Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/vBQDZcQzHRBGK10UNiJ8te4xV_U.roa
File:                     vBQDZcQzHRBGK10UNiJ8te4xV_U.roa (raw, json)
Hash identifier:          gTZLy/9LTcL/DBYRyhDkE7pZ6Jk/uMGpTOA/3m9cbyk=
Subject key identifier:   BC:14:03:65:C4:33:1D:10:46:2B:5D:14:36:22:7C:B5:EE:31:57:F5
Certificate issuer:       /CN=3bbe44355e06faadbeb19455adc316d9b9f0f10e
Certificate serial:       018CC9BC59BA64DA0E6B2EF3651F3B711316
Authority key identifier: 3B:BE:44:35:5E:06:FA:AD:BE:B1:94:55:AD:C3:16:D9:B9:F0:F1:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O75ENV4G-q2-sZRVrcMW2bnw8Q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/vBQDZcQzHRBGK10UNiJ8te4xV_U.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28892
IP address blocks:        195.245.209.0/24 maxlen: 24
                          2001:67c:28b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/O75ENV4G-q2-sZRVrcMW2bnw8Q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/O75ENV4G-q2-sZRVrcMW2bnw8Q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O75ENV4G-q2-sZRVrcMW2bnw8Q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:59:ba:64:da:0e:6b:2e:f3:65:1f:3b:71:13:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bbe44355e06faadbeb19455adc316d9b9f0f10e
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc140365c4331d10462b5d1436227cb5ee3157f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:34:3d:ed:f1:29:7a:57:b2:b4:9b:45:53:e0:
                    a1:21:e9:8b:f5:d3:b9:85:fa:e1:00:f4:ec:76:2b:
                    0a:e6:b7:ab:a6:9a:5e:ce:6a:80:2c:c1:20:75:bd:
                    46:39:7b:c1:00:94:ca:9e:57:de:c8:17:23:e7:1c:
                    12:fb:67:9d:30:ee:04:b2:dd:df:d5:bb:05:b1:38:
                    3b:a1:97:57:ec:40:e0:36:99:7c:35:a5:51:b5:40:
                    48:05:1a:8f:22:c2:a1:51:1c:54:95:ca:a6:ec:4f:
                    6a:3d:bd:18:65:58:d1:69:26:60:e4:eb:6d:71:6e:
                    85:40:e9:62:37:20:7f:1a:a9:88:09:7d:23:48:46:
                    2d:eb:36:40:d6:a6:6a:9d:67:63:60:fb:a3:c7:49:
                    0c:96:67:16:5e:bd:63:24:e9:34:0d:24:b7:3c:f6:
                    66:f0:30:54:1a:b5:23:9f:71:ee:7f:ee:6f:c0:df:
                    48:de:46:98:2d:0c:db:dd:22:9a:41:73:18:b3:c0:
                    83:1d:13:42:63:1e:2c:b4:3d:43:16:3c:32:e7:7b:
                    81:51:67:59:37:bf:8b:2d:ed:06:b4:ec:4c:f7:bc:
                    f2:7f:61:f1:ce:3f:c0:ce:3d:a3:89:98:81:1c:89:
                    6a:49:3b:d7:b6:26:94:2b:c1:41:ab:65:e2:98:59:
                    d0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:14:03:65:C4:33:1D:10:46:2B:5D:14:36:22:7C:B5:EE:31:57:F5
            X509v3 Authority Key Identifier:
                keyid:3B:BE:44:35:5E:06:FA:AD:BE:B1:94:55:AD:C3:16:D9:B9:F0:F1:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O75ENV4G-q2-sZRVrcMW2bnw8Q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/vBQDZcQzHRBGK10UNiJ8te4xV_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/706837-d55d-432d-b0a4-b0814007528f/1/O75ENV4G-q2-sZRVrcMW2bnw8Q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.209.0/24
                IPv6:
                  2001:67c:28b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:98:b7:e1:00:52:c5:c2:f5:dd:8c:65:2f:1b:67:da:e4:c7:
         e7:03:c1:fe:7d:56:80:b9:7c:76:97:42:84:06:f2:63:57:0d:
         e6:e4:d6:f0:7b:f7:1b:bd:b2:88:06:ca:d1:20:97:f9:ab:5d:
         6b:26:43:91:39:37:97:79:26:41:5b:2c:86:a1:89:c4:2c:09:
         74:9f:80:2f:7d:c6:39:0f:22:88:f5:a8:49:2b:99:a3:0a:2d:
         95:d8:47:03:b1:85:bb:17:86:14:fb:dd:97:bf:50:2f:71:97:
         fb:d8:9c:64:f3:fc:0b:f1:a5:a5:99:50:5f:9c:05:d6:33:cd:
         d9:6e:ef:3f:16:f7:94:9e:56:44:c5:24:67:9a:1b:bc:4a:bf:
         5c:f6:e1:03:46:6d:50:b3:29:5f:00:1a:e0:41:0c:03:e2:a2:
         5f:2e:8b:ac:b0:d3:cd:6d:6c:c8:bb:3a:b3:0b:d9:27:e8:49:
         1a:39:78:18:72:b1:a7:81:ae:8a:e8:86:e0:e5:c6:27:34:cb:
         c2:27:f1:ab:15:6f:dd:fc:c3:5b:d5:94:cd:fb:07:87:dc:6d:
         65:26:df:a1:f6:a0:c5:b8:49:36:a8:6e:fa:11:09:ed:a5:9f:
         47:06:be:ad:9d:7c:0a:95:27:68:53:f5:02:07:11:1d:77:0d:
         4d:17:49:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvFm6ZNoOay7zZR87cRMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYmU0NDM1NWUwNmZhYWRiZWIxOTQ1NWFkYzMxNmQ5Yjlm
MGYxMGUwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE0MDM2NWM0MzMxZDEwNDYyYjVkMTQzNjIyN2NiNWVlMzE1N2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDQ97fEpeleytJtFU+ChIemL9dO5
hfrhAPTsdisK5rerpppezmqALMEgdb1GOXvBAJTKnlfeyBcj5xwS+2edMO4Est3f
1bsFsTg7oZdX7EDgNpl8NaVRtUBIBRqPIsKhURxUlcqm7E9qPb0YZVjRaSZg5Ott
cW6FQOliNyB/GqmICX0jSEYt6zZA1qZqnWdjYPujx0kMlmcWXr1jJOk0DSS3PPZm
8DBUGrUjn3Huf+5vwN9I3kaYLQzb3SKaQXMYs8CDHRNCYx4stD1DFjwy53uBUWdZ
N7+LLe0GtOxM97zyf2Hxzj/Azj2jiZiBHIlqSTvXtiaUK8FBq2XimFnQIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLwUA2XEMx0QRitdFDYifLXuMVf1MB8GA1UdIwQY
MBaAFDu+RDVeBvqtvrGUVa3DFtm58PEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzc1RU5WNEctcTItc1pSVnJjTVcyYm53OFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83MDY4MzctZDU1ZC00MzJkLWIwYTQt
YjA4MTQwMDc1MjhmLzEvdkJRRFpjUXpIUkJHSzEwVU5pSjh0ZTR4Vl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS83MDY4MzctZDU1ZC00MzJkLWIwYTQtYjA4MTQwMDc1Mjhm
LzEvTzc1RU5WNEctcTItc1pSVnJjTVcyYm53OFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw/XRMA8E
AgACMAkDBwAgAQZ8KLgwDQYJKoZIhvcNAQELBQADggEBAJOYt+EAUsXC9d2MZS8b
Z9rkx+cDwf59VoC5fHaXQoQG8mNXDebk1vB79xu9sogGytEgl/mrXWsmQ5E5N5d5
JkFbLIahicQsCXSfgC99xjkPIoj1qEkrmaMKLZXYRwOxhbsXhhT73Ze/UC9xl/vY
nGTz/AvxpaWZUF+cBdYzzdlu7z8W95SeVkTFJGeaG7xKv1z24QNGbVCzKV8AGuBB
DAPiol8ui6yw081tbMi7OrML2SfoSRo5eBhysaeBrorohuDlxic0y8In8asVb938
w1vVlM37B4fcbWUm36H2oMW4STaobvoRCe2ln0cGvq2dfAqVJ2hT9QIHER13DU0X
Sao=
-----END CERTIFICATE-----