Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/mVdr4KX_yK7uOE1nGcKak_KvI3Q.roa
File:                     mVdr4KX_yK7uOE1nGcKak_KvI3Q.roa (raw, json)
Hash identifier:          7pbkX0Oq3QL2WgFkU7Y0YbjwxJ5V3IJud6CqdZwxfl4=
Subject key identifier:   99:57:6B:E0:A5:FF:C8:AE:EE:38:4D:67:19:C2:9A:93:F2:AF:23:74
Certificate issuer:       /CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
Certificate serial:       018ECCB34E7A582FBAAB5D5690FB251BCA82
Authority key identifier: B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/mVdr4KX_yK7uOE1nGcKak_KvI3Q.roa
Signing time:             Thu 11 Apr 2024 10:28:06 +0000
ROA not before:           Thu 11 Apr 2024 10:28:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205516
IP address blocks:        82.115.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:b3:4e:7a:58:2f:ba:ab:5d:56:90:fb:25:1b:ca:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
        Validity
            Not Before: Apr 11 10:28:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99576be0a5ffc8aeee384d6719c29a93f2af2374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:f6:bb:d8:d8:41:e4:57:94:2e:d1:8b:0c:
                    0d:d3:7c:9b:a8:19:0e:50:86:16:0c:9b:66:30:ee:
                    a2:cb:64:f4:d2:84:71:87:e9:fc:35:fd:3e:c7:c9:
                    76:af:72:a3:d4:0f:c0:57:00:19:47:e2:df:bb:10:
                    d8:79:e8:83:f5:29:2f:e8:8d:5b:1e:43:df:eb:8f:
                    5e:50:f1:fe:9d:90:a4:c7:f8:60:fd:5e:14:e2:6b:
                    b9:4e:79:34:ba:6a:b3:83:01:fe:0c:bd:9c:4a:0a:
                    06:51:3c:11:9f:f6:90:21:0f:c8:f5:b9:7b:c6:a5:
                    95:13:0d:b3:4c:73:c0:61:73:9a:c0:7b:9e:80:06:
                    5f:42:8e:d1:98:f1:cd:44:bd:7f:84:00:58:fd:cf:
                    ec:6f:6d:8f:69:a3:16:b7:17:db:9d:2d:0b:03:d4:
                    4f:c9:0b:09:ca:28:cb:53:2a:e1:1b:70:cc:f4:25:
                    24:d9:45:d8:20:5f:36:bc:62:52:0e:19:f4:d2:92:
                    28:1b:dd:25:11:70:da:26:d0:9c:b0:71:99:09:e6:
                    3a:da:ae:15:d0:9b:77:d4:fc:22:1b:3c:5d:5a:b0:
                    82:8a:36:2b:33:20:a3:3f:cf:4a:95:2a:f7:74:9d:
                    62:77:45:b6:fc:73:68:f7:50:c8:d4:37:e5:07:b9:
                    fd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:57:6B:E0:A5:FF:C8:AE:EE:38:4D:67:19:C2:9A:93:F2:AF:23:74
            X509v3 Authority Key Identifier:
                keyid:B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/mVdr4KX_yK7uOE1nGcKak_KvI3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ee:60:b3:7e:d5:9f:44:8c:d2:1f:1d:c7:ef:87:be:4f:65:02:
         3d:bc:4c:5f:36:c8:69:25:2a:90:0c:b1:c1:06:92:db:3a:04:
         63:63:27:f0:7d:a7:30:7a:c4:04:77:f9:c0:61:31:80:57:0b:
         14:53:92:bd:d4:ab:a6:cf:7c:79:51:a1:cb:d7:8f:1c:a4:77:
         f9:1a:1e:37:d6:67:5b:72:6e:21:98:9d:a9:11:4a:df:94:09:
         ea:75:d1:a6:44:95:3f:8d:e5:8f:46:7a:77:56:32:63:ac:ad:
         bb:98:25:7d:f7:98:a0:6d:47:bc:56:43:7a:2d:18:03:e6:62:
         0d:64:eb:b8:94:e2:70:f9:93:42:fa:3f:4a:34:01:15:12:fd:
         b0:9e:4f:1b:f1:de:f3:6a:42:47:2d:5f:22:05:12:82:76:f5:
         b9:88:ed:58:b7:c5:be:f7:c6:e1:09:74:a2:bd:5e:0d:94:6a:
         5c:b0:53:95:78:c6:a7:54:25:17:93:d0:df:68:c9:9d:33:4a:
         b4:4d:a4:cc:0c:33:00:51:8e:5c:8c:d2:8d:16:b2:1d:a7:bf:
         7c:48:90:ca:c7:fa:c7:a7:63:b6:23:34:14:ff:9d:eb:a7:cd:
         1c:1e:ba:57:7e:fd:8d:9b:97:69:0d:fb:96:a9:a4:09:ec:65:
         f9:13:e7:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ms056WC+6q11WkPslG8qCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOWZmZjhlOGZmZDhmOGU3ZDlhN2I2NmQxY2M3M2RjMzky
ODFlZjYwHhcNMjQwNDExMTAyODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTU3NmJlMGE1ZmZjOGFlZWUzODRkNjcxOWMyOWE5M2YyYWYyMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyv2u9jYQeRXlC7RiwwN03ybqBkO
UIYWDJtmMO6iy2T00oRxh+n8Nf0+x8l2r3Kj1A/AVwAZR+LfuxDYeeiD9Skv6I1b
HkPf649eUPH+nZCkx/hg/V4U4mu5Tnk0umqzgwH+DL2cSgoGUTwRn/aQIQ/I9bl7
xqWVEw2zTHPAYXOawHuegAZfQo7RmPHNRL1/hABY/c/sb22PaaMWtxfbnS0LA9RP
yQsJyijLUyrhG3DM9CUk2UXYIF82vGJSDhn00pIoG90lEXDaJtCcsHGZCeY62q4V
0Jt31PwiGzxdWrCCijYrMyCjP89KlSr3dJ1id0W2/HNo91DI1DflB7n9oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlXa+Cl/8iu7jhNZxnCmpPyryN0MB8GA1UdIwQY
MBaAFLCf/46P/Y+OfZp7ZtHMc9w5KB72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0pfX2pvXzlqNDU5bW50bTBjeHozRGtvSHZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy84ZmJjN2UtMWY0Ny00ODdjLTgyOTIt
ZTVhNzdmN2E3YWEyLzEvbVZkcjRLWF95Szd1T0UxbkdjS2FrX0t2STNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy84ZmJjN2UtMWY0Ny00ODdjLTgyOTItZTVhNzdmN2E3YWEy
LzEvc0pfX2pvXzlqNDU5bW50bTBjeHozRGtvSHZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnM/MA0G
CSqGSIb3DQEBCwUAA4IBAQDuYLN+1Z9EjNIfHcfvh75PZQI9vExfNshpJSqQDLHB
BpLbOgRjYyfwfacwesQEd/nAYTGAVwsUU5K91Kumz3x5UaHL148cpHf5Gh431mdb
cm4hmJ2pEUrflAnqddGmRJU/jeWPRnp3VjJjrK27mCV995igbUe8VkN6LRgD5mIN
ZOu4lOJw+ZNC+j9KNAEVEv2wnk8b8d7zakJHLV8iBRKCdvW5iO1Yt8W+98bhCXSi
vV4NlGpcsFOVeManVCUXk9DfaMmdM0q0TaTMDDMAUY5cjNKNFrIdp798SJDKx/rH
p2O2IzQU/53rp80cHrpXfv2Nm5dpDfuWqaQJ7GX5E+eG
-----END CERTIFICATE-----