Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/vir9lXd95VlX33FtFKeYsF-pV7c.roa
File:                     vir9lXd95VlX33FtFKeYsF-pV7c.roa (raw, json)
Hash identifier:          qWwJG4kSEBMq0oRm7MvhT+tJgjjEqP9pDam2i3CMe+g=
Subject key identifier:   BE:2A:FD:95:77:7D:E5:59:57:DF:71:6D:14:A7:98:B0:5F:A9:57:B7
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       01970B614AE42322B3DEA31279B2A86B95E8
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/vir9lXd95VlX33FtFKeYsF-pV7c.roa
Signing time:             Mon 26 May 2025 06:56:54 +0000
ROA not before:           Mon 26 May 2025 06:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        141.98.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:61:4a:e4:23:22:b3:de:a3:12:79:b2:a8:6b:95:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: May 26 06:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be2afd95777de55957df716d14a798b05fa957b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c7:b4:f9:3c:47:8f:a5:61:55:26:67:35:85:
                    e6:d5:e9:cb:8f:15:0b:8c:77:64:0d:76:42:0f:7b:
                    7b:8c:80:a9:14:b1:fe:41:24:94:95:d6:d1:99:d9:
                    a0:fa:82:d6:2c:ac:ee:a4:52:90:e4:0d:14:c7:83:
                    7b:b2:6e:59:1b:7a:76:08:a8:37:19:f7:5d:0b:86:
                    01:49:60:60:62:b0:2a:9a:a0:6d:ad:70:a9:5f:8f:
                    31:93:c3:6c:7d:95:a2:71:37:76:57:c5:3a:a8:26:
                    a0:36:00:ad:70:f5:29:98:6d:0e:2c:f2:17:a6:17:
                    dd:70:ed:fe:87:a8:6f:79:5d:dc:b1:c7:f8:cb:10:
                    c2:5a:c3:93:30:b0:2e:0d:31:a2:28:0a:d8:17:b4:
                    a0:61:63:9f:39:0c:bc:2c:fa:e8:da:c5:c6:7e:9a:
                    c9:e3:3a:7a:ce:4b:98:37:d5:e7:42:28:3a:ee:13:
                    be:29:08:0e:a3:04:f5:63:87:6c:e9:29:5a:29:52:
                    24:fd:ca:10:2a:c6:94:24:75:fe:15:ef:92:d1:fd:
                    ee:f5:6a:35:89:f8:ee:11:fe:e8:f1:b5:b4:92:9d:
                    71:2c:a8:18:4e:f7:79:c2:68:f2:e9:1a:bd:51:39:
                    4e:b4:a7:0e:fd:ff:61:5d:c5:2b:45:8a:97:0b:42:
                    1a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:2A:FD:95:77:7D:E5:59:57:DF:71:6D:14:A7:98:B0:5F:A9:57:B7
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/vir9lXd95VlX33FtFKeYsF-pV7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d2:f6:10:a2:25:2b:a0:55:73:f0:b1:8b:6d:72:8c:56:87:
         d6:b2:6f:66:99:5f:88:51:e6:2c:ca:fc:06:f9:3f:02:8f:a0:
         d4:d6:3c:38:38:c1:b5:62:a3:32:2f:48:b0:b9:0c:a5:4d:a3:
         91:6d:a5:f6:7d:76:d4:00:07:96:ef:f0:34:c3:65:20:f3:41:
         7b:7e:8b:71:36:d2:da:c4:55:9f:3a:60:6d:2c:43:9d:28:45:
         af:29:85:b2:4e:72:56:2b:dc:d3:bd:af:89:45:8c:65:93:72:
         55:f5:ca:df:03:37:d8:af:d4:06:90:43:76:20:13:8e:ee:39:
         f4:67:57:f6:fb:8b:1f:dc:17:da:c9:3d:95:74:ff:c4:35:66:
         67:91:3a:1b:4f:ef:14:b3:46:82:3e:e1:aa:ec:31:d4:69:4b:
         d2:eb:b4:a8:a8:84:f2:60:36:36:7d:74:f4:8c:73:13:1f:56:
         96:d9:94:ea:15:45:77:1b:0e:91:e0:b3:d2:11:63:73:cf:9b:
         ea:c0:6d:e3:3c:58:94:44:36:51:2b:4d:a4:d7:fe:09:e5:2b:
         1d:40:2f:a0:5d:41:f6:de:bd:c3:2d:cd:8b:d2:43:f5:8b:fa:
         ec:96:55:46:93:aa:3f:d6:b4:2f:8e:66:e4:ad:14:c3:29:ab:
         a2:10:50:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcLYUrkIyKz3qMSebKoa5XoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjUwNTI2MDY1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTJhZmQ5NTc3N2RlNTU5NTdkZjcxNmQxNGE3OThiMDVmYTk1N2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8e0+TxHj6VhVSZnNYXm1enLjxUL
jHdkDXZCD3t7jICpFLH+QSSUldbRmdmg+oLWLKzupFKQ5A0Ux4N7sm5ZG3p2CKg3
GfddC4YBSWBgYrAqmqBtrXCpX48xk8NsfZWicTd2V8U6qCagNgCtcPUpmG0OLPIX
phfdcO3+h6hveV3cscf4yxDCWsOTMLAuDTGiKArYF7SgYWOfOQy8LPro2sXGfprJ
4zp6zkuYN9XnQig67hO+KQgOowT1Y4ds6SlaKVIk/coQKsaUJHX+Fe+S0f3u9Wo1
ifjuEf7o8bW0kp1xLKgYTvd5wmjy6Rq9UTlOtKcO/f9hXcUrRYqXC0IahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4q/ZV3feVZV99xbRSnmLBfqVe3MB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvdmlyOWxYZDk1VmxYMzNGdEZLZVlzRi1wVjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKJMA0G
CSqGSIb3DQEBCwUAA4IBAQAO0vYQoiUroFVz8LGLbXKMVofWsm9mmV+IUeYsyvwG
+T8Cj6DU1jw4OMG1YqMyL0iwuQylTaORbaX2fXbUAAeW7/A0w2Ug80F7fotxNtLa
xFWfOmBtLEOdKEWvKYWyTnJWK9zTva+JRYxlk3JV9crfAzfYr9QGkEN2IBOO7jn0
Z1f2+4sf3BfayT2VdP/ENWZnkTobT+8Us0aCPuGq7DHUaUvS67SoqITyYDY2fXT0
jHMTH1aW2ZTqFUV3Gw6R4LPSEWNzz5vqwG3jPFiURDZRK02k1/4J5SsdQC+gXUH2
3r3DLc2L0kP1i/rsllVGk6o/1rQvjmbkrRTDKauiEFDA
-----END CERTIFICATE-----