Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/vfMCWDXHqUhfE9pCWjy3UIK3sYE.roa
File:                     vfMCWDXHqUhfE9pCWjy3UIK3sYE.roa (raw, json)
Hash identifier:          cZ4cjZLkxHd/pGP9SjokJ4j+E/I+MNHdDpithj4CeCo=
Subject key identifier:   BD:F3:02:58:35:C7:A9:48:5F:13:DA:42:5A:3C:B7:50:82:B7:B1:81
Certificate issuer:       /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial:       0194228D7C0450AEFAA6B7D7DED3008A2518
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/vfMCWDXHqUhfE9pCWjy3UIK3sYE.roa
Signing time:             Wed 01 Jan 2025 15:48:05 +0000
ROA not before:           Wed 01 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207579
IP address blocks:        62.122.229.0/24 maxlen: 24
                          185.210.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7c:04:50:ae:fa:a6:b7:d7:de:d3:00:8a:25:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
        Validity
            Not Before: Jan  1 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdf3025835c7a9485f13da425a3cb75082b7b181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b9:a9:90:e4:8d:0b:48:7a:69:55:72:0a:77:
                    e9:0d:04:bb:f2:05:be:e0:35:66:cb:7c:0f:64:e6:
                    9f:b4:ca:44:cd:4d:b1:bf:92:5e:07:fb:80:dc:e4:
                    76:41:8a:15:f4:45:31:38:fb:5f:78:27:b3:bb:7a:
                    49:98:68:84:46:39:1c:4a:5b:b4:5b:f3:a6:67:39:
                    a8:99:14:c4:66:bf:24:b0:ce:72:fd:ad:02:77:78:
                    21:5b:39:8e:b1:4c:c9:23:ff:a4:94:5b:fe:4c:ef:
                    63:05:b0:ae:2e:27:91:f5:ef:d1:33:7d:e9:e7:76:
                    3c:72:c7:14:ae:26:3a:99:8c:6c:bc:d5:7e:69:79:
                    60:48:19:58:1a:06:6d:e3:1a:6b:3c:79:42:3f:35:
                    90:bd:02:6f:7e:ea:e9:8d:2c:94:e1:1e:c8:b7:35:
                    0b:46:20:d8:05:db:c9:84:bf:6d:53:0a:21:b8:4b:
                    93:8b:b9:04:5f:06:ab:99:fa:ef:8c:1f:13:86:3b:
                    dd:1a:2f:e5:d0:04:d6:5c:38:34:ec:70:08:65:4c:
                    b4:c2:a1:dc:55:18:a7:bc:d0:3b:ca:d0:9a:2f:70:
                    e7:0d:ad:1b:2f:2d:e5:b1:c3:71:1e:af:95:a9:ac:
                    10:7b:43:ab:2c:6b:f3:e9:12:f9:b2:e3:65:ed:2b:
                    8f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F3:02:58:35:C7:A9:48:5F:13:DA:42:5A:3C:B7:50:82:B7:B1:81
            X509v3 Authority Key Identifier:
                keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/vfMCWDXHqUhfE9pCWjy3UIK3sYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.229.0/24
                  185.210.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:67:15:78:be:f0:e4:17:16:1a:27:3e:1a:21:69:9b:98:85:
         25:fe:1c:9b:47:d9:38:3d:3c:20:25:cf:8b:6a:15:b6:26:3d:
         a1:e8:64:84:e9:5d:f1:0e:e6:c9:dd:c3:72:38:f1:c5:33:dd:
         92:0b:5c:8b:7e:88:d3:cd:7f:6f:3b:97:f4:39:b4:3b:1a:c1:
         62:eb:95:62:a0:0f:63:89:26:3b:3b:56:40:72:2e:63:4e:5c:
         d0:12:c9:94:3d:4a:92:af:1e:61:82:17:de:16:8a:05:30:50:
         ed:e2:92:5e:4d:a0:27:9a:91:b7:f2:1f:32:b4:e0:1e:a0:ae:
         cc:08:de:0f:74:d0:17:46:5e:4e:34:53:e4:5f:ed:89:60:49:
         54:51:61:15:6a:1b:86:7c:ba:9e:01:51:ad:c2:6f:5c:7b:c0:
         57:ab:bd:96:62:a0:81:e3:95:fa:c4:fa:57:8d:47:60:3e:f8:
         81:d8:02:7c:28:2e:3a:c6:d9:d3:83:a1:d8:a2:1c:c8:ba:64:
         44:b5:ff:e0:fb:0d:f9:e3:4d:aa:04:cb:29:08:3c:ce:7b:51:
         e2:bc:15:86:e4:91:1d:13:70:1a:57:38:4a:7d:27:31:07:5a:
         6c:dd:0c:b3:ec:05:75:a6:43:9d:ac:fb:9a:eb:6b:bc:50:b5:
         18:db:e7:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijXwEUK76prfX3tMAiiUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjUwMTAxMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGYzMDI1ODM1YzdhOTQ4NWYxM2RhNDI1YTNjYjc1MDgyYjdiMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLmpkOSNC0h6aVVyCnfpDQS78gW+
4DVmy3wPZOaftMpEzU2xv5JeB/uA3OR2QYoV9EUxOPtfeCezu3pJmGiERjkcSlu0
W/OmZzmomRTEZr8ksM5y/a0Cd3ghWzmOsUzJI/+klFv+TO9jBbCuLieR9e/RM33p
53Y8cscUriY6mYxsvNV+aXlgSBlYGgZt4xprPHlCPzWQvQJvfurpjSyU4R7ItzUL
RiDYBdvJhL9tUwohuEuTi7kEXwarmfrvjB8ThjvdGi/l0ATWXDg07HAIZUy0wqHc
VRinvNA7ytCaL3DnDa0bLy3lscNxHq+VqawQe0OrLGvz6RL5suNl7SuP7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL3zAlg1x6lIXxPaQlo8t1CCt7GBMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvdmZNQ1dEWEhxVWhmRTlwQ1dqeTNVSUszc1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPnrlAwQA
udLCMA0GCSqGSIb3DQEBCwUAA4IBAQCcZxV4vvDkFxYaJz4aIWmbmIUl/hybR9k4
PTwgJc+LahW2Jj2h6GSE6V3xDubJ3cNyOPHFM92SC1yLfojTzX9vO5f0ObQ7GsFi
65VioA9jiSY7O1ZAci5jTlzQEsmUPUqSrx5hghfeFooFMFDt4pJeTaAnmpG38h8y
tOAeoK7MCN4PdNAXRl5ONFPkX+2JYElUUWEVahuGfLqeAVGtwm9ce8BXq72WYqCB
45X6xPpXjUdgPviB2AJ8KC46xtnTg6HYohzIumREtf/g+w35402qBMspCDzOe1Hi
vBWG5JEdE3AaVzhKfScxB1ps3Qyz7AV1pkOdrPua62u8ULUY2+dM
-----END CERTIFICATE-----