Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vB7iCzXMCdX6jYiEcEnaqnEdqjQ.roa
File:                     vB7iCzXMCdX6jYiEcEnaqnEdqjQ.roa (raw, json)
Hash identifier:          NwG/ny2Ht2kszQ0PPvieTRXsx/4lBl8X/apD8jNGFTQ=
Subject key identifier:   BC:1E:E2:0B:35:CC:09:D5:FA:8D:88:84:70:49:DA:AA:71:1D:AA:34
Certificate issuer:       /CN=be49fb190f4bd0f5815a8e579f366ad58d5d41f9
Certificate serial:       018CC86F0305D21126FEF7CB85F2B7630127
Authority key identifier: BE:49:FB:19:0F:4B:D0:F5:81:5A:8E:57:9F:36:6A:D5:8D:5D:41:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vB7iCzXMCdX6jYiEcEnaqnEdqjQ.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48101
IP address blocks:        185.244.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:03:05:d2:11:26:fe:f7:cb:85:f2:b7:63:01:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be49fb190f4bd0f5815a8e579f366ad58d5d41f9
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc1ee20b35cc09d5fa8d88847049daaa711daa34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:55:2d:ff:c9:8f:4e:d1:1c:6c:dc:21:4d:fb:
                    b7:ed:78:2a:6d:85:ca:6d:e5:ab:1d:29:c2:ee:7d:
                    5a:40:a9:97:83:10:e9:56:98:73:1c:17:17:dc:52:
                    0c:7c:94:78:7d:4d:72:d7:58:ed:e5:06:4b:de:26:
                    73:40:4a:66:ed:45:21:c6:27:aa:2f:5d:df:ed:f4:
                    da:cf:ee:1d:60:aa:0e:44:e2:e1:68:b2:1b:07:4e:
                    10:17:24:30:cd:6e:5c:39:ba:7c:ca:25:70:a8:ca:
                    ad:0d:37:02:80:f2:f0:5d:d2:73:49:45:9e:d9:d9:
                    75:e8:c2:39:09:41:a6:0e:24:5e:05:b0:d7:ba:91:
                    79:c1:ea:f3:32:4f:84:af:87:4e:79:73:cb:c9:0a:
                    24:09:3f:b3:7c:5e:6f:23:1d:9d:2a:91:a6:85:9d:
                    63:c9:89:fb:70:c3:85:59:d7:c1:f0:73:ba:93:3c:
                    2b:3d:05:b6:7a:84:b8:00:17:e3:b7:f9:2c:f5:aa:
                    8b:5f:7f:c4:65:3e:7e:61:bd:f8:c2:06:03:87:59:
                    75:38:0c:d6:48:b5:b5:11:65:29:60:0b:ac:e8:62:
                    be:85:5b:9b:0b:e3:2e:17:99:38:ac:cc:27:de:01:
                    01:04:e4:5e:70:6f:6c:97:41:c2:77:e8:34:65:19:
                    ef:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:1E:E2:0B:35:CC:09:D5:FA:8D:88:84:70:49:DA:AA:71:1D:AA:34
            X509v3 Authority Key Identifier:
                keyid:BE:49:FB:19:0F:4B:D0:F5:81:5A:8E:57:9F:36:6A:D5:8D:5D:41:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vB7iCzXMCdX6jYiEcEnaqnEdqjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bd0d13-e983-4ff9-b507-5e656f1b4876/1/vkn7GQ9L0PWBWo5XnzZq1Y1dQfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:bd:fb:b2:39:25:a3:c5:77:41:d9:14:7e:f9:32:0c:2c:e9:
         b8:34:70:56:2a:80:c9:47:71:c3:59:4c:d8:3e:9a:9d:c9:11:
         7f:6c:f2:9f:16:03:a6:e2:48:84:68:33:aa:7c:e3:07:b0:76:
         66:88:df:b6:a8:e1:c6:dd:da:fb:1d:58:3f:22:b4:91:82:b7:
         64:46:2e:fa:90:96:d4:6f:a9:7a:4c:82:08:f4:63:61:14:da:
         fe:a8:e4:c8:9c:51:bd:6d:b4:1f:52:16:ee:4a:e4:f0:de:82:
         45:65:00:85:a0:fd:8f:5d:7e:49:34:32:40:a7:23:f5:c6:ef:
         7a:79:f9:05:57:98:28:42:7a:62:6f:76:4e:91:07:52:fa:40:
         8f:17:4b:3e:4e:ef:f0:44:1f:6a:3a:6c:53:e1:d2:32:a4:fb:
         8a:f8:4d:63:81:fb:4d:fc:b7:c4:a1:d5:e0:fb:fc:91:86:e5:
         ec:90:0c:14:0e:96:af:ad:f6:00:9f:2b:42:b6:83:6b:26:9c:
         02:0a:dc:2e:5a:d7:cd:0c:46:12:5d:1f:ac:db:a9:c4:f3:cb:
         4d:6f:a9:13:74:bd:ef:08:3f:0a:e2:02:d8:ae:8f:1b:e3:f1:
         f7:db:3c:6f:a6:3c:58:3d:4a:5b:7e:5a:3e:a2:c2:bc:03:72:
         d4:90:6c:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwMF0hEm/vfLhfK3YwEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDlmYjE5MGY0YmQwZjU4MTVhOGU1NzlmMzY2YWQ1OGQ1
ZDQxZjkwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzFlZTIwYjM1Y2MwOWQ1ZmE4ZDg4ODQ3MDQ5ZGFhYTcxMWRhYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVUt/8mPTtEcbNwhTfu37XgqbYXK
beWrHSnC7n1aQKmXgxDpVphzHBcX3FIMfJR4fU1y11jt5QZL3iZzQEpm7UUhxieq
L13f7fTaz+4dYKoOROLhaLIbB04QFyQwzW5cObp8yiVwqMqtDTcCgPLwXdJzSUWe
2dl16MI5CUGmDiReBbDXupF5werzMk+Er4dOeXPLyQokCT+zfF5vIx2dKpGmhZ1j
yYn7cMOFWdfB8HO6kzwrPQW2eoS4ABfjt/ks9aqLX3/EZT5+Yb34wgYDh1l1OAzW
SLW1EWUpYAus6GK+hVubC+MuF5k4rMwn3gEBBORecG9sl0HCd+g0ZRnvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwe4gs1zAnV+o2IhHBJ2qpxHao0MB8GA1UdIwQY
MBaAFL5J+xkPS9D1gVqOV582atWNXUH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtuN0dROUwwUFdCV281WG56WnExWTFkUWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZDBkMTMtZTk4My00ZmY5LWI1MDct
NWU2NTZmMWI0ODc2LzEvdkI3aUN6WE1DZFg2allpRWNFbmFxbkVkcWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZDBkMTMtZTk4My00ZmY5LWI1MDctNWU2NTZmMWI0ODc2
LzEvdmtuN0dROUwwUFdCV281WG56WnExWTFkUWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufT6MA0G
CSqGSIb3DQEBCwUAA4IBAQBlvfuyOSWjxXdB2RR++TIMLOm4NHBWKoDJR3HDWUzY
PpqdyRF/bPKfFgOm4kiEaDOqfOMHsHZmiN+2qOHG3dr7HVg/IrSRgrdkRi76kJbU
b6l6TIII9GNhFNr+qOTInFG9bbQfUhbuSuTw3oJFZQCFoP2PXX5JNDJApyP1xu96
efkFV5goQnpib3ZOkQdS+kCPF0s+Tu/wRB9qOmxT4dIypPuK+E1jgftN/LfEodXg
+/yRhuXskAwUDpavrfYAnytCtoNrJpwCCtwuWtfNDEYSXR+s26nE88tNb6kTdL3v
CD8K4gLYro8b4/H32zxvpjxYPUpbflo+osK8A3LUkGxh
-----END CERTIFICATE-----