Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/vze_7ZF0qDUXFxvy_W7ig197NUw.roa
File:                     vze_7ZF0qDUXFxvy_W7ig197NUw.roa (raw, json)
Hash identifier:          3vfzE8iGKY7yU9JEpgX2jWjfNuoxwohdkmsMjcomNgU=
Subject key identifier:   BF:37:BF:ED:91:74:A8:35:17:17:1B:F2:FD:6E:E2:83:5F:7B:35:4C
Certificate issuer:       /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial:       018CC26D379858A38024C16B2ADF6083C2F9
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/vze_7ZF0qDUXFxvy_W7ig197NUw.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60331
IP address blocks:        89.30.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:37:98:58:a3:80:24:c1:6b:2a:df:60:83:c2:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf37bfed9174a83517171bf2fd6ee2835f7b354c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d5:a8:a1:1f:3d:1b:2f:98:78:8f:ee:f1:8a:
                    74:d0:ec:75:b9:10:16:27:e0:00:f8:0c:c9:42:a9:
                    69:28:00:17:a2:0d:d2:a6:5a:3b:7c:02:fc:c3:ea:
                    28:de:c2:ed:d0:a5:0b:8c:ad:36:a1:a1:20:c6:be:
                    43:21:97:f1:2b:f8:af:0a:c1:25:95:96:ea:29:2c:
                    13:96:5d:1e:2e:aa:a8:46:f1:8a:5c:c6:89:9f:a2:
                    cd:7d:e3:f7:ca:e9:8d:77:21:4e:21:dc:04:e2:1c:
                    ef:b9:18:42:d3:f2:2b:60:6a:99:38:eb:a9:f4:51:
                    39:26:53:ca:da:79:be:ee:8a:02:32:84:49:79:3e:
                    03:6b:1d:89:83:73:54:b6:fb:7e:e9:3a:a4:ee:ee:
                    a8:b8:35:a7:35:af:9d:a2:51:b9:fc:09:d1:de:8e:
                    11:e0:8c:83:34:d1:7f:5a:8b:17:e9:c0:98:5e:23:
                    50:1f:ca:1e:6a:6a:4b:de:17:04:85:c4:a2:33:2f:
                    aa:ca:9e:c6:eb:ae:28:6f:1f:a1:2b:99:94:b5:28:
                    33:63:a2:94:35:8c:7f:12:57:75:2e:dd:e0:e8:2d:
                    ea:c5:6b:48:4a:d1:13:94:31:7b:34:46:6f:af:d2:
                    b9:63:34:a1:70:df:cf:71:de:17:96:82:90:2e:2c:
                    1f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:37:BF:ED:91:74:A8:35:17:17:1B:F2:FD:6E:E2:83:5F:7B:35:4C
            X509v3 Authority Key Identifier:
                keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/vze_7ZF0qDUXFxvy_W7ig197NUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:59:e9:d2:68:a5:53:74:c6:5b:cc:1c:12:4f:89:b6:67:f9:
         91:59:ea:4f:b7:4f:a6:fc:51:a3:6c:03:50:06:f9:4a:75:90:
         c0:06:25:84:40:94:49:fb:ea:f6:fc:d6:d8:45:0a:0a:4d:96:
         60:e5:c1:e9:da:f1:2e:58:b1:d4:3f:e8:86:a3:55:72:32:a4:
         11:cc:c5:56:28:62:84:67:d9:ca:46:a2:de:18:5d:6d:eb:d7:
         0f:a0:b1:e8:fa:bc:3d:04:d0:f3:62:25:06:28:44:51:56:d6:
         27:44:ad:41:69:29:13:c3:0f:f6:3c:c5:4f:4f:88:00:0d:e4:
         e8:01:8a:b4:23:24:b4:76:94:7a:96:ef:c1:a8:5a:2c:b9:bd:
         c6:d7:ed:68:42:c8:14:3f:4a:9e:dc:c2:f4:5f:67:6f:3d:21:
         20:3e:d1:0e:13:1e:f0:6f:f5:e4:96:93:28:74:9f:8b:e5:31:
         cc:2d:0c:63:a2:21:d3:3c:19:4d:ec:f0:fa:4b:21:d9:54:78:
         5b:f3:ed:dc:1f:f0:d8:00:38:9c:42:91:82:af:f4:f5:25:9d:
         7a:7e:92:23:6d:f6:4f:b0:a3:f5:c9:d3:8b:d9:e8:13:75:6a:
         5e:f0:3b:05:b6:1d:51:65:8e:cf:cc:14:c3:38:fd:55:dd:8e:
         23:b9:e5:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTeYWKOAJMFrKt9gg8L5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM3YmZlZDkxNzRhODM1MTcxNzFiZjJmZDZlZTI4MzVmN2IzNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNWooR89Gy+YeI/u8Yp00Ox1uRAW
J+AA+AzJQqlpKAAXog3Splo7fAL8w+oo3sLt0KULjK02oaEgxr5DIZfxK/ivCsEl
lZbqKSwTll0eLqqoRvGKXMaJn6LNfeP3yumNdyFOIdwE4hzvuRhC0/IrYGqZOOup
9FE5JlPK2nm+7ooCMoRJeT4Dax2Jg3NUtvt+6Tqk7u6ouDWnNa+dolG5/AnR3o4R
4IyDNNF/WosX6cCYXiNQH8oeampL3hcEhcSiMy+qyp7G664obx+hK5mUtSgzY6KU
NYx/Eld1Lt3g6C3qxWtIStETlDF7NEZvr9K5YzShcN/Pcd4XloKQLiwfrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL83v+2RdKg1Fxcb8v1u4oNfezVMMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvdnplXzdaRjBxRFVYRnh2eV9XN2lnMTk3TlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWR5qMA0G
CSqGSIb3DQEBCwUAA4IBAQB+WenSaKVTdMZbzBwST4m2Z/mRWepPt0+m/FGjbANQ
BvlKdZDABiWEQJRJ++r2/NbYRQoKTZZg5cHp2vEuWLHUP+iGo1VyMqQRzMVWKGKE
Z9nKRqLeGF1t69cPoLHo+rw9BNDzYiUGKERRVtYnRK1BaSkTww/2PMVPT4gADeTo
AYq0IyS0dpR6lu/BqFosub3G1+1oQsgUP0qe3ML0X2dvPSEgPtEOEx7wb/XklpMo
dJ+L5THMLQxjoiHTPBlN7PD6SyHZVHhb8+3cH/DYADicQpGCr/T1JZ16fpIjbfZP
sKP1ydOL2egTdWpe8DsFth1RZY7PzBTDOP1V3Y4jueU/
-----END CERTIFICATE-----