Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/VUf_eExQI714X29LkFd3HNL5qOc.roa
File:                     VUf_eExQI714X29LkFd3HNL5qOc.roa (raw, json)
Hash identifier:          qlXkcSYlvviPgCfxmngZKQMwauhcQqJeFXxSq0WXurQ=
Subject key identifier:   55:47:FF:78:4C:50:23:BD:78:5F:6F:4B:90:57:77:1C:D2:F9:A8:E7
Certificate issuer:       /CN=1f7b7c0d6f7b34608eb24cfa1a888bf33b1b6153
Certificate serial:       0194221FFA672B84C8979E335889997CA9EE
Authority key identifier: 1F:7B:7C:0D:6F:7B:34:60:8E:B2:4C:FA:1A:88:8B:F3:3B:1B:61:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H3t8DW97NGCOskz6GoiL8zsbYVM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/VUf_eExQI714X29LkFd3HNL5qOc.roa
Signing time:             Wed 01 Jan 2025 13:48:28 +0000
ROA not before:           Wed 01 Jan 2025 13:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3209
IP address blocks:        80.68.144.0/24 maxlen: 24
                          2a06:780::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/H3t8DW97NGCOskz6GoiL8zsbYVM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/H3t8DW97NGCOskz6GoiL8zsbYVM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H3t8DW97NGCOskz6GoiL8zsbYVM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:fa:67:2b:84:c8:97:9e:33:58:89:99:7c:a9:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f7b7c0d6f7b34608eb24cfa1a888bf33b1b6153
        Validity
            Not Before: Jan  1 13:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5547ff784c5023bd785f6f4b9057771cd2f9a8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:42:73:cb:67:09:d7:cd:0b:5d:f3:4d:95:43:
                    69:92:db:e6:00:56:26:9a:a4:81:80:71:ee:ac:8f:
                    0d:bf:de:90:e7:37:80:17:fa:bc:69:c1:bf:3b:80:
                    06:00:13:2e:7f:5d:7b:57:f8:39:0a:85:8b:8c:18:
                    dc:20:32:18:3f:43:a9:02:95:1e:58:35:33:ba:d5:
                    0e:5a:10:d2:41:7c:e2:1b:12:e1:fc:e1:cd:ca:45:
                    8d:96:fa:35:e4:c7:4c:06:30:bb:1d:c6:20:5b:70:
                    03:07:7d:90:93:23:80:fa:31:c0:3c:74:9a:bf:54:
                    79:ba:2e:2e:39:35:87:da:83:72:c4:7f:86:b7:d8:
                    74:fb:e5:2c:fd:57:be:3a:37:33:7b:03:1a:3c:20:
                    e3:89:3c:d2:dd:e1:bb:37:80:ac:82:0a:5c:e8:fe:
                    8a:5e:95:73:fc:4d:81:83:58:50:50:a8:ea:c7:d4:
                    ca:e4:a9:8d:97:a1:cd:c9:e6:2b:94:02:96:c9:f7:
                    61:0c:cd:e5:75:b6:e3:93:75:90:71:f9:3b:fa:3a:
                    6b:63:3f:8e:d9:2f:a1:b1:1a:a6:4b:de:84:3b:4d:
                    b7:bf:2d:85:58:92:2a:a0:0d:a8:30:05:ac:e4:86:
                    a3:fa:e5:fd:9a:d9:c5:0a:f4:a4:6d:05:19:ca:3c:
                    2b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:47:FF:78:4C:50:23:BD:78:5F:6F:4B:90:57:77:1C:D2:F9:A8:E7
            X509v3 Authority Key Identifier:
                keyid:1F:7B:7C:0D:6F:7B:34:60:8E:B2:4C:FA:1A:88:8B:F3:3B:1B:61:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H3t8DW97NGCOskz6GoiL8zsbYVM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/VUf_eExQI714X29LkFd3HNL5qOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3e60ad-d6bb-45a3-aef3-2b932e6823ad/1/H3t8DW97NGCOskz6GoiL8zsbYVM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.68.144.0/24
                IPv6:
                  2a06:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:a2:f3:10:35:d2:2f:20:33:54:ad:99:6b:92:35:8c:1a:ab:
         79:2f:8c:28:8d:4f:89:66:ab:ef:30:f3:a7:27:f3:f0:e4:5f:
         21:c8:ac:a6:a4:fb:f1:bc:0d:6e:ce:36:53:b5:5f:50:41:1f:
         c7:1a:eb:a9:19:1b:1b:c0:5e:88:f7:15:bc:7f:48:e6:c6:5b:
         01:15:db:85:4e:1f:a2:fa:d9:ce:7a:5f:3b:fe:84:f6:14:9d:
         e7:66:ef:a0:8b:47:06:68:ed:ed:41:c2:e5:95:d4:a5:d7:97:
         d7:68:03:b9:ec:d2:32:83:c2:62:68:9b:37:d3:68:10:d9:9f:
         0c:06:86:a0:95:7d:6b:1e:21:6f:16:15:75:91:f0:ae:63:95:
         4b:9d:76:53:9e:71:35:5a:20:3d:67:6a:93:d4:ad:ea:1c:51:
         7e:f9:d1:81:f6:ac:aa:ff:da:06:60:ea:33:a1:84:92:87:64:
         41:63:cf:cb:b6:3e:e2:bc:35:4c:d2:24:07:44:65:92:ec:7a:
         d2:40:58:99:f7:0f:92:9c:d0:74:a3:bf:1b:d0:38:40:90:44:
         5b:8b:c7:94:6f:f0:fd:a1:3f:28:ab:25:4a:d3:f0:01:c0:37:
         32:43:6b:7e:55:7f:31:6b:64:37:03:10:8c:29:59:29:ef:62:
         cc:78:0f:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH/pnK4TIl54zWImZfKnuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmN2I3YzBkNmY3YjM0NjA4ZWIyNGNmYTFhODg4YmYzM2Ix
YjYxNTMwHhcNMjUwMTAxMTM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQ3ZmY3ODRjNTAyM2JkNzg1ZjZmNGI5MDU3NzcxY2QyZjlhOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kJzy2cJ180LXfNNlUNpktvmAFYm
mqSBgHHurI8Nv96Q5zeAF/q8acG/O4AGABMuf117V/g5CoWLjBjcIDIYP0OpApUe
WDUzutUOWhDSQXziGxLh/OHNykWNlvo15MdMBjC7HcYgW3ADB32QkyOA+jHAPHSa
v1R5ui4uOTWH2oNyxH+Gt9h0++Us/Ve+OjczewMaPCDjiTzS3eG7N4Csggpc6P6K
XpVz/E2Bg1hQUKjqx9TK5KmNl6HNyeYrlAKWyfdhDM3ldbbjk3WQcfk7+jprYz+O
2S+hsRqmS96EO023vy2FWJIqoA2oMAWs5Iaj+uX9mtnFCvSkbQUZyjwroQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFVH/3hMUCO9eF9vS5BXdxzS+ajnMB8GA1UdIwQY
MBaAFB97fA1vezRgjrJM+hqIi/M7G2FTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDN0OERXOTdOR0NPc2t6NkdvaUw4enNiWVZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zZTYwYWQtZDZiYi00NWEzLWFlZjMt
MmI5MzJlNjgyM2FkLzEvVlVmX2VFeFFJNzE0WDI5TGtGZDNITkw1cU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zZTYwYWQtZDZiYi00NWEzLWFlZjMtMmI5MzJlNjgyM2Fk
LzEvSDN0OERXOTdOR0NPc2t6NkdvaUw4enNiWVZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUESQMA0E
AgACMAcDBQMqBgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBrovMQNdIvIDNUrZlrkjWM
Gqt5L4wojU+JZqvvMPOnJ/Pw5F8hyKympPvxvA1uzjZTtV9QQR/HGuupGRsbwF6I
9xW8f0jmxlsBFduFTh+i+tnOel87/oT2FJ3nZu+gi0cGaO3tQcLlldSl15fXaAO5
7NIyg8JiaJs302gQ2Z8MBoaglX1rHiFvFhV1kfCuY5VLnXZTnnE1WiA9Z2qT1K3q
HFF++dGB9qyq/9oGYOozoYSSh2RBY8/Ltj7ivDVM0iQHRGWS7HrSQFiZ9w+SnNB0
o78b0DhAkERbi8eUb/D9oT8oqyVK0/ABwDcyQ2t+VX8xa2Q3AxCMKVkp72LMeA96
-----END CERTIFICATE-----