Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/vgcjTeJgjqzs04Lo8DPrBtZnGbs.roa
File:                     vgcjTeJgjqzs04Lo8DPrBtZnGbs.roa (raw, json)
Hash identifier:          iV57rW45EBrtatSEbslptILthc80jn2LQS91fPeJvUo=
Subject key identifier:   BE:07:23:4D:E2:60:8E:AC:EC:D3:82:E8:F0:33:EB:06:D6:67:19:BB
Certificate issuer:       /CN=943e3f4856dac2a005c3a52347114dec453934b8
Certificate serial:       019423D6BB7ADE3C8449CBBEF2825E0FAECA
Authority key identifier: 94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/vgcjTeJgjqzs04Lo8DPrBtZnGbs.roa
Signing time:             Wed 01 Jan 2025 21:47:42 +0000
ROA not before:           Wed 01 Jan 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        176.127.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:bb:7a:de:3c:84:49:cb:be:f2:82:5e:0f:ae:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943e3f4856dac2a005c3a52347114dec453934b8
        Validity
            Not Before: Jan  1 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be07234de2608eacecd382e8f033eb06d66719bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:89:74:a5:49:30:54:2e:ad:cd:10:e2:5e:df:
                    d9:4c:82:1f:1a:12:84:3f:dc:ee:8f:69:c2:3a:c9:
                    e9:34:2d:26:f9:84:cb:6d:1a:e4:9d:0c:f7:88:83:
                    cf:1d:32:94:af:34:e6:a6:d6:31:e9:8d:ae:ca:a4:
                    14:28:f4:0f:69:79:de:63:e9:bb:81:e8:6a:8c:c8:
                    a7:9f:f2:85:cc:a4:af:a5:c7:fb:d6:fb:32:b0:55:
                    07:7a:7e:37:44:89:1a:9d:a9:92:5c:04:f0:a2:08:
                    df:d1:c8:73:b7:ef:68:09:c2:15:5c:1c:cc:aa:2f:
                    4a:9c:d4:e0:d7:5e:fc:1f:4c:41:ed:02:2c:9f:fc:
                    10:b9:2b:95:b9:fd:b0:11:a8:ac:86:da:ac:19:3b:
                    4a:2a:49:c2:01:b8:45:02:bf:99:0a:93:14:a6:2f:
                    ed:9e:65:ae:a2:4c:43:d4:57:ba:72:50:d3:42:60:
                    b6:43:1b:0d:af:ca:b4:f5:43:a7:33:03:49:37:2b:
                    ec:56:ae:ad:bf:b3:ee:61:bd:12:a5:19:88:09:50:
                    fc:43:36:15:e5:8f:73:03:cc:a5:e5:79:2e:c0:66:
                    98:28:ef:d3:24:7a:75:21:79:58:b5:a7:ae:03:2a:
                    48:55:1c:83:97:a3:87:a2:de:85:40:38:73:93:13:
                    1b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:07:23:4D:E2:60:8E:AC:EC:D3:82:E8:F0:33:EB:06:D6:67:19:BB
            X509v3 Authority Key Identifier:
                keyid:94:3E:3F:48:56:DA:C2:A0:05:C3:A5:23:47:11:4D:EC:45:39:34:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lD4_SFbawqAFw6UjRxFN7EU5NLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/vgcjTeJgjqzs04Lo8DPrBtZnGbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/8c1544-7cf2-4871-a1df-0253d04fb8ff/1/lD4_SFbawqAFw6UjRxFN7EU5NLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.127.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         86:2d:80:2a:f5:fc:81:32:3c:4f:ba:38:e2:3b:3d:0a:8e:d3:
         fb:7d:30:aa:70:f5:e6:d0:15:e7:28:e2:8a:99:d3:fd:d6:67:
         95:51:aa:8c:15:22:17:39:72:30:39:a3:e5:e4:bc:e5:59:8a:
         fd:96:92:ee:6b:e2:4f:74:03:4d:c0:20:0d:72:b6:a7:c3:51:
         91:d3:dc:bf:f6:15:c5:a5:da:18:ec:e7:84:10:e1:03:ad:9f:
         61:50:72:8b:f8:af:c3:4e:63:bc:70:4c:22:c4:c7:6d:07:08:
         d8:2b:99:25:a5:0a:7f:f2:41:24:75:69:5b:6c:86:5e:e1:34:
         5f:f3:f8:bf:82:e1:e7:a6:3e:60:60:47:a7:25:58:c2:6b:c1:
         1d:f6:48:73:ef:1d:69:de:23:e4:86:24:a3:cd:d8:da:84:84:
         a5:ea:e5:bb:d7:92:46:0f:a9:1c:8b:17:93:bd:67:e1:32:a8:
         f2:c5:7a:aa:9d:48:0e:fd:77:7d:ad:86:a9:39:2b:24:bf:e1:
         da:82:de:20:bd:be:7c:bf:31:f9:8e:f1:0f:31:0d:b9:85:83:
         69:db:86:b3:c9:2d:e3:9c:a2:df:31:f2:92:28:a8:81:18:a2:
         ae:20:c8:b6:2c:52:99:ae:ca:15:d9:19:ad:ae:bd:57:a5:ff:
         d9:1a:90:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rt63jyEScu+8oJeD67KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2UzZjQ4NTZkYWMyYTAwNWMzYTUyMzQ3MTE0ZGVjNDUz
OTM0YjgwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTA3MjM0ZGUyNjA4ZWFjZWNkMzgyZThmMDMzZWIwNmQ2NjcxOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4l0pUkwVC6tzRDiXt/ZTIIfGhKE
P9zuj2nCOsnpNC0m+YTLbRrknQz3iIPPHTKUrzTmptYx6Y2uyqQUKPQPaXneY+m7
gehqjMinn/KFzKSvpcf71vsysFUHen43RIkanamSXATwogjf0chzt+9oCcIVXBzM
qi9KnNTg1178H0xB7QIsn/wQuSuVuf2wEaishtqsGTtKKknCAbhFAr+ZCpMUpi/t
nmWuokxD1Fe6clDTQmC2QxsNr8q09UOnMwNJNyvsVq6tv7PuYb0SpRmICVD8QzYV
5Y9zA8yl5XkuwGaYKO/TJHp1IXlYtaeuAypIVRyDl6OHot6FQDhzkxMbzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4HI03iYI6s7NOC6PAz6wbWZxm7MB8GA1UdIwQY
MBaAFJQ+P0hW2sKgBcOlI0cRTexFOTS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYt
MDI1M2QwNGZiOGZmLzEvdmdjalRlSmdqcXpzMDRMbzhEUHJCdFpuR2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy84YzE1NDQtN2NmMi00ODcxLWExZGYtMDI1M2QwNGZiOGZm
LzEvbEQ0X1NGYmF3cUFGdzZValJ4Rk43RVU1TkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHsH8AMA0G
CSqGSIb3DQEBCwUAA4IBAQCGLYAq9fyBMjxPujjiOz0KjtP7fTCqcPXm0BXnKOKK
mdP91meVUaqMFSIXOXIwOaPl5LzlWYr9lpLua+JPdANNwCANcranw1GR09y/9hXF
pdoY7OeEEOEDrZ9hUHKL+K/DTmO8cEwixMdtBwjYK5klpQp/8kEkdWlbbIZe4TRf
8/i/guHnpj5gYEenJVjCa8Ed9khz7x1p3iPkhiSjzdjahISl6uW715JGD6kcixeT
vWfhMqjyxXqqnUgO/Xd9rYapOSskv+Hagt4gvb58vzH5jvEPMQ25hYNp24azyS3j
nKLfMfKSKKiBGKKuIMi2LFKZrsoV2Rmtrr1Xpf/ZGpCH
-----END CERTIFICATE-----