Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/vF_oOv9r76q0FdPzPzMSZ_Qg32Q.roa
File:                     vF_oOv9r76q0FdPzPzMSZ_Qg32Q.roa (raw, json)
Hash identifier:          e1pIcFPEPVHgPSZ/4xAXLRUAcbxV8wPmoubi9BuN51c=
Subject key identifier:   BC:5F:E8:3A:FF:6B:EF:AA:B4:15:D3:F3:3F:33:12:67:F4:20:DF:64
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D71036876CAAC8FD088E006FE368B8
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/vF_oOv9r76q0FdPzPzMSZ_Qg32Q.roa
Signing time:             Wed 01 Jan 2025 21:48:04 +0000
ROA not before:           Wed 01 Jan 2025 21:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        213.238.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:10:36:87:6c:aa:c8:fd:08:8e:00:6f:e3:68:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc5fe83aff6befaab415d3f33f331267f420df64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:72:46:b5:75:98:f8:fd:08:4f:5a:d2:30:1c:
                    59:72:8d:75:71:fd:93:28:e1:24:c0:2f:dd:2b:83:
                    db:fb:67:a2:94:60:0d:19:f5:b4:a8:15:d8:d0:1b:
                    c9:34:fd:a1:23:8a:94:71:b8:5a:aa:77:ad:dd:e6:
                    bf:c1:87:0a:c6:b0:30:cb:e0:26:a6:eb:f0:bf:53:
                    f4:50:7f:6b:93:c1:38:a8:9d:0a:1c:27:d3:d0:67:
                    ea:82:cf:e6:9a:48:bd:89:3f:80:7b:e0:81:38:2a:
                    27:b4:2e:10:8a:28:7d:69:ea:ec:1d:d8:61:eb:54:
                    6d:f4:15:4b:a9:a6:c6:d2:4d:8c:7f:56:67:96:67:
                    9b:17:af:53:bd:e6:f1:db:1c:8e:5c:3f:cd:75:01:
                    45:f5:ce:26:c5:93:e3:96:a6:50:5f:9b:53:e9:42:
                    d1:55:9d:c4:c5:7f:b2:68:3f:4d:0c:e6:96:f5:d9:
                    58:0b:ce:71:da:05:a1:a4:09:3b:5e:7d:f1:99:04:
                    68:e6:03:27:a0:52:74:98:48:54:18:45:03:fa:cf:
                    c5:64:32:d8:90:67:62:06:9c:07:e5:17:44:a5:26:
                    a4:ec:c1:b2:cc:39:a4:99:5a:5b:8e:27:8a:31:a7:
                    6c:58:95:3f:70:d4:68:ad:5a:8f:9e:78:71:0d:f9:
                    da:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:5F:E8:3A:FF:6B:EF:AA:B4:15:D3:F3:3F:33:12:67:F4:20:DF:64
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/vF_oOv9r76q0FdPzPzMSZ_Qg32Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:88:c5:3a:8d:c2:e4:aa:54:f3:59:b9:96:59:f2:13:1d:2f:
         55:aa:4e:1d:ed:f2:99:69:f6:50:2c:23:ca:1c:6b:8f:f9:3d:
         86:e8:c1:c3:7f:f2:b5:14:9b:6c:e5:c6:02:63:0e:c6:c7:f3:
         97:d3:6d:fd:8d:f7:03:d1:5c:da:79:bf:c2:a9:db:32:47:5e:
         bb:71:3f:fa:f3:81:22:6a:a3:76:68:e3:0a:b8:f8:89:68:8c:
         06:6b:c2:02:27:c7:d0:e1:86:6e:23:6a:d5:36:6a:7a:45:18:
         14:93:6c:3e:47:66:0d:96:01:50:ea:1b:b2:32:3b:09:ce:05:
         17:13:1c:d7:fb:76:73:7d:80:a1:ff:b3:78:52:1f:fa:f0:2b:
         8e:4b:e9:2b:c8:b7:67:d9:f5:fe:c3:ef:8c:36:32:90:fa:ae:
         66:ac:32:a4:d1:eb:f3:13:23:12:79:9e:0c:a4:b2:6d:20:33:
         0e:d6:30:ca:b5:a4:1f:1d:4b:cd:02:1c:87:ff:e5:88:06:e4:
         d5:14:1c:66:94:b4:a4:61:6d:e4:9c:d0:e9:87:3b:f7:12:90:
         60:6f:24:04:0c:42:17:9d:94:c0:03:07:3e:b4:5d:11:08:c1:
         be:03:be:80:21:30:f8:7b:96:aa:79:f2:f2:11:8b:ee:9a:5c:
         e1:a0:74:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xA2h2yqyP0IjgBv42i4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzVmZTgzYWZmNmJlZmFhYjQxNWQzZjMzZjMzMTI2N2Y0MjBkZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknJGtXWY+P0IT1rSMBxZco11cf2T
KOEkwC/dK4Pb+2eilGANGfW0qBXY0BvJNP2hI4qUcbhaqnet3ea/wYcKxrAwy+Am
puvwv1P0UH9rk8E4qJ0KHCfT0Gfqgs/mmki9iT+Ae+CBOContC4Qiih9aersHdhh
61Rt9BVLqabG0k2Mf1ZnlmebF69Tvebx2xyOXD/NdQFF9c4mxZPjlqZQX5tT6ULR
VZ3ExX+yaD9NDOaW9dlYC85x2gWhpAk7Xn3xmQRo5gMnoFJ0mEhUGEUD+s/FZDLY
kGdiBpwH5RdEpSak7MGyzDmkmVpbjieKMadsWJU/cNRorVqPnnhxDfna6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxf6Dr/a++qtBXT8z8zEmf0IN9kMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvdkZfb092OXI3NnEwRmRQelB6TVNaX1FnMzJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6mMA0G
CSqGSIb3DQEBCwUAA4IBAQCtiMU6jcLkqlTzWbmWWfITHS9Vqk4d7fKZafZQLCPK
HGuP+T2G6MHDf/K1FJts5cYCYw7Gx/OX0239jfcD0Vzaeb/CqdsyR167cT/684Ei
aqN2aOMKuPiJaIwGa8ICJ8fQ4YZuI2rVNmp6RRgUk2w+R2YNlgFQ6huyMjsJzgUX
ExzX+3ZzfYCh/7N4Uh/68CuOS+kryLdn2fX+w++MNjKQ+q5mrDKk0evzEyMSeZ4M
pLJtIDMO1jDKtaQfHUvNAhyH/+WIBuTVFBxmlLSkYW3knNDphzv3EpBgbyQEDEIX
nZTAAwc+tF0RCMG+A76AITD4e5aqefLyEYvumlzhoHQZ
-----END CERTIFICATE-----