Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/VVay02te4c4nzoKHz-xrN3foME4.roa
File:                     VVay02te4c4nzoKHz-xrN3foME4.roa (raw, json)
Hash identifier:          +3WozqxDoZtdWYZgwzpI8n1yZj2XdHsIhAjwmttwDmw=
Subject key identifier:   55:56:B2:D3:6B:5E:E1:CE:27:CE:82:87:CF:EC:6B:37:77:E8:30:4E
Certificate issuer:       /CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
Certificate serial:       01957104928AAA6C5256B6825F8CD1A60006
Authority key identifier: D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/VVay02te4c4nzoKHz-xrN3foME4.roa
Signing time:             Fri 07 Mar 2025 14:31:19 +0000
ROA not before:           Fri 07 Mar 2025 14:31:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.134.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:71:04:92:8a:aa:6c:52:56:b6:82:5f:8c:d1:a6:00:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
        Validity
            Not Before: Mar  7 14:31:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5556b2d36b5ee1ce27ce8287cfec6b3777e8304e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8f:7e:b7:69:4b:36:99:22:1f:6f:2a:42:f9:
                    15:4b:9b:af:6a:7b:11:87:48:d6:98:af:c7:5e:9b:
                    e9:89:d2:38:50:02:0f:7d:19:00:eb:fe:50:3e:0b:
                    86:b1:0f:8d:59:43:76:52:e1:b1:67:8f:c1:b9:16:
                    5d:de:be:ce:da:83:ed:f3:3c:f3:7e:7e:c2:95:f5:
                    c2:94:a6:c2:84:55:39:07:e9:ca:bd:91:bd:4b:a4:
                    f9:14:fb:f4:ac:9a:39:ad:c9:c9:e4:35:8e:94:1e:
                    36:60:67:09:9b:8a:23:5f:4b:c9:02:11:95:41:b6:
                    5e:c2:a9:45:a4:c1:18:c1:4b:03:9f:1d:a4:f4:88:
                    bb:2b:ab:1e:8a:fb:9c:cc:47:33:45:59:38:ed:e9:
                    05:23:03:8a:cd:95:b9:ad:5e:08:52:81:b9:0f:cb:
                    53:cc:70:53:15:67:a4:b4:2e:46:3a:e1:ef:6f:4f:
                    e6:50:56:b1:6d:d4:a5:aa:31:c6:a8:4d:a4:c2:2e:
                    54:42:9d:f2:68:3c:18:d0:1a:69:eb:dd:0e:62:7a:
                    19:a6:f0:0b:1d:d1:a3:a0:d1:a6:a6:73:b5:b3:11:
                    7a:69:1e:a2:d6:48:1d:b4:72:24:69:9c:ed:cd:dc:
                    e4:07:de:89:a5:d8:5c:ae:61:be:5c:12:1f:83:94:
                    db:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:56:B2:D3:6B:5E:E1:CE:27:CE:82:87:CF:EC:6B:37:77:E8:30:4E
            X509v3 Authority Key Identifier:
                keyid:D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/VVay02te4c4nzoKHz-xrN3foME4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:ab:fd:cf:73:13:5e:cc:0e:13:a5:f7:00:47:e9:26:1b:eb:
         a4:5c:5e:2b:d2:fb:6f:4a:14:41:00:46:7f:72:79:32:25:60:
         8b:94:4e:ac:be:59:0b:bd:66:26:c0:0f:9e:5a:84:87:6f:cb:
         c6:51:2d:49:1d:8f:57:9c:e7:bf:11:77:20:22:f3:30:e3:e1:
         6a:f8:fb:55:af:0c:ba:6b:5e:4e:fa:2c:45:ea:63:ed:e8:77:
         c8:d3:e3:39:f7:84:a8:9b:2b:ea:95:63:b6:73:dc:4e:a4:fa:
         ce:83:bc:2a:19:9b:a3:d9:7c:83:61:3f:a8:07:e3:e7:cd:3a:
         63:bd:92:a9:72:71:e7:2b:fb:e6:03:39:3e:eb:67:a1:1d:92:
         9b:77:91:7d:3e:e9:2b:ec:a4:8f:ea:50:a2:3b:b2:fb:53:45:
         b5:31:b6:aa:8f:5f:19:2f:fa:98:38:60:0c:e4:50:1e:d7:e7:
         90:b2:9f:eb:62:a6:b9:a2:eb:ab:dd:60:26:05:bc:3b:8b:f3:
         4f:b8:73:b3:e3:f9:0c:f5:49:82:d5:8e:20:4c:e7:e6:7e:44:
         6b:c1:0f:43:a9:ff:c0:6b:de:b0:cc:c5:af:f2:40:ba:e3:98:
         a9:e9:05:84:fd:89:29:30:7f:60:3e:29:e8:20:29:a7:d9:38:
         d6:c0:0a:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVxBJKKqmxSVraCX4zRpgAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YjZhNWNhMzdlYWQzMWZkMmEzNTBiMGI0MTJkNzdkOTUz
MjA5MjgwHhcNMjUwMzA3MTQzMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTU2YjJkMzZiNWVlMWNlMjdjZTgyODdjZmVjNmIzNzc3ZTgzMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I9+t2lLNpkiH28qQvkVS5uvansR
h0jWmK/HXpvpidI4UAIPfRkA6/5QPguGsQ+NWUN2UuGxZ4/BuRZd3r7O2oPt8zzz
fn7ClfXClKbChFU5B+nKvZG9S6T5FPv0rJo5rcnJ5DWOlB42YGcJm4ojX0vJAhGV
QbZewqlFpMEYwUsDnx2k9Ii7K6seivuczEczRVk47ekFIwOKzZW5rV4IUoG5D8tT
zHBTFWektC5GOuHvb0/mUFaxbdSlqjHGqE2kwi5UQp3yaDwY0Bpp690OYnoZpvAL
HdGjoNGmpnO1sxF6aR6i1kgdtHIkaZztzdzkB96JpdhcrmG+XBIfg5Tb9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVWstNrXuHOJ86Ch8/sazd36DBOMB8GA1UdIwQY
MBaAFNW2pco36tMf0qNQsLQS132VMgkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUt
ZDRlODgyMDgzZTRmLzEvVlZheTAydGU0YzRuem9LSHoteHJOM2ZvTUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUtZDRlODgyMDgzZTRm
LzEvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYZCMA0G
CSqGSIb3DQEBCwUAA4IBAQCtq/3PcxNezA4TpfcAR+kmG+ukXF4r0vtvShRBAEZ/
cnkyJWCLlE6svlkLvWYmwA+eWoSHb8vGUS1JHY9XnOe/EXcgIvMw4+Fq+PtVrwy6
a15O+ixF6mPt6HfI0+M594SomyvqlWO2c9xOpPrOg7wqGZuj2XyDYT+oB+PnzTpj
vZKpcnHnK/vmAzk+62ehHZKbd5F9Pukr7KSP6lCiO7L7U0W1Mbaqj18ZL/qYOGAM
5FAe1+eQsp/rYqa5ouur3WAmBbw7i/NPuHOz4/kM9UmC1Y4gTOfmfkRrwQ9Dqf/A
a96wzMWv8kC645ip6QWE/YkpMH9gPinoICmn2TjWwArA
-----END CERTIFICATE-----