Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/VnsIEzhd4UJd5pyA_Dc2-bnO2FM.roa
File:                     VnsIEzhd4UJd5pyA_Dc2-bnO2FM.roa (raw, json)
Hash identifier:          VlwFB7fAgr+iiENhL1pQbq6AXoNzH1bEvRoJP9yVGBU=
Subject key identifier:   56:7B:08:13:38:5D:E1:42:5D:E6:9C:80:FC:37:36:F9:B9:CE:D8:53
Certificate issuer:       /CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
Certificate serial:       01997B2E8E032026B493E11F07821FBE685C
Authority key identifier: C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/VnsIEzhd4UJd5pyA_Dc2-bnO2FM.roa
Signing time:             Wed 24 Sep 2025 10:04:32 +0000
ROA not before:           Wed 24 Sep 2025 10:04:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        185.78.140.0/22 maxlen: 22
                          209.222.77.0/24 maxlen: 24
                          2a03:5960::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:2e:8e:03:20:26:b4:93:e1:1f:07:82:1f:be:68:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
        Validity
            Not Before: Sep 24 10:04:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=567b0813385de1425de69c80fc3736f9b9ced853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:58:26:5d:95:fe:40:e4:03:4f:c1:27:e8:a7:
                    4a:ab:32:64:0a:14:40:3e:d4:b1:dd:b1:43:a4:2b:
                    be:66:ba:6a:38:9b:34:72:30:f8:44:83:5e:65:be:
                    0c:1f:94:dd:df:36:9f:93:fd:0a:75:92:d2:f5:b0:
                    d7:c6:0a:c3:f0:8a:00:2b:e2:e1:93:f3:a7:9e:30:
                    ff:92:bc:79:72:20:92:2e:44:03:b8:e5:62:07:e3:
                    3a:85:fb:23:b5:7a:df:e4:15:3b:26:66:51:27:3e:
                    47:05:3d:85:ac:dd:16:a6:27:2c:36:40:28:66:62:
                    a3:13:8d:87:42:95:2d:d0:e8:3e:57:d8:f5:07:61:
                    38:50:14:78:d1:00:44:f6:d3:c1:59:38:5a:69:ea:
                    fb:69:07:5e:c4:05:60:f5:30:c5:5a:a8:ef:5a:2c:
                    1d:1a:db:58:64:ee:fd:75:84:bb:3a:fd:7a:49:f1:
                    04:23:94:7e:f0:f7:89:70:a5:43:78:86:89:78:72:
                    22:f0:ea:79:c6:cf:1c:43:b5:0a:c9:65:70:c4:58:
                    cc:49:b4:29:6c:42:f4:a2:3b:e8:64:55:b7:62:5f:
                    a4:aa:8d:2b:52:a5:b3:71:ac:74:d6:f2:2c:7a:7a:
                    e8:84:fb:3b:00:2b:92:f6:55:9f:01:62:8f:0a:6f:
                    3a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7B:08:13:38:5D:E1:42:5D:E6:9C:80:FC:37:36:F9:B9:CE:D8:53
            X509v3 Authority Key Identifier:
                keyid:C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/VnsIEzhd4UJd5pyA_Dc2-bnO2FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.140.0/22
                  209.222.77.0/24
                IPv6:
                  2a03:5960::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:d5:a3:49:27:79:3d:2d:87:00:ba:6f:9f:b0:74:fd:5d:e3:
         ae:fa:6a:f5:ea:04:24:da:2d:7c:75:c4:a4:78:75:f5:f4:e6:
         b6:b4:16:0f:a8:71:60:28:9f:1f:aa:0c:7c:6f:a5:f1:e2:c8:
         04:5d:fc:1a:65:63:85:37:03:01:bb:cc:34:77:11:cd:3c:20:
         a0:38:03:10:69:4d:8b:eb:89:db:09:23:ae:5b:59:bb:9f:2c:
         82:0d:db:08:8d:2b:c4:25:9b:d9:dd:8f:11:7f:d9:8e:7c:77:
         5a:0c:db:95:89:fb:36:3b:fc:54:ee:09:13:7b:6c:81:14:16:
         78:52:a2:83:59:56:2d:20:d0:cb:0f:5f:ec:4e:22:5e:f6:90:
         d7:95:28:9c:94:91:d4:52:00:53:a6:45:0c:36:6a:05:fe:35:
         4e:c9:2d:0f:00:4e:8a:6d:6e:b5:dd:0a:e7:e0:ff:a6:95:ae:
         b5:26:25:15:94:47:7e:45:ea:77:d6:62:8a:d5:db:af:80:e7:
         cb:79:55:3f:32:a5:ed:b0:2e:5d:6e:44:6c:b7:b9:d2:33:c7:
         d1:b2:02:0b:bb:e7:24:88:48:15:2c:9c:31:e5:d1:53:4b:08:
         5f:87:e4:53:14:15:ca:21:2b:b8:31:e4:93:b7:85:b9:5a:c9:
         30:05:cc:68
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZl7Lo4DICa0k+EfB4IfvmhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OTE0NTZlZGE1OWZiMGZkMmQxNzNmOTU0MTJiZTM1ZjZj
ZmJmYWYwHhcNMjUwOTI0MTAwNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdiMDgxMzM4NWRlMTQyNWRlNjljODBmYzM3MzZmOWI5Y2VkODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFgmXZX+QOQDT8En6KdKqzJkChRA
PtSx3bFDpCu+ZrpqOJs0cjD4RINeZb4MH5Td3zafk/0KdZLS9bDXxgrD8IoAK+Lh
k/OnnjD/krx5ciCSLkQDuOViB+M6hfsjtXrf5BU7JmZRJz5HBT2FrN0WpicsNkAo
ZmKjE42HQpUt0Og+V9j1B2E4UBR40QBE9tPBWThaaer7aQdexAVg9TDFWqjvWiwd
GttYZO79dYS7Ov16SfEEI5R+8PeJcKVDeIaJeHIi8Op5xs8cQ7UKyWVwxFjMSbQp
bEL0ojvoZFW3Yl+kqo0rUqWzcax01vIsenrohPs7ACuS9lWfAWKPCm86ewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFZ7CBM4XeFCXeacgPw3Nvm5zthTMB8GA1UdIwQY
MBaAFMSRRW7aWfsP0tFz+VQSvjX2z7+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2Et
YTczMGNjZmRhZGM1LzEvVm5zSUV6aGQ0VUpkNXB5QV9EYzItYm5PMkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2EtYTczMGNjZmRhZGM1
LzEveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuU6MAwQA
0d5NMA0EAgACMAcDBQAqA1lgMA0GCSqGSIb3DQEBCwUAA4IBAQB/1aNJJ3k9LYcA
um+fsHT9XeOu+mr16gQk2i18dcSkeHX19Oa2tBYPqHFgKJ8fqgx8b6Xx4sgEXfwa
ZWOFNwMBu8w0dxHNPCCgOAMQaU2L64nbCSOuW1m7nyyCDdsIjSvEJZvZ3Y8Rf9mO
fHdaDNuVifs2O/xU7gkTe2yBFBZ4UqKDWVYtINDLD1/sTiJe9pDXlSiclJHUUgBT
pkUMNmoF/jVOyS0PAE6KbW613Qrn4P+mla61JiUVlEd+Rep31mKK1duvgOfLeVU/
MqXtsC5dbkRst7nSM8fRsgILu+ckiEgVLJwx5dFTSwhfh+RTFBXKISu4MeSTt4W5
WskwBcxo
-----END CERTIFICATE-----