Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/vsFMEu8HS7LJh_IaQ_W3ChIz1iU.roa
File:                     vsFMEu8HS7LJh_IaQ_W3ChIz1iU.roa (raw, json)
Hash identifier:          zvI+1QpRjWuIExjKMTnNsiDmzbwtShfXAATLbqaVci8=
Subject key identifier:   BE:C1:4C:12:EF:07:4B:B2:C9:87:F2:1A:43:F5:B7:0A:12:33:D6:25
Certificate issuer:       /CN=25a89539520004270d34253bdc16d87784156e1a
Certificate serial:       01941FFA226BE23F9F67340F0D3983946F4E
Authority key identifier: 25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/vsFMEu8HS7LJh_IaQ_W3ChIz1iU.roa
Signing time:             Wed 01 Jan 2025 03:47:53 +0000
ROA not before:           Wed 01 Jan 2025 03:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39227
IP address blocks:        2a00:1f78:fffe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:22:6b:e2:3f:9f:67:34:0f:0d:39:83:94:6f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a89539520004270d34253bdc16d87784156e1a
        Validity
            Not Before: Jan  1 03:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bec14c12ef074bb2c987f21a43f5b70a1233d625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c5:b0:95:89:e8:de:d5:66:00:12:3c:a4:40:
                    8e:bc:05:7d:d9:db:b8:29:f0:8d:08:1d:64:fc:d7:
                    07:2a:7e:aa:83:58:68:2a:c6:e0:fd:7a:0b:8c:b7:
                    6a:49:93:87:3a:ec:e8:da:97:fb:56:49:7f:44:81:
                    02:62:53:fe:a4:1f:ea:72:f9:82:a3:9f:3f:a6:8e:
                    2a:fc:12:67:ec:b3:c6:aa:4f:90:ac:be:60:32:a0:
                    58:92:e1:c9:8c:ac:c3:2e:68:2f:e1:9e:ad:93:b3:
                    b8:a5:f3:71:ef:b6:ca:a2:58:f7:91:12:63:84:c3:
                    fe:65:64:56:6d:79:f7:da:cf:dd:c5:d1:5e:7a:0d:
                    65:55:7c:fa:8f:23:2d:6a:b8:f5:4d:21:bf:e8:92:
                    41:66:78:cd:80:16:54:c7:07:94:57:d2:94:28:7d:
                    a6:08:b2:45:09:9b:d3:7b:7e:ac:b9:08:e9:8d:13:
                    56:cc:68:ab:9a:90:e2:c5:e9:97:e0:89:9a:8d:1b:
                    3b:18:c6:4e:99:c5:b1:4d:2d:86:1e:80:6a:d3:48:
                    a9:3b:df:ae:fc:55:56:b3:5b:54:f0:2e:5a:88:dc:
                    83:49:13:6c:cd:ae:00:3a:63:48:20:e2:53:3c:0c:
                    ab:81:61:09:6b:a9:14:e1:1a:5a:0c:d6:f0:11:e0:
                    ab:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C1:4C:12:EF:07:4B:B2:C9:87:F2:1A:43:F5:B7:0A:12:33:D6:25
            X509v3 Authority Key Identifier:
                keyid:25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/vsFMEu8HS7LJh_IaQ_W3ChIz1iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1f78:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:b6:6e:87:09:be:9b:7f:9c:ba:5f:c4:cb:9a:76:64:e3:69:
         38:53:ad:b6:c4:e7:62:b1:c4:3f:8a:39:f9:5c:e3:9a:d8:79:
         c2:07:7e:38:9e:5d:73:6c:03:8d:ce:69:2b:7c:38:da:76:0f:
         13:e2:9a:ca:c2:80:61:a8:a9:f1:dc:2a:63:c9:97:67:3e:4b:
         bc:c5:8e:6d:92:96:c9:fc:d6:5f:bd:4b:77:7f:f9:28:67:f8:
         95:84:d4:10:93:ad:da:cd:6a:41:9e:df:74:0b:75:ab:49:f7:
         56:c0:78:bc:37:19:42:96:15:41:6d:c7:30:03:42:f9:26:8b:
         4f:37:be:b5:65:38:f4:1f:91:44:55:5b:3a:6d:b3:de:f1:0c:
         a0:4e:3a:a8:b8:3f:59:9e:cb:09:bd:74:e4:79:f7:15:2a:5b:
         61:86:1f:60:73:7e:16:ab:e3:45:5c:6e:94:13:01:d6:21:10:
         e0:bc:80:4e:f8:8d:93:c9:3c:b5:79:b1:1f:f4:84:11:db:ff:
         ce:49:07:a5:62:ec:cb:2e:a6:33:8c:80:2a:96:34:cb:cc:84:
         ef:c7:2a:fe:01:91:7b:a7:e9:52:0b:66:80:f3:ef:75:f0:d2:
         ae:34:10:64:96:1e:f9:be:01:35:64:6f:91:b5:a3:24:b2:cf:
         f7:9d:95:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+iJr4j+fZzQPDTmDlG9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg5NTM5NTIwMDA0MjcwZDM0MjUzYmRjMTZkODc3ODQx
NTZlMWEwHhcNMjUwMTAxMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWMxNGMxMmVmMDc0YmIyYzk4N2YyMWE0M2Y1YjcwYTEyMzNkNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMWwlYno3tVmABI8pECOvAV92du4
KfCNCB1k/NcHKn6qg1hoKsbg/XoLjLdqSZOHOuzo2pf7Vkl/RIECYlP+pB/qcvmC
o58/po4q/BJn7LPGqk+QrL5gMqBYkuHJjKzDLmgv4Z6tk7O4pfNx77bKolj3kRJj
hMP+ZWRWbXn32s/dxdFeeg1lVXz6jyMtarj1TSG/6JJBZnjNgBZUxweUV9KUKH2m
CLJFCZvTe36suQjpjRNWzGirmpDixemX4ImajRs7GMZOmcWxTS2GHoBq00ipO9+u
/FVWs1tU8C5aiNyDSRNsza4AOmNIIOJTPAyrgWEJa6kU4RpaDNbwEeCrMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL7BTBLvB0uyyYfyGkP1twoSM9YlMB8GA1UdIwQY
MBaAFCWolTlSAAQnDTQlO9wW2HeEFW4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgt
ZDAwNTI2YjkxNjA1LzEvdnNGTUV1OEhTN0xKaF9JYVFfVzNDaEl6MWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgtZDAwNTI2YjkxNjA1
LzEvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAfeP/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBrtm6HCb6bf5y6X8TLmnZk42k4U622xOdiscQ/
ijn5XOOa2HnCB344nl1zbAONzmkrfDjadg8T4prKwoBhqKnx3CpjyZdnPku8xY5t
kpbJ/NZfvUt3f/koZ/iVhNQQk63azWpBnt90C3WrSfdWwHi8NxlClhVBbccwA0L5
JotPN761ZTj0H5FEVVs6bbPe8QygTjqouD9ZnssJvXTkefcVKlthhh9gc34Wq+NF
XG6UEwHWIRDgvIBO+I2TyTy1ebEf9IQR2//OSQelYuzLLqYzjIAqljTLzITvxyr+
AZF7p+lSC2aA8+918NKuNBBklh75vgE1ZG+RtaMkss/3nZVg
-----END CERTIFICATE-----