Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/2VG718T3W04-_y_DFYMb27FL8Xc.roa
File:                     2VG718T3W04-_y_DFYMb27FL8Xc.roa (raw, json)
Hash identifier:          rc2TenqF9dc6/5xbGTLqr/wJccF1AG2cwa4tLlPDxNg=
Subject key identifier:   D9:51:BB:D7:C4:F7:5B:4E:3E:FF:2F:C3:15:83:1B:DB:B1:4B:F1:77
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       01967211C9B1EDDD4E85C38A26350C13E36C
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/2VG718T3W04-_y_DFYMb27FL8Xc.roa
Signing time:             Sat 26 Apr 2025 12:28:10 +0000
ROA not before:           Sat 26 Apr 2025 12:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60248
IP address blocks:        130.193.77.0/24 maxlen: 24
                          195.110.38.0/24 maxlen: 24
                          195.110.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 15:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:11:c9:b1:ed:dd:4e:85:c3:8a:26:35:0c:13:e3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Apr 26 12:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d951bbd7c4f75b4e3eff2fc315831bdbb14bf177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:75:25:8e:e1:fc:35:c5:51:bd:1b:82:41:92:
                    e1:15:d3:4a:91:62:86:9e:14:10:66:26:b8:08:c6:
                    ba:e8:7c:23:34:a6:7f:49:31:94:35:ba:0e:5d:34:
                    6b:b8:02:9e:2d:ac:cf:ce:54:98:77:9d:f0:a9:27:
                    46:8d:3b:74:06:f8:07:a3:18:d8:18:b6:2c:3e:69:
                    62:36:9e:27:38:b6:35:c0:39:5d:73:73:10:92:cd:
                    f1:1b:ac:ca:b6:63:51:18:ce:7c:52:d5:91:39:91:
                    d1:d9:f5:3a:67:1f:bb:9c:be:35:0a:6c:f9:f6:46:
                    d6:5c:bb:37:81:6a:99:d8:65:9a:d9:da:38:e4:93:
                    92:bf:b7:e8:16:e3:fe:aa:dc:11:61:d3:9b:20:13:
                    57:56:46:10:71:46:11:fb:50:37:44:23:df:d6:44:
                    cb:f0:ca:48:e4:10:b6:a4:54:26:10:8e:1f:c3:ce:
                    2a:e6:6c:57:86:c7:5e:0f:62:42:ad:d9:6e:c3:4d:
                    ad:c0:c3:51:12:60:e4:e0:84:b0:66:07:dd:97:7f:
                    58:39:52:81:33:b1:b3:d3:78:7e:07:e5:40:6b:cb:
                    b9:24:c1:4f:20:bc:0b:04:07:35:77:c2:6a:67:b9:
                    6a:0b:74:d3:60:b0:ce:e9:c0:e2:59:26:06:ca:d9:
                    d2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:51:BB:D7:C4:F7:5B:4E:3E:FF:2F:C3:15:83:1B:DB:B1:4B:F1:77
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/2VG718T3W04-_y_DFYMb27FL8Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.77.0/24
                  195.110.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:38:b8:40:9b:48:0d:26:79:fe:41:1d:9a:09:80:9b:53:fa:
         17:a1:d7:01:a4:d7:07:9d:61:f2:4c:88:a1:3c:78:fa:08:b5:
         64:5f:02:83:81:c2:a1:58:b4:79:f2:47:2e:d2:c0:89:bb:94:
         c6:d0:7f:e1:a7:c8:89:d4:e8:47:8c:38:f4:aa:80:1d:bc:90:
         ca:77:0c:b9:c4:5e:23:2c:c9:cb:d8:21:77:48:7f:46:9b:d1:
         fa:c9:28:82:2a:04:b6:66:7f:a3:ec:6d:2b:53:88:b5:92:58:
         09:38:de:09:f9:6c:7f:ca:7a:2e:d5:d6:4e:a1:bf:c3:cb:17:
         8e:f4:0d:3d:95:86:3e:61:72:e1:d5:15:c7:7c:9b:10:35:6f:
         00:2c:dd:64:57:e4:b5:23:37:ac:70:41:69:27:5f:09:b5:df:
         6d:c9:7e:1d:ea:2e:e4:c8:8d:97:89:62:1b:16:34:90:20:be:
         ad:cd:ad:94:ec:a0:21:15:e2:6f:7b:4f:02:71:14:f6:35:fb:
         40:47:ec:ab:7e:5d:18:bc:7f:81:29:94:e6:97:77:04:be:37:
         59:d1:9b:8e:bc:5b:8a:c5:e8:6d:eb:ea:29:e7:dc:0e:a7:de:
         18:15:1b:57:7b:3b:dc:92:db:4d:f9:2f:b9:db:e7:fe:07:82:
         98:2e:97:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZyEcmx7d1OhcOKJjUME+NsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjUwNDI2MTIyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTUxYmJkN2M0Zjc1YjRlM2VmZjJmYzMxNTgzMWJkYmIxNGJmMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nUljuH8NcVRvRuCQZLhFdNKkWKG
nhQQZia4CMa66HwjNKZ/STGUNboOXTRruAKeLazPzlSYd53wqSdGjTt0BvgHoxjY
GLYsPmliNp4nOLY1wDldc3MQks3xG6zKtmNRGM58UtWROZHR2fU6Zx+7nL41Cmz5
9kbWXLs3gWqZ2GWa2do45JOSv7foFuP+qtwRYdObIBNXVkYQcUYR+1A3RCPf1kTL
8MpI5BC2pFQmEI4fw84q5mxXhsdeD2JCrdluw02twMNREmDk4ISwZgfdl39YOVKB
M7Gz03h+B+VAa8u5JMFPILwLBAc1d8JqZ7lqC3TTYLDO6cDiWSYGytnS6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNlRu9fE91tOPv8vwxWDG9uxS/F3MB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvMlZHNzE4VDNXMDQtX3lfREZZTWIyN0ZMOFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgsFNAwQB
w24mMA0GCSqGSIb3DQEBCwUAA4IBAQBFOLhAm0gNJnn+QR2aCYCbU/oXodcBpNcH
nWHyTIihPHj6CLVkXwKDgcKhWLR58kcu0sCJu5TG0H/hp8iJ1OhHjDj0qoAdvJDK
dwy5xF4jLMnL2CF3SH9Gm9H6ySiCKgS2Zn+j7G0rU4i1klgJON4J+Wx/ynou1dZO
ob/DyxeO9A09lYY+YXLh1RXHfJsQNW8ALN1kV+S1IzescEFpJ18Jtd9tyX4d6i7k
yI2XiWIbFjSQIL6tza2U7KAhFeJve08CcRT2NftAR+yrfl0YvH+BKZTml3cEvjdZ
0ZuOvFuKxeht6+op59wOp94YFRtXezvckttN+S+52+f+B4KYLpct
-----END CERTIFICATE-----