Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/VEo4SXU7tjxv0jP1hR9njZ8GLvI.roa
File:                     VEo4SXU7tjxv0jP1hR9njZ8GLvI.roa (raw, json)
Hash identifier:          jBnMHljrajiAD5EUAba59gzGHJdBiltCelYFBlL4rEU=
Subject key identifier:   54:4A:38:49:75:3B:B6:3C:6F:D2:33:F5:85:1F:67:8D:9F:06:2E:F2
Certificate issuer:       /CN=9d4303a0a999d8118bbc7e96ad38efbb14496ea2
Certificate serial:       018CCA999B9621328516125FBFA19E48C7FE
Authority key identifier: 9D:43:03:A0:A9:99:D8:11:8B:BC:7E:96:AD:38:EF:BB:14:49:6E:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/VEo4SXU7tjxv0jP1hR9njZ8GLvI.roa
Signing time:             Tue 02 Jan 2024 14:35:13 +0000
ROA not before:           Tue 02 Jan 2024 14:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212401
IP address blocks:        185.209.241.0/24 maxlen: 24
                          2a10:ee00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:9b:96:21:32:85:16:12:5f:bf:a1:9e:48:c7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d4303a0a999d8118bbc7e96ad38efbb14496ea2
        Validity
            Not Before: Jan  2 14:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=544a3849753bb63c6fd233f5851f678d9f062ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f5:71:6c:aa:ea:b5:34:b6:de:c8:e3:dd:f4:
                    16:b0:bb:68:96:5c:30:54:0a:85:71:89:dd:06:4b:
                    88:12:99:ba:9a:fd:7c:d4:02:8c:7c:b7:40:67:e4:
                    d4:d0:25:b8:80:25:0c:fb:42:61:19:fe:03:85:b6:
                    63:db:05:38:28:45:69:1f:c3:2d:a6:33:15:c8:12:
                    4b:c7:ed:e1:6c:67:7b:e4:c0:f3:0e:35:5c:9f:d0:
                    94:22:46:73:0e:17:07:35:29:ea:aa:b5:47:c0:a6:
                    2e:4e:27:0b:c5:6e:e8:2f:f5:1e:3c:8c:93:60:ed:
                    09:fa:1e:6d:ef:e2:54:dc:6e:4a:f2:f0:ac:aa:17:
                    8e:98:c2:e6:27:38:88:35:d2:7c:26:c1:f0:31:fe:
                    20:af:c3:c8:95:53:1d:8d:d0:8e:7d:ae:36:ca:51:
                    f4:1b:32:ca:4b:69:af:35:85:05:36:ec:c8:c2:30:
                    a3:a4:76:a1:ee:2a:d8:0f:d6:94:24:29:c9:4c:c1:
                    81:61:5c:e8:06:d4:7c:87:bc:be:39:8e:11:aa:f5:
                    4d:0e:3e:c2:27:7c:9c:05:ff:c7:77:29:8a:b1:d5:
                    9d:49:7c:ef:a2:66:df:66:d1:da:21:6f:62:7a:42:
                    ad:8b:7f:8a:68:50:aa:78:92:72:f5:79:4c:0f:3a:
                    fe:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:4A:38:49:75:3B:B6:3C:6F:D2:33:F5:85:1F:67:8D:9F:06:2E:F2
            X509v3 Authority Key Identifier:
                keyid:9D:43:03:A0:A9:99:D8:11:8B:BC:7E:96:AD:38:EF:BB:14:49:6E:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/VEo4SXU7tjxv0jP1hR9njZ8GLvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/bd9e02-c424-4e14-aab7-39461aaa5be7/1/nUMDoKmZ2BGLvH6WrTjvuxRJbqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.241.0/24
                IPv6:
                  2a10:ee00::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:42:a6:85:0a:fa:3e:93:37:5a:96:14:12:58:e2:f2:75:ee:
         57:5d:24:7d:0a:55:80:7b:04:28:52:c0:cf:b6:4f:68:bf:ae:
         0f:18:74:fe:2d:3a:a9:3c:b2:34:9d:0c:7d:be:8c:e9:5d:74:
         82:75:86:44:62:db:e7:b0:73:64:0a:61:50:ef:4b:df:ff:ea:
         a6:ad:ba:85:14:de:25:75:8c:87:14:e8:53:ac:34:31:29:fd:
         35:3c:e4:e2:a4:24:a9:1a:32:f8:40:7b:fb:2c:31:c3:ef:ba:
         06:49:4e:2e:54:4d:80:f5:a4:c4:58:85:3b:bd:88:a6:38:79:
         95:96:5b:18:ad:a7:8d:2b:5a:fc:37:a4:79:23:88:8a:8d:ab:
         fc:d2:6a:eb:60:d2:05:3d:ba:80:1d:43:5b:94:39:7f:c9:31:
         92:71:95:46:19:49:95:9f:e3:8a:80:93:5d:65:f6:4f:31:cd:
         c3:ab:66:bc:7f:2e:e6:dd:f5:3b:fc:a3:22:f6:3d:2d:d4:c0:
         81:b5:9a:4a:2d:51:60:67:44:d8:b3:ee:ab:e0:5a:de:2a:fc:
         f5:01:65:ae:2e:ff:93:11:0b:4d:b3:cf:60:22:e5:fc:e4:ab:
         1f:c4:df:40:bb:f4:8b:6b:bf:32:f7:cd:36:b5:9a:61:f5:03:
         77:92:f2:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmZuWITKFFhJfv6GeSMf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNDMwM2EwYTk5OWQ4MTE4YmJjN2U5NmFkMzhlZmJiMTQ0
OTZlYTIwHhcNMjQwMTAyMTQzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDRhMzg0OTc1M2JiNjNjNmZkMjMzZjU4NTFmNjc4ZDlmMDYyZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPVxbKrqtTS23sjj3fQWsLtollww
VAqFcYndBkuIEpm6mv181AKMfLdAZ+TU0CW4gCUM+0JhGf4DhbZj2wU4KEVpH8Mt
pjMVyBJLx+3hbGd75MDzDjVcn9CUIkZzDhcHNSnqqrVHwKYuTicLxW7oL/UePIyT
YO0J+h5t7+JU3G5K8vCsqheOmMLmJziINdJ8JsHwMf4gr8PIlVMdjdCOfa42ylH0
GzLKS2mvNYUFNuzIwjCjpHah7irYD9aUJCnJTMGBYVzoBtR8h7y+OY4RqvVNDj7C
J3ycBf/HdymKsdWdSXzvombfZtHaIW9iekKti3+KaFCqeJJy9XlMDzr+EwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFRKOEl1O7Y8b9Iz9YUfZ42fBi7yMB8GA1UdIwQY
MBaAFJ1DA6CpmdgRi7x+lq0477sUSW6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblVNRG9LbVoyQkdMdkg2V3JUanZ1eFJKYnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9iZDllMDItYzQyNC00ZTE0LWFhYjct
Mzk0NjFhYWE1YmU3LzEvVkVvNFNYVTd0anh2MGpQMWhSOW5qWjhHTHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9iZDllMDItYzQyNC00ZTE0LWFhYjctMzk0NjFhYWE1YmU3
LzEvblVNRG9LbVoyQkdMdkg2V3JUanZ1eFJKYnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudHxMA0E
AgACMAcDBQAqEO4AMA0GCSqGSIb3DQEBCwUAA4IBAQARQqaFCvo+kzdalhQSWOLy
de5XXSR9ClWAewQoUsDPtk9ov64PGHT+LTqpPLI0nQx9vozpXXSCdYZEYtvnsHNk
CmFQ70vf/+qmrbqFFN4ldYyHFOhTrDQxKf01POTipCSpGjL4QHv7LDHD77oGSU4u
VE2A9aTEWIU7vYimOHmVllsYraeNK1r8N6R5I4iKjav80mrrYNIFPbqAHUNblDl/
yTGScZVGGUmVn+OKgJNdZfZPMc3Dq2a8fy7m3fU7/KMi9j0t1MCBtZpKLVFgZ0TY
s+6r4FreKvz1AWWuLv+TEQtNs89gIuX85KsfxN9Au/SLa78y9802tZph9QN3kvJh
-----END CERTIFICATE-----