Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/jVxo0eRrcP2pgqEM2o5yJCaDJF8.roa
File:                     jVxo0eRrcP2pgqEM2o5yJCaDJF8.roa (raw, json)
Hash identifier:          16iXvR9xhaKTmRi0zkcfcRjJRbOmgMjKBuv8xrJfUx4=
Subject key identifier:   8D:5C:68:D1:E4:6B:70:FD:A9:82:A1:0C:DA:8E:72:24:26:83:24:5F
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       0194236A2B22F5797ED5B0FDA3EA0A6BE2F5
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/jVxo0eRrcP2pgqEM2o5yJCaDJF8.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42751
IP address blocks:        77.222.32.0/21 maxlen: 21
                          77.222.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2b:22:f5:79:7e:d5:b0:fd:a3:ea:0a:6b:e2:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d5c68d1e46b70fda982a10cda8e72242683245f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bc:c0:d4:c7:ab:33:dc:00:b6:9e:d7:e3:62:
                    40:01:86:7f:7f:95:13:4f:11:1e:35:9f:49:d9:fd:
                    7e:28:22:81:02:86:6c:1b:e7:fc:4b:a7:6c:56:00:
                    c9:4e:ac:63:4f:02:60:bb:07:91:4c:9e:22:a6:df:
                    a7:ee:f5:90:8e:ee:f9:ba:50:37:25:1f:18:48:26:
                    d6:86:50:f2:32:f0:65:80:1d:89:47:9c:55:cc:52:
                    43:2d:05:3b:3a:da:3f:70:4d:3c:f0:f0:87:e6:0d:
                    bd:0a:3a:29:a0:e9:cf:8a:74:64:cf:2b:2c:57:a5:
                    e4:7c:e2:04:5c:1d:c4:a6:25:98:49:4d:ba:fd:42:
                    91:dc:0c:0f:0c:e9:94:0d:19:b8:4f:ca:20:f9:7a:
                    fe:ad:07:2d:e5:02:65:67:63:2b:60:8d:ee:95:b0:
                    a9:0e:03:10:af:8e:f2:07:8d:84:a3:9a:af:5e:ba:
                    be:39:ab:f5:4a:f8:40:6a:aa:6d:93:6f:45:c3:53:
                    d2:46:fb:e2:e8:0a:28:b9:08:f6:f6:d2:72:d0:5b:
                    cd:70:e6:3a:8d:cd:76:b1:48:56:53:51:5c:33:aa:
                    64:32:e4:d3:3f:72:b5:0e:40:f2:1b:b8:d2:89:f4:
                    c7:62:ea:70:85:41:88:16:dc:ab:08:f1:be:54:0c:
                    13:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5C:68:D1:E4:6B:70:FD:A9:82:A1:0C:DA:8E:72:24:26:83:24:5F
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/jVxo0eRrcP2pgqEM2o5yJCaDJF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.222.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:51:1a:43:52:65:9d:f9:a9:65:52:cd:2c:b4:16:9a:ec:d7:
         2a:2e:b5:6b:05:85:00:bc:44:96:5d:9c:95:bf:2e:75:d6:a6:
         16:9b:c8:67:54:15:39:9e:09:f1:73:4c:4f:a1:52:9a:33:9e:
         eb:98:23:1e:c6:28:b0:bd:0d:a8:06:3d:8a:06:71:b9:dc:6b:
         0f:f8:c2:64:a3:d2:82:00:70:ec:9f:19:7a:e4:e6:05:a6:e7:
         c3:19:60:dd:1a:71:b6:f6:2e:3b:82:c0:57:d3:60:d3:ca:64:
         85:4a:37:09:17:71:6a:e6:c3:01:4f:49:56:b9:97:d9:38:e3:
         a1:c8:1f:43:8d:a7:68:c7:9b:a6:50:d9:60:5a:f2:24:1e:2f:
         49:ab:c4:fe:41:22:f5:c2:05:50:1f:c0:59:ee:11:14:10:2e:
         7f:08:95:f0:21:e6:e1:97:1e:29:bd:db:16:41:b8:4d:58:56:
         5b:27:49:62:e6:2b:7a:a1:24:e6:0a:cc:e8:a5:41:ef:79:ca:
         7e:f6:73:e1:c5:eb:fb:c2:2e:0b:f6:2f:37:4b:64:d3:e9:1f:
         b3:8f:19:39:05:ba:08:2f:4a:08:11:54:40:36:94:62:28:a4:
         fe:80:5b:56:11:7f:9b:a4:9d:b2:d2:ef:e9:d2:cd:1b:c7:f4:
         49:e6:2b:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaisi9Xl+1bD9o+oKa+L1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVjNjhkMWU0NmI3MGZkYTk4MmExMGNkYThlNzIyNDI2ODMyNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrzA1MerM9wAtp7X42JAAYZ/f5UT
TxEeNZ9J2f1+KCKBAoZsG+f8S6dsVgDJTqxjTwJguweRTJ4ipt+n7vWQju75ulA3
JR8YSCbWhlDyMvBlgB2JR5xVzFJDLQU7Oto/cE088PCH5g29CjopoOnPinRkzyss
V6XkfOIEXB3EpiWYSU26/UKR3AwPDOmUDRm4T8og+Xr+rQct5QJlZ2MrYI3ulbCp
DgMQr47yB42Eo5qvXrq+Oav1SvhAaqptk29Fw1PSRvvi6AoouQj29tJy0FvNcOY6
jc12sUhWU1FcM6pkMuTTP3K1DkDyG7jSifTHYupwhUGIFtyrCPG+VAwTowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1caNHka3D9qYKhDNqOciQmgyRfMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvalZ4bzBlUnJjUDJwZ3FFTTJvNXlKQ2FESkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTd4gMA0G
CSqGSIb3DQEBCwUAA4IBAQBOURpDUmWd+allUs0stBaa7NcqLrVrBYUAvESWXZyV
vy511qYWm8hnVBU5ngnxc0xPoVKaM57rmCMexiiwvQ2oBj2KBnG53GsP+MJko9KC
AHDsnxl65OYFpufDGWDdGnG29i47gsBX02DTymSFSjcJF3Fq5sMBT0lWuZfZOOOh
yB9Djadox5umUNlgWvIkHi9Jq8T+QSL1wgVQH8BZ7hEUEC5/CJXwIebhlx4pvdsW
QbhNWFZbJ0li5it6oSTmCszopUHvecp+9nPhxev7wi4L9i83S2TT6R+zjxk5BboI
L0oIEVRANpRiKKT+gFtWEX+bpJ2y0u/p0s0bx/RJ5ito
-----END CERTIFICATE-----