Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Vsa4sl4yJDWQIOfAQ8k-eZtGrFY.roa
File:                     Vsa4sl4yJDWQIOfAQ8k-eZtGrFY.roa (raw, json)
Hash identifier:          l1VkZleep792Mt0zLZ+URhm6tjPzPXmqqOx4wTL3WgQ=
Subject key identifier:   56:C6:B8:B2:5E:32:24:35:90:20:E7:C0:43:C9:3E:79:9B:46:AC:56
Certificate issuer:       /CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
Certificate serial:       0197C67BAA8D3DE79240B37D70AF114661DF
Authority key identifier: 27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Vsa4sl4yJDWQIOfAQ8k-eZtGrFY.roa
Signing time:             Tue 01 Jul 2025 14:54:42 +0000
ROA not before:           Tue 01 Jul 2025 14:54:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        95.128.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 23:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:7b:aa:8d:3d:e7:92:40:b3:7d:70:af:11:46:61:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
        Validity
            Not Before: Jul  1 14:54:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56c6b8b25e3224359020e7c043c93e799b46ac56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:42:c8:73:3f:7e:2d:68:8f:21:bc:2c:04:ea:
                    bd:af:c8:68:4d:98:86:ef:27:2b:f8:2e:1c:03:2c:
                    c2:d4:ab:ef:54:e9:24:ac:79:62:91:26:7f:19:91:
                    f2:a1:0c:08:ba:da:f8:a8:54:c9:1a:59:dc:7e:5d:
                    cf:5b:a0:d1:c1:63:9b:db:51:8e:03:4a:0e:45:fe:
                    eb:26:be:84:e3:54:e4:e9:50:71:8b:03:42:cb:34:
                    de:fe:5c:39:aa:28:e4:64:d6:14:da:3e:c7:ee:9b:
                    8c:fb:8d:67:bf:f8:ee:46:17:ae:20:e9:d9:8e:0c:
                    6b:31:9c:01:f2:be:20:d3:27:ce:8c:d9:25:d1:9f:
                    75:cc:9c:ce:00:c4:e2:09:7a:8d:85:1f:10:56:3d:
                    23:3f:fe:79:d3:7e:73:8e:9d:54:3d:9e:9a:db:b6:
                    a6:71:74:47:20:f2:3b:68:9b:3c:98:db:a2:40:2c:
                    fd:00:60:f5:60:6c:78:18:c6:6b:2c:f7:a3:f7:dd:
                    cd:6e:4b:af:79:6f:8b:ee:bd:8d:9f:0f:f3:c0:fe:
                    7b:e0:7e:61:f6:bd:ae:e9:20:e7:25:16:6f:f3:d0:
                    61:8c:e3:9f:96:b2:9d:b8:2f:13:b7:e9:a0:1e:2f:
                    6f:fb:7a:e1:dd:e4:c8:43:a9:e3:99:43:18:06:a6:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C6:B8:B2:5E:32:24:35:90:20:E7:C0:43:C9:3E:79:9B:46:AC:56
            X509v3 Authority Key Identifier:
                keyid:27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Vsa4sl4yJDWQIOfAQ8k-eZtGrFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:d4:77:c2:ad:d0:10:4d:13:e2:c4:33:6f:50:eb:a3:c6:14:
         ec:29:1d:d4:a8:41:7e:ad:fb:e9:21:83:22:1a:5a:e6:85:1d:
         94:91:b1:68:6c:aa:d5:a4:0a:df:1c:fd:bd:4b:96:0d:29:87:
         ae:ab:9d:c5:03:5e:a3:10:e4:02:b0:76:e9:7d:d0:16:0d:0f:
         a4:fa:e1:47:37:df:b4:fd:b1:d5:43:31:16:7b:3b:9a:70:29:
         b0:7f:d6:f3:37:13:1e:e7:ad:a9:9a:d3:b4:23:dd:0a:55:e5:
         58:79:12:1c:30:37:10:f2:61:15:ed:98:41:ec:5e:32:0c:3a:
         fa:78:25:64:bd:e8:8f:45:4a:8a:ff:43:6e:1b:8c:41:e8:d6:
         a9:67:56:c4:7f:ef:c5:ca:69:0e:f4:d8:6a:6a:3d:25:ed:03:
         87:e7:3a:1e:37:62:41:4a:51:b3:57:e8:75:2e:11:51:d5:2f:
         9a:5c:5d:25:dd:70:ca:f7:45:4b:d7:84:91:c9:2b:d5:75:c9:
         0a:9f:db:9d:54:67:ba:7e:b6:22:90:02:5f:92:36:24:98:d1:
         29:fe:18:35:ad:0b:fd:aa:ea:bc:2a:f4:97:be:ec:e8:89:4a:
         fc:3a:7b:c3:2e:eb:de:f8:db:ab:5f:2a:87:d8:90:94:0d:57:
         f9:de:e1:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfGe6qNPeeSQLN9cK8RRmHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTFhN2I4ZWU4NDQwNTIyYjBiNTUzMGM4NWRjZTFkNzNm
OTY3YjcwHhcNMjUwNzAxMTQ1NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmM2YjhiMjVlMzIyNDM1OTAyMGU3YzA0M2M5M2U3OTliNDZhYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkLIcz9+LWiPIbwsBOq9r8hoTZiG
7ycr+C4cAyzC1KvvVOkkrHlikSZ/GZHyoQwIutr4qFTJGlncfl3PW6DRwWOb21GO
A0oORf7rJr6E41Tk6VBxiwNCyzTe/lw5qijkZNYU2j7H7puM+41nv/juRheuIOnZ
jgxrMZwB8r4g0yfOjNkl0Z91zJzOAMTiCXqNhR8QVj0jP/55035zjp1UPZ6a27am
cXRHIPI7aJs8mNuiQCz9AGD1YGx4GMZrLPej993NbkuveW+L7r2Nnw/zwP574H5h
9r2u6SDnJRZv89BhjOOflrKduC8Tt+mgHi9v+3rh3eTIQ6njmUMYBqY0pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbGuLJeMiQ1kCDnwEPJPnmbRqxWMB8GA1UdIwQY
MBaAFCeRp7juhEBSKwtVMMhdzh1z+We3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUt
OWVjZDhjYzUwYTg4LzEvVnNhNHNsNHlKRFdRSU9mQVE4ay1lWnRHckZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUtOWVjZDhjYzUwYTg4
LzEvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DEMA0G
CSqGSIb3DQEBCwUAA4IBAQBk1HfCrdAQTRPixDNvUOujxhTsKR3UqEF+rfvpIYMi
GlrmhR2UkbFobKrVpArfHP29S5YNKYeuq53FA16jEOQCsHbpfdAWDQ+k+uFHN9+0
/bHVQzEWezuacCmwf9bzNxMe562pmtO0I90KVeVYeRIcMDcQ8mEV7ZhB7F4yDDr6
eCVkveiPRUqK/0NuG4xB6NapZ1bEf+/FymkO9Nhqaj0l7QOH5zoeN2JBSlGzV+h1
LhFR1S+aXF0l3XDK90VL14SRySvVdckKn9udVGe6frYikAJfkjYkmNEp/hg1rQv9
quq8KvSXvuzoiUr8OnvDLuve+NurXyqH2JCUDVf53uFP
-----END CERTIFICATE-----