Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/vfHbIoTnUxhnAwnrFKAEBgGqbIw.roa
File:                     vfHbIoTnUxhnAwnrFKAEBgGqbIw.roa (raw, json)
Hash identifier:          m840ACktEyZoGVV96T6Ly3VBkVNyCX1wXuDPZajskuA=
Subject key identifier:   BD:F1:DB:22:84:E7:53:18:67:03:09:EB:14:A0:04:06:01:AA:6C:8C
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01980EA1E92E0354AA213F01CB8DCA51788D
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/vfHbIoTnUxhnAwnrFKAEBgGqbIw.roa
Signing time:             Tue 15 Jul 2025 15:09:08 +0000
ROA not before:           Tue 15 Jul 2025 15:09:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        178.254.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 10:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:a1:e9:2e:03:54:aa:21:3f:01:cb:8d:ca:51:78:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jul 15 15:09:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdf1db2284e75318670309eb14a0040601aa6c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ce:6d:05:d0:70:84:e9:b3:b6:f7:8d:c5:e1:
                    80:5e:c0:db:cf:97:9f:2b:e2:49:a8:9d:f3:29:d6:
                    0f:56:48:3b:8c:7b:d8:94:b4:97:86:2a:fe:30:b9:
                    37:b0:94:85:ca:db:a6:f5:50:f7:23:0f:42:d5:7d:
                    1c:e9:11:01:0c:d6:d8:63:90:1a:5c:d7:87:8a:64:
                    a2:10:35:2f:e2:eb:77:03:a1:74:4b:57:00:b5:f2:
                    0d:71:3e:c0:41:2a:42:df:70:19:40:9c:87:00:20:
                    58:c4:49:cf:bd:37:a0:99:95:84:7a:07:29:cb:2a:
                    cc:5e:05:dd:b9:6f:97:9d:93:51:58:e8:bd:51:3f:
                    b6:55:f8:66:7a:43:07:59:c1:a0:94:b6:a2:e3:de:
                    86:c5:7e:ef:a9:2d:fa:a4:0e:2a:4c:cb:2b:e4:6a:
                    36:32:ea:0f:66:eb:15:8f:51:a9:cc:dd:70:45:a7:
                    22:c0:38:f1:64:51:85:29:e9:a1:05:b8:21:3b:00:
                    fc:4e:1f:ac:3b:83:69:e2:cf:bf:98:b9:94:88:f0:
                    56:9e:76:b3:d9:b0:a9:6f:df:2f:9c:50:3c:85:4a:
                    08:8b:d2:77:dd:6b:e8:c2:9f:e0:36:94:1c:43:74:
                    c2:dd:4d:df:5f:ad:1f:3c:03:4c:3a:e9:2d:ad:99:
                    5b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F1:DB:22:84:E7:53:18:67:03:09:EB:14:A0:04:06:01:AA:6C:8C
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/vfHbIoTnUxhnAwnrFKAEBgGqbIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:dc:19:f1:1a:f4:69:73:25:8a:62:ed:ac:a1:ac:0c:5f:15:
         d0:a1:24:31:d1:a6:78:36:27:89:1c:27:9b:12:84:1f:55:2a:
         af:f3:61:d5:b5:5c:d7:b6:0b:2d:25:cd:91:69:41:b7:72:b9:
         05:81:dc:6c:7d:45:8f:ed:fc:a7:5d:d4:73:c2:97:42:c4:36:
         38:1b:f9:4b:40:a9:85:90:d2:0d:68:f8:91:de:b5:49:7e:b4:
         d6:82:72:15:d8:66:10:a2:28:77:9b:f3:6b:51:f6:7d:63:82:
         a5:45:d1:0d:dd:1e:bf:31:cf:19:08:aa:14:6d:a5:f4:bc:04:
         92:04:f3:f7:8d:05:84:44:01:07:16:4d:2a:58:db:c9:89:38:
         e6:7c:bd:0e:99:7e:a7:4c:a4:e3:d7:58:84:e5:c6:30:24:51:
         56:a7:3c:b2:37:6e:8d:7f:31:e6:6a:9c:2b:3e:e8:05:43:cd:
         ca:3d:b9:92:ed:94:0c:ba:e1:2f:87:49:f2:15:4a:a8:21:8b:
         78:a6:7f:8b:1b:60:92:86:6b:5f:97:47:9e:7f:10:74:95:34:
         db:d5:65:eb:4b:7f:4c:13:64:a3:f5:a6:79:fd:52:36:21:72:
         19:ab:d5:81:a0:da:b6:0b:1c:37:77:0e:0a:3c:d4:0d:68:83:
         62:1a:77:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgOoekuA1SqIT8By43KUXiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNzE1MTUwOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGYxZGIyMjg0ZTc1MzE4NjcwMzA5ZWIxNGEwMDQwNjAxYWE2YzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM5tBdBwhOmztveNxeGAXsDbz5ef
K+JJqJ3zKdYPVkg7jHvYlLSXhir+MLk3sJSFytum9VD3Iw9C1X0c6REBDNbYY5Aa
XNeHimSiEDUv4ut3A6F0S1cAtfINcT7AQSpC33AZQJyHACBYxEnPvTegmZWEegcp
yyrMXgXduW+XnZNRWOi9UT+2VfhmekMHWcGglLai496GxX7vqS36pA4qTMsr5Go2
MuoPZusVj1GpzN1wRaciwDjxZFGFKemhBbghOwD8Th+sO4Np4s+/mLmUiPBWnnaz
2bCpb98vnFA8hUoIi9J33Wvowp/gNpQcQ3TC3U3fX60fPANMOuktrZlbPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3x2yKE51MYZwMJ6xSgBAYBqmyMMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvdmZIYklvVG5VeGhuQXduckZLQUVCZ0dxYkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6oMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ3BnxGvRpcyWKYu2soawMXxXQoSQx0aZ4NieJHCeb
EoQfVSqv82HVtVzXtgstJc2RaUG3crkFgdxsfUWP7fynXdRzwpdCxDY4G/lLQKmF
kNINaPiR3rVJfrTWgnIV2GYQoih3m/NrUfZ9Y4KlRdEN3R6/Mc8ZCKoUbaX0vASS
BPP3jQWERAEHFk0qWNvJiTjmfL0OmX6nTKTj11iE5cYwJFFWpzyyN26NfzHmapwr
PugFQ83KPbmS7ZQMuuEvh0nyFUqoIYt4pn+LG2CShmtfl0eefxB0lTTb1WXrS39M
E2Sj9aZ5/VI2IXIZq9WBoNq2Cxw3dw4KPNQNaINiGnfa
-----END CERTIFICATE-----