Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/VZJHzDNuTzbzYD_RSaWZlgehjFQ.roa
File:                     VZJHzDNuTzbzYD_RSaWZlgehjFQ.roa (raw, json)
Hash identifier:          vVzwIkv/iAit2akckkKxsWamqdbKN2Wh8RJbCYAPYoU=
Subject key identifier:   55:92:47:CC:33:6E:4F:36:F3:60:3F:D1:49:A5:99:96:07:A1:8C:54
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0192DE86FE647F11910B8E69C96E2D214ECF
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/VZJHzDNuTzbzYD_RSaWZlgehjFQ.roa
Signing time:             Wed 30 Oct 2024 17:44:01 +0000
ROA not before:           Wed 30 Oct 2024 17:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212514
IP address blocks:        2a01:ffc0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:de:86:fe:64:7f:11:91:0b:8e:69:c9:6e:2d:21:4e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Oct 30 17:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=559247cc336e4f36f3603fd149a5999607a18c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:54:5d:69:49:f4:f9:3e:9e:bc:d4:15:6d:3a:
                    d4:75:26:43:16:54:ad:e7:97:74:c5:b2:a5:08:83:
                    fa:70:22:0e:14:70:8c:d3:11:62:91:40:31:53:00:
                    81:fe:7d:b0:be:de:80:58:3e:b8:aa:e0:68:8a:fb:
                    a0:09:3d:1f:13:0c:81:2d:b9:c1:fd:29:d7:93:b1:
                    fa:aa:92:91:f4:34:ec:c9:41:60:5b:61:40:92:7c:
                    ee:c5:98:be:4c:24:c0:a5:fb:a3:7a:ec:b9:85:76:
                    6a:d5:35:b1:b7:97:53:28:41:93:46:09:4c:98:86:
                    ce:85:57:de:ae:9e:c8:51:a3:cf:7d:9f:9a:57:60:
                    25:29:c0:53:d4:60:9e:13:7d:54:3c:d0:c3:77:ae:
                    0d:d7:b8:e3:2c:24:e5:59:95:61:c1:5f:a3:27:54:
                    12:cf:d8:fd:7f:e6:81:eb:bf:69:ac:af:37:3f:6c:
                    f3:97:ee:77:eb:2f:e0:73:3b:31:0e:e5:6d:49:9e:
                    f1:8f:5a:3e:48:b8:22:eb:6b:fa:ed:67:83:0f:b0:
                    35:fc:02:8d:0e:b9:f1:6c:68:69:5f:e7:f6:b2:4d:
                    03:43:3e:1e:13:08:6a:76:b2:07:a4:6a:af:38:30:
                    3e:3d:01:e3:5e:da:21:01:a5:30:13:6e:82:b4:11:
                    63:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:92:47:CC:33:6E:4F:36:F3:60:3F:D1:49:A5:99:96:07:A1:8C:54
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/VZJHzDNuTzbzYD_RSaWZlgehjFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:c5:e8:3b:0b:60:e0:e5:df:a6:1c:3a:89:5b:0a:22:44:0a:
         dd:de:b6:8d:56:d0:8c:2b:ed:97:07:d0:f8:4c:9d:43:11:15:
         63:2a:9a:9d:18:70:8e:35:39:53:62:08:fa:55:e7:ab:b1:02:
         a1:7a:b6:28:97:18:28:a0:94:98:67:7c:23:74:11:00:40:97:
         a5:d2:67:d0:5d:28:9e:96:82:0a:36:40:ec:7c:d9:15:49:4a:
         49:a1:3a:b8:c5:0e:f8:a2:46:1c:56:90:77:f2:d5:89:58:8d:
         c0:96:2d:2c:ff:43:05:14:54:8c:10:ef:97:9b:2d:dc:5b:65:
         be:74:52:44:72:d4:d8:e5:dd:42:52:33:aa:4e:8b:bc:4d:c5:
         27:d5:12:0c:27:50:3e:7d:e5:0d:5d:b3:88:e9:a0:12:52:d2:
         b1:e8:eb:26:b6:ce:44:8c:00:e4:7a:16:ef:c5:29:cc:c1:4f:
         f0:6f:11:77:dd:83:97:06:f7:1b:a0:88:a1:c1:63:b7:23:38:
         b4:7e:04:29:12:27:77:23:28:88:58:17:39:71:b1:84:f4:30:
         c2:d8:68:5e:b6:b7:7a:66:e2:25:80:6c:b3:04:c6:06:bf:96:
         18:dd:99:fd:00:0b:ba:08:ed:42:3a:30:8e:a8:3c:01:de:b4:
         d5:8c:9a:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLehv5kfxGRC45pyW4tIU7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjQxMDMwMTc0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTkyNDdjYzMzNmU0ZjM2ZjM2MDNmZDE0OWE1OTk5NjA3YTE4YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFRdaUn0+T6evNQVbTrUdSZDFlSt
55d0xbKlCIP6cCIOFHCM0xFikUAxUwCB/n2wvt6AWD64quBoivugCT0fEwyBLbnB
/SnXk7H6qpKR9DTsyUFgW2FAknzuxZi+TCTApfujeuy5hXZq1TWxt5dTKEGTRglM
mIbOhVferp7IUaPPfZ+aV2AlKcBT1GCeE31UPNDDd64N17jjLCTlWZVhwV+jJ1QS
z9j9f+aB679prK83P2zzl+536y/gczsxDuVtSZ7xj1o+SLgi62v67WeDD7A1/AKN
DrnxbGhpX+f2sk0DQz4eEwhqdrIHpGqvODA+PQHjXtohAaUwE26CtBFjjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFWSR8wzbk8282A/0UmlmZYHoYxUMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvVlpKSHpETnVUemJ6WURfUlNhV1psZ2VoakZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH/wDAN
BgkqhkiG9w0BAQsFAAOCAQEAQMXoOwtg4OXfphw6iVsKIkQK3d62jVbQjCvtlwfQ
+EydQxEVYyqanRhwjjU5U2II+lXnq7ECoXq2KJcYKKCUmGd8I3QRAECXpdJn0F0o
npaCCjZA7HzZFUlKSaE6uMUO+KJGHFaQd/LViViNwJYtLP9DBRRUjBDvl5st3Ftl
vnRSRHLU2OXdQlIzqk6LvE3FJ9USDCdQPn3lDV2ziOmgElLSsejrJrbORIwA5HoW
78UpzMFP8G8Rd92Dlwb3G6CIocFjtyM4tH4EKRIndyMoiFgXOXGxhPQwwthoXra3
embiJYBsswTGBr+WGN2Z/QALugjtQjowjqg8Ad601Yyakw==
-----END CERTIFICATE-----