Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/VZZ9WawBePhv4LDIZfO_F9oGyz0.roa
File:                     VZZ9WawBePhv4LDIZfO_F9oGyz0.roa (raw, json)
Hash identifier:          tpSdt2I+RDE+fPAieXAjll9NyOZ/5yWRInrrSwy0o3Y=
Subject key identifier:   55:96:7D:59:AC:01:78:F8:6F:E0:B0:C8:65:F3:BF:17:DA:06:CB:3D
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019425215259E852FCDFA16D2ADBD3606FA7
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/VZZ9WawBePhv4LDIZfO_F9oGyz0.roa
Signing time:             Thu 02 Jan 2025 03:48:48 +0000
ROA not before:           Thu 02 Jan 2025 03:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206814
IP address blocks:        77.111.124.0/24 maxlen: 24
                          77.111.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:52:59:e8:52:fc:df:a1:6d:2a:db:d3:60:6f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  2 03:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55967d59ac0178f86fe0b0c865f3bf17da06cb3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:02:ce:50:2f:8b:85:7b:08:52:6c:fb:50:87:
                    3c:2f:cd:34:39:65:2e:fe:92:d2:f4:0d:34:75:08:
                    9e:ea:91:c0:8c:50:f3:62:36:40:fc:f8:6b:7a:81:
                    b4:0a:e8:a0:7f:d9:0c:3e:36:02:1b:e3:79:1d:f0:
                    e1:ad:63:ec:ba:89:7f:6f:ca:b0:db:7c:85:9a:80:
                    66:49:0f:8e:ad:9b:5e:48:4e:31:64:ea:27:12:e8:
                    86:f4:3d:ca:93:f5:bc:f0:f5:a2:06:b3:21:91:f4:
                    4e:a3:c9:bd:31:e8:52:35:b2:7e:3d:ba:05:66:9c:
                    6d:4b:89:de:e7:81:1d:9d:34:76:4e:9e:cc:63:80:
                    48:b7:96:7e:1c:e9:32:9a:d1:8b:fd:c9:fc:7f:a7:
                    bc:21:73:ba:f6:9a:57:da:fc:6c:e3:8f:74:11:7c:
                    c5:94:04:f4:0e:f1:2c:59:e5:d6:b2:fc:3a:9c:03:
                    5e:37:3f:15:47:bd:25:53:77:24:6a:79:4e:32:b8:
                    8e:20:0e:74:59:4c:8d:de:18:c2:d2:b1:2d:24:37:
                    3f:b2:a6:62:b2:9e:f1:1f:30:b5:98:1b:d9:f3:45:
                    40:de:cd:c4:8f:6e:65:c9:92:2c:aa:cc:02:62:dc:
                    67:e5:5e:c2:fb:08:9e:89:23:09:d2:53:12:f0:9c:
                    86:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:96:7D:59:AC:01:78:F8:6F:E0:B0:C8:65:F3:BF:17:DA:06:CB:3D
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/VZZ9WawBePhv4LDIZfO_F9oGyz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:40:0b:69:9b:7c:67:e3:0b:53:81:59:f0:fc:79:bf:a0:5e:
         7a:20:86:aa:1d:ed:08:a6:1a:46:d2:08:12:0e:6b:e6:63:1e:
         e8:29:51:90:a6:32:83:86:0e:0c:d4:03:17:7e:d4:82:2a:85:
         e7:1c:f9:f0:0c:04:48:47:9c:fa:37:be:a3:51:b6:fa:af:dd:
         4c:a5:ac:a4:d0:d5:f5:1e:f5:7b:ca:0c:15:5c:2d:83:25:77:
         d2:7b:d2:9e:b9:66:21:03:e6:6b:e8:e8:01:ff:99:90:d1:e6:
         ed:eb:47:4f:f4:9f:3d:b8:78:18:ec:31:b4:cb:96:0b:68:66:
         26:71:3e:3f:70:bb:74:94:07:06:94:6a:e1:53:eb:f4:d7:63:
         fd:79:ab:67:72:c7:b6:79:c4:d0:43:36:f0:fc:b9:13:67:92:
         91:59:b3:c9:a0:41:77:0e:6a:59:3c:b5:dc:2c:f0:f0:08:00:
         f0:f8:15:66:90:c8:f8:6e:e0:1a:a8:7f:39:36:bc:bb:23:1c:
         5f:ff:fc:d0:2c:48:60:a4:2b:c5:85:f7:9d:1f:40:4a:d4:03:
         e9:97:b2:87:1c:61:d6:2c:eb:60:01:19:85:55:e5:35:2c:34:
         26:2b:db:75:32:c1:fb:60:e0:4a:6d:50:3a:c0:9f:6f:f4:c4:
         3b:dd:78:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVJZ6FL836FtKtvTYG+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwMTAyMDM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTk2N2Q1OWFjMDE3OGY4NmZlMGIwYzg2NWYzYmYxN2RhMDZjYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gLOUC+LhXsIUmz7UIc8L800OWUu
/pLS9A00dQie6pHAjFDzYjZA/PhreoG0Cuigf9kMPjYCG+N5HfDhrWPsuol/b8qw
23yFmoBmSQ+OrZteSE4xZOonEuiG9D3Kk/W88PWiBrMhkfROo8m9MehSNbJ+PboF
ZpxtS4ne54EdnTR2Tp7MY4BIt5Z+HOkymtGL/cn8f6e8IXO69ppX2vxs4490EXzF
lAT0DvEsWeXWsvw6nANeNz8VR70lU3ckanlOMriOIA50WUyN3hjC0rEtJDc/sqZi
sp7xHzC1mBvZ80VA3s3Ej25lyZIsqswCYtxn5V7C+wieiSMJ0lMS8JyGSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWWfVmsAXj4b+CwyGXzvxfaBss9MB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvVlpaOVdhd0JlUGh2NExESVpmT19GOW9HeXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTW98MA0G
CSqGSIb3DQEBCwUAA4IBAQB4QAtpm3xn4wtTgVnw/Hm/oF56IIaqHe0IphpG0ggS
DmvmYx7oKVGQpjKDhg4M1AMXftSCKoXnHPnwDARIR5z6N76jUbb6r91Mpayk0NX1
HvV7ygwVXC2DJXfSe9KeuWYhA+Zr6OgB/5mQ0ebt60dP9J89uHgY7DG0y5YLaGYm
cT4/cLt0lAcGlGrhU+v012P9eatncse2ecTQQzbw/LkTZ5KRWbPJoEF3DmpZPLXc
LPDwCADw+BVmkMj4buAaqH85Nry7Ixxf//zQLEhgpCvFhfedH0BK1APpl7KHHGHW
LOtgARmFVeU1LDQmK9t1MsH7YOBKbVA6wJ9v9MQ73XjL
-----END CERTIFICATE-----