Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Vif29W-3fcIPPVlWCYw3gqQgj0U.roa
File:                     Vif29W-3fcIPPVlWCYw3gqQgj0U.roa (raw, json)
Hash identifier:          mBKo6kBp5aKtDQrGaY+LTFtjbW2WOx4wgeIf4JrxaMQ=
Subject key identifier:   56:27:F6:F5:6F:B7:7D:C2:0F:3D:59:56:09:8C:37:82:A4:20:8F:45
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0195432B4187BAF11F915858C9DF9397D684
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Vif29W-3fcIPPVlWCYw3gqQgj0U.roa
Signing time:             Wed 26 Feb 2025 16:51:02 +0000
ROA not before:           Wed 26 Feb 2025 16:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        185.229.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:43:2b:41:87:ba:f1:1f:91:58:58:c9:df:93:97:d6:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 26 16:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5627f6f56fb77dc20f3d5956098c3782a4208f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c6:cc:6e:c2:50:7a:ae:a7:df:88:13:e0:e0:
                    e1:ef:95:21:b2:d1:97:82:b1:79:aa:19:f8:96:93:
                    e3:53:48:66:6e:3b:76:86:0a:5c:13:7e:45:38:d0:
                    cd:88:32:c6:e6:14:5d:40:07:c1:df:7e:89:ea:1e:
                    d6:cd:92:21:8d:e9:3b:bd:c1:c8:8b:ad:1f:3f:61:
                    b0:d3:fb:22:1f:95:7e:ed:0d:9c:10:b2:25:96:5a:
                    58:a7:f4:0b:42:a9:9f:29:bc:86:e6:e7:b0:6b:3a:
                    c8:7b:7b:57:b7:5c:16:a6:0b:42:10:76:f9:5b:e3:
                    0c:4e:49:4f:68:fa:70:46:d1:ab:91:64:a9:13:96:
                    d8:1c:32:08:20:bc:ca:39:e9:3f:a5:a8:7a:6b:14:
                    42:a0:60:34:5e:36:a0:c9:04:6c:25:34:d7:c3:81:
                    7c:e5:49:f8:16:39:6d:70:fa:73:8a:91:c4:25:10:
                    43:ef:c1:24:0f:ef:3a:eb:89:db:47:46:56:4d:6a:
                    ab:5a:f9:8a:fc:9b:4c:ef:3e:05:1c:75:3e:49:96:
                    b2:05:9d:32:c8:49:4c:38:7e:2b:e3:24:13:4f:ec:
                    ff:63:cd:d0:ab:d3:e1:e1:0a:d7:fb:8b:26:2e:f6:
                    57:97:a2:44:71:d9:7d:a2:9e:96:5e:ca:8e:ff:20:
                    07:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:27:F6:F5:6F:B7:7D:C2:0F:3D:59:56:09:8C:37:82:A4:20:8F:45
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Vif29W-3fcIPPVlWCYw3gqQgj0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ab:ea:69:2c:7b:e8:73:74:07:2e:cb:a2:1d:a5:66:b8:a4:
         8b:b2:73:ea:df:9c:30:63:49:4a:54:ca:0d:22:73:19:de:a8:
         57:39:2e:51:f5:12:c6:e1:10:24:b4:ba:8f:e3:e2:9f:df:06:
         b4:4b:30:2f:59:1c:d6:95:6c:d9:98:1a:b3:6c:36:cf:61:de:
         ea:49:bd:ae:5f:c4:9e:74:23:c8:a3:07:da:f5:14:c5:2d:cb:
         36:59:2b:f0:db:fe:32:71:d9:79:56:a2:22:50:68:8f:52:90:
         b3:e3:05:09:ed:2f:84:8b:8d:b6:9b:3f:ff:d0:e7:1d:8a:f6:
         0b:94:c4:8a:1a:52:9e:d6:1e:52:54:20:e3:eb:98:ee:ec:74:
         b3:8c:18:18:d3:b2:c2:c9:0a:04:c7:b8:29:fc:27:a4:a8:88:
         38:56:f5:2f:e4:f0:1e:0f:c7:89:77:9b:48:9a:74:b8:39:c4:
         43:4a:0f:98:72:d3:91:5b:71:25:52:32:a6:e2:82:7d:43:c5:
         0f:a9:b4:be:a2:b3:73:a6:95:c7:b4:83:70:60:fe:1b:85:45:
         bb:a2:fc:28:92:12:4b:75:6b:ab:47:7c:14:18:2c:76:a1:c5:
         7a:26:0e:09:ca:73:50:ba:be:09:02:3b:72:93:37:04:6a:be:
         8f:11:3a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVDK0GHuvEfkVhYyd+Tl9aEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjI2MTY1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjI3ZjZmNTZmYjc3ZGMyMGYzZDU5NTYwOThjMzc4MmE0MjA4ZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cbMbsJQeq6n34gT4ODh75UhstGX
grF5qhn4lpPjU0hmbjt2hgpcE35FONDNiDLG5hRdQAfB336J6h7WzZIhjek7vcHI
i60fP2Gw0/siH5V+7Q2cELIlllpYp/QLQqmfKbyG5uewazrIe3tXt1wWpgtCEHb5
W+MMTklPaPpwRtGrkWSpE5bYHDIIILzKOek/pah6axRCoGA0XjagyQRsJTTXw4F8
5Un4FjltcPpzipHEJRBD78EkD+8664nbR0ZWTWqrWvmK/JtM7z4FHHU+SZayBZ0y
yElMOH4r4yQTT+z/Y83Qq9Ph4QrX+4smLvZXl6JEcdl9op6WXsqO/yAHDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYn9vVvt33CDz1ZVgmMN4KkII9FMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVmlmMjlXLTNmY0lQUFZsV0NZdzNncVFnajBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXcMA0G
CSqGSIb3DQEBCwUAA4IBAQAKq+ppLHvoc3QHLsuiHaVmuKSLsnPq35wwY0lKVMoN
InMZ3qhXOS5R9RLG4RAktLqP4+Kf3wa0SzAvWRzWlWzZmBqzbDbPYd7qSb2uX8Se
dCPIowfa9RTFLcs2WSvw2/4ycdl5VqIiUGiPUpCz4wUJ7S+Ei422mz//0OcdivYL
lMSKGlKe1h5SVCDj65ju7HSzjBgY07LCyQoEx7gp/CekqIg4VvUv5PAeD8eJd5tI
mnS4OcRDSg+YctORW3ElUjKm4oJ9Q8UPqbS+orNzppXHtINwYP4bhUW7ovwokhJL
dWurR3wUGCx2ocV6Jg4JynNQur4JAjtykzcEar6PETox
-----END CERTIFICATE-----