Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VgwcNuoBbQF8vGnu87-98unWzYI.roa
File:                     VgwcNuoBbQF8vGnu87-98unWzYI.roa (raw, json)
Hash identifier:          xzpL3I9r8p4R1FCkPrlQ5XYcS0wswEmNqu/eM1IOMwU=
Subject key identifier:   56:0C:1C:36:EA:01:6D:01:7C:BC:69:EE:F3:BF:BD:F2:E9:D6:CD:82
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0194258F2CC39445993D066258C1315258D9
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VgwcNuoBbQF8vGnu87-98unWzYI.roa
Signing time:             Thu 02 Jan 2025 05:48:47 +0000
ROA not before:           Thu 02 Jan 2025 05:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216394
IP address blocks:        77.83.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:2c:c3:94:45:99:3d:06:62:58:c1:31:52:58:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  2 05:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=560c1c36ea016d017cbc69eef3bfbdf2e9d6cd82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9b:9f:9f:12:a9:a1:48:fd:f7:96:b3:4f:c9:
                    bf:07:9e:81:ee:d4:49:65:25:b8:ad:38:f0:0f:26:
                    2a:4b:0c:9a:f8:82:b5:f2:92:8d:bd:1e:7b:f7:95:
                    a0:f4:4b:88:f7:29:ef:ee:30:53:19:8a:de:f5:9a:
                    1e:d6:63:a5:a9:1e:e3:3f:98:46:21:a4:76:46:db:
                    78:f5:c0:2d:ac:b1:39:f3:55:10:27:71:d7:78:69:
                    ee:c2:0c:e8:5b:65:89:c6:a5:ed:97:fb:02:3b:54:
                    8b:b4:04:40:6a:9d:7e:d3:a4:ce:89:90:83:0c:4d:
                    0d:27:ff:87:34:10:e3:b3:12:20:1b:c3:08:27:e0:
                    05:e5:13:52:50:28:52:40:27:67:16:8e:fa:91:60:
                    a7:81:c3:a5:6e:f1:69:76:c0:e2:13:83:ea:5d:a7:
                    7f:82:d4:9c:0b:67:8b:ea:fa:5f:d0:ad:08:1e:4c:
                    96:dc:de:57:c7:9c:94:ab:19:f4:f3:7d:58:fb:77:
                    39:3f:95:ec:77:ad:10:be:51:73:ee:21:12:84:81:
                    29:32:62:6f:89:92:0e:5f:fb:07:cf:70:17:80:d8:
                    6c:eb:70:7a:c7:ca:c7:f7:11:5c:3b:46:58:da:b4:
                    ea:e3:7f:5e:bc:ad:ca:1c:42:06:f0:60:66:1f:49:
                    93:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:0C:1C:36:EA:01:6D:01:7C:BC:69:EE:F3:BF:BD:F2:E9:D6:CD:82
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VgwcNuoBbQF8vGnu87-98unWzYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ba:6b:b6:27:2a:9f:27:a4:86:bb:9c:6d:e1:3d:28:c8:64:
         93:45:45:9c:fc:13:13:60:a2:a1:9e:ea:00:32:a3:1f:0c:0b:
         b7:2b:3a:35:a0:18:73:65:59:b2:a6:47:41:b6:f7:ae:5a:62:
         30:4e:98:b7:ff:6b:48:c9:2f:df:c2:0d:3a:f5:ec:b0:e7:4c:
         cc:0e:44:ec:8c:28:82:0d:f6:f1:f1:0a:b1:39:a0:50:e4:74:
         9e:83:8e:01:d7:99:37:48:f7:e7:f6:fc:00:62:db:e5:0e:8b:
         62:03:e4:c0:48:cf:d6:9e:3e:a8:a9:db:ca:d2:19:32:5c:5c:
         6f:49:26:76:ae:2a:46:04:d7:d5:d9:88:f8:13:5c:06:26:43:
         4d:50:32:83:cd:61:7b:8a:59:5c:d1:d4:8e:f1:0d:92:96:e7:
         66:aa:9e:4b:37:06:d6:0d:f9:aa:0b:8d:be:35:2d:31:02:bf:
         53:9c:eb:43:5e:35:29:88:fa:70:ae:2e:0e:2f:ac:4b:7c:fb:
         39:01:19:ed:0c:8f:04:e1:2e:c3:66:b8:55:0c:0d:05:6b:1b:
         9a:e5:bc:02:2f:14:45:01:73:95:bb:d5:af:39:da:60:58:eb:
         4f:4d:4a:62:82:b5:b7:85:92:62:1a:9c:51:9c:43:1b:45:8f:
         a9:29:03:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljyzDlEWZPQZiWMExUljZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwMTAyMDU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjBjMWMzNmVhMDE2ZDAxN2NiYzY5ZWVmM2JmYmRmMmU5ZDZjZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpufnxKpoUj995azT8m/B56B7tRJ
ZSW4rTjwDyYqSwya+IK18pKNvR5795Wg9EuI9ynv7jBTGYre9Zoe1mOlqR7jP5hG
IaR2Rtt49cAtrLE581UQJ3HXeGnuwgzoW2WJxqXtl/sCO1SLtARAap1+06TOiZCD
DE0NJ/+HNBDjsxIgG8MIJ+AF5RNSUChSQCdnFo76kWCngcOlbvFpdsDiE4PqXad/
gtScC2eL6vpf0K0IHkyW3N5Xx5yUqxn0831Y+3c5P5Xsd60QvlFz7iEShIEpMmJv
iZIOX/sHz3AXgNhs63B6x8rH9xFcO0ZY2rTq439evK3KHEIG8GBmH0mT0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYMHDbqAW0BfLxp7vO/vfLp1s2CMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvVmd3Y051b0JiUUY4dkdudTg3LTk4dW5XellJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVPLMA0G
CSqGSIb3DQEBCwUAA4IBAQAdumu2JyqfJ6SGu5xt4T0oyGSTRUWc/BMTYKKhnuoA
MqMfDAu3Kzo1oBhzZVmypkdBtveuWmIwTpi3/2tIyS/fwg069eyw50zMDkTsjCiC
Dfbx8QqxOaBQ5HSeg44B15k3SPfn9vwAYtvlDotiA+TASM/Wnj6oqdvK0hkyXFxv
SSZ2ripGBNfV2Yj4E1wGJkNNUDKDzWF7illc0dSO8Q2Sludmqp5LNwbWDfmqC42+
NS0xAr9TnOtDXjUpiPpwri4OL6xLfPs5ARntDI8E4S7DZrhVDA0Faxua5bwCLxRF
AXOVu9WvOdpgWOtPTUpigrW3hZJiGpxRnEMbRY+pKQPN
-----END CERTIFICATE-----