Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/Vp9dMAyfVmCM5zZQhLE8hK5dRc0.roa
File:                     Vp9dMAyfVmCM5zZQhLE8hK5dRc0.roa (raw, json)
Hash identifier:          5cnih+GaWo66TQ4L2W2BbOxLKl4dL4P027VTj45pMMU=
Subject key identifier:   56:9F:5D:30:0C:9F:56:60:8C:E7:36:50:84:B1:3C:84:AE:5D:45:CD
Certificate issuer:       /CN=8f3f9e7ffe8858387ed1b3a7eca76205ef0e21f6
Certificate serial:       019420D5ACB422079109BA17F15EB0C3CC0A
Authority key identifier: 8F:3F:9E:7F:FE:88:58:38:7E:D1:B3:A7:EC:A7:62:05:EF:0E:21:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jz-ef_6IWDh-0bOn7KdiBe8OIfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/Vp9dMAyfVmCM5zZQhLE8hK5dRc0.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1725
IP address blocks:        134.206.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/jz-ef_6IWDh-0bOn7KdiBe8OIfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/jz-ef_6IWDh-0bOn7KdiBe8OIfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jz-ef_6IWDh-0bOn7KdiBe8OIfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ac:b4:22:07:91:09:ba:17:f1:5e:b0:c3:cc:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3f9e7ffe8858387ed1b3a7eca76205ef0e21f6
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=569f5d300c9f56608ce7365084b13c84ae5d45cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7a:ee:f3:a0:9f:67:41:5a:0b:61:79:ce:cd:
                    b2:0e:1d:80:38:09:a3:d0:54:4a:34:76:b5:9d:2c:
                    ff:28:7e:34:dc:55:43:4f:07:14:54:4c:7b:64:a0:
                    3c:75:b9:41:6e:7f:c9:3f:a1:de:3a:6a:b8:ac:64:
                    3d:27:31:b7:f4:9b:79:1d:9b:6d:46:d0:aa:54:49:
                    89:08:e3:71:21:83:93:9d:56:88:9d:26:3e:ae:ca:
                    6a:8c:40:db:be:fe:d9:6a:74:dd:81:0e:fc:af:dd:
                    b6:ae:e0:af:83:fa:93:ad:dd:e8:b6:64:30:58:84:
                    b0:33:50:5b:4e:b2:9b:35:42:f7:53:b0:54:f3:cc:
                    0a:f2:28:b0:71:34:d9:04:de:7a:44:0a:78:71:21:
                    15:cd:ca:c0:45:c7:8f:9d:cf:6f:43:2d:33:af:6c:
                    fa:43:bb:58:e6:70:e9:33:20:1f:e6:82:f5:3e:a4:
                    21:5d:8b:ce:24:9e:6a:22:3d:31:b7:31:32:80:a3:
                    bb:ed:42:65:a9:ad:d4:e0:92:36:0d:6d:8a:1a:97:
                    ab:47:94:71:60:a1:25:5f:f0:e4:ae:e1:e9:a2:ed:
                    0a:40:83:40:08:dc:1f:0e:09:88:52:29:d6:53:a6:
                    66:f5:59:20:23:c0:7e:5e:99:14:65:8a:a5:91:de:
                    7b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:9F:5D:30:0C:9F:56:60:8C:E7:36:50:84:B1:3C:84:AE:5D:45:CD
            X509v3 Authority Key Identifier:
                keyid:8F:3F:9E:7F:FE:88:58:38:7E:D1:B3:A7:EC:A7:62:05:EF:0E:21:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jz-ef_6IWDh-0bOn7KdiBe8OIfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/Vp9dMAyfVmCM5zZQhLE8hK5dRc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/8420e6-8c3e-4ccb-b143-e7acf941f375/1/jz-ef_6IWDh-0bOn7KdiBe8OIfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:e4:47:36:a2:54:05:af:10:04:97:88:43:af:8f:93:3c:39:
         26:db:c9:01:c4:05:df:a1:42:e6:1e:18:6b:2a:09:2c:d6:c7:
         f7:50:84:39:38:bb:b4:74:be:08:50:64:f0:94:64:8c:23:0b:
         c4:d0:5d:58:00:c1:6a:05:fc:7e:27:8b:c0:b9:27:f6:a7:8f:
         1d:f4:74:92:74:3f:a7:6e:d9:00:20:8f:cc:27:59:cb:af:cc:
         d0:70:01:42:b2:30:4d:52:44:d0:29:56:1e:d2:16:b3:76:f5:
         d4:31:11:a4:ca:ac:9f:6f:b8:24:b6:74:38:01:19:11:af:18:
         36:af:cb:54:50:4c:f1:6f:51:e9:27:29:18:df:b4:9e:5f:eb:
         e0:98:53:65:32:c4:5e:6d:46:a6:1b:38:ad:a3:46:65:b3:64:
         b4:10:fd:9b:da:4c:6d:12:29:2c:e6:b5:63:5b:51:81:0c:3f:
         98:57:87:af:83:5d:b9:8f:57:1b:b8:c7:f9:5c:f5:82:23:5d:
         8f:7e:d7:58:32:30:37:33:96:0d:5d:e6:b8:95:d2:84:94:59:
         e5:16:e7:38:ef:ad:5e:8f:d8:f7:e7:37:5c:2a:69:21:ac:1c:
         61:06:bc:6c:67:0e:c7:f7:e5:79:3a:39:b4:27:29:a6:9d:25:
         4d:51:29:44
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQg1ay0IgeRCboX8V6ww8wKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmM2Y5ZTdmZmU4ODU4Mzg3ZWQxYjNhN2VjYTc2MjA1ZWYw
ZTIxZjYwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjlmNWQzMDBjOWY1NjYwOGNlNzM2NTA4NGIxM2M4NGFlNWQ0NWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3ru86CfZ0FaC2F5zs2yDh2AOAmj
0FRKNHa1nSz/KH403FVDTwcUVEx7ZKA8dblBbn/JP6HeOmq4rGQ9JzG39Jt5HZtt
RtCqVEmJCONxIYOTnVaInSY+rspqjEDbvv7ZanTdgQ78r922ruCvg/qTrd3otmQw
WISwM1BbTrKbNUL3U7BU88wK8iiwcTTZBN56RAp4cSEVzcrARcePnc9vQy0zr2z6
Q7tY5nDpMyAf5oL1PqQhXYvOJJ5qIj0xtzEygKO77UJlqa3U4JI2DW2KGperR5Rx
YKElX/DkruHpou0KQINACNwfDgmIUinWU6Zm9VkgI8B+XpkUZYqlkd57KwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFafXTAMn1ZgjOc2UISxPISuXUXNMB8GA1UdIwQY
MBaAFI8/nn/+iFg4ftGzp+ynYgXvDiH2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanotZWZfNklXRGgtMGJPbjdLZGlCZThPSWZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy84NDIwZTYtOGMzZS00Y2NiLWIxNDMt
ZTdhY2Y5NDFmMzc1LzEvVnA5ZE1BeWZWbUNNNXpaUWhMRThoSzVkUmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy84NDIwZTYtOGMzZS00Y2NiLWIxNDMtZTdhY2Y5NDFmMzc1
LzEvanotZWZfNklXRGgtMGJPbjdLZGlCZThPSWZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhs4wDQYJ
KoZIhvcNAQELBQADggEBAIjkRzaiVAWvEASXiEOvj5M8OSbbyQHEBd+hQuYeGGsq
CSzWx/dQhDk4u7R0vghQZPCUZIwjC8TQXVgAwWoF/H4ni8C5J/anjx30dJJ0P6du
2QAgj8wnWcuvzNBwAUKyME1SRNApVh7SFrN29dQxEaTKrJ9vuCS2dDgBGRGvGDav
y1RQTPFvUeknKRjftJ5f6+CYU2UyxF5tRqYbOK2jRmWzZLQQ/ZvaTG0SKSzmtWNb
UYEMP5hXh6+DXbmPVxu4x/lc9YIjXY9+11gyMDczlg1d5riV0oSUWeUW5zjvrV6P
2PfnN1wqaSGsHGEGvGxnDsf35Xk6ObQnKaadJU1RKUQ=
-----END CERTIFICATE-----