Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/vffye4B_maKGCuAE9ICWvmcHW6I.roa
File:                     vffye4B_maKGCuAE9ICWvmcHW6I.roa (raw, json)
Hash identifier:          VaColu6D/X0DZ0KpxU1etnd04XXSodxmzmHPWI2Hjvo=
Subject key identifier:   BD:F7:F2:7B:80:7F:99:A2:86:0A:E0:04:F4:80:96:BE:67:07:5B:A2
Certificate issuer:       /CN=53153003737d78f722db9a28e22043e35d8d871e
Certificate serial:       0194258F73051E7FD9D7DFB6CD3D26031AD3
Authority key identifier: 53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/vffye4B_maKGCuAE9ICWvmcHW6I.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        134.21.0.0/16 maxlen: 16
                          192.47.244.0/22 maxlen: 22
                          192.47.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:73:05:1e:7f:d9:d7:df:b6:cd:3d:26:03:1a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53153003737d78f722db9a28e22043e35d8d871e
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdf7f27b807f99a2860ae004f48096be67075ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fd:cf:bc:20:a3:2b:24:f1:b5:18:62:67:78:
                    1e:ea:75:e4:88:e0:73:31:19:d9:4e:7e:e0:bf:30:
                    f8:64:30:dd:2f:9e:9e:32:9b:3e:f2:60:86:a1:f9:
                    fa:53:23:db:bd:eb:cc:fc:da:27:86:e8:0f:74:e0:
                    81:13:e2:1d:a7:d9:71:8a:46:50:d3:bb:94:a6:29:
                    25:56:d1:54:c1:49:1f:d3:e8:9c:7d:12:82:ab:8f:
                    21:c8:ea:a9:37:3d:d5:de:6e:1c:2b:25:b5:09:0a:
                    91:73:53:94:90:d2:c3:41:12:0c:35:8d:93:f2:ee:
                    32:df:78:39:30:41:58:7d:33:55:99:0e:0e:6e:c1:
                    59:3f:97:9f:3a:a9:9b:d1:6f:f3:72:b4:e2:ab:0d:
                    00:5a:41:c0:1c:52:fe:2f:0d:98:01:e8:da:36:60:
                    3a:f8:6a:e4:b4:8c:b8:44:20:1a:e1:22:7d:d8:9b:
                    18:52:84:10:a7:91:78:2c:50:f4:19:22:bb:77:d2:
                    16:a1:c4:04:48:f2:db:3f:78:f4:b1:e0:54:db:32:
                    a0:fc:bf:81:de:86:ba:05:35:d0:1c:14:4c:eb:ef:
                    78:e7:9c:ff:59:77:f6:25:9e:03:25:e7:3c:af:25:
                    2b:ca:d0:a6:77:23:4b:cb:39:5c:0b:97:bd:fa:e9:
                    37:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F7:F2:7B:80:7F:99:A2:86:0A:E0:04:F4:80:96:BE:67:07:5B:A2
            X509v3 Authority Key Identifier:
                keyid:53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/vffye4B_maKGCuAE9ICWvmcHW6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.21.0.0/16
                  192.47.244.0-192.47.249.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:16:ec:4c:26:b8:83:8d:20:33:c6:91:57:03:de:fe:d9:67:
         1d:10:90:49:99:fa:ba:0d:46:bb:72:ff:68:8b:2b:32:1d:dd:
         ca:a1:81:2f:41:48:60:0c:c0:c8:cb:99:da:a2:43:d8:2f:88:
         5c:40:51:9f:06:db:b3:80:8a:81:79:dc:1c:87:27:2e:da:bb:
         7a:a9:1f:c9:06:52:fd:ce:17:b2:4f:31:b7:c1:ed:0a:41:bc:
         96:4a:4f:39:d7:2a:b5:e0:09:90:a4:b7:1f:ac:83:79:d9:b3:
         d8:57:22:b8:e6:59:91:2a:6d:f3:47:33:6e:8e:63:21:73:5b:
         9b:be:98:29:a8:85:ab:9c:f4:50:af:21:33:22:37:e9:dc:23:
         92:ac:c4:c8:43:f6:86:e7:7b:e7:08:2f:53:3a:8a:c1:a7:dd:
         bb:a2:74:b8:3d:b2:c0:56:54:e4:24:9f:4f:2f:fa:ac:82:c9:
         46:02:44:87:99:56:4b:bc:f0:b6:8d:b1:ea:ec:ff:0c:f2:8d:
         15:1d:7d:96:5c:5f:97:67:2d:03:0f:9b:23:2b:58:fb:fe:a4:
         ba:41:4d:c5:13:e9:2c:44:72:23:e2:02:77:13:52:9c:11:c4:
         11:37:8a:5c:3c:39:08:07:94:09:ac:e4:e3:0d:67:3b:c2:f6:
         b9:35:7b:d4
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQlj3MFHn/Z19+2zT0mAxrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTUzMDAzNzM3ZDc4ZjcyMmRiOWEyOGUyMjA0M2UzNWQ4
ZDg3MWUwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY3ZjI3YjgwN2Y5OWEyODYwYWUwMDRmNDgwOTZiZTY3MDc1YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/3PvCCjKyTxtRhiZ3ge6nXkiOBz
MRnZTn7gvzD4ZDDdL56eMps+8mCGofn6UyPbvevM/NonhugPdOCBE+Idp9lxikZQ
07uUpiklVtFUwUkf0+icfRKCq48hyOqpNz3V3m4cKyW1CQqRc1OUkNLDQRIMNY2T
8u4y33g5MEFYfTNVmQ4ObsFZP5efOqmb0W/zcrTiqw0AWkHAHFL+Lw2YAejaNmA6
+GrktIy4RCAa4SJ92JsYUoQQp5F4LFD0GSK7d9IWocQESPLbP3j0seBU2zKg/L+B
3oa6BTXQHBRM6+9455z/WXf2JZ4DJec8ryUrytCmdyNLyzlcC5e9+uk3GQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFL338nuAf5mihgrgBPSAlr5nB1uiMB8GA1UdIwQY
MBaAFFMVMANzfXj3ItuaKOIgQ+NdjYceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhVd0EzTjllUGNpMjVvbzRpQkQ0MTJOaHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS84ZjcxNDgtMjM2ZC00MDg4LTg5ZTYt
NjY1OTk1YzYyODM4LzEvdmZmeWU0Ql9tYUtHQ3VBRTlJQ1d2bWNIVzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS84ZjcxNDgtMjM2ZC00MDg4LTg5ZTYtNjY1OTk1YzYyODM4
LzEvVXhVd0EzTjllUGNpMjVvbzRpQkQ0MTJOaHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwMAhhUwDAME
AsAv9AMEAcAv+DANBgkqhkiG9w0BAQsFAAOCAQEAfxbsTCa4g40gM8aRVwPe/tln
HRCQSZn6ug1Gu3L/aIsrMh3dyqGBL0FIYAzAyMuZ2qJD2C+IXEBRnwbbs4CKgXnc
HIcnLtq7eqkfyQZS/c4Xsk8xt8HtCkG8lkpPOdcqteAJkKS3H6yDedmz2FciuOZZ
kSpt80czbo5jIXNbm76YKaiFq5z0UK8hMyI36dwjkqzEyEP2hud75wgvUzqKwafd
u6J0uD2ywFZU5CSfTy/6rILJRgJEh5lWS7zwto2x6uz/DPKNFR19llxfl2ctAw+b
IytY+/6kukFNxRPpLERyI+ICdxNSnBHEETeKXDw5CAeUCazk4w1nO8L2uTV71A==
-----END CERTIFICATE-----