Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VGOEXyidhK_C6WnhhwpTWooMycA.roa
File:                     VGOEXyidhK_C6WnhhwpTWooMycA.roa (raw, json)
Hash identifier:          Sg8i0B05NjZ5HP0ykBupQLzHWk1fkFK5j4ak4EDz4GY=
Subject key identifier:   54:63:84:5F:28:9D:84:AF:C2:E9:69:E1:87:0A:53:5A:8A:0C:C9:C0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196B6D1E3D586D7CBD066C5FC38F8BB4D9F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VGOEXyidhK_C6WnhhwpTWooMycA.roa
Signing time:             Fri 09 May 2025 20:52:10 +0000
ROA not before:           Fri 09 May 2025 20:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204044
IP address blocks:        213.210.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:d1:e3:d5:86:d7:cb:d0:66:c5:fc:38:f8:bb:4d:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  9 20:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5463845f289d84afc2e969e1870a535a8a0cc9c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:69:4a:4c:a7:1a:68:ab:74:53:98:41:67:3a:
                    a4:f1:67:5c:83:1f:98:78:ca:75:63:40:8c:ae:46:
                    8a:12:50:8b:0b:cd:ad:5e:3f:03:da:3f:32:a2:05:
                    c7:93:42:95:04:46:a7:a5:04:ff:33:79:5c:56:f8:
                    71:7b:69:3b:72:00:38:03:bc:59:74:8c:7f:18:8f:
                    22:41:cf:d0:6f:30:79:d2:79:aa:73:76:fa:3f:e7:
                    d6:b0:92:cc:ca:48:bc:92:e4:05:e1:2b:88:d4:18:
                    7e:e5:5a:54:76:a0:ab:ff:11:49:b1:3e:5e:ba:7b:
                    ca:6a:be:1c:72:1b:51:aa:82:62:25:b7:0a:42:25:
                    c2:a5:3e:3d:f0:58:c1:7a:e1:62:30:38:0a:6b:5b:
                    e7:70:14:7a:28:ae:04:3b:eb:1a:58:22:1f:4d:30:
                    d2:2e:5b:73:2f:76:09:3f:e2:12:5d:ad:16:52:e6:
                    b6:7f:6e:5d:b7:88:fc:f0:a0:be:a0:41:3d:e3:69:
                    56:20:8e:09:bb:79:17:8d:83:fc:a4:79:a6:f3:5d:
                    c0:82:d5:d9:ef:c8:85:b4:b9:b4:a3:76:5b:10:65:
                    65:84:aa:89:5e:76:d6:c5:fe:07:02:a4:6f:02:75:
                    2b:34:00:88:ee:b5:5f:00:3a:03:1d:15:13:5e:10:
                    51:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:63:84:5F:28:9D:84:AF:C2:E9:69:E1:87:0A:53:5A:8A:0C:C9:C0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VGOEXyidhK_C6WnhhwpTWooMycA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c8:ad:06:ef:26:4a:b1:80:b6:05:ec:44:18:7f:3c:1b:5c:
         53:0a:26:44:2d:97:ad:98:d9:a6:ef:00:7c:ae:d6:e0:07:b9:
         43:bb:6c:d5:86:31:1c:25:e5:d7:31:f9:2b:b7:e6:70:8a:a1:
         8a:95:be:cd:af:c8:50:ee:49:e5:60:d1:6c:29:7e:a0:bc:6d:
         1c:b7:41:4e:d5:a5:0c:94:fb:4f:19:97:df:4e:27:df:6c:1b:
         b2:00:99:56:04:7f:5c:66:3b:c4:41:14:35:9d:68:38:dc:94:
         0d:f7:59:35:40:40:f4:b2:c3:da:26:c0:35:31:a5:de:6f:28:
         6e:9a:a1:a9:09:8e:45:48:e4:43:9a:ad:27:e6:dc:19:8e:e1:
         ad:7c:08:23:81:08:0b:5d:fa:fd:53:d5:e7:b8:1d:58:c6:96:
         73:6f:0c:65:4d:2c:5d:2d:92:ee:40:92:29:7f:aa:6e:04:b8:
         f2:ce:54:22:98:6c:b6:22:d2:db:87:61:1e:b3:ce:43:2d:73:
         27:0a:fb:0b:d2:54:f2:b8:72:06:4f:22:de:a0:2c:f5:07:93:
         8b:00:95:7d:b5:bf:fb:32:31:72:eb:4a:45:fb:9c:dc:e9:97:
         ba:50:b6:41:7d:72:5e:48:57:f0:c7:de:8a:0e:cd:da:7d:82:
         8f:ba:98:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa20ePVhtfL0GbF/Dj4u02fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA5MjA1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDYzODQ1ZjI4OWQ4NGFmYzJlOTY5ZTE4NzBhNTM1YThhMGNjOWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGlKTKcaaKt0U5hBZzqk8Wdcgx+Y
eMp1Y0CMrkaKElCLC82tXj8D2j8yogXHk0KVBEanpQT/M3lcVvhxe2k7cgA4A7xZ
dIx/GI8iQc/QbzB50nmqc3b6P+fWsJLMyki8kuQF4SuI1Bh+5VpUdqCr/xFJsT5e
unvKar4cchtRqoJiJbcKQiXCpT498FjBeuFiMDgKa1vncBR6KK4EO+saWCIfTTDS
LltzL3YJP+ISXa0WUua2f25dt4j88KC+oEE942lWII4Ju3kXjYP8pHmm813AgtXZ
78iFtLm0o3ZbEGVlhKqJXnbWxf4HAqRvAnUrNACI7rVfADoDHRUTXhBRqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRjhF8onYSvwulp4YcKU1qKDMnAMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVkdPRVh5aWRoS19DNlduaGh3cFRXb29NeWNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI6MA0G
CSqGSIb3DQEBCwUAA4IBAQA4yK0G7yZKsYC2BexEGH88G1xTCiZELZetmNmm7wB8
rtbgB7lDu2zVhjEcJeXXMfkrt+ZwiqGKlb7Nr8hQ7knlYNFsKX6gvG0ct0FO1aUM
lPtPGZffTiffbBuyAJlWBH9cZjvEQRQ1nWg43JQN91k1QED0ssPaJsA1MaXebyhu
mqGpCY5FSORDmq0n5twZjuGtfAgjgQgLXfr9U9XnuB1YxpZzbwxlTSxdLZLuQJIp
f6puBLjyzlQimGy2ItLbh2Ees85DLXMnCvsL0lTyuHIGTyLeoCz1B5OLAJV9tb/7
MjFy60pF+5zc6Ze6ULZBfXJeSFfwx96KDs3afYKPupie
-----END CERTIFICATE-----