Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/vLPS5wn73NmdlDG7OeWmrapI3Io.roa
File:                     vLPS5wn73NmdlDG7OeWmrapI3Io.roa (raw, json)
Hash identifier:          a/xIl3BtO0WxSnp5KM+J+26z6Cj5A9lquuQzUriOYVA=
Subject key identifier:   BC:B3:D2:E7:09:FB:DC:D9:9D:94:31:BB:39:E5:A6:AD:AA:48:DC:8A
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018CC726A36C4367F541C8EA002823D3C68E
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/vLPS5wn73NmdlDG7OeWmrapI3Io.roa
Signing time:             Mon 01 Jan 2024 22:30:47 +0000
ROA not before:           Mon 01 Jan 2024 22:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41095
IP address blocks:        217.25.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:a3:6c:43:67:f5:41:c8:ea:00:28:23:d3:c6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  1 22:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcb3d2e709fbdcd99d9431bb39e5a6adaa48dc8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:69:be:5c:09:9e:8b:e3:e0:f0:08:8b:a1:56:
                    22:4f:1e:76:c5:da:d0:06:bd:22:73:10:4f:50:e7:
                    9b:68:ad:fb:f7:64:93:4d:1c:7a:50:bb:f0:4e:4e:
                    44:40:0d:61:84:79:98:cc:7d:d4:f3:4d:e5:9c:32:
                    5e:fb:e0:00:5a:1f:bf:37:45:33:f9:b6:93:91:e4:
                    e5:cf:4a:1f:19:bf:25:7c:c2:84:84:27:95:58:81:
                    d0:51:e1:32:76:e6:ac:b4:95:92:98:f1:6f:a2:b2:
                    c9:3c:83:72:a8:af:37:7a:69:45:4f:85:16:5e:cc:
                    04:8c:d0:25:50:f8:a2:fc:cb:8b:8b:41:d0:6b:33:
                    79:7b:6c:5e:3e:77:80:50:cb:29:e8:4b:ac:17:d8:
                    30:2b:bb:e5:8d:b3:4d:80:db:1f:a7:dc:58:33:df:
                    58:c0:4e:e5:e2:1e:87:dd:f0:08:fa:29:ba:17:42:
                    59:53:17:4a:e9:f3:b4:fc:5a:49:d6:60:08:20:7e:
                    cb:2a:ba:56:e6:a1:3a:fd:29:db:6b:42:f0:68:df:
                    5c:53:85:d2:f4:3a:97:06:a4:91:b8:84:c2:d1:54:
                    43:cd:ba:14:cc:69:28:ff:99:28:bd:77:35:c3:4c:
                    2e:37:3c:f5:8f:cf:da:f0:25:44:3f:2d:7f:d0:36:
                    51:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B3:D2:E7:09:FB:DC:D9:9D:94:31:BB:39:E5:A6:AD:AA:48:DC:8A
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/vLPS5wn73NmdlDG7OeWmrapI3Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:33:7a:70:7f:6a:66:29:17:9e:01:00:68:cd:47:2b:c7:06:
         32:77:c6:36:9f:6b:14:e1:93:9f:cb:85:6c:48:c4:df:21:09:
         8a:67:34:6f:75:f2:7e:12:e6:3f:8e:b8:34:39:07:0c:31:9b:
         4a:6f:49:ac:e2:a6:c7:5d:68:aa:64:70:69:cb:9d:c1:3b:34:
         d5:8d:ff:76:ed:29:7f:d4:f2:89:f8:67:0a:bc:fe:c8:4e:b7:
         4e:6a:54:05:1a:5e:a6:bf:df:42:1a:29:6c:9c:43:f1:70:77:
         67:d5:f1:96:47:25:20:e2:63:99:6d:8e:ef:38:a4:7a:e9:ac:
         30:a5:18:bb:fb:5b:4e:97:5b:0a:23:8d:fb:7d:d2:8a:e4:15:
         f5:30:01:78:00:33:da:34:39:58:18:d8:fc:eb:2b:47:71:84:
         75:b7:2b:92:33:06:c6:5b:4a:d4:a1:88:01:e4:79:97:8d:39:
         21:b5:83:92:ef:86:7e:3f:f1:1e:27:76:29:aa:f6:84:8b:5b:
         c9:d9:8a:55:84:d8:2d:bd:14:c2:c8:e4:7e:da:ef:e0:e6:b2:
         e2:d3:89:33:80:f5:d3:ee:73:9d:c3:ee:7d:01:bd:c1:e6:0c:
         43:16:8e:ff:27:51:56:a4:da:66:8e:f2:46:b9:1f:a6:c8:61:
         d7:f6:93:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJqNsQ2f1QcjqACgj08aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMTAxMjIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2IzZDJlNzA5ZmJkY2Q5OWQ5NDMxYmIzOWU1YTZhZGFhNDhkYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWm+XAmei+Pg8AiLoVYiTx52xdrQ
Br0icxBPUOebaK3792STTRx6ULvwTk5EQA1hhHmYzH3U803lnDJe++AAWh+/N0Uz
+baTkeTlz0ofGb8lfMKEhCeVWIHQUeEyduastJWSmPFvorLJPINyqK83emlFT4UW
XswEjNAlUPii/MuLi0HQazN5e2xePneAUMsp6EusF9gwK7vljbNNgNsfp9xYM99Y
wE7l4h6H3fAI+im6F0JZUxdK6fO0/FpJ1mAIIH7LKrpW5qE6/Snba0LwaN9cU4XS
9DqXBqSRuITC0VRDzboUzGko/5kovXc1w0wuNzz1j8/a8CVEPy1/0DZR5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyz0ucJ+9zZnZQxuznlpq2qSNyKMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvdkxQUzV3bjczTm1kbERHN09lV21yYXBJM0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkEMA0G
CSqGSIb3DQEBCwUAA4IBAQBpM3pwf2pmKReeAQBozUcrxwYyd8Y2n2sU4ZOfy4Vs
SMTfIQmKZzRvdfJ+EuY/jrg0OQcMMZtKb0ms4qbHXWiqZHBpy53BOzTVjf927Sl/
1PKJ+GcKvP7ITrdOalQFGl6mv99CGilsnEPxcHdn1fGWRyUg4mOZbY7vOKR66aww
pRi7+1tOl1sKI437fdKK5BX1MAF4ADPaNDlYGNj86ytHcYR1tyuSMwbGW0rUoYgB
5HmXjTkhtYOS74Z+P/EeJ3YpqvaEi1vJ2YpVhNgtvRTCyOR+2u/g5rLi04kzgPXT
7nOdw+59Ab3B5gxDFo7/J1FWpNpmjvJGuR+myGHX9pM+
-----END CERTIFICATE-----