Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/VI7MbqfUntVnN_kMd5I5Qw5bl-4.roa
File:                     VI7MbqfUntVnN_kMd5I5Qw5bl-4.roa (raw, json)
Hash identifier:          yObUZYg1Kq2iUCPpFKIeS8ZVs5ZMohWqBvzb45a6JFM=
Subject key identifier:   54:8E:CC:6E:A7:D4:9E:D5:67:37:F9:0C:77:92:39:43:0E:5B:97:EE
Certificate issuer:       /CN=af4d16c335407bf0d0a51cef9b9c1c5310280f48
Certificate serial:       019424B39317FAFC0CB1F95C0CCE24B463DD
Authority key identifier: AF:4D:16:C3:35:40:7B:F0:D0:A5:1C:EF:9B:9C:1C:53:10:28:0F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r00WwzVAe_DQpRzvm5wcUxAoD0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/VI7MbqfUntVnN_kMd5I5Qw5bl-4.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25176
IP address blocks:        185.80.208.0/22 maxlen: 22
                          2a03:7c80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/r00WwzVAe_DQpRzvm5wcUxAoD0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/r00WwzVAe_DQpRzvm5wcUxAoD0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r00WwzVAe_DQpRzvm5wcUxAoD0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:93:17:fa:fc:0c:b1:f9:5c:0c:ce:24:b4:63:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af4d16c335407bf0d0a51cef9b9c1c5310280f48
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=548ecc6ea7d49ed56737f90c779239430e5b97ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:19:91:39:83:1b:2e:17:ce:16:3b:16:04:7d:
                    23:e7:e7:c1:76:c5:05:e4:00:f9:18:1a:57:1e:2e:
                    d6:38:34:d4:35:f0:37:3d:08:15:13:63:e6:57:bb:
                    f3:57:b8:b2:66:82:e9:98:51:81:60:2b:2f:43:bb:
                    5f:99:f0:d3:12:1d:9b:b2:43:1a:2a:5b:56:a3:fd:
                    f5:34:85:17:9f:cb:7a:74:78:5b:7d:da:37:1b:ba:
                    8b:c3:ce:a1:35:44:bc:bc:f1:70:11:70:3b:f4:df:
                    4f:01:74:57:e0:48:6f:3c:04:3e:e6:6b:4f:31:a1:
                    b2:36:a8:54:39:ef:f0:2f:d7:9b:11:93:00:d3:34:
                    a8:b4:bc:a8:8c:fe:f0:79:de:f6:7e:9a:1b:62:74:
                    71:8d:5f:72:18:57:12:f8:6d:46:14:b4:13:90:a8:
                    dc:b7:2a:b1:bb:04:64:f0:81:96:d8:1c:85:f7:78:
                    73:af:7a:62:4e:6c:8d:2a:8b:ad:0a:4c:f2:a7:d4:
                    2a:da:4f:a2:38:c7:7d:7d:41:a7:95:bf:ce:f0:69:
                    a7:4c:8c:10:35:9a:25:7f:29:df:35:6d:14:00:78:
                    27:6e:cc:3c:30:dd:05:cf:43:d5:66:bf:dd:21:25:
                    31:d3:f0:a4:f8:a6:34:c8:96:d3:c5:8c:aa:93:ba:
                    ce:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:8E:CC:6E:A7:D4:9E:D5:67:37:F9:0C:77:92:39:43:0E:5B:97:EE
            X509v3 Authority Key Identifier:
                keyid:AF:4D:16:C3:35:40:7B:F0:D0:A5:1C:EF:9B:9C:1C:53:10:28:0F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r00WwzVAe_DQpRzvm5wcUxAoD0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/VI7MbqfUntVnN_kMd5I5Qw5bl-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dbc0e6-2555-4bf3-9ab1-9915990bcb59/1/r00WwzVAe_DQpRzvm5wcUxAoD0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.208.0/22
                IPv6:
                  2a03:7c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:d3:42:de:c0:dd:e9:32:03:f0:42:41:1a:a9:82:43:33:7d:
         f1:ba:67:1d:74:72:bb:af:43:d9:5b:12:7e:f1:e7:49:12:38:
         0a:eb:2a:86:23:db:40:f6:a6:71:67:3e:98:68:14:40:c4:af:
         1c:06:a6:62:2b:09:16:c5:8d:4f:15:17:7e:6c:34:23:6e:be:
         16:c8:81:54:90:82:93:a6:b6:62:a2:36:c6:54:20:f9:29:1d:
         f8:a5:47:33:c5:36:cf:39:1a:1a:19:a9:82:a3:3c:df:93:dd:
         b7:3b:a4:ef:4f:7e:b4:86:1c:15:2a:41:d8:07:99:7c:55:c0:
         de:44:00:19:90:32:da:0a:6b:84:1e:2b:19:57:82:ee:67:2e:
         1d:96:22:59:fe:a6:0b:a0:32:f2:5e:ff:5d:e9:a5:28:09:8d:
         ed:4d:83:e1:92:25:3a:e0:30:68:54:27:82:cd:81:8d:73:50:
         cb:5d:a9:ae:1c:3a:de:fd:6e:f8:46:31:e1:5a:37:18:14:95:
         3c:1e:01:1e:c3:d1:58:6c:a4:64:18:37:84:9b:12:04:50:b5:
         c3:69:7e:67:46:3a:5a:f7:2f:5e:12:e2:0f:ba:98:11:c3:4e:
         fb:cf:8f:64:9c:9d:fc:e0:ba:5c:2b:4d:1a:37:61:33:a5:02:
         e2:4f:69:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks5MX+vwMsflcDM4ktGPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNGQxNmMzMzU0MDdiZjBkMGE1MWNlZjliOWMxYzUzMTAy
ODBmNDgwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDhlY2M2ZWE3ZDQ5ZWQ1NjczN2Y5MGM3NzkyMzk0MzBlNWI5N2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhmROYMbLhfOFjsWBH0j5+fBdsUF
5AD5GBpXHi7WODTUNfA3PQgVE2PmV7vzV7iyZoLpmFGBYCsvQ7tfmfDTEh2bskMa
KltWo/31NIUXn8t6dHhbfdo3G7qLw86hNUS8vPFwEXA79N9PAXRX4EhvPAQ+5mtP
MaGyNqhUOe/wL9ebEZMA0zSotLyojP7wed72fpobYnRxjV9yGFcS+G1GFLQTkKjc
tyqxuwRk8IGW2ByF93hzr3piTmyNKoutCkzyp9Qq2k+iOMd9fUGnlb/O8GmnTIwQ
NZolfynfNW0UAHgnbsw8MN0Fz0PVZr/dISUx0/Ck+KY0yJbTxYyqk7rOsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFSOzG6n1J7VZzf5DHeSOUMOW5fuMB8GA1UdIwQY
MBaAFK9NFsM1QHvw0KUc75ucHFMQKA9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjAwV3d6VkFlX0RRcFJ6dm01d2NVeEFvRDBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kYmMwZTYtMjU1NS00YmYzLTlhYjEt
OTkxNTk5MGJjYjU5LzEvVkk3TWJxZlVudFZuTl9rTWQ1STVRdzVibC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kYmMwZTYtMjU1NS00YmYzLTlhYjEtOTkxNTk5MGJjYjU5
LzEvcjAwV3d6VkFlX0RRcFJ6dm01d2NVeEFvRDBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVDQMA0E
AgACMAcDBQAqA3yAMA0GCSqGSIb3DQEBCwUAA4IBAQBG00LewN3pMgPwQkEaqYJD
M33xumcddHK7r0PZWxJ+8edJEjgK6yqGI9tA9qZxZz6YaBRAxK8cBqZiKwkWxY1P
FRd+bDQjbr4WyIFUkIKTprZiojbGVCD5KR34pUczxTbPORoaGamCozzfk923O6Tv
T360hhwVKkHYB5l8VcDeRAAZkDLaCmuEHisZV4LuZy4dliJZ/qYLoDLyXv9d6aUo
CY3tTYPhkiU64DBoVCeCzYGNc1DLXamuHDre/W74RjHhWjcYFJU8HgEew9FYbKRk
GDeEmxIEULXDaX5nRjpa9y9eEuIPupgRw077z49knJ384LpcK00aN2EzpQLiT2mf
-----END CERTIFICATE-----