Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/Vf1RDh-x6BtkmqUI8kQeJAmyoeQ.roa
File:                     Vf1RDh-x6BtkmqUI8kQeJAmyoeQ.roa (raw, json)
Hash identifier:          1PUOdlU3yqRdUd5Mz1TUUvBo/uRT6+wW9qnbLMW13lU=
Subject key identifier:   55:FD:51:0E:1F:B1:E8:1B:64:9A:A5:08:F2:44:1E:24:09:B2:A1:E4
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       01942144278865321A6346B89D63170F47B7
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/Vf1RDh-x6BtkmqUI8kQeJAmyoeQ.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:27:88:65:32:1a:63:46:b8:9d:63:17:0f:47:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55fd510e1fb1e81b649aa508f2441e2409b2a1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a9:39:0b:2e:3a:f9:2f:40:da:ae:08:98:7f:
                    8f:a6:11:02:67:79:9a:00:a2:3b:f2:34:b0:4f:2f:
                    78:93:a9:60:34:65:9c:26:d3:7c:89:9c:ea:35:fa:
                    0e:38:27:d1:5f:08:13:d9:31:12:89:24:56:ff:3a:
                    49:ed:8b:62:76:a0:94:d8:86:4d:63:1b:9d:01:eb:
                    ad:07:1d:2d:df:8b:fd:2c:7f:63:37:c6:7f:e9:35:
                    92:fb:f4:45:b1:07:6d:c0:02:79:c9:8c:8e:c5:e3:
                    67:88:dd:66:f5:6d:ed:18:f7:7b:48:a8:00:51:6f:
                    63:67:3c:98:5a:f5:d6:02:34:a0:3a:c3:d8:04:5f:
                    4f:ad:f4:eb:48:58:67:e6:67:a2:3d:e2:f2:09:d7:
                    7f:63:20:c8:c0:36:88:97:16:a2:ee:6a:c7:38:d3:
                    e6:01:10:a4:49:c8:98:65:19:f9:c3:17:8b:5f:7b:
                    c3:75:7e:96:7a:54:be:ff:ae:d1:aa:bd:97:37:34:
                    02:7d:6b:f3:01:e5:1e:83:a0:ec:bb:b8:89:3e:10:
                    07:6c:28:0c:de:e9:d9:0c:fe:f6:af:dd:25:dc:0a:
                    b4:a1:e2:56:2c:32:17:e5:23:3e:02:7a:80:8f:59:
                    b0:00:c3:b9:17:bd:b3:d4:6d:fa:b4:0b:4a:33:f8:
                    86:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FD:51:0E:1F:B1:E8:1B:64:9A:A5:08:F2:44:1E:24:09:B2:A1:E4
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/Vf1RDh-x6BtkmqUI8kQeJAmyoeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3b:f5:07:4f:53:ce:69:40:0f:b6:5c:53:38:58:e9:6c:42:
         08:b9:ad:e3:f6:87:36:cb:30:55:78:ac:bd:49:5d:e1:12:84:
         3f:82:27:10:69:81:02:0f:fa:87:56:56:b3:9d:4f:c8:f7:85:
         ad:f9:6a:1b:ff:b2:5b:1e:36:de:eb:06:37:8d:b1:7d:29:16:
         5b:04:d1:e2:ff:0e:3f:db:be:c7:fe:02:bd:5a:83:a0:35:57:
         4a:e3:fa:1d:a0:e9:20:6f:76:c8:03:4e:51:1e:9b:1d:eb:43:
         ba:3e:0c:41:09:18:d4:a1:e1:af:3e:b7:65:62:69:00:9a:a6:
         ee:63:13:da:8e:35:0d:6e:f2:ae:b1:ea:b3:c9:03:c1:ee:61:
         87:a0:f0:a0:92:81:33:33:ff:89:84:e9:a4:68:e8:4d:64:15:
         24:c6:40:70:3d:ca:0a:18:59:11:2d:47:13:94:a7:6e:49:dd:
         96:92:a5:b1:ab:13:34:80:6f:03:9e:7e:93:2f:a3:d4:56:25:
         b6:2a:c8:b5:8a:95:12:a4:38:aa:e8:ae:48:9b:1b:70:f3:93:
         e9:b9:d1:85:0f:0c:3c:40:9e:10:06:3c:d0:47:9a:bd:58:7a:
         9b:8b:07:06:b3:ce:6e:54:47:6d:fa:08:a7:dc:6e:34:10:91:
         9d:1f:2c:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCeIZTIaY0a4nWMXD0e3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZkNTEwZTFmYjFlODFiNjQ5YWE1MDhmMjQ0MWUyNDA5YjJhMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ak5Cy46+S9A2q4ImH+PphECZ3ma
AKI78jSwTy94k6lgNGWcJtN8iZzqNfoOOCfRXwgT2TESiSRW/zpJ7YtidqCU2IZN
YxudAeutBx0t34v9LH9jN8Z/6TWS+/RFsQdtwAJ5yYyOxeNniN1m9W3tGPd7SKgA
UW9jZzyYWvXWAjSgOsPYBF9PrfTrSFhn5meiPeLyCdd/YyDIwDaIlxai7mrHONPm
ARCkSciYZRn5wxeLX3vDdX6WelS+/67Rqr2XNzQCfWvzAeUeg6Dsu7iJPhAHbCgM
3unZDP72r90l3Aq0oeJWLDIX5SM+AnqAj1mwAMO5F72z1G36tAtKM/iGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFX9UQ4fsegbZJqlCPJEHiQJsqHkMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvVmYxUkRoLXg2QnRrbXFVSThrUWVKQW15b2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQAiO/UHT1POaUAPtlxTOFjpbEIIua3j9oc2yzBVeKy9
SV3hEoQ/gicQaYECD/qHVlaznU/I94Wt+Wob/7JbHjbe6wY3jbF9KRZbBNHi/w4/
277H/gK9WoOgNVdK4/odoOkgb3bIA05RHpsd60O6PgxBCRjUoeGvPrdlYmkAmqbu
YxPajjUNbvKuseqzyQPB7mGHoPCgkoEzM/+JhOmkaOhNZBUkxkBwPcoKGFkRLUcT
lKduSd2WkqWxqxM0gG8Dnn6TL6PUViW2Ksi1ipUSpDiq6K5Imxtw85PpudGFDww8
QJ4QBjzQR5q9WHqbiwcGs85uVEdt+gin3G40EJGdHyw2
-----END CERTIFICATE-----