Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/vh2VO_L3Axuj8Dy1BD-GPw3YDIo.roa
File:                     vh2VO_L3Axuj8Dy1BD-GPw3YDIo.roa (raw, json)
Hash identifier:          FBM14r3NY4pWxPsIOXDIXATy3c3paLrHscqF9JtLapo=
Subject key identifier:   BE:1D:95:3B:F2:F7:03:1B:A3:F0:3C:B5:04:3F:86:3F:0D:D8:0C:8A
Certificate issuer:       /CN=778a2f36602c76fa7297b4e59f58dda0d501ea0d
Certificate serial:       018CC2DB1B166A52770729A1CC1A4A0990C7
Authority key identifier: 77:8A:2F:36:60:2C:76:FA:72:97:B4:E5:9F:58:DD:A0:D5:01:EA:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d4ovNmAsdvpyl7Tln1jdoNUB6g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/vh2VO_L3Axuj8Dy1BD-GPw3YDIo.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38948
IP address blocks:        80.251.80.0/20 maxlen: 24
                          2a0b:8140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/d4ovNmAsdvpyl7Tln1jdoNUB6g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/d4ovNmAsdvpyl7Tln1jdoNUB6g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d4ovNmAsdvpyl7Tln1jdoNUB6g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1b:16:6a:52:77:07:29:a1:cc:1a:4a:09:90:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=778a2f36602c76fa7297b4e59f58dda0d501ea0d
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be1d953bf2f7031ba3f03cb5043f863f0dd80c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9c:b7:b0:18:d6:6c:15:10:44:29:21:0d:55:
                    cc:34:1f:4c:ef:c7:fa:c8:a8:94:b6:5c:68:4a:cd:
                    e9:2d:31:38:0a:c8:3b:b5:87:dd:0c:9b:7b:b9:a5:
                    f8:c6:0c:7b:ed:1a:4a:b0:37:c3:f3:a0:e5:49:a5:
                    e6:27:bd:79:15:df:01:fd:03:c3:79:f7:67:a3:90:
                    9e:10:a4:fc:e8:81:a8:d3:88:a9:c5:7b:1f:f3:f6:
                    e0:86:f3:8b:8b:6a:3b:b4:1d:bd:40:f1:56:c2:e6:
                    da:15:4f:51:e3:6c:13:05:e1:c4:48:cd:b4:d0:1f:
                    40:cf:37:82:3a:a6:56:f1:d1:df:06:33:4b:66:9c:
                    d0:24:12:12:c6:d4:ff:8c:6b:c0:0c:43:6d:62:1c:
                    6e:58:66:5e:ec:a3:5e:49:fe:c5:30:81:e8:8e:35:
                    60:38:1c:e0:e2:c0:4c:a0:cc:e4:cd:70:16:3c:02:
                    43:4b:e7:0c:fb:63:16:f0:8b:70:40:44:41:b7:5a:
                    59:d6:a5:3b:d2:a4:d2:eb:f9:ea:3d:11:fa:a4:08:
                    69:b0:4e:ac:cc:ed:ed:b5:5e:ff:b3:60:57:a6:77:
                    45:0e:a3:fe:0e:0c:a9:4a:e8:c8:c9:62:c4:bf:53:
                    f0:c0:3f:92:b1:5f:b7:d9:70:50:d8:e6:7b:b1:01:
                    6b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:1D:95:3B:F2:F7:03:1B:A3:F0:3C:B5:04:3F:86:3F:0D:D8:0C:8A
            X509v3 Authority Key Identifier:
                keyid:77:8A:2F:36:60:2C:76:FA:72:97:B4:E5:9F:58:DD:A0:D5:01:EA:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4ovNmAsdvpyl7Tln1jdoNUB6g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/vh2VO_L3Axuj8Dy1BD-GPw3YDIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/bede90-939b-492c-b0c8-73bbd02cbd37/1/d4ovNmAsdvpyl7Tln1jdoNUB6g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.80.0/20
                IPv6:
                  2a0b:8140::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:3e:c8:b3:15:52:4e:08:7d:0d:56:79:de:b2:4a:ee:56:9b:
         d6:81:d1:77:48:0b:5b:8f:52:38:32:d7:79:a0:e4:37:50:5b:
         a5:97:c2:ed:8e:ed:20:c8:6c:1a:1c:80:7f:ed:99:7a:a4:91:
         d1:2d:7b:af:ce:a7:c4:58:2a:3d:c3:08:54:7c:9f:80:9f:3a:
         cc:cc:fa:65:7a:99:b5:ca:db:05:54:6b:94:45:5c:be:07:ef:
         27:ce:76:12:c6:8e:58:d4:4f:30:34:df:f8:92:28:05:21:b8:
         ef:33:0a:30:a8:a3:00:e6:6c:41:a1:f6:d1:b2:0b:40:e0:b6:
         1b:47:e2:8a:09:04:97:dc:c1:7a:90:7a:d4:d2:8f:fa:ad:53:
         21:b8:c9:8e:93:f7:d3:fc:5a:97:6c:17:1b:38:f6:84:58:a3:
         7e:98:ee:43:55:71:73:a4:6a:47:b6:d4:d4:19:72:07:28:fb:
         6d:bf:54:9d:ff:18:f9:00:d9:59:94:31:44:eb:7b:42:3a:91:
         ba:23:9f:37:e3:c7:18:24:a2:44:b4:0f:4b:bd:fb:f8:92:f6:
         5f:9b:24:7d:a2:79:4c:5e:45:38:59:96:5a:0e:b7:74:3d:bb:
         39:42:ff:dc:4f:da:bf:f5:94:12:91:a9:0d:b3:28:ef:c7:63:
         40:ed:86:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xsWalJ3BymhzBpKCZDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OGEyZjM2NjAyYzc2ZmE3Mjk3YjRlNTlmNThkZGEwZDUw
MWVhMGQwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTFkOTUzYmYyZjcwMzFiYTNmMDNjYjUwNDNmODYzZjBkZDgwYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJy3sBjWbBUQRCkhDVXMNB9M78f6
yKiUtlxoSs3pLTE4Csg7tYfdDJt7uaX4xgx77RpKsDfD86DlSaXmJ715Fd8B/QPD
efdno5CeEKT86IGo04ipxXsf8/bghvOLi2o7tB29QPFWwubaFU9R42wTBeHESM20
0B9AzzeCOqZW8dHfBjNLZpzQJBISxtT/jGvADENtYhxuWGZe7KNeSf7FMIHojjVg
OBzg4sBMoMzkzXAWPAJDS+cM+2MW8ItwQERBt1pZ1qU70qTS6/nqPRH6pAhpsE6s
zO3ttV7/s2BXpndFDqP+DgypSujIyWLEv1PwwD+SsV+32XBQ2OZ7sQFrmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL4dlTvy9wMbo/A8tQQ/hj8N2AyKMB8GA1UdIwQY
MBaAFHeKLzZgLHb6cpe05Z9Y3aDVAeoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDRvdk5tQXNkdnB5bDdUbG4xamRvTlVCNmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9iZWRlOTAtOTM5Yi00OTJjLWIwYzgt
NzNiYmQwMmNiZDM3LzEvdmgyVk9fTDNBeHVqOER5MUJELUdQdzNZRElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9iZWRlOTAtOTM5Yi00OTJjLWIwYzgtNzNiYmQwMmNiZDM3
LzEvZDRvdk5tQXNkdnB5bDdUbG4xamRvTlVCNmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUPtQMA0E
AgACMAcDBQMqC4FAMA0GCSqGSIb3DQEBCwUAA4IBAQAxPsizFVJOCH0NVnneskru
VpvWgdF3SAtbj1I4Mtd5oOQ3UFull8Ltju0gyGwaHIB/7Zl6pJHRLXuvzqfEWCo9
wwhUfJ+AnzrMzPplepm1ytsFVGuURVy+B+8nznYSxo5Y1E8wNN/4kigFIbjvMwow
qKMA5mxBofbRsgtA4LYbR+KKCQSX3MF6kHrU0o/6rVMhuMmOk/fT/FqXbBcbOPaE
WKN+mO5DVXFzpGpHttTUGXIHKPttv1Sd/xj5ANlZlDFE63tCOpG6I58348cYJKJE
tA9Lvfv4kvZfmyR9onlMXkU4WZZaDrd0Pbs5Qv/cT9q/9ZQSkakNsyjvx2NA7Ya/
-----END CERTIFICATE-----