Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/vgV_HmZnBn6siqRpblhJDHolxhY.roa
File:                     vgV_HmZnBn6siqRpblhJDHolxhY.roa (raw, json)
Hash identifier:          CU3IQ42U8bx3rzB6RefYOwaftXWSsseBjQQDCbcW70Y=
Subject key identifier:   BE:05:7F:1E:66:67:06:7E:AC:8A:A4:69:6E:58:49:0C:7A:25:C6:16
Certificate issuer:       /CN=4432f61bbd3fd11d7facbb1543a751a65a3f64c3
Certificate serial:       019422FB1E109486DD23BF9EFD93491390AF
Authority key identifier: 44:32:F6:1B:BD:3F:D1:1D:7F:AC:BB:15:43:A7:51:A6:5A:3F:64:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RDL2G70_0R1_rLsVQ6dRplo_ZMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/vgV_HmZnBn6siqRpblhJDHolxhY.roa
Signing time:             Wed 01 Jan 2025 17:47:50 +0000
ROA not before:           Wed 01 Jan 2025 17:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43096
IP address blocks:        80.83.90.0/24 maxlen: 24
                          185.61.236.0/24 maxlen: 24
                          185.61.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/RDL2G70_0R1_rLsVQ6dRplo_ZMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/RDL2G70_0R1_rLsVQ6dRplo_ZMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RDL2G70_0R1_rLsVQ6dRplo_ZMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:1e:10:94:86:dd:23:bf:9e:fd:93:49:13:90:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4432f61bbd3fd11d7facbb1543a751a65a3f64c3
        Validity
            Not Before: Jan  1 17:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be057f1e6667067eac8aa4696e58490c7a25c616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:42:3e:f3:57:cc:47:bf:69:47:ea:e3:04:ba:
                    44:ee:37:53:8b:bc:9d:ca:aa:08:9e:7d:9a:8c:f7:
                    07:15:c1:14:5e:63:ab:72:2b:b7:fa:21:61:bc:57:
                    5d:27:70:93:cf:c6:77:ea:75:b4:f8:68:d9:29:e3:
                    82:0b:13:43:07:90:a5:21:05:23:0d:d5:ef:df:2e:
                    bf:bb:a7:a6:44:63:dd:12:3d:b7:65:2f:5e:03:99:
                    b6:c8:3c:67:83:11:27:ef:92:8f:17:19:14:4e:7b:
                    1f:32:6a:f3:27:82:fe:59:fd:3d:e2:5e:1d:08:c8:
                    26:4f:e0:37:fe:b4:d4:95:33:0d:68:51:04:d6:3c:
                    16:04:58:1d:1c:62:b5:6e:4f:c8:a0:8f:c8:eb:6a:
                    2c:68:00:37:60:b7:03:94:6e:76:2c:0b:79:8e:20:
                    54:4d:f1:e3:3d:fe:72:d8:a4:86:46:bb:d8:f7:45:
                    1d:cc:0f:b8:b0:7e:c2:e7:9d:9f:45:4a:59:56:fd:
                    dc:d8:7a:f2:78:84:b7:d1:c2:5a:1d:eb:42:ce:69:
                    3f:d2:15:36:3a:35:59:73:40:e8:f9:5e:06:b9:20:
                    04:f3:e7:be:a8:ab:92:b7:9c:6b:52:1d:98:31:40:
                    48:88:9f:ac:26:c2:38:a7:27:8c:e7:72:f4:4f:09:
                    cb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:05:7F:1E:66:67:06:7E:AC:8A:A4:69:6E:58:49:0C:7A:25:C6:16
            X509v3 Authority Key Identifier:
                keyid:44:32:F6:1B:BD:3F:D1:1D:7F:AC:BB:15:43:A7:51:A6:5A:3F:64:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RDL2G70_0R1_rLsVQ6dRplo_ZMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/vgV_HmZnBn6siqRpblhJDHolxhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/664eb1-f220-4804-8c5a-9278840c4970/1/RDL2G70_0R1_rLsVQ6dRplo_ZMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.90.0/24
                  185.61.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:c3:39:ba:b2:01:2b:32:49:d0:4f:c3:1b:53:2c:10:06:15:
         a8:42:22:3f:d4:de:74:a7:be:49:3b:17:e3:51:fa:a9:7e:8f:
         33:68:43:0d:b8:9c:de:36:2d:65:d3:37:23:9c:63:4e:a7:26:
         3e:86:89:50:8c:d2:65:22:84:ad:42:1f:df:4f:f3:f6:9b:03:
         0e:da:2b:d6:93:7a:9b:be:06:0c:09:bd:84:60:a2:d5:5e:32:
         9b:da:fc:a3:78:3f:78:84:45:f3:8b:db:4b:20:e3:34:6e:d8:
         19:c9:54:db:af:64:58:ad:9c:3c:95:ea:cd:76:ac:3b:b1:93:
         43:04:bf:83:b6:e7:52:0d:94:ff:e2:81:6b:70:b0:ce:49:f6:
         d7:0f:81:77:4c:34:fb:ee:0e:c2:6b:20:25:9f:72:3b:76:be:
         db:4c:f3:63:67:13:b1:1c:47:55:56:fc:67:bf:ed:d5:13:3e:
         4e:6d:c2:0b:f8:7a:db:b5:fc:4f:b9:8a:94:ec:f2:df:1c:80:
         c5:ec:cd:fb:f7:e4:49:01:42:21:e3:8b:28:32:db:37:d4:ca:
         46:d0:e8:53:b9:1c:f3:79:f5:fb:5f:ce:17:01:ec:a0:b6:3c:
         da:be:ad:5a:85:3c:6a:8e:5f:f0:d0:81:28:41:52:09:b9:b4:
         da:af:81:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+x4QlIbdI7+e/ZNJE5CvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MzJmNjFiYmQzZmQxMWQ3ZmFjYmIxNTQzYTc1MWE2NWEz
ZjY0YzMwHhcNMjUwMTAxMTc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTA1N2YxZTY2NjcwNjdlYWM4YWE0Njk2ZTU4NDkwYzdhMjVjNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0I+81fMR79pR+rjBLpE7jdTi7yd
yqoInn2ajPcHFcEUXmOrciu3+iFhvFddJ3CTz8Z36nW0+GjZKeOCCxNDB5ClIQUj
DdXv3y6/u6emRGPdEj23ZS9eA5m2yDxngxEn75KPFxkUTnsfMmrzJ4L+Wf094l4d
CMgmT+A3/rTUlTMNaFEE1jwWBFgdHGK1bk/IoI/I62osaAA3YLcDlG52LAt5jiBU
TfHjPf5y2KSGRrvY90UdzA+4sH7C552fRUpZVv3c2HryeIS30cJaHetCzmk/0hU2
OjVZc0Do+V4GuSAE8+e+qKuSt5xrUh2YMUBIiJ+sJsI4pyeM53L0TwnLfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL4Ffx5mZwZ+rIqkaW5YSQx6JcYWMB8GA1UdIwQY
MBaAFEQy9hu9P9Edf6y7FUOnUaZaP2TDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkRMMkc3MF8wUjFfckxzVlE2ZFJwbG9fWk1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82NjRlYjEtZjIyMC00ODA0LThjNWEt
OTI3ODg0MGM0OTcwLzEvdmdWX0htWm5CbjZzaXFScGJsaEpESG9seGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82NjRlYjEtZjIyMC00ODA0LThjNWEtOTI3ODg0MGM0OTcw
LzEvUkRMMkc3MF8wUjFfckxzVlE2ZFJwbG9fWk1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUFNaAwQB
uT3sMA0GCSqGSIb3DQEBCwUAA4IBAQCVwzm6sgErMknQT8MbUywQBhWoQiI/1N50
p75JOxfjUfqpfo8zaEMNuJzeNi1l0zcjnGNOpyY+holQjNJlIoStQh/fT/P2mwMO
2ivWk3qbvgYMCb2EYKLVXjKb2vyjeD94hEXzi9tLIOM0btgZyVTbr2RYrZw8lerN
dqw7sZNDBL+DtudSDZT/4oFrcLDOSfbXD4F3TDT77g7CayAln3I7dr7bTPNjZxOx
HEdVVvxnv+3VEz5ObcIL+HrbtfxPuYqU7PLfHIDF7M379+RJAUIh44soMts31MpG
0OhTuRzzefX7X84XAeygtjzavq1ahTxqjl/w0IEoQVIJubTar4Fj
-----END CERTIFICATE-----