Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/vjG9keOZ_S4p4cOeH4oVy4zTqTw.roa
File:                     vjG9keOZ_S4p4cOeH4oVy4zTqTw.roa (raw, json)
Hash identifier:          hFBl8xfvuZQQ6qSd/nOf+H0QRt9ZZBIv+1He+4RDR7w=
Subject key identifier:   BE:31:BD:91:E3:99:FD:2E:29:E1:C3:9E:1F:8A:15:CB:8C:D3:A9:3C
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018EA509FE1C191DE55B49C75DC3C111D7EA
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/vjG9keOZ_S4p4cOeH4oVy4zTqTw.roa
Signing time:             Wed 03 Apr 2024 17:37:59 +0000
ROA not before:           Wed 03 Apr 2024 17:37:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        79.99.150.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:09:fe:1c:19:1d:e5:5b:49:c7:5d:c3:c1:11:d7:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Apr  3 17:37:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be31bd91e399fd2e29e1c39e1f8a15cb8cd3a93c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d0:45:d2:0f:53:74:ba:61:60:98:2a:ca:49:
                    3e:f2:c2:20:37:95:0b:57:0d:f5:d8:5f:1c:bc:d9:
                    b7:c2:ba:66:20:0c:13:ba:61:7d:d3:53:5d:7c:b3:
                    05:d7:90:50:e4:55:19:9c:8f:0f:4b:b4:e8:40:87:
                    b5:5e:b3:4c:85:d8:fc:6e:36:f2:17:64:f2:3d:a3:
                    ef:62:9c:cd:8a:91:4c:93:78:5b:2d:aa:6b:bc:19:
                    b8:eb:49:20:55:0c:cc:13:80:99:4f:da:0f:42:c5:
                    ff:89:65:15:ad:0d:e8:47:4a:23:4a:cc:c9:c1:f6:
                    b8:89:6d:3b:bf:69:5d:4f:87:28:70:1c:ce:f4:8e:
                    e4:69:e5:36:ac:dd:64:cc:a6:b6:30:76:39:20:b3:
                    1f:a4:c0:6b:35:f7:a4:1b:80:07:b2:2b:80:ef:8b:
                    ad:b0:fe:29:57:7d:36:8e:2a:cb:9d:79:3b:91:38:
                    75:43:f8:b2:2a:54:af:11:1d:91:67:60:34:ed:8a:
                    14:89:12:78:71:3f:bf:97:be:7c:ac:8c:c6:ee:ac:
                    fd:61:9b:a3:11:b3:a5:53:f7:f2:89:f5:82:a5:4f:
                    2e:f4:39:96:da:4f:68:6c:cb:d5:c6:f5:dc:1e:ef:
                    75:83:55:17:ec:2a:47:5f:d9:7e:44:6d:b1:46:73:
                    6a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:31:BD:91:E3:99:FD:2E:29:E1:C3:9E:1F:8A:15:CB:8C:D3:A9:3C
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/vjG9keOZ_S4p4cOeH4oVy4zTqTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:7a:63:28:bd:8e:7b:ba:ce:7d:54:19:f7:8f:43:f7:9a:a6:
         7c:39:b5:46:2b:c4:25:cc:3e:9d:88:53:39:3a:12:31:f2:f3:
         c8:bf:60:42:19:be:60:5f:63:7e:6a:fa:e7:fe:d9:9f:4c:0d:
         1e:dd:72:f6:4d:a4:3b:47:0f:14:0c:bf:d2:26:ed:0c:ac:d1:
         f2:6a:04:5d:ac:92:28:f5:0e:0e:03:a7:9c:ae:2a:b9:14:de:
         2f:c4:82:9b:fe:44:42:30:8b:19:5e:ab:4d:0e:13:56:7c:0f:
         16:36:5a:25:bd:11:19:5c:49:b7:ba:98:25:4b:1a:b2:f8:2c:
         69:eb:14:42:36:f7:7f:03:f4:01:71:10:6c:a4:f3:b7:70:b9:
         dd:d5:85:2f:0b:cf:94:12:c0:39:8d:53:ae:f6:55:d1:e0:84:
         f1:f3:45:1f:35:44:14:4d:cb:ba:07:78:cc:6a:c8:bb:20:ac:
         9e:14:df:4c:9a:e9:d7:eb:92:04:df:7d:c2:bd:d6:38:f5:49:
         d6:95:c7:3f:e4:ee:92:68:28:1b:47:1f:ac:68:e1:01:f0:bc:
         f7:3f:2d:ad:75:6b:87:74:ae:3c:fb:35:1e:51:77:59:e5:46:
         3d:ad:20:0f:f2:1a:02:a4:48:a7:77:9e:10:38:dc:e3:8a:ba:
         52:be:94:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6lCf4cGR3lW0nHXcPBEdfqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwNDAzMTczNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTMxYmQ5MWUzOTlmZDJlMjllMWMzOWUxZjhhMTVjYjhjZDNhOTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntBF0g9TdLphYJgqykk+8sIgN5UL
Vw312F8cvNm3wrpmIAwTumF901NdfLMF15BQ5FUZnI8PS7ToQIe1XrNMhdj8bjby
F2TyPaPvYpzNipFMk3hbLaprvBm460kgVQzME4CZT9oPQsX/iWUVrQ3oR0ojSszJ
wfa4iW07v2ldT4cocBzO9I7kaeU2rN1kzKa2MHY5ILMfpMBrNfekG4AHsiuA74ut
sP4pV302jirLnXk7kTh1Q/iyKlSvER2RZ2A07YoUiRJ4cT+/l758rIzG7qz9YZuj
EbOlU/fyifWCpU8u9DmW2k9obMvVxvXcHu91g1UX7CpHX9l+RG2xRnNqqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4xvZHjmf0uKeHDnh+KFcuM06k8MB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvdmpHOWtlT1pfUzRwNGNPZUg0b1Z5NHpUcVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBT2OWMA0G
CSqGSIb3DQEBCwUAA4IBAQBlemMovY57us59VBn3j0P3mqZ8ObVGK8QlzD6diFM5
OhIx8vPIv2BCGb5gX2N+avrn/tmfTA0e3XL2TaQ7Rw8UDL/SJu0MrNHyagRdrJIo
9Q4OA6ecriq5FN4vxIKb/kRCMIsZXqtNDhNWfA8WNlolvREZXEm3upglSxqy+Cxp
6xRCNvd/A/QBcRBspPO3cLnd1YUvC8+UEsA5jVOu9lXR4ITx80UfNUQUTcu6B3jM
asi7IKyeFN9MmunX65IE333CvdY49UnWlcc/5O6SaCgbRx+saOEB8Lz3Py2tdWuH
dK48+zUeUXdZ5UY9rSAP8hoCpEind54QONzjirpSvpQl
-----END CERTIFICATE-----