Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Vf3C3nEL83KU-t7pLCkbgpiASsA.roa
File:                     Vf3C3nEL83KU-t7pLCkbgpiASsA.roa (raw, json)
Hash identifier:          6SosAmZB67F6Q5qUy5fWvfEJcjGr5qv93jKtlhRr2es=
Subject key identifier:   55:FD:C2:DE:71:0B:F3:72:94:FA:DE:E9:2C:29:1B:82:98:80:4A:C0
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0194228E0912A92FAF3010B6CFF9A161121E
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Vf3C3nEL83KU-t7pLCkbgpiASsA.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152911
IP address blocks:        2a01:ffc7:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:09:12:a9:2f:af:30:10:b6:cf:f9:a1:61:12:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55fdc2de710bf37294fadee92c291b8298804ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c3:6f:0d:cf:a0:ca:ce:fa:95:e1:67:18:8b:
                    fb:a2:e9:b0:28:72:1b:f1:fc:57:17:79:13:12:65:
                    12:07:a7:df:6f:d8:53:19:ef:ce:e7:2d:9d:e6:bc:
                    a9:ee:7b:e1:8d:77:d1:b0:d4:cb:45:56:7e:61:3c:
                    66:f7:ce:4b:3f:31:28:7c:90:48:be:b7:3f:25:21:
                    00:4d:a1:2f:57:ff:e1:f9:aa:92:ea:2b:3e:62:28:
                    74:6f:4b:f1:1f:fc:fa:61:c3:ae:63:07:ee:de:63:
                    8b:86:6f:15:c5:12:5f:a2:80:ed:f5:f9:a9:39:b0:
                    60:02:56:b2:0e:dd:eb:77:6a:f1:72:46:a6:42:32:
                    1d:e3:f2:fd:36:13:99:30:1b:b2:2e:9b:62:02:b8:
                    21:f5:ca:db:64:de:ea:a4:ba:6a:83:d8:f9:89:77:
                    61:2c:d5:52:39:b3:98:31:e2:ea:7f:42:b2:dc:5f:
                    40:d0:e0:92:05:cd:9a:5d:57:b2:2d:de:da:e7:fa:
                    0a:56:fd:a3:a1:ab:a0:24:8b:41:0d:87:06:98:e8:
                    fe:2f:ac:47:e8:f6:97:64:84:c4:91:55:19:f0:96:
                    83:e9:7e:ca:ae:fe:bb:5c:d6:2f:67:1d:0a:87:a3:
                    5f:32:81:69:b9:2f:a8:8c:26:d4:19:b8:62:c1:36:
                    53:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FD:C2:DE:71:0B:F3:72:94:FA:DE:E9:2C:29:1B:82:98:80:4A:C0
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/Vf3C3nEL83KU-t7pLCkbgpiASsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc7:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:3c:82:3d:5f:48:a5:ba:4c:98:0a:00:15:b7:eb:94:aa:41:
         56:5d:a7:79:3c:aa:cf:ea:e1:ea:32:99:ef:ee:2f:6b:60:93:
         57:f4:47:d9:13:c2:7d:e8:b1:4d:85:12:5e:17:a4:19:0e:3e:
         c7:4b:61:f6:ea:74:ee:8e:2d:fa:ad:0c:bf:a1:e0:c3:68:bc:
         c8:f9:f8:b4:3d:ab:49:ca:0b:ba:da:d9:ec:f9:24:7e:ee:82:
         c4:cf:6a:2e:1f:98:70:7d:bf:a5:96:18:f5:8e:3c:1c:7f:0b:
         3c:4c:7d:59:6d:8a:7c:75:da:6f:f6:85:b5:3c:4c:0d:ba:6a:
         d8:d3:3f:28:6b:3c:49:22:8e:7b:ba:38:dd:29:b1:f7:e2:b3:
         bf:98:d5:d7:e3:f4:45:84:f5:0d:fc:b1:f2:35:0a:70:d6:d4:
         91:74:c3:3e:6c:e7:72:06:bf:ec:10:73:b0:f9:46:ad:3e:7c:
         6c:a2:fd:57:a8:c5:9e:bb:b3:96:4b:10:db:ae:b5:ca:95:e9:
         e3:d1:6a:00:c9:a0:27:e0:6f:44:c3:6d:53:1b:e8:f2:7d:75:
         d1:41:82:b9:d1:70:6b:aa:db:3b:c1:18:bc:61:90:1e:11:a9:
         29:f6:2b:cd:c9:dc:d1:3d:63:88:4f:e4:7e:61:87:40:ac:0c:
         9b:77:5c:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijgkSqS+vMBC2z/mhYRIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZkYzJkZTcxMGJmMzcyOTRmYWRlZTkyYzI5MWI4Mjk4ODA0YWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cNvDc+gys76leFnGIv7oumwKHIb
8fxXF3kTEmUSB6ffb9hTGe/O5y2d5ryp7nvhjXfRsNTLRVZ+YTxm985LPzEofJBI
vrc/JSEATaEvV//h+aqS6is+Yih0b0vxH/z6YcOuYwfu3mOLhm8VxRJfooDt9fmp
ObBgAlayDt3rd2rxckamQjId4/L9NhOZMBuyLptiArgh9crbZN7qpLpqg9j5iXdh
LNVSObOYMeLqf0Ky3F9A0OCSBc2aXVeyLd7a5/oKVv2joaugJItBDYcGmOj+L6xH
6PaXZITEkVUZ8JaD6X7Krv67XNYvZx0Kh6NfMoFpuS+ojCbUGbhiwTZTgwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFX9wt5xC/NylPre6SwpG4KYgErAMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvVmYzQzNuRUw4M0tVLXQ3cExDa2JncGlBU3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgH/xwEw
DQYJKoZIhvcNAQELBQADggEBADs8gj1fSKW6TJgKABW365SqQVZdp3k8qs/q4eoy
me/uL2tgk1f0R9kTwn3osU2FEl4XpBkOPsdLYfbqdO6OLfqtDL+h4MNovMj5+LQ9
q0nKC7ra2ez5JH7ugsTPai4fmHB9v6WWGPWOPBx/CzxMfVltinx12m/2hbU8TA26
atjTPyhrPEkijnu6ON0psffis7+Y1dfj9EWE9Q38sfI1CnDW1JF0wz5s53IGv+wQ
c7D5Rq0+fGyi/VeoxZ67s5ZLENuutcqV6ePRagDJoCfgb0TDbVMb6PJ9ddFBgrnR
cGuq2zvBGLxhkB4RqSn2K83J3NE9Y4hP5H5hh0CsDJt3XIU=
-----END CERTIFICATE-----