Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/vJgUDRT0VJUzHUHFN97iiU3TDkA.roa
File:                     vJgUDRT0VJUzHUHFN97iiU3TDkA.roa (raw, json)
Hash identifier:          vTKHHBju4vil66F96TciXhxcZaHfO/s7BZAkwR4IJUQ=
Subject key identifier:   BC:98:14:0D:14:F4:54:95:33:1D:41:C5:37:DE:E2:89:4D:D3:0E:40
Certificate issuer:       /CN=07aef190f44bfc1db0c50f1a73fdf017081afe16
Certificate serial:       018CC725A8972E73C9BB8E892BC522994188
Authority key identifier: 07:AE:F1:90:F4:4B:FC:1D:B0:C5:0F:1A:73:FD:F0:17:08:1A:FE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B67xkPRL_B2wxQ8ac_3wFwga_hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/vJgUDRT0VJUzHUHFN97iiU3TDkA.roa
Signing time:             Mon 01 Jan 2024 22:29:43 +0000
ROA not before:           Mon 01 Jan 2024 22:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211018
IP address blocks:        194.99.159.0/24 maxlen: 24
                          2a11:8e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/B67xkPRL_B2wxQ8ac_3wFwga_hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/B67xkPRL_B2wxQ8ac_3wFwga_hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B67xkPRL_B2wxQ8ac_3wFwga_hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a8:97:2e:73:c9:bb:8e:89:2b:c5:22:99:41:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07aef190f44bfc1db0c50f1a73fdf017081afe16
        Validity
            Not Before: Jan  1 22:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc98140d14f45495331d41c537dee2894dd30e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5d:12:cf:af:e1:ee:15:82:c2:89:f4:f8:ab:
                    c9:f8:07:34:67:df:fe:b4:4b:7f:58:b2:f5:de:99:
                    fe:27:c1:83:73:15:f2:da:f7:55:8b:7d:41:e9:5a:
                    50:4f:e5:dd:a9:22:1a:1c:7f:8f:d1:78:b5:b9:cc:
                    0e:bd:71:6b:07:31:95:b2:5b:cf:1f:03:49:b9:1a:
                    6e:5b:28:91:fb:d7:a7:93:3f:3e:12:53:fb:08:3a:
                    dd:54:4b:87:81:f5:e2:09:90:8c:82:13:36:6c:da:
                    3f:c8:37:ac:f9:99:98:bc:4e:f2:0b:ae:51:ef:60:
                    3f:c8:5a:60:53:9b:71:1b:95:d2:70:36:60:b4:9d:
                    7f:38:44:34:0f:f7:df:7c:bd:51:ab:64:8c:63:63:
                    24:73:c5:a6:7a:78:a9:32:78:4c:88:c9:42:59:cb:
                    a9:97:c9:b5:00:da:a3:d3:db:93:76:10:5f:4e:f1:
                    35:60:75:de:07:80:c0:73:12:60:f9:81:c2:ce:71:
                    9a:d4:68:f3:3d:ee:7d:22:7d:18:ba:d5:d2:27:eb:
                    a8:93:ad:30:4b:26:eb:4a:a8:33:d3:7c:11:2c:ef:
                    b2:2b:3a:af:d9:ca:66:ff:0d:3b:ce:15:43:5b:be:
                    64:88:68:c3:ea:55:f0:00:e8:3c:02:5b:29:1a:50:
                    90:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:98:14:0D:14:F4:54:95:33:1D:41:C5:37:DE:E2:89:4D:D3:0E:40
            X509v3 Authority Key Identifier:
                keyid:07:AE:F1:90:F4:4B:FC:1D:B0:C5:0F:1A:73:FD:F0:17:08:1A:FE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B67xkPRL_B2wxQ8ac_3wFwga_hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/vJgUDRT0VJUzHUHFN97iiU3TDkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d69525-7cfb-47c8-9c4f-ef4458ea20cd/1/B67xkPRL_B2wxQ8ac_3wFwga_hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.159.0/24
                IPv6:
                  2a11:8e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:20:8f:8a:9c:e9:9e:d4:cd:da:68:4b:da:39:3d:e2:79:35:
         98:ce:a0:cd:a4:b1:f7:19:5b:2a:4d:90:58:5b:98:fd:e5:29:
         d5:ed:2c:cf:83:b4:41:3e:ff:56:22:f8:a5:ae:a5:04:16:0a:
         03:d8:de:b1:41:79:61:f4:14:7d:50:59:9b:5b:0a:91:b5:83:
         c3:4f:f6:d3:50:eb:1a:cd:15:d1:b6:41:7c:33:42:31:58:b8:
         71:04:18:50:19:d7:89:3f:c3:09:0c:40:c0:c8:d8:75:15:16:
         fd:af:8d:b7:a3:8a:b1:e0:f6:84:10:e6:35:ff:d8:26:1b:6d:
         7c:fe:3e:ec:1b:2d:dc:d9:e8:fe:c3:f7:d3:46:62:f7:9b:73:
         5d:52:f6:bc:de:3d:31:e5:9f:ef:cf:34:c3:1d:46:6d:22:f6:
         39:a4:ea:0d:00:ba:f8:1c:9e:3f:87:2a:89:02:e2:e3:a3:0b:
         af:57:1b:06:c2:94:20:de:33:f3:76:73:a4:21:8c:b8:4f:35:
         80:23:6a:ad:2d:02:48:3e:b1:eb:e1:2b:e8:0d:41:89:7d:27:
         62:04:9f:3c:15:06:80:c2:ef:49:7e:39:57:b6:5c:57:d3:65:
         4d:76:74:d2:12:fc:5c:8f:a2:02:24:37:3e:46:01:ee:90:30:
         fd:ec:1c:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJaiXLnPJu46JK8UimUGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWVmMTkwZjQ0YmZjMWRiMGM1MGYxYTczZmRmMDE3MDgx
YWZlMTYwHhcNMjQwMTAxMjIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzk4MTQwZDE0ZjQ1NDk1MzMxZDQxYzUzN2RlZTI4OTRkZDMwZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjl0Sz6/h7hWCwon0+KvJ+Ac0Z9/+
tEt/WLL13pn+J8GDcxXy2vdVi31B6VpQT+XdqSIaHH+P0Xi1ucwOvXFrBzGVslvP
HwNJuRpuWyiR+9enkz8+ElP7CDrdVEuHgfXiCZCMghM2bNo/yDes+ZmYvE7yC65R
72A/yFpgU5txG5XScDZgtJ1/OEQ0D/fffL1Rq2SMY2Mkc8WmenipMnhMiMlCWcup
l8m1ANqj09uTdhBfTvE1YHXeB4DAcxJg+YHCznGa1GjzPe59In0YutXSJ+uok60w
SybrSqgz03wRLO+yKzqv2cpm/w07zhVDW75kiGjD6lXwAOg8AlspGlCQrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLyYFA0U9FSVMx1BxTfe4olN0w5AMB8GA1UdIwQY
MBaAFAeu8ZD0S/wdsMUPGnP98BcIGv4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjY3eGtQUkxfQjJ3eFE4YWNfM3dGd2dhX2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kNjk1MjUtN2NmYi00N2M4LTljNGYt
ZWY0NDU4ZWEyMGNkLzEvdkpnVURSVDBWSlV6SFVIRk45N2lpVTNURGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kNjk1MjUtN2NmYi00N2M4LTljNGYtZWY0NDU4ZWEyMGNk
LzEvQjY3eGtQUkxfQjJ3eFE4YWNfM3dGd2dhX2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmOfMA0E
AgACMAcDBQMqEY4AMA0GCSqGSIb3DQEBCwUAA4IBAQBFII+KnOme1M3aaEvaOT3i
eTWYzqDNpLH3GVsqTZBYW5j95SnV7SzPg7RBPv9WIvilrqUEFgoD2N6xQXlh9BR9
UFmbWwqRtYPDT/bTUOsazRXRtkF8M0IxWLhxBBhQGdeJP8MJDEDAyNh1FRb9r423
o4qx4PaEEOY1/9gmG218/j7sGy3c2ej+w/fTRmL3m3NdUva83j0x5Z/vzzTDHUZt
IvY5pOoNALr4HJ4/hyqJAuLjowuvVxsGwpQg3jPzdnOkIYy4TzWAI2qtLQJIPrHr
4SvoDUGJfSdiBJ88FQaAwu9JfjlXtlxX02VNdnTSEvxcj6ICJDc+RgHukDD97Bwn
-----END CERTIFICATE-----