Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/v1Kwwfd8ZjjCs2Mu7l5Mtdf-PVI.roa
File:                     v1Kwwfd8ZjjCs2Mu7l5Mtdf-PVI.roa (raw, json)
Hash identifier:          ulU0aPB2ZxGebVfubT+AGsI+A+WmNT0R9PT7Ovu3cU0=
Subject key identifier:   BF:52:B0:C1:F7:7C:66:38:C2:B3:63:2E:EE:5E:4C:B5:D7:FE:3D:52
Certificate issuer:       /CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
Certificate serial:       0194244574FCC990D3F91B15FCEEA70F99E1
Authority key identifier: BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/v1Kwwfd8ZjjCs2Mu7l5Mtdf-PVI.roa
Signing time:             Wed 01 Jan 2025 23:48:39 +0000
ROA not before:           Wed 01 Jan 2025 23:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41887
IP address blocks:        194.140.230.0/24 maxlen: 24
                          2001:67c:144::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:74:fc:c9:90:d3:f9:1b:15:fc:ee:a7:0f:99:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
        Validity
            Not Before: Jan  1 23:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf52b0c1f77c6638c2b3632eee5e4cb5d7fe3d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:53:6a:bd:15:58:c3:36:2e:4c:44:76:c0:d1:
                    cf:60:47:32:36:c5:c1:35:2e:72:73:c9:10:19:7b:
                    9e:51:ae:69:86:06:16:cc:6d:51:e9:1b:33:5e:07:
                    c6:64:52:ee:99:fb:bb:c0:f8:b4:68:9e:b0:d6:fe:
                    5f:55:2d:4d:6f:b6:ac:7a:f4:93:93:33:bd:c8:19:
                    bc:9b:fc:67:f2:6e:6b:c8:70:bb:97:a2:9e:b9:83:
                    b9:5e:db:01:f1:63:62:df:10:f6:4b:1e:ae:80:c6:
                    2d:13:fb:e1:0b:fc:42:3e:51:b7:88:5f:1f:c3:9f:
                    ed:0b:95:83:98:59:e3:4e:54:90:20:91:5d:ad:2d:
                    47:0d:8f:4f:59:5b:7a:a0:05:cd:91:d5:57:b4:24:
                    58:82:d5:bc:fe:d0:44:4a:b9:bc:85:44:02:0d:08:
                    cf:b3:7b:f8:ed:48:51:ea:e6:84:89:78:f6:1e:f4:
                    4b:1f:90:74:8e:ea:07:b2:bc:2c:62:f1:d3:b8:4c:
                    cb:58:a8:79:42:01:cd:f0:fc:7c:6e:fe:87:cc:c0:
                    1d:ba:ca:90:23:43:23:e3:03:36:c6:c2:fd:a1:a7:
                    37:94:05:c2:03:5a:71:17:5f:66:3b:07:fb:ad:f7:
                    78:cd:49:77:70:c4:89:a4:67:df:13:49:da:7d:33:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:52:B0:C1:F7:7C:66:38:C2:B3:63:2E:EE:5E:4C:B5:D7:FE:3D:52
            X509v3 Authority Key Identifier:
                keyid:BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/v1Kwwfd8ZjjCs2Mu7l5Mtdf-PVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.230.0/24
                IPv6:
                  2001:67c:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:2e:95:d6:97:82:3e:4a:c0:3d:fa:38:c2:c3:5b:da:b1:6e:
         7b:03:09:25:10:44:bf:32:78:0c:d0:a2:11:58:a1:87:03:db:
         19:b6:24:0a:46:79:4f:49:28:29:22:d2:fa:ed:42:8f:38:06:
         0e:c4:b9:fd:61:c2:10:09:c5:a7:e7:26:3e:1c:5f:59:a2:ed:
         05:3b:44:f3:11:7e:35:40:a1:97:cf:d1:a1:47:64:25:2d:0b:
         a9:32:84:1a:66:4c:56:f4:5e:66:65:36:26:51:7f:91:3f:3b:
         67:6e:9a:b8:64:41:f7:c3:8a:12:4f:0a:79:d3:a5:25:91:a2:
         31:ce:3f:3f:df:54:89:6c:7c:87:b6:bb:91:9f:23:6f:98:89:
         1a:89:28:13:eb:05:56:4a:14:99:93:74:e5:5c:5a:f0:51:c4:
         e2:3a:a8:c3:5b:be:ff:17:e6:c8:62:ec:81:6c:89:d6:d1:42:
         d8:bc:eb:ea:c2:50:72:72:45:3b:c7:a8:fb:64:2a:e4:93:88:
         a5:1a:3b:a5:66:04:2e:34:33:8e:3d:25:b4:53:0c:3e:02:66:
         43:15:ed:ed:31:19:b1:05:f7:7f:21:26:e9:20:c2:5c:01:69:
         69:65:d0:f8:40:af:75:b8:5e:59:91:d2:9c:05:42:d3:f3:01:
         d8:52:85:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRXT8yZDT+RsV/O6nD5nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjdhMGEwNDhiNjhlY2NmYTRkNDllYWI0ZjE2ZGM3OTJj
MGQzMTgwHhcNMjUwMTAxMjM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjUyYjBjMWY3N2M2NjM4YzJiMzYzMmVlZTVlNGNiNWQ3ZmUzZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61NqvRVYwzYuTER2wNHPYEcyNsXB
NS5yc8kQGXueUa5phgYWzG1R6RszXgfGZFLumfu7wPi0aJ6w1v5fVS1Nb7asevST
kzO9yBm8m/xn8m5ryHC7l6KeuYO5XtsB8WNi3xD2Sx6ugMYtE/vhC/xCPlG3iF8f
w5/tC5WDmFnjTlSQIJFdrS1HDY9PWVt6oAXNkdVXtCRYgtW8/tBESrm8hUQCDQjP
s3v47UhR6uaEiXj2HvRLH5B0juoHsrwsYvHTuEzLWKh5QgHN8Px8bv6HzMAdusqQ
I0Mj4wM2xsL9oac3lAXCA1pxF19mOwf7rfd4zUl3cMSJpGffE0nafTPaFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL9SsMH3fGY4wrNjLu5eTLXX/j1SMB8GA1UdIwQY
MBaAFL33oKBIto7M+k1J6rTxbceSwNMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgt
MzUxNjE5MWE5ZDY4LzEvdjFLd3dmZDhaampDczJNdTdsNU10ZGYtUFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgtMzUxNjE5MWE5ZDY4
LzEvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwozmMA8E
AgACMAkDBwAgAQZ8AUQwDQYJKoZIhvcNAQELBQADggEBALMuldaXgj5KwD36OMLD
W9qxbnsDCSUQRL8yeAzQohFYoYcD2xm2JApGeU9JKCki0vrtQo84Bg7Euf1hwhAJ
xafnJj4cX1mi7QU7RPMRfjVAoZfP0aFHZCUtC6kyhBpmTFb0XmZlNiZRf5E/O2du
mrhkQffDihJPCnnTpSWRojHOPz/fVIlsfIe2u5GfI2+YiRqJKBPrBVZKFJmTdOVc
WvBRxOI6qMNbvv8X5shi7IFsidbRQti86+rCUHJyRTvHqPtkKuSTiKUaO6VmBC40
M449JbRTDD4CZkMV7e0xGbEF938hJukgwlwBaWll0PhAr3W4XlmR0pwFQtPzAdhS
hak=
-----END CERTIFICATE-----