Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VOCwh1utjz1n3G0fRSWrGdBLX3E.roa
File:                     VOCwh1utjz1n3G0fRSWrGdBLX3E.roa (raw, json)
Hash identifier:          N86Thb+Z2Cee2FUQYjZTboBPyhDY9zRcG/ZzIf2sbhE=
Subject key identifier:   54:E0:B0:87:5B:AD:8F:3D:67:DC:6D:1F:45:25:AB:19:D0:4B:5F:71
Certificate issuer:       /CN=5695c54a09593ddc83face12db52bf6a22b976ed
Certificate serial:       01987F355A08AADE8063070DE86B8C9AD87E
Authority key identifier: 56:95:C5:4A:09:59:3D:DC:83:FA:CE:12:DB:52:BF:6A:22:B9:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VpXFSglZPdyD-s4S21K_aiK5du0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VOCwh1utjz1n3G0fRSWrGdBLX3E.roa
Signing time:             Wed 06 Aug 2025 11:47:39 +0000
ROA not before:           Wed 06 Aug 2025 11:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56964
IP address blocks:        77.95.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VpXFSglZPdyD-s4S21K_aiK5du0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VpXFSglZPdyD-s4S21K_aiK5du0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VpXFSglZPdyD-s4S21K_aiK5du0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:35:5a:08:aa:de:80:63:07:0d:e8:6b:8c:9a:d8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5695c54a09593ddc83face12db52bf6a22b976ed
        Validity
            Not Before: Aug  6 11:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54e0b0875bad8f3d67dc6d1f4525ab19d04b5f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:72:8f:b5:c2:8e:95:2e:ec:aa:07:62:19:12:
                    d1:e2:35:d9:f9:9e:f9:98:6a:6c:15:2b:fb:b8:88:
                    bc:c1:47:51:1f:dd:3e:78:0b:56:3e:39:21:de:c8:
                    b3:40:78:82:5a:70:cf:7e:00:ce:bf:43:d9:74:2d:
                    58:5e:cb:d3:1c:61:b7:cc:a0:da:33:e6:39:d5:73:
                    f5:16:a8:e4:3e:4c:ca:13:7a:db:7d:7e:49:88:d7:
                    88:95:b2:5d:a7:16:f5:b0:53:2a:5c:d7:33:f7:c2:
                    29:81:e9:26:f5:6e:03:dd:c7:0d:b4:dd:f8:16:de:
                    70:8f:e3:f7:05:b0:6c:e8:9e:31:15:1e:92:bf:83:
                    d7:bc:d6:b3:d1:89:0d:40:73:25:71:48:2c:e5:a0:
                    f5:57:c6:aa:f4:c5:c5:d8:58:31:1c:33:e3:03:40:
                    32:69:85:f3:d6:06:eb:e3:e9:3e:8c:4d:35:71:17:
                    84:6f:09:9f:0d:c7:64:ba:5d:f6:e4:b0:52:d5:e5:
                    8d:2e:c1:05:eb:ed:30:8f:6e:6f:2d:93:0b:37:3a:
                    25:fe:b9:00:a5:89:eb:84:13:b4:99:17:27:28:9c:
                    c2:31:cc:90:76:83:72:a6:28:32:63:10:1c:f8:e9:
                    ec:30:23:a8:1b:34:ee:59:f7:79:9f:15:a8:d8:a8:
                    89:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E0:B0:87:5B:AD:8F:3D:67:DC:6D:1F:45:25:AB:19:D0:4B:5F:71
            X509v3 Authority Key Identifier:
                keyid:56:95:C5:4A:09:59:3D:DC:83:FA:CE:12:DB:52:BF:6A:22:B9:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VpXFSglZPdyD-s4S21K_aiK5du0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VOCwh1utjz1n3G0fRSWrGdBLX3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/eeb517-b38b-4073-a2ae-e3fa9e63b9bc/1/VpXFSglZPdyD-s4S21K_aiK5du0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:41:ee:65:3b:4e:a0:76:82:0c:13:2f:01:02:62:16:11:0d:
         71:42:b5:16:99:78:39:2b:6d:f3:9f:92:42:9a:e0:2e:d9:27:
         e5:23:19:88:40:cb:25:1c:a7:5f:ff:fb:a2:2a:d1:57:cf:c8:
         4e:07:18:1d:df:3e:c4:15:8e:cd:01:8d:80:2a:c5:63:a8:4d:
         e8:80:c6:dd:de:bb:f1:76:20:e5:17:7b:fa:9c:7d:db:5f:91:
         7e:45:29:c8:3f:ff:94:55:af:de:7d:50:5f:16:c7:42:31:e1:
         d7:18:68:5e:1f:f7:13:39:b7:77:67:b5:fb:74:12:dc:56:5f:
         b6:9e:f3:43:02:52:de:04:93:d3:f3:b8:1c:87:75:5b:55:61:
         5a:1a:3c:e7:6f:d2:e4:17:d5:d1:d2:6a:c5:9e:3f:cd:81:c6:
         bf:3a:f8:29:1e:73:ed:50:b5:36:b6:f4:56:d6:06:17:ce:3c:
         75:d3:9c:52:f9:06:c1:be:f5:27:25:e8:1a:9d:00:c6:c1:24:
         40:a0:a1:84:e9:7e:cb:9e:c8:48:2d:0f:95:c8:cf:6a:dd:16:
         2b:4f:5e:b2:d5:94:84:a7:1f:11:04:55:a3:4e:de:06:bc:27:
         2f:b2:5a:b8:be:79:35:0b:62:cf:b3:66:46:86:e4:bc:d0:a9:
         24:83:9b:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/NVoIqt6AYwcN6GuMmth+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OTVjNTRhMDk1OTNkZGM4M2ZhY2UxMmRiNTJiZjZhMjJi
OTc2ZWQwHhcNMjUwODA2MTE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGUwYjA4NzViYWQ4ZjNkNjdkYzZkMWY0NTI1YWIxOWQwNGI1ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnKPtcKOlS7sqgdiGRLR4jXZ+Z75
mGpsFSv7uIi8wUdRH90+eAtWPjkh3sizQHiCWnDPfgDOv0PZdC1YXsvTHGG3zKDa
M+Y51XP1FqjkPkzKE3rbfX5JiNeIlbJdpxb1sFMqXNcz98Ipgekm9W4D3ccNtN34
Ft5wj+P3BbBs6J4xFR6Sv4PXvNaz0YkNQHMlcUgs5aD1V8aq9MXF2FgxHDPjA0Ay
aYXz1gbr4+k+jE01cReEbwmfDcdkul325LBS1eWNLsEF6+0wj25vLZMLNzol/rkA
pYnrhBO0mRcnKJzCMcyQdoNypigyYxAc+OnsMCOoGzTuWfd5nxWo2KiJswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTgsIdbrY89Z9xtH0UlqxnQS19xMB8GA1UdIwQY
MBaAFFaVxUoJWT3cg/rOEttSv2oiuXbtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnBYRlNnbFpQZHlELXM0UzIxS19haUs1ZHUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9lZWI1MTctYjM4Yi00MDczLWEyYWUt
ZTNmYTllNjNiOWJjLzEvVk9Dd2gxdXRqejFuM0cwZlJTV3JHZEJMWDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9lZWI1MTctYjM4Yi00MDczLWEyYWUtZTNmYTllNjNiOWJj
LzEvVnBYRlNnbFpQZHlELXM0UzIxS19haUs1ZHUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV+qMA0G
CSqGSIb3DQEBCwUAA4IBAQBxQe5lO06gdoIMEy8BAmIWEQ1xQrUWmXg5K23zn5JC
muAu2SflIxmIQMslHKdf//uiKtFXz8hOBxgd3z7EFY7NAY2AKsVjqE3ogMbd3rvx
diDlF3v6nH3bX5F+RSnIP/+UVa/efVBfFsdCMeHXGGheH/cTObd3Z7X7dBLcVl+2
nvNDAlLeBJPT87gch3VbVWFaGjznb9LkF9XR0mrFnj/Ngca/OvgpHnPtULU2tvRW
1gYXzjx105xS+QbBvvUnJeganQDGwSRAoKGE6X7LnshILQ+VyM9q3RYrT16y1ZSE
px8RBFWjTt4GvCcvslq4vnk1C2LPs2ZGhuS80Kkkg5vD
-----END CERTIFICATE-----