Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/VQTERXSGwf3PUhsSzRfJoMTCwIY.roa
File:                     VQTERXSGwf3PUhsSzRfJoMTCwIY.roa (raw, json)
Hash identifier:          lyGgo91yoGwj1wHvWPvFSRN7NQx8IOKDi7RMWMy4Vw0=
Subject key identifier:   55:04:C4:45:74:86:C1:FD:CF:52:1B:12:CD:17:C9:A0:C4:C2:C0:86
Certificate issuer:       /CN=a953f1b8e2965fd0387810a2f62cf714816d1497
Certificate serial:       0198F16B94B25A5A0C1799BF76A7AFF778C4
Authority key identifier: A9:53:F1:B8:E2:96:5F:D0:38:78:10:A2:F6:2C:F7:14:81:6D:14:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVPxuOKWX9A4eBCi9iz3FIFtFJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/VQTERXSGwf3PUhsSzRfJoMTCwIY.roa
Signing time:             Thu 28 Aug 2025 16:03:36 +0000
ROA not before:           Thu 28 Aug 2025 16:03:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44970
IP address blocks:        195.137.253.0/24 maxlen: 24
                          2a14:2c00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/qVPxuOKWX9A4eBCi9iz3FIFtFJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/qVPxuOKWX9A4eBCi9iz3FIFtFJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qVPxuOKWX9A4eBCi9iz3FIFtFJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:6b:94:b2:5a:5a:0c:17:99:bf:76:a7:af:f7:78:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a953f1b8e2965fd0387810a2f62cf714816d1497
        Validity
            Not Before: Aug 28 16:03:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5504c4457486c1fdcf521b12cd17c9a0c4c2c086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f7:e7:f6:03:90:19:34:68:be:45:7a:2f:d3:
                    57:11:c7:4f:6d:73:81:ae:d4:24:8a:af:11:9c:a3:
                    d2:a5:21:96:df:0e:6b:47:9d:c3:4d:32:23:d0:82:
                    7a:66:71:aa:c2:31:64:b7:25:cd:a5:1f:9c:63:ff:
                    90:d6:64:d7:97:2d:47:64:72:cf:5c:73:af:0e:da:
                    7c:d2:98:e8:57:78:15:89:04:c7:a0:84:ba:e9:a6:
                    6c:ac:df:32:24:50:98:4e:7d:72:f4:58:41:6c:2e:
                    d2:d4:58:41:4a:17:f4:09:f7:c9:c8:ad:de:05:79:
                    92:b5:1f:c4:9e:b4:ba:8b:99:49:4a:7e:b6:2b:6d:
                    6e:c9:e4:e2:ae:db:4c:7f:8e:58:f9:63:88:a1:55:
                    23:5a:80:93:7f:c5:2f:de:32:d0:7f:fe:2a:36:a8:
                    2d:c3:0b:3a:38:6b:89:94:dc:c2:11:db:1e:08:68:
                    04:99:9c:6c:33:52:f5:61:b0:b8:90:54:df:86:f9:
                    47:26:01:c8:da:da:71:84:8a:ee:70:0d:7e:13:b3:
                    c0:e2:48:a8:31:56:c9:ca:6b:42:7d:2c:27:c3:c8:
                    2f:5a:12:99:3f:91:e6:a3:a6:1d:c0:5f:91:9b:1a:
                    7f:e9:bc:6d:f3:e7:a5:13:a8:c9:07:b4:47:8a:0a:
                    b4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:04:C4:45:74:86:C1:FD:CF:52:1B:12:CD:17:C9:A0:C4:C2:C0:86
            X509v3 Authority Key Identifier:
                keyid:A9:53:F1:B8:E2:96:5F:D0:38:78:10:A2:F6:2C:F7:14:81:6D:14:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVPxuOKWX9A4eBCi9iz3FIFtFJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/VQTERXSGwf3PUhsSzRfJoMTCwIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4e3493-ce03-4d94-bdfd-ae8633c17b87/1/qVPxuOKWX9A4eBCi9iz3FIFtFJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.253.0/24
                IPv6:
                  2a14:2c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:b5:15:60:2c:ef:88:59:d2:3c:15:2a:d7:4b:24:36:81:39:
         89:a6:e7:9d:20:b5:b9:d6:fc:fa:44:6c:d5:ee:ed:cb:bf:a6:
         bb:24:14:b0:3e:e7:df:62:af:ba:49:d7:63:31:d0:22:31:5a:
         18:4c:c7:1a:4d:f2:fd:92:41:b7:5f:da:f4:ac:db:c4:a9:66:
         46:cf:52:68:19:b7:91:58:28:65:6e:92:82:b5:3b:a3:b6:b4:
         79:6d:f9:53:25:cc:b9:b5:b5:3e:20:2b:d7:33:d4:05:ec:80:
         e5:cd:72:05:40:a3:59:4b:65:70:2b:d2:83:20:99:2e:23:57:
         81:7e:72:a0:f8:fb:b5:22:5f:aa:ee:e0:61:41:8e:93:5d:3d:
         c7:7e:52:ba:98:5f:44:90:49:6d:9c:1d:f8:fa:64:37:d7:71:
         eb:54:07:5c:ca:ce:eb:0a:c2:66:e6:ff:2d:90:7c:34:56:15:
         9b:4f:44:e5:7d:ed:02:b4:2b:a3:89:80:32:0a:0b:44:b8:c6:
         78:9f:8e:b4:39:47:73:bb:c5:42:29:22:b3:6c:d9:85:1f:17:
         b9:47:94:d9:dd:4d:39:42:8a:d4:4a:59:aa:43:ca:27:8e:c4:
         9f:43:7b:0c:e7:cc:37:f8:d4:03:96:d5:93:88:59:4f:f6:a7:
         9c:98:e0:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjxa5SyWloMF5m/dqev93jEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTNmMWI4ZTI5NjVmZDAzODc4MTBhMmY2MmNmNzE0ODE2
ZDE0OTcwHhcNMjUwODI4MTYwMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTA0YzQ0NTc0ODZjMWZkY2Y1MjFiMTJjZDE3YzlhMGM0YzJjMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Pfn9gOQGTRovkV6L9NXEcdPbXOB
rtQkiq8RnKPSpSGW3w5rR53DTTIj0IJ6ZnGqwjFktyXNpR+cY/+Q1mTXly1HZHLP
XHOvDtp80pjoV3gViQTHoIS66aZsrN8yJFCYTn1y9FhBbC7S1FhBShf0CffJyK3e
BXmStR/EnrS6i5lJSn62K21uyeTirttMf45Y+WOIoVUjWoCTf8Uv3jLQf/4qNqgt
wws6OGuJlNzCEdseCGgEmZxsM1L1YbC4kFTfhvlHJgHI2tpxhIrucA1+E7PA4kio
MVbJymtCfSwnw8gvWhKZP5Hmo6YdwF+Rmxp/6bxt8+elE6jJB7RHigq0nQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFUExEV0hsH9z1IbEs0XyaDEwsCGMB8GA1UdIwQY
MBaAFKlT8bjill/QOHgQovYs9xSBbRSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZQeHVPS1dYOUE0ZUJDaTlpejNGSUZ0RkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZTM0OTMtY2UwMy00ZDk0LWJkZmQt
YWU4NjMzYzE3Yjg3LzEvVlFURVJYU0d3ZjNQVWhzU3pSZkpvTVRDd0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80ZTM0OTMtY2UwMy00ZDk0LWJkZmQtYWU4NjMzYzE3Yjg3
LzEvcVZQeHVPS1dYOUE0ZUJDaTlpejNGSUZ0RkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw4n9MA0E
AgACMAcDBQAqFCwAMA0GCSqGSIb3DQEBCwUAA4IBAQA4tRVgLO+IWdI8FSrXSyQ2
gTmJpuedILW51vz6RGzV7u3Lv6a7JBSwPuffYq+6SddjMdAiMVoYTMcaTfL9kkG3
X9r0rNvEqWZGz1JoGbeRWChlbpKCtTujtrR5bflTJcy5tbU+ICvXM9QF7IDlzXIF
QKNZS2VwK9KDIJkuI1eBfnKg+Pu1Il+q7uBhQY6TXT3HflK6mF9EkEltnB34+mQ3
13HrVAdcys7rCsJm5v8tkHw0VhWbT0Tlfe0CtCujiYAyCgtEuMZ4n460OUdzu8VC
KSKzbNmFHxe5R5TZ3U05QorUSlmqQ8onjsSfQ3sM58w3+NQDltWTiFlP9qecmOCD
-----END CERTIFICATE-----