Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/VDDxUy1rUQDxJYT3ATBjI69SbdQ.roa
File:                     VDDxUy1rUQDxJYT3ATBjI69SbdQ.roa (raw, json)
Hash identifier:          oF1hkO2cydZ9A84V2XohR++dZN8uh+qMwIFTNO+4W4Y=
Subject key identifier:   54:30:F1:53:2D:6B:51:00:F1:25:84:F7:01:30:63:23:AF:52:6D:D4
Certificate issuer:       /CN=4aae738ee1782735939a4fb0d672a6317b7f5243
Certificate serial:       019424448E90B1FC8C68A729A868DA0C3CA1
Authority key identifier: 4A:AE:73:8E:E1:78:27:35:93:9A:4F:B0:D6:72:A6:31:7B:7F:52:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/VDDxUy1rUQDxJYT3ATBjI69SbdQ.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.25.0.0/16 maxlen: 16
                          192.53.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8e:90:b1:fc:8c:68:a7:29:a8:68:da:0c:3c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aae738ee1782735939a4fb0d672a6317b7f5243
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5430f1532d6b5100f12584f701306323af526dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f4:d7:2e:95:39:99:e1:20:e1:b3:bf:18:55:
                    3b:82:c3:26:78:d9:e4:2b:bd:20:2c:4d:73:ad:bb:
                    b0:44:06:58:9d:2c:04:a2:46:f1:0f:81:56:2f:1d:
                    ba:bc:13:74:91:d1:ef:50:53:0e:ec:bd:f3:8b:06:
                    8c:95:df:08:5c:7f:9d:1f:be:7e:26:bf:b4:0e:62:
                    54:1b:46:7e:f1:50:6a:52:52:a6:64:f0:76:13:c0:
                    d7:56:d1:de:c6:0d:51:28:cd:44:eb:0f:71:24:e7:
                    b4:82:33:c4:f9:50:d1:d5:04:0e:d6:7d:75:14:94:
                    b1:d0:b7:a1:ea:f0:43:44:27:1f:f4:98:a1:24:c3:
                    b6:03:27:7c:fb:07:52:67:f9:35:ae:b7:62:19:cc:
                    c9:d2:a2:c5:8f:7e:80:1e:d5:f2:1b:67:e4:7b:75:
                    47:bc:93:3a:9b:66:0a:b1:2b:f8:93:14:00:28:69:
                    d3:04:2e:b5:a0:01:24:09:d0:0e:92:96:8a:ad:c6:
                    22:2d:71:5a:9e:85:b3:a8:c9:90:ab:0f:d4:c6:15:
                    71:3e:f8:f1:04:33:c9:fc:64:2e:c1:c8:c7:b7:df:
                    f3:27:e8:41:d4:f4:94:99:72:08:a0:c3:dc:0b:c0:
                    c1:df:9b:fd:de:15:fa:c6:a9:be:98:e6:c1:8a:e7:
                    83:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:30:F1:53:2D:6B:51:00:F1:25:84:F7:01:30:63:23:AF:52:6D:D4
            X509v3 Authority Key Identifier:
                keyid:4A:AE:73:8E:E1:78:27:35:93:9A:4F:B0:D6:72:A6:31:7B:7F:52:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/VDDxUy1rUQDxJYT3ATBjI69SbdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.25.0.0/16
                  192.53.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e0:e5:77:9a:b3:87:7d:12:59:f4:49:1b:e6:72:94:15:65:
         04:f8:e1:5e:d8:a4:5e:08:30:41:6f:52:8c:db:d8:63:30:fd:
         e0:e8:45:bc:96:af:f4:0e:5e:a3:85:58:b5:3f:3b:a6:66:f8:
         94:32:49:cb:69:d5:66:36:34:fe:ee:20:98:4e:e3:18:94:79:
         20:fe:5a:08:c1:64:f1:f3:d3:67:3a:c0:d4:ed:87:21:6e:e6:
         3c:2f:82:2a:38:77:e2:8e:48:30:b5:a1:56:c7:06:93:7c:9f:
         5c:ac:62:84:0b:2c:08:19:d1:2c:ce:cf:36:8f:05:65:cd:44:
         42:68:84:62:61:f2:6b:75:aa:f8:f0:08:2b:e5:6f:bc:20:2c:
         9f:63:5c:bd:fc:1c:5a:ff:56:be:63:6a:0f:15:24:f9:aa:3d:
         49:38:b8:a7:9c:b4:53:db:42:7a:11:09:42:5a:bd:25:ca:0e:
         6d:43:df:36:b8:66:7b:95:45:35:29:db:da:30:e6:ea:50:d7:
         27:5c:fc:77:44:c7:07:70:9a:55:38:19:7a:77:eb:00:77:ba:
         03:33:d9:01:e6:7c:be:2d:2a:0f:9b:0e:fe:68:e4:0e:10:86:
         03:a0:b5:7d:39:da:e6:e4:2b:7b:3b:a1:08:db:74:1e:59:ee:
         9d:af:32:48
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQkRI6QsfyMaKcpqGjaDDyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWU3MzhlZTE3ODI3MzU5MzlhNGZiMGQ2NzJhNjMxN2I3
ZjUyNDMwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDMwZjE1MzJkNmI1MTAwZjEyNTg0ZjcwMTMwNjMyM2FmNTI2ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvTXLpU5meEg4bO/GFU7gsMmeNnk
K70gLE1zrbuwRAZYnSwEokbxD4FWLx26vBN0kdHvUFMO7L3ziwaMld8IXH+dH75+
Jr+0DmJUG0Z+8VBqUlKmZPB2E8DXVtHexg1RKM1E6w9xJOe0gjPE+VDR1QQO1n11
FJSx0Leh6vBDRCcf9JihJMO2Ayd8+wdSZ/k1rrdiGczJ0qLFj36AHtXyG2fke3VH
vJM6m2YKsSv4kxQAKGnTBC61oAEkCdAOkpaKrcYiLXFanoWzqMmQqw/UxhVxPvjx
BDPJ/GQuwcjHt9/zJ+hB1PSUmXIIoMPcC8DB35v93hX6xqm+mObBiueDQQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFQw8VMta1EA8SWE9wEwYyOvUm3UMB8GA1UdIwQY
MBaAFEquc47heCc1k5pPsNZypjF7f1JDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3E1emp1RjRKeldUbWstdzFuS21NWHRfVWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85ZTAyNGUtYzZlNS00OTc3LWIzNjkt
MWZmOWZmMTkyY2Q3LzEvVkREeFV5MXJVUUR4SllUM0FUQmpJNjlTYmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85ZTAyNGUtYzZlNS00OTc3LWIzNjktMWZmOWZmMTkyY2Q3
LzEvU3E1emp1RjRKeldUbWstdzFuS21NWHRfVWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjRkDBADA
NWcwDQYJKoZIhvcNAQELBQADggEBAH/g5Xeas4d9Eln0SRvmcpQVZQT44V7YpF4I
MEFvUozb2GMw/eDoRbyWr/QOXqOFWLU/O6Zm+JQySctp1WY2NP7uIJhO4xiUeSD+
WgjBZPHz02c6wNTthyFu5jwvgio4d+KOSDC1oVbHBpN8n1ysYoQLLAgZ0SzOzzaP
BWXNREJohGJh8mt1qvjwCCvlb7wgLJ9jXL38HFr/Vr5jag8VJPmqPUk4uKectFPb
QnoRCUJavSXKDm1D3za4ZnuVRTUp29ow5upQ1ydc/HdExwdwmlU4GXp36wB3ugMz
2QHmfL4tKg+bDv5o5A4QhgOgtX052ubkK3s7oQjbdB5Z7p2vMkg=
-----END CERTIFICATE-----