Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VAaPBk8zTOafzodOXExU28yGwxs.roa
File:                     VAaPBk8zTOafzodOXExU28yGwxs.roa (raw, json)
Hash identifier:          xzzasQL7wkl87oPLkDlTIR7Y9bbHmW6Dvzvok9sg00I=
Subject key identifier:   54:06:8F:06:4F:33:4C:E6:9F:CE:87:4E:5C:4C:54:DB:CC:86:C3:1B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282779DB0C6CD47400ACD5119714F561
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VAaPBk8zTOafzodOXExU28yGwxs.roa
Signing time:             Thu 02 Jan 2025 17:54:23 +0000
ROA not before:           Thu 02 Jan 2025 17:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397032
IP address blocks:        212.192.28.0/24 maxlen: 24
                          212.192.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:79:db:0c:6c:d4:74:00:ac:d5:11:97:14:f5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54068f064f334ce69fce874e5c4c54dbcc86c31b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1c:20:06:4f:17:14:91:3f:fd:28:f7:94:ea:
                    16:01:f4:3a:0e:8e:fc:38:f7:af:9d:22:dc:ee:7e:
                    89:9c:90:d4:1f:f5:9d:17:24:28:0a:10:81:76:cc:
                    fd:88:31:70:24:b1:a0:bd:22:53:68:b2:3b:02:62:
                    95:f6:40:13:23:08:7c:43:01:cf:0c:45:4d:64:df:
                    c5:58:8b:56:bd:5a:36:1d:c5:7d:79:a4:85:20:c4:
                    39:ab:63:0d:cc:66:21:da:af:b9:87:01:33:be:93:
                    d2:8e:55:4d:80:94:7d:02:b5:8b:13:c3:1f:78:5c:
                    d3:1b:1b:08:79:94:94:bc:cd:12:21:54:e5:bf:0d:
                    6d:cb:37:74:44:08:9d:d2:c9:df:2f:1c:8b:6d:49:
                    e3:0e:db:e7:e7:35:35:1d:b0:fc:eb:32:4a:2a:d5:
                    b9:18:b8:3f:11:c8:fc:16:19:45:09:8a:31:d0:0d:
                    4b:88:77:ad:82:12:b5:c7:0a:29:1b:26:51:bb:a8:
                    c6:48:d3:99:e9:43:d6:aa:9a:ac:11:ab:78:56:8f:
                    35:97:d6:9e:12:68:c6:b5:13:f0:d3:a7:74:92:b7:
                    51:f1:70:5f:52:8c:a3:9b:58:76:e6:10:50:41:42:
                    d3:60:02:9c:c2:6a:90:b3:37:0a:ee:82:a4:c3:b4:
                    92:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:06:8F:06:4F:33:4C:E6:9F:CE:87:4E:5C:4C:54:DB:CC:86:C3:1B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VAaPBk8zTOafzodOXExU28yGwxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:98:f6:a0:d5:08:3d:c9:1b:20:9b:93:6d:9c:73:50:4e:cc:
         2d:20:20:9f:1b:f8:8a:43:f7:fe:8d:e3:c8:79:79:ae:bb:65:
         c5:d8:45:9a:aa:fa:86:91:e5:cc:ee:27:d0:7c:72:93:87:d0:
         e2:f5:49:07:c7:48:d1:b6:ae:ed:fd:06:7e:99:2e:8d:92:11:
         0b:38:30:01:2c:8d:c2:d5:dd:7d:83:aa:85:82:c4:a5:7e:69:
         ba:95:60:19:bc:0e:26:01:74:4f:8b:68:35:82:78:b9:61:b6:
         6e:3c:b1:9e:21:16:bd:01:c1:2d:10:7b:a9:6c:92:df:c9:a2:
         2b:18:d5:c0:74:31:05:b4:b4:eb:7e:87:e2:16:fc:67:47:01:
         60:c3:d4:9d:bf:ea:c9:b6:7e:e6:2e:80:5d:52:b2:f5:e4:b4:
         dd:1c:18:c7:18:dd:e9:05:89:b8:28:da:4a:05:2f:56:30:90:
         c8:74:99:7e:3a:10:34:bd:ae:b3:c6:84:22:fa:6c:19:b4:af:
         5d:e2:ba:2b:fe:9e:67:51:ca:a6:c8:87:ba:52:7d:a7:25:0d:
         79:20:9a:52:f2:fc:4e:31:6e:b2:72:93:7a:8f:93:e3:0d:57:
         2b:db:c2:fe:ec:26:8f:56:c6:37:47:6e:2b:e9:fc:2d:11:6c:
         49:61:4d:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3nbDGzUdACs1RGXFPVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDA2OGYwNjRmMzM0Y2U2OWZjZTg3NGU1YzRjNTRkYmNjODZjMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRwgBk8XFJE//Sj3lOoWAfQ6Do78
OPevnSLc7n6JnJDUH/WdFyQoChCBdsz9iDFwJLGgvSJTaLI7AmKV9kATIwh8QwHP
DEVNZN/FWItWvVo2HcV9eaSFIMQ5q2MNzGYh2q+5hwEzvpPSjlVNgJR9ArWLE8Mf
eFzTGxsIeZSUvM0SIVTlvw1tyzd0RAid0snfLxyLbUnjDtvn5zU1HbD86zJKKtW5
GLg/Ecj8FhlFCYox0A1LiHetghK1xwopGyZRu6jGSNOZ6UPWqpqsEat4Vo81l9ae
EmjGtRPw06d0krdR8XBfUoyjm1h25hBQQULTYAKcwmqQszcK7oKkw7SShwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQGjwZPM0zmn86HTlxMVNvMhsMbMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVkFhUEJrOHpUT2Fmem9kT1hFeFUyOHlHd3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1MAcMA0G
CSqGSIb3DQEBCwUAA4IBAQBHmPag1Qg9yRsgm5NtnHNQTswtICCfG/iKQ/f+jePI
eXmuu2XF2EWaqvqGkeXM7ifQfHKTh9Di9UkHx0jRtq7t/QZ+mS6NkhELODABLI3C
1d19g6qFgsSlfmm6lWAZvA4mAXRPi2g1gni5YbZuPLGeIRa9AcEtEHupbJLfyaIr
GNXAdDEFtLTrfofiFvxnRwFgw9Sdv+rJtn7mLoBdUrL15LTdHBjHGN3pBYm4KNpK
BS9WMJDIdJl+OhA0va6zxoQi+mwZtK9d4ror/p5nUcqmyIe6Un2nJQ15IJpS8vxO
MW6ycpN6j5PjDVcr28L+7CaPVsY3R24r6fwtEWxJYU0r
-----END CERTIFICATE-----