Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/VJcY17IQh2BSqR-lhhdapfFR2Jg.roa
File:                     VJcY17IQh2BSqR-lhhdapfFR2Jg.roa (raw, json)
Hash identifier:          42V4cyYK1j/bnIgnYxXURiJulSqpvLBcVAwt2BGPORo=
Subject key identifier:   54:97:18:D7:B2:10:87:60:52:A9:1F:A5:86:17:5A:A5:F1:51:D8:98
Certificate issuer:       /CN=bef6650582c00dbb2591cedc298c0cd3c5968ab0
Certificate serial:       019421B1CEB2A4B3A03364F6AE6B758957AC
Authority key identifier: BE:F6:65:05:82:C0:0D:BB:25:91:CE:DC:29:8C:0C:D3:C5:96:8A:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vvZlBYLADbslkc7cKYwM08WWirA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/VJcY17IQh2BSqR-lhhdapfFR2Jg.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        185.253.192.0/22 maxlen: 22
                          2a04:4c00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/vvZlBYLADbslkc7cKYwM08WWirA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/vvZlBYLADbslkc7cKYwM08WWirA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vvZlBYLADbslkc7cKYwM08WWirA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ce:b2:a4:b3:a0:33:64:f6:ae:6b:75:89:57:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bef6650582c00dbb2591cedc298c0cd3c5968ab0
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=549718d7b210876052a91fa586175aa5f151d898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:40:20:e0:ef:4c:b1:78:30:9c:07:92:8c:57:
                    29:56:23:4b:d4:8a:ce:8e:e8:a5:8b:7b:97:41:30:
                    a7:26:a4:3a:a3:ef:3e:7b:31:3e:a6:ab:63:8b:3c:
                    ed:46:c9:ea:75:0d:b0:1b:e2:44:1b:a3:78:6c:79:
                    4c:0d:a4:b1:73:d2:b9:14:57:00:2f:5b:a9:6d:a2:
                    7d:b6:4b:25:97:c2:3f:82:e5:86:4c:98:38:4e:c8:
                    12:63:8b:cc:53:34:68:94:5b:60:fe:a4:1c:c3:55:
                    dc:d5:78:c5:bd:aa:5d:d7:f5:83:e7:fc:0d:00:ac:
                    b7:72:67:a3:71:c2:b4:6e:6a:b3:17:5c:3c:3f:8b:
                    8b:ee:fa:d3:1c:7e:a8:74:da:e9:c8:0b:c0:b7:2c:
                    d0:c0:ff:ad:d9:87:cd:91:33:65:0d:d0:fd:a6:fc:
                    d4:a4:4d:3a:da:88:05:a7:36:59:2f:de:5a:f8:71:
                    bc:34:79:77:b5:64:22:9e:67:85:e6:54:c0:9d:a4:
                    3b:01:9b:26:4e:54:7f:10:dd:9e:20:c0:b6:78:dd:
                    20:2e:40:c8:a9:ec:b4:dc:72:a7:fb:47:a0:9c:f8:
                    71:76:24:f2:d8:e7:4f:f5:41:3e:50:a1:39:e3:d3:
                    51:ac:69:51:01:0c:e9:53:43:d4:d5:5b:35:8b:2e:
                    bc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:97:18:D7:B2:10:87:60:52:A9:1F:A5:86:17:5A:A5:F1:51:D8:98
            X509v3 Authority Key Identifier:
                keyid:BE:F6:65:05:82:C0:0D:BB:25:91:CE:DC:29:8C:0C:D3:C5:96:8A:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vvZlBYLADbslkc7cKYwM08WWirA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/VJcY17IQh2BSqR-lhhdapfFR2Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/ffc204-d4d2-4a67-85af-f9a33ff011cb/1/vvZlBYLADbslkc7cKYwM08WWirA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.192.0/22
                IPv6:
                  2a04:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:68:7d:47:c2:92:96:d3:27:a3:41:51:54:31:5d:e0:5a:0f:
         14:02:97:e2:5d:f4:47:0e:1d:db:03:18:57:42:f8:e3:a7:9e:
         0e:6c:db:29:d5:1f:66:77:c4:73:61:8e:8c:3c:02:49:57:89:
         40:b9:b3:81:1c:29:60:44:bd:a3:24:30:61:65:6e:db:25:87:
         fe:43:69:bc:5e:80:41:46:ed:f1:88:56:ad:f7:7f:54:a6:31:
         5e:65:99:02:ab:d4:ed:e4:7f:7a:ef:ff:d6:8b:2a:99:48:a8:
         2f:64:32:50:e9:a4:b7:ae:a7:f0:ec:64:04:5c:c9:b2:15:65:
         b6:46:f0:ab:3b:19:6f:c8:0a:e5:9c:c0:d9:b3:26:5c:62:c3:
         ec:60:79:21:63:7f:ba:cd:3e:4c:ec:72:c4:43:c7:07:de:f2:
         84:59:93:95:36:4a:10:44:4b:4b:df:4b:91:8d:b3:0b:0b:ce:
         50:b5:d8:17:84:bb:dd:8a:79:e6:e8:00:14:18:ac:dd:23:13:
         4b:2e:ff:dc:e2:14:e2:89:36:b0:be:f6:7e:1d:44:e6:45:76:
         13:72:82:bd:12:d6:84:43:8b:c5:09:84:74:77:30:98:22:e0:
         bc:a9:89:7e:b0:29:0c:61:67:ee:7c:fb:a8:d8:8b:4a:58:99:
         45:e6:53:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsc6ypLOgM2T2rmt1iVesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZjY2NTA1ODJjMDBkYmIyNTkxY2VkYzI5OGMwY2QzYzU5
NjhhYjAwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDk3MThkN2IyMTA4NzYwNTJhOTFmYTU4NjE3NWFhNWYxNTFkODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kAg4O9MsXgwnAeSjFcpViNL1IrO
juili3uXQTCnJqQ6o+8+ezE+pqtjizztRsnqdQ2wG+JEG6N4bHlMDaSxc9K5FFcA
L1upbaJ9tksll8I/guWGTJg4TsgSY4vMUzRolFtg/qQcw1Xc1XjFvapd1/WD5/wN
AKy3cmejccK0bmqzF1w8P4uL7vrTHH6odNrpyAvAtyzQwP+t2YfNkTNlDdD9pvzU
pE062ogFpzZZL95a+HG8NHl3tWQinmeF5lTAnaQ7AZsmTlR/EN2eIMC2eN0gLkDI
qey03HKn+0egnPhxdiTy2OdP9UE+UKE549NRrGlRAQzpU0PU1Vs1iy680QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFSXGNeyEIdgUqkfpYYXWqXxUdiYMB8GA1UdIwQY
MBaAFL72ZQWCwA27JZHO3CmMDNPFloqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnZabEJZTEFEYnNsa2M3Y0tZd00wOFdXaXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9mZmMyMDQtZDRkMi00YTY3LTg1YWYt
ZjlhMzNmZjAxMWNiLzEvVkpjWTE3SVFoMkJTcVItbGhoZGFwZkZSMkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9mZmMyMDQtZDRkMi00YTY3LTg1YWYtZjlhMzNmZjAxMWNi
LzEvdnZabEJZTEFEYnNsa2M3Y0tZd00wOFdXaXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf3AMA0E
AgACMAcDBQMqBEwAMA0GCSqGSIb3DQEBCwUAA4IBAQAZaH1HwpKW0yejQVFUMV3g
Wg8UApfiXfRHDh3bAxhXQvjjp54ObNsp1R9md8RzYY6MPAJJV4lAubOBHClgRL2j
JDBhZW7bJYf+Q2m8XoBBRu3xiFat939UpjFeZZkCq9Tt5H967//WiyqZSKgvZDJQ
6aS3rqfw7GQEXMmyFWW2RvCrOxlvyArlnMDZsyZcYsPsYHkhY3+6zT5M7HLEQ8cH
3vKEWZOVNkoQREtL30uRjbMLC85QtdgXhLvdinnm6AAUGKzdIxNLLv/c4hTiiTaw
vvZ+HUTmRXYTcoK9EtaEQ4vFCYR0dzCYIuC8qYl+sCkMYWfufPuo2ItKWJlF5lP5
-----END CERTIFICATE-----