Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/VkqCgv7KNS6e1PhzxHv9intvH9s.roa
File:                     VkqCgv7KNS6e1PhzxHv9intvH9s.roa (raw, json)
Hash identifier:          UPK71sxaCRmFF2DDfT2tfgKHGZFs8344I8c3t19Opag=
Subject key identifier:   56:4A:82:82:FE:CA:35:2E:9E:D4:F8:73:C4:7B:FD:8A:7B:6F:1F:DB
Certificate issuer:       /CN=2c9979ea38b9dbddca74b7bfa73768b57bffc12f
Certificate serial:       0196A320FD41E0426DCE697E9189541C6792
Authority key identifier: 2C:99:79:EA:38:B9:DB:DD:CA:74:B7:BF:A7:37:68:B5:7B:FF:C1:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/VkqCgv7KNS6e1PhzxHv9intvH9s.roa
Signing time:             Tue 06 May 2025 01:06:10 +0000
ROA not before:           Tue 06 May 2025 01:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213020
IP address blocks:        31.12.74.0/24 maxlen: 24
                          2a12:9ac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a3:20:fd:41:e0:42:6d:ce:69:7e:91:89:54:1c:67:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c9979ea38b9dbddca74b7bfa73768b57bffc12f
        Validity
            Not Before: May  6 01:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=564a8282feca352e9ed4f873c47bfd8a7b6f1fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:65:fa:3c:b4:e1:e9:ec:ac:3e:a0:e1:63:5c:
                    ec:63:10:a5:19:7f:49:5b:29:ea:e8:6c:14:94:91:
                    55:b9:b1:76:16:df:24:19:62:6c:5f:0b:a9:66:01:
                    16:1b:7a:dc:f0:9c:36:30:0c:da:f6:57:93:80:59:
                    87:a1:5d:f0:4b:b8:76:50:e0:8f:f3:52:51:ca:e5:
                    39:92:ae:41:26:ab:56:69:dc:ff:b5:8e:51:c4:b1:
                    92:5c:87:b6:b7:ad:e1:aa:33:3d:22:61:e8:e0:26:
                    27:f0:ed:19:a0:cd:75:f3:fe:19:fb:3a:9e:fd:fa:
                    56:dc:1a:37:a6:2a:15:3d:87:c9:68:2b:69:0b:52:
                    f3:48:dd:dc:84:15:77:bb:42:d1:e4:a3:5e:68:9a:
                    0a:0e:ab:c6:27:5d:53:3a:dc:56:17:28:49:e3:84:
                    10:14:fb:ad:8e:b0:d7:b2:0c:2a:f2:ae:88:ae:74:
                    28:64:bc:88:4e:a6:df:29:75:a5:40:d8:ee:0a:16:
                    41:2d:d0:b0:56:9e:5d:d0:d6:db:75:c3:13:27:a7:
                    48:da:1c:a5:7f:01:d6:d8:bf:1c:a4:54:be:fa:04:
                    3c:b9:2f:ab:49:f5:cd:35:6d:30:16:c4:21:55:86:
                    19:7e:1c:aa:10:2c:fa:17:fa:72:3f:a6:19:2c:40:
                    ff:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:4A:82:82:FE:CA:35:2E:9E:D4:F8:73:C4:7B:FD:8A:7B:6F:1F:DB
            X509v3 Authority Key Identifier:
                keyid:2C:99:79:EA:38:B9:DB:DD:CA:74:B7:BF:A7:37:68:B5:7B:FF:C1:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/VkqCgv7KNS6e1PhzxHv9intvH9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.74.0/24
                IPv6:
                  2a12:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:44:39:9d:2b:e6:09:e9:74:9d:64:24:e5:31:d2:3c:dd:4e:
         1a:e8:19:9e:45:07:f6:b6:ed:76:22:bf:a5:fe:30:1c:c1:3c:
         4e:89:87:a0:a0:3f:df:20:56:17:36:f0:75:72:ec:9b:f2:44:
         8d:b8:83:5d:8e:bc:51:65:66:4b:8b:37:ff:25:ea:3b:45:da:
         4b:d7:20:39:57:fa:ae:43:d7:70:fb:ba:b9:3b:3f:5b:93:0b:
         57:84:ab:ae:1f:38:49:df:cd:5b:ab:75:eb:86:d9:c5:94:e0:
         31:4c:e8:60:d4:2f:8b:af:27:a6:99:df:c7:38:44:14:5a:80:
         1a:65:27:0d:06:4b:97:58:ea:b1:33:bd:3c:9c:dc:b4:5b:e4:
         da:fe:ce:94:f6:7f:82:e0:fb:32:06:12:e9:bd:e3:8a:93:78:
         30:1e:51:06:7f:10:63:94:07:9a:11:bd:11:a1:46:17:a0:c0:
         6c:64:e9:d5:17:e4:46:d5:3a:53:ff:74:19:65:d1:91:28:89:
         28:45:cd:77:56:22:e3:24:0a:80:6e:9d:5d:d3:d5:4c:9f:2e:
         00:67:4f:c5:a6:23:34:07:63:e4:4b:37:f8:0a:34:77:94:21:
         05:73:73:3a:ca:2f:45:69:9f:2f:3e:1c:5d:2a:eb:e4:e7:a0:
         d7:f4:c1:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZajIP1B4EJtzml+kYlUHGeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTk3OWVhMzhiOWRiZGRjYTc0YjdiZmE3Mzc2OGI1N2Jm
ZmMxMmYwHhcNMjUwNTA2MDEwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjRhODI4MmZlY2EzNTJlOWVkNGY4NzNjNDdiZmQ4YTdiNmYxZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8mX6PLTh6eysPqDhY1zsYxClGX9J
Wynq6GwUlJFVubF2Ft8kGWJsXwupZgEWG3rc8Jw2MAza9leTgFmHoV3wS7h2UOCP
81JRyuU5kq5BJqtWadz/tY5RxLGSXIe2t63hqjM9ImHo4CYn8O0ZoM118/4Z+zqe
/fpW3Bo3pioVPYfJaCtpC1LzSN3chBV3u0LR5KNeaJoKDqvGJ11TOtxWFyhJ44QQ
FPutjrDXsgwq8q6IrnQoZLyITqbfKXWlQNjuChZBLdCwVp5d0NbbdcMTJ6dI2hyl
fwHW2L8cpFS++gQ8uS+rSfXNNW0wFsQhVYYZfhyqECz6F/pyP6YZLED/5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFZKgoL+yjUuntT4c8R7/Yp7bx/bMB8GA1UdIwQY
MBaAFCyZeeo4udvdynS3v6c3aLV7/8EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEpsNTZqaTUyOTNLZExlX3B6ZG90WHZfd1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82MTU1ZjAtNGRjYi00OGNlLWE0ZWQt
YWMzMzJmOGQ4YzQ4LzEvVmtxQ2d2N0tOUzZlMVBoenhIdjlpbnR2SDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82MTU1ZjAtNGRjYi00OGNlLWE0ZWQtYWMzMzJmOGQ4YzQ4
LzEvTEpsNTZqaTUyOTNLZExlX3B6ZG90WHZfd1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAHwxKMA0E
AgACMAcDBQMqEprAMA0GCSqGSIb3DQEBCwUAA4IBAQAnRDmdK+YJ6XSdZCTlMdI8
3U4a6BmeRQf2tu12Ir+l/jAcwTxOiYegoD/fIFYXNvB1cuyb8kSNuINdjrxRZWZL
izf/Jeo7RdpL1yA5V/quQ9dw+7q5Oz9bkwtXhKuuHzhJ381bq3XrhtnFlOAxTOhg
1C+Lryemmd/HOEQUWoAaZScNBkuXWOqxM708nNy0W+Ta/s6U9n+C4PsyBhLpveOK
k3gwHlEGfxBjlAeaEb0RoUYXoMBsZOnVF+RG1TpT/3QZZdGRKIkoRc13ViLjJAqA
bp1d09VMny4AZ0/FpiM0B2PkSzf4CjR3lCEFc3M6yi9FaZ8vPhxdKuvk56DX9MHj
-----END CERTIFICATE-----