Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/VGNUuwe-hqqAy7oOkHM2nEayK1o.roa
File:                     VGNUuwe-hqqAy7oOkHM2nEayK1o.roa (raw, json)
Hash identifier:          PbhbER0ewQHcNx+5Jye/cmyEemdCt4HhzE4je62M8OM=
Subject key identifier:   54:63:54:BB:07:BE:86:AA:80:CB:BA:0E:90:73:36:9C:46:B2:2B:5A
Certificate issuer:       /CN=76866be69f3770720a6dcc4792e680fc7f7321a1
Certificate serial:       019422FB649986A556A6E2E0F2CB2D2204C3
Authority key identifier: 76:86:6B:E6:9F:37:70:72:0A:6D:CC:47:92:E6:80:FC:7F:73:21:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/VGNUuwe-hqqAy7oOkHM2nEayK1o.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200300
IP address blocks:        2001:678:7e8::/48 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:64:99:86:a5:56:a6:e2:e0:f2:cb:2d:22:04:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76866be69f3770720a6dcc4792e680fc7f7321a1
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=546354bb07be86aa80cbba0e9073369c46b22b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:53:24:13:41:50:d3:89:51:95:d2:88:78:
                    27:1f:75:a0:ca:fb:b0:5c:85:cf:09:13:02:29:14:
                    bc:c7:3a:f7:67:8a:5e:a9:70:1a:86:8a:c4:44:d6:
                    c0:7c:bc:e3:20:c5:bf:aa:ab:85:89:7f:84:ed:51:
                    fc:52:d3:e1:b2:1d:9a:04:66:a9:7b:3c:f1:7d:11:
                    b2:06:74:47:7f:00:51:1f:6d:46:ae:46:dd:51:05:
                    e1:30:08:8d:20:5e:e0:d7:e5:47:62:dc:ae:06:89:
                    0b:45:b2:8c:da:9c:2d:29:b3:95:db:74:a6:4e:35:
                    91:2e:32:b8:39:e7:14:92:58:62:90:4a:4f:05:3d:
                    d1:e9:34:de:9b:d9:8b:5e:82:68:b5:18:55:0b:83:
                    bd:8d:ad:ee:5e:38:4d:78:a7:7e:5c:01:08:14:09:
                    02:6f:05:3b:a5:de:6f:c6:18:71:c3:84:7e:cb:29:
                    36:05:0a:c7:43:d1:e1:76:79:ca:d8:cf:8a:86:70:
                    61:9b:5b:7f:e5:8d:11:7f:63:b1:8d:ee:1b:8e:7d:
                    63:49:64:53:97:23:0a:7e:31:fc:13:5a:32:f9:d6:
                    00:67:fb:d2:f5:84:26:5c:ec:8e:a8:d1:b6:d8:9a:
                    f6:47:32:20:28:0f:60:41:90:e2:2d:e9:18:26:6b:
                    d5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:63:54:BB:07:BE:86:AA:80:CB:BA:0E:90:73:36:9C:46:B2:2B:5A
            X509v3 Authority Key Identifier:
                keyid:76:86:6B:E6:9F:37:70:72:0A:6D:CC:47:92:E6:80:FC:7F:73:21:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/doZr5p83cHIKbcxHkuaA_H9zIaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/VGNUuwe-hqqAy7oOkHM2nEayK1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/25812d-8cd7-4707-8bdb-cfa5042dc95c/1/doZr5p83cHIKbcxHkuaA_H9zIaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:52:20:70:0b:25:29:27:cf:47:3d:45:4e:3c:75:34:fa:ec:
         4d:ee:9e:c1:a9:1f:75:6d:a3:70:87:00:31:f4:81:c2:0e:f1:
         16:e6:6d:98:28:34:a9:0f:fb:2d:77:23:8b:4c:20:b2:aa:b7:
         7d:4b:d1:e4:88:30:e3:d4:5b:5e:a7:86:79:52:72:c6:9b:00:
         ba:4d:45:78:92:3d:89:7e:45:d0:92:d1:19:b4:be:e8:13:94:
         eb:6e:ad:26:c1:42:af:ea:9f:55:54:92:bd:ce:96:3f:6d:34:
         c6:72:e1:0c:87:78:0c:fc:84:82:38:0a:23:3a:ec:a2:af:a9:
         42:2a:b1:bb:21:a4:5a:8e:99:09:32:0d:c8:cc:c5:3b:4b:57:
         46:11:9f:3c:34:74:bf:f5:18:12:94:f8:4c:bc:e3:6c:67:5b:
         24:e5:79:d4:cb:f6:0d:aa:97:19:b3:21:4b:a0:54:fa:6c:51:
         27:81:dc:ef:5a:a5:16:93:22:82:aa:0b:04:a2:f4:9b:6b:d9:
         de:65:ae:19:18:6d:1e:8b:bc:b8:65:e7:3b:ed:d8:ff:f0:81:
         f0:55:ec:bd:6c:f2:ff:6c:b9:95:72:fc:7d:bb:f0:cf:ee:40:
         ec:58:d4:bb:3f:b9:7f:b0:da:26:55:48:9a:9c:89:93:7b:41:
         4e:96:2b:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+2SZhqVWpuLg8sstIgTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ODY2YmU2OWYzNzcwNzIwYTZkY2M0NzkyZTY4MGZjN2Y3
MzIxYTEwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDYzNTRiYjA3YmU4NmFhODBjYmJhMGU5MDczMzY5YzQ2YjIyYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqdTJBNBUNOJUZXSiHgnH3Wgyvuw
XIXPCRMCKRS8xzr3Z4peqXAahorERNbAfLzjIMW/qquFiX+E7VH8UtPhsh2aBGap
ezzxfRGyBnRHfwBRH21GrkbdUQXhMAiNIF7g1+VHYtyuBokLRbKM2pwtKbOV23Sm
TjWRLjK4OecUklhikEpPBT3R6TTem9mLXoJotRhVC4O9ja3uXjhNeKd+XAEIFAkC
bwU7pd5vxhhxw4R+yyk2BQrHQ9HhdnnK2M+KhnBhm1t/5Y0Rf2Oxje4bjn1jSWRT
lyMKfjH8E1oy+dYAZ/vS9YQmXOyOqNG22Jr2RzIgKA9gQZDiLekYJmvVMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFRjVLsHvoaqgMu6DpBzNpxGsitaMB8GA1UdIwQY
MBaAFHaGa+afN3ByCm3MR5LmgPx/cyGhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG9acjVwODNjSElLYmN4SGt1YUFfSDl6SWFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNTgxMmQtOGNkNy00NzA3LThiZGIt
Y2ZhNTA0MmRjOTVjLzEvVkdOVXV3ZS1ocXFBeTdvT2tITTJuRWF5SzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNTgxMmQtOGNkNy00NzA3LThiZGItY2ZhNTA0MmRjOTVj
LzEvZG9acjVwODNjSElLYmN4SGt1YUFfSDl6SWFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAfo
MA0GCSqGSIb3DQEBCwUAA4IBAQBSUiBwCyUpJ89HPUVOPHU0+uxN7p7BqR91baNw
hwAx9IHCDvEW5m2YKDSpD/stdyOLTCCyqrd9S9HkiDDj1Ftep4Z5UnLGmwC6TUV4
kj2JfkXQktEZtL7oE5Trbq0mwUKv6p9VVJK9zpY/bTTGcuEMh3gM/ISCOAojOuyi
r6lCKrG7IaRajpkJMg3IzMU7S1dGEZ88NHS/9RgSlPhMvONsZ1sk5XnUy/YNqpcZ
syFLoFT6bFEngdzvWqUWkyKCqgsEovSba9neZa4ZGG0ei7y4Zec77dj/8IHwVey9
bPL/bLmVcvx9u/DP7kDsWNS7P7l/sNomVUianImTe0FOliuC
-----END CERTIFICATE-----