Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/vodviye7DghFC7PEVvxhiiSr3yI.roa
File:                     vodviye7DghFC7PEVvxhiiSr3yI.roa (raw, json)
Hash identifier:          DSIMmcgYhcABqyr6ieteyLGQUsUpKr6LKoAuCG60/rg=
Subject key identifier:   BE:87:6F:8B:27:BB:0E:08:45:0B:B3:C4:56:FC:61:8A:24:AB:DF:22
Certificate issuer:       /CN=473f498592457859f26fb5a610b7b51ef52413f3
Certificate serial:       018CC3B71AB272CA3F5C0A71FBD67D39777A
Authority key identifier: 47:3F:49:85:92:45:78:59:F2:6F:B5:A6:10:B7:B5:1E:F5:24:13:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rz9JhZJFeFnyb7WmELe1HvUkE_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/vodviye7DghFC7PEVvxhiiSr3yI.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41077
IP address blocks:        194.140.227.0/24 maxlen: 24
                          193.104.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/Rz9JhZJFeFnyb7WmELe1HvUkE_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/Rz9JhZJFeFnyb7WmELe1HvUkE_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rz9JhZJFeFnyb7WmELe1HvUkE_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1a:b2:72:ca:3f:5c:0a:71:fb:d6:7d:39:77:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473f498592457859f26fb5a610b7b51ef52413f3
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be876f8b27bb0e08450bb3c456fc618a24abdf22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:58:75:29:1c:b8:64:e9:0e:ba:af:43:66:7f:
                    f0:05:f7:b0:5b:ed:d5:91:86:13:e5:e7:02:28:cb:
                    2c:54:df:31:bf:75:26:4e:b6:ce:55:b2:b9:8a:ad:
                    33:89:3a:82:ef:a5:b7:f7:59:13:00:ad:6e:c6:a1:
                    d9:3b:2b:6c:2f:ca:0d:cc:14:7c:de:19:cb:e3:3f:
                    07:31:20:a8:c3:91:1b:75:fd:53:0d:c2:ca:b1:15:
                    d7:2c:c3:d8:49:a1:fb:99:9b:55:0f:fd:d0:57:45:
                    f3:0f:95:9e:bf:9b:a2:d5:1a:a8:bf:c9:65:05:3f:
                    e1:4f:70:73:ac:fe:ac:4b:64:a4:9c:d0:24:38:70:
                    6c:2d:2b:7d:b9:25:7f:d6:34:d5:1d:b6:ca:44:bf:
                    6e:9b:38:f3:ef:47:62:f2:04:6a:1a:38:2f:c5:2c:
                    13:af:56:ba:9c:21:ce:70:67:99:98:03:66:50:d5:
                    27:b0:20:f0:71:b4:23:ad:f8:cd:33:a4:a0:ba:9c:
                    89:8d:41:5c:40:af:d8:1b:ea:00:2a:f8:0e:79:68:
                    7a:2c:f0:ec:84:5d:51:e6:c3:6d:09:fe:bf:f8:18:
                    2a:95:3a:3a:58:c8:35:29:ad:78:ee:0a:19:d2:a2:
                    16:b5:25:13:db:85:c3:72:55:92:ad:ec:c4:31:4e:
                    63:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:87:6F:8B:27:BB:0E:08:45:0B:B3:C4:56:FC:61:8A:24:AB:DF:22
            X509v3 Authority Key Identifier:
                keyid:47:3F:49:85:92:45:78:59:F2:6F:B5:A6:10:B7:B5:1E:F5:24:13:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rz9JhZJFeFnyb7WmELe1HvUkE_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/vodviye7DghFC7PEVvxhiiSr3yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/428237-efd7-4726-90ca-f8f492af480e/1/Rz9JhZJFeFnyb7WmELe1HvUkE_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.109.0/24
                  194.140.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:a0:75:8b:93:a2:86:fb:51:8a:69:dc:7d:81:3a:32:98:91:
         02:d6:55:95:41:d0:55:1d:70:78:b3:89:79:90:35:ba:f3:7c:
         d6:99:6b:fc:b9:7e:6b:d8:76:24:40:86:32:f6:62:31:4d:71:
         79:82:ad:90:4e:59:0d:38:2d:26:9b:ff:12:c8:5e:cf:e1:98:
         47:ae:a2:99:e1:86:3b:43:a5:ef:b1:54:4c:79:d7:d3:a8:93:
         c7:b8:6b:17:bb:cf:95:12:61:44:96:47:ff:3b:e4:aa:8d:d5:
         91:2f:b0:3a:aa:b1:15:a3:fb:60:72:88:0a:06:2f:9b:88:59:
         3b:10:3e:56:84:df:c8:b3:3a:f0:ea:a8:55:c5:1a:8f:46:22:
         9a:df:16:eb:33:a5:ed:b0:c8:6a:9e:63:f7:b9:ed:b4:e1:37:
         b9:2c:85:e7:9a:b8:06:a4:48:06:69:c1:86:2d:e9:39:9d:82:
         8e:9b:8a:82:3a:b6:df:15:40:5b:59:c6:b0:3c:5a:db:42:f5:
         4c:f0:2b:38:1e:94:e5:5f:f5:94:72:5a:1f:68:0e:d5:cc:30:
         ad:d0:68:85:5e:39:a0:6b:74:1a:41:26:74:7b:43:f6:18:e3:
         1e:e0:f0:5b:86:88:dc:95:f8:d7:2c:d8:da:21:46:6e:9b:6e:
         3b:27:fb:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtxqycso/XApx+9Z9OXd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3M2Y0OTg1OTI0NTc4NTlmMjZmYjVhNjEwYjdiNTFlZjUy
NDEzZjMwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg3NmY4YjI3YmIwZTA4NDUwYmIzYzQ1NmZjNjE4YTI0YWJkZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVh1KRy4ZOkOuq9DZn/wBfewW+3V
kYYT5ecCKMssVN8xv3UmTrbOVbK5iq0ziTqC76W391kTAK1uxqHZOytsL8oNzBR8
3hnL4z8HMSCow5Ebdf1TDcLKsRXXLMPYSaH7mZtVD/3QV0XzD5Wev5ui1Rqov8ll
BT/hT3BzrP6sS2SknNAkOHBsLSt9uSV/1jTVHbbKRL9umzjz70di8gRqGjgvxSwT
r1a6nCHOcGeZmANmUNUnsCDwcbQjrfjNM6SgupyJjUFcQK/YG+oAKvgOeWh6LPDs
hF1R5sNtCf6/+BgqlTo6WMg1Ka147goZ0qIWtSUT24XDclWSrezEMU5jtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL6Hb4snuw4IRQuzxFb8YYokq98iMB8GA1UdIwQY
MBaAFEc/SYWSRXhZ8m+1phC3tR71JBPzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUno5SmhaSkZlRm55YjdXbUVMZTFIdlVrRV9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MjgyMzctZWZkNy00NzI2LTkwY2Et
ZjhmNDkyYWY0ODBlLzEvdm9kdml5ZTdEZ2hGQzdQRVZ2eGhpaVNyM3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MjgyMzctZWZkNy00NzI2LTkwY2EtZjhmNDkyYWY0ODBl
LzEvUno5SmhaSkZlRm55YjdXbUVMZTFIdlVrRV9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWhtAwQA
wozjMA0GCSqGSIb3DQEBCwUAA4IBAQAUoHWLk6KG+1GKadx9gToymJEC1lWVQdBV
HXB4s4l5kDW683zWmWv8uX5r2HYkQIYy9mIxTXF5gq2QTlkNOC0mm/8SyF7P4ZhH
rqKZ4YY7Q6XvsVRMedfTqJPHuGsXu8+VEmFElkf/O+SqjdWRL7A6qrEVo/tgcogK
Bi+biFk7ED5WhN/Iszrw6qhVxRqPRiKa3xbrM6XtsMhqnmP3ue204Te5LIXnmrgG
pEgGacGGLek5nYKOm4qCOrbfFUBbWcawPFrbQvVM8Cs4HpTlX/WUclofaA7VzDCt
0GiFXjmga3QaQSZ0e0P2GOMe4PBbhojclfjXLNjaIUZum247J/sS
-----END CERTIFICATE-----