Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/lVRxioxScoDE7zhaCYNE7hVti4o.roa
File:                     lVRxioxScoDE7zhaCYNE7hVti4o.roa (raw, json)
Hash identifier:          2SOb+vjF9aw2d+xYqFyVysIAXg1nOJ/HsxNH3uvPjjc=
Subject key identifier:   95:54:71:8A:8C:52:72:80:C4:EF:38:5A:09:83:44:EE:15:6D:8B:8A
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       0194236A2902F7A7EFA4EE4E24B07BE9558F
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/lVRxioxScoDE7zhaCYNE7hVti4o.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35569
IP address blocks:        80.93.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:02:f7:a7:ef:a4:ee:4e:24:b0:7b:e9:55:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9554718a8c527280c4ef385a098344ee156d8b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0e:47:87:63:26:a1:18:2f:f6:b1:b7:bf:3e:
                    a6:1c:d8:2b:49:bf:61:59:c6:3e:70:85:b4:f1:35:
                    03:17:ae:75:39:bf:a0:68:b5:d8:0c:0e:f0:a4:f0:
                    7c:16:50:5d:bd:c7:30:50:b3:74:11:b0:82:76:c6:
                    c8:e3:3b:61:5e:5c:7a:32:b6:33:13:6e:a5:e4:0e:
                    b2:7e:b9:ba:95:18:99:eb:8c:86:84:77:d7:b2:54:
                    7b:62:0d:c9:cf:17:e2:8f:65:28:b1:0f:b8:54:15:
                    b4:c6:be:53:29:05:5f:dc:6a:51:4c:de:ce:89:85:
                    0b:76:f5:40:25:98:fa:5f:b2:19:33:ee:fc:17:96:
                    df:c8:7f:a3:c3:40:9a:f6:28:59:26:5a:db:db:86:
                    06:8e:f5:9d:e2:26:5f:a4:7a:07:13:5c:61:6e:a5:
                    9f:ab:1c:ed:48:47:d4:2c:5a:8f:24:a4:4f:f8:b7:
                    a7:00:bc:e0:1c:c6:8b:d2:43:a7:42:53:e9:cd:c2:
                    03:00:59:52:c3:2a:c5:9c:f8:e6:1c:c1:61:ff:92:
                    d9:df:d2:95:78:2c:f0:32:7d:4b:8a:f5:10:d0:be:
                    5d:39:58:a6:51:04:32:e8:e5:61:c6:58:b3:09:98:
                    a9:e4:5f:19:c9:aa:f3:92:5e:a8:e2:25:5a:4c:36:
                    db:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:54:71:8A:8C:52:72:80:C4:EF:38:5A:09:83:44:EE:15:6D:8B:8A
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/lVRxioxScoDE7zhaCYNE7hVti4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:91:e1:96:53:f4:57:a6:5c:d7:e7:27:93:5d:2f:d9:ab:24:
         b9:ff:d7:28:73:90:3f:95:5f:2b:7a:54:28:fe:87:6b:46:cf:
         45:33:5b:3a:19:28:0d:f1:fb:5b:2f:cb:70:2c:3d:1d:9a:f6:
         07:4a:f0:38:5d:6b:bf:03:99:4b:88:f0:ee:83:0b:23:b5:b5:
         92:fe:87:5d:ff:23:65:b5:79:be:75:37:3f:dd:8a:ae:79:a8:
         10:8e:9e:e0:64:43:79:64:b4:82:f7:bd:f7:14:a4:85:82:a6:
         ab:25:13:06:64:8d:f6:ac:76:27:bc:09:db:88:83:c9:73:bb:
         cb:5a:8c:8a:dc:b5:47:22:35:1d:80:ca:74:91:00:3d:c3:17:
         b7:57:2b:81:ba:89:f9:1f:78:bc:54:8a:43:c1:8e:22:96:f8:
         cd:62:c5:c4:a0:52:01:eb:8e:2d:e7:0f:d7:6f:26:7e:8f:ce:
         ed:7c:15:92:f2:ac:41:52:a6:2c:7e:d0:80:a2:38:8c:b1:a6:
         44:97:61:75:b0:3b:df:25:7b:2e:72:ae:a7:54:b9:0d:18:5c:
         b9:fb:fd:3d:b1:4f:3e:75:dd:0e:74:76:48:be:81:d1:f8:3d:
         05:00:9a:55:87:8d:30:5f:f9:e8:89:d5:0b:58:6f:05:7d:32:
         a7:32:92:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaikC96fvpO5OJLB76VWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU0NzE4YThjNTI3MjgwYzRlZjM4NWEwOTgzNDRlZTE1NmQ4YjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ5Hh2MmoRgv9rG3vz6mHNgrSb9h
WcY+cIW08TUDF651Ob+gaLXYDA7wpPB8FlBdvccwULN0EbCCdsbI4zthXlx6MrYz
E26l5A6yfrm6lRiZ64yGhHfXslR7Yg3Jzxfij2UosQ+4VBW0xr5TKQVf3GpRTN7O
iYULdvVAJZj6X7IZM+78F5bfyH+jw0Ca9ihZJlrb24YGjvWd4iZfpHoHE1xhbqWf
qxztSEfULFqPJKRP+LenALzgHMaL0kOnQlPpzcIDAFlSwyrFnPjmHMFh/5LZ39KV
eCzwMn1LivUQ0L5dOVimUQQy6OVhxlizCZip5F8Zyarzkl6o4iVaTDbbBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVUcYqMUnKAxO84WgmDRO4VbYuKMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvbFZSeGlveFNjb0RFN3poYUNZTkU3aFZ0aTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUF04MA0G
CSqGSIb3DQEBCwUAA4IBAQBWkeGWU/RXplzX5yeTXS/ZqyS5/9coc5A/lV8relQo
/odrRs9FM1s6GSgN8ftbL8twLD0dmvYHSvA4XWu/A5lLiPDugwsjtbWS/odd/yNl
tXm+dTc/3YqueagQjp7gZEN5ZLSC9733FKSFgqarJRMGZI32rHYnvAnbiIPJc7vL
WoyK3LVHIjUdgMp0kQA9wxe3VyuBuon5H3i8VIpDwY4ilvjNYsXEoFIB644t5w/X
byZ+j87tfBWS8qxBUqYsftCAojiMsaZEl2F1sDvfJXsucq6nVLkNGFy5+/09sU8+
dd0OdHZIvoHR+D0FAJpVh40wX/noidULWG8FfTKnMpJR
-----END CERTIFICATE-----