB1iJyPKAMEf-9jonQkw8.roa
File:                     VevHPwAB1iJyPKAMEf-9jonQkw8.roa (raw, json)
Hash identifier:          4/+GFUHa73gsaLJx3C+/KNKqa6wmzJjBpqrLYFHIP6w=
Subject key identifier:   55:EB:C7:3F:00:01:D6:22:72:3C:A0:0C:11:FF:BD:8E:89:D0:93:0F
Certificate issuer:       /CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
Certificate serial:       018CCA2B33A5E61852AC6577E563A014AAD3
Authority key identifier: 3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/VevHPwAB1iJyPKAMEf-9jonQkw8.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12803
IP address blocks:        195.200.250.0/24 maxlen: 24
                          195.200.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:33:a5:e6:18:52:ac:65:77:e5:63:a0:14:aa:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55ebc73f0001d622723ca00c11ffbd8e89d0930f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5b:16:d9:6c:09:9b:18:76:1d:e1:fd:70:2c:
                    62:1b:b8:ec:10:93:a3:8e:f4:f8:4a:bf:f9:04:11:
                    2f:f4:f2:c9:b0:41:b1:90:c3:74:88:2a:a1:35:01:
                    93:cd:8f:a6:ab:8c:52:c1:33:d9:eb:ac:86:96:95:
                    86:07:1e:c3:09:d7:4f:e1:07:7f:71:bf:cf:e5:e4:
                    c5:27:56:e7:d9:1c:93:4e:33:2c:ac:1f:a8:af:96:
                    43:67:8e:e4:e3:b7:8d:ea:e3:55:ae:a4:81:fe:5e:
                    04:24:2c:5c:6e:f7:c7:66:f8:97:b9:e9:26:74:01:
                    a1:e7:9e:65:41:67:e7:22:20:b1:44:0e:0b:18:55:
                    94:e6:74:d4:c7:04:7f:19:5e:a7:ea:e3:07:9e:6d:
                    0a:71:44:ea:46:ea:ba:0e:a8:a2:fa:5b:d2:7e:00:
                    67:5a:da:20:a3:13:fd:3a:6e:22:11:75:79:d3:50:
                    a7:da:c0:bd:76:74:85:82:46:61:80:4d:6b:af:d5:
                    6d:9d:77:c2:b2:e8:f7:c2:63:dd:8b:aa:23:68:e0:
                    8d:8e:fb:ae:f1:17:38:75:a3:3b:c5:d1:4d:ae:b1:
                    32:e6:27:d2:c7:0d:2b:ce:a6:af:ee:12:f5:e5:51:
                    3a:0a:d7:e7:3a:7b:af:05:c5:ac:b1:53:af:9a:0a:
                    9e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EB:C7:3F:00:01:D6:22:72:3C:A0:0C:11:FF:BD:8E:89:D0:93:0F
            X509v3 Authority Key Identifier:
                keyid:3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/VevHPwAB1iJyPKAMEf-9jonQkw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:e6:59:5f:2d:a4:fd:4e:8a:72:8b:04:24:19:80:a5:d4:66:
         9a:72:8d:9c:22:2f:79:05:0f:94:99:9e:53:07:83:a7:44:f4:
         be:58:d3:22:43:93:77:52:7f:b1:ea:28:e8:9f:e9:3c:11:06:
         be:d0:ef:9b:85:22:f1:49:c6:25:a4:6a:08:90:d3:b0:22:50:
         ce:77:3f:a3:9c:57:65:b7:4e:da:15:af:96:a4:aa:c0:53:7d:
         bd:b7:c0:f8:40:98:b4:be:cb:a1:74:f1:4f:e4:1a:a1:6d:87:
         88:61:46:0e:01:1e:dc:67:03:f1:50:8b:83:20:8c:cf:cd:0a:
         4f:ad:2a:61:f7:ae:96:4f:41:9c:c6:b7:f9:57:da:95:92:e0:
         42:16:7a:e9:bf:67:ea:c6:42:37:70:e8:f2:5c:c9:12:f6:da:
         00:72:81:c1:cc:d7:46:42:60:22:1b:b0:a4:75:d6:7d:71:3f:
         b4:5e:85:c7:69:8b:e5:5c:43:ed:26:34:ca:03:4e:b5:0f:75:
         b3:b9:1f:0d:48:87:87:a9:eb:19:e6:99:49:e4:d1:3d:cb:c4:
         58:1c:fe:11:7a:14:06:09:fe:e1:57:0e:b2:c1:bd:24:d3:98:
         18:ed:46:c4:b4:46:f1:67:1a:1e:77:2d:b6:85:a3:a6:2a:c5:
         6c:01:9c:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzOl5hhSrGV35WOgFKrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZmYxZjJiMTE3NWYwNjA1ZDAyNWU1MTAxNzM2OWMxY2E4
YjFhNDYwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWViYzczZjAwMDFkNjIyNzIzY2EwMGMxMWZmYmQ4ZTg5ZDA5MzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVsW2WwJmxh2HeH9cCxiG7jsEJOj
jvT4Sr/5BBEv9PLJsEGxkMN0iCqhNQGTzY+mq4xSwTPZ66yGlpWGBx7DCddP4Qd/
cb/P5eTFJ1bn2RyTTjMsrB+or5ZDZ47k47eN6uNVrqSB/l4EJCxcbvfHZviXuekm
dAGh555lQWfnIiCxRA4LGFWU5nTUxwR/GV6n6uMHnm0KcUTqRuq6Dqii+lvSfgBn
WtogoxP9Om4iEXV501Cn2sC9dnSFgkZhgE1rr9VtnXfCsuj3wmPdi6ojaOCNjvuu
8Rc4daM7xdFNrrEy5ifSxw0rzqav7hL15VE6CtfnOnuvBcWssVOvmgqePwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXrxz8AAdYicjygDBH/vY6J0JMPMB8GA1UdIwQY
MBaAFDz/HysRdfBgXQJeUQFzacHKixpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMt
MmJmMzRjNTI2MmU3LzEvVmV2SFB3QUIxaUp5UEtBTUVmLTlqb25Ra3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMtMmJmMzRjNTI2MmU3
LzEvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw8j6MA0G
CSqGSIb3DQEBCwUAA4IBAQAg5llfLaT9TopyiwQkGYCl1Gaaco2cIi95BQ+UmZ5T
B4OnRPS+WNMiQ5N3Un+x6ijon+k8EQa+0O+bhSLxScYlpGoIkNOwIlDOdz+jnFdl
t07aFa+WpKrAU329t8D4QJi0vsuhdPFP5BqhbYeIYUYOAR7cZwPxUIuDIIzPzQpP
rSph966WT0Gcxrf5V9qVkuBCFnrpv2fqxkI3cOjyXMkS9toAcoHBzNdGQmAiG7Ck
ddZ9cT+0XoXHaYvlXEPtJjTKA061D3WzuR8NSIeHqesZ5plJ5NE9y8RYHP4RehQG
Cf7hVw6ywb0k05gY7UbEtEbxZxoedy22haOmKsVsAZyb
-----END CERTIFICATE-----