Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vFS99TnnG9jxBNSeXVsFwmmzbK0.roa
File:                     vFS99TnnG9jxBNSeXVsFwmmzbK0.roa (raw, json)
Hash identifier:          ezxAZsMdNRZyJItLT4sx/aVc+9tYzCqsOUB5JDpBkWo=
Subject key identifier:   BC:54:BD:F5:39:E7:1B:D8:F1:04:D4:9E:5D:5B:05:C2:69:B3:6C:AD
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0192B5EAC1E89C9016852FA44F27678BD968
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vFS99TnnG9jxBNSeXVsFwmmzbK0.roa
Signing time:             Tue 22 Oct 2024 20:28:33 +0000
ROA not before:           Tue 22 Oct 2024 20:28:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62068
IP address blocks:        43.240.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b5:ea:c1:e8:9c:90:16:85:2f:a4:4f:27:67:8b:d9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Oct 22 20:28:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc54bdf539e71bd8f104d49e5d5b05c269b36cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d8:44:ea:3d:33:b4:cc:c8:c2:cf:f3:7e:8e:
                    88:80:f1:62:0c:b7:31:ee:67:bb:44:53:bd:ea:fc:
                    a1:5a:cc:aa:58:d1:6e:0c:53:26:bc:30:9c:88:06:
                    a2:34:0b:67:a3:36:57:ba:a4:7d:91:63:bc:5c:47:
                    ec:c4:a8:7c:df:da:27:58:a2:30:c4:b6:51:93:3e:
                    d9:1c:5f:04:41:5f:7a:41:ba:ea:1c:ff:32:58:45:
                    51:cf:d2:c9:47:3e:c4:f6:f7:29:5e:19:d6:ba:11:
                    e8:08:18:17:6e:fb:5b:20:aa:85:1b:3f:ba:97:15:
                    e0:57:b9:87:7b:8b:af:e7:f1:e8:82:cb:c9:fa:a6:
                    c7:47:85:79:8e:18:f2:84:dd:b7:f1:19:73:ab:25:
                    05:e6:20:57:4e:9c:50:01:2f:33:61:ef:6c:8d:f9:
                    bd:b9:e7:7d:bc:6e:2e:d3:c0:fe:fe:1b:3a:cc:c3:
                    8d:95:61:90:6f:35:bb:ae:94:3f:22:d7:cd:63:cb:
                    b6:f0:cf:51:a5:75:e8:d4:02:97:c8:9e:71:75:3e:
                    3c:c3:34:4c:8b:1c:14:e2:81:51:f4:d9:57:61:ce:
                    bc:c1:91:f0:1b:e4:1e:cd:a6:6c:cf:13:18:83:97:
                    d1:24:17:ec:c7:25:03:9e:f6:e8:46:be:f5:cd:08:
                    42:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:54:BD:F5:39:E7:1B:D8:F1:04:D4:9E:5D:5B:05:C2:69:B3:6C:AD
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vFS99TnnG9jxBNSeXVsFwmmzbK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:0f:df:51:55:c1:30:e4:1c:2f:fb:49:84:e4:c6:51:c1:57:
         c8:c1:68:59:b3:36:0b:5d:b5:57:a5:b4:dd:20:ef:9a:03:a2:
         18:3e:24:b2:96:37:92:7a:6f:25:b9:e4:c6:ad:48:cd:2b:e4:
         ca:87:c7:74:9f:19:de:e1:20:23:0d:a2:f0:de:1b:9a:8c:2b:
         16:f6:ae:28:31:f4:99:0f:9e:fc:9b:a0:5f:f7:0b:17:00:4f:
         1d:22:a7:36:90:8c:63:70:33:da:98:34:13:82:ef:55:e3:99:
         2b:c8:6f:28:cc:8b:5c:c2:30:cd:0c:46:61:c0:6c:c8:3c:cb:
         7c:a7:68:3d:2c:0f:7a:84:d1:6c:05:0a:ea:3e:a5:0d:fa:8d:
         fe:78:8d:9f:ca:25:14:ae:19:28:c1:4c:e6:7e:7c:9a:46:00:
         fb:da:c3:b6:53:68:91:d4:b7:00:a7:2b:d8:2e:68:1e:03:c3:
         0f:e5:b1:aa:2b:6e:43:36:65:77:be:90:59:8c:43:4b:35:6d:
         12:85:21:79:09:43:9f:c0:77:1e:13:c8:23:ba:35:52:dc:a6:
         93:5c:20:7e:10:f5:c7:38:f2:cc:e2:45:38:a2:b3:6e:71:9d:
         7b:d1:a2:f9:03:c2:ee:3b:8c:38:b1:10:aa:b9:82:7a:d0:a2:
         5c:90:98:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK16sHonJAWhS+kTydni9loMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMDIyMjAyODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzU0YmRmNTM5ZTcxYmQ4ZjEwNGQ0OWU1ZDViMDVjMjY5YjM2Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtthE6j0ztMzIws/zfo6IgPFiDLcx
7me7RFO96vyhWsyqWNFuDFMmvDCciAaiNAtnozZXuqR9kWO8XEfsxKh839onWKIw
xLZRkz7ZHF8EQV96QbrqHP8yWEVRz9LJRz7E9vcpXhnWuhHoCBgXbvtbIKqFGz+6
lxXgV7mHe4uv5/HogsvJ+qbHR4V5jhjyhN238RlzqyUF5iBXTpxQAS8zYe9sjfm9
ued9vG4u08D+/hs6zMONlWGQbzW7rpQ/ItfNY8u28M9RpXXo1AKXyJ5xdT48wzRM
ixwU4oFR9NlXYc68wZHwG+QezaZszxMYg5fRJBfsxyUDnvboRr71zQhCZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxUvfU55xvY8QTUnl1bBcJps2ytMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdkZTOTlUbm5HOWp4Qk5TZVhWc0Z3bW16YkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/CWMA0G
CSqGSIb3DQEBCwUAA4IBAQB5D99RVcEw5Bwv+0mE5MZRwVfIwWhZszYLXbVXpbTd
IO+aA6IYPiSyljeSem8lueTGrUjNK+TKh8d0nxne4SAjDaLw3huajCsW9q4oMfSZ
D578m6Bf9wsXAE8dIqc2kIxjcDPamDQTgu9V45kryG8ozItcwjDNDEZhwGzIPMt8
p2g9LA96hNFsBQrqPqUN+o3+eI2fyiUUrhkowUzmfnyaRgD72sO2U2iR1LcApyvY
LmgeA8MP5bGqK25DNmV3vpBZjENLNW0ShSF5CUOfwHceE8gjujVS3KaTXCB+EPXH
OPLM4kU4orNucZ170aL5A8LuO4w4sRCquYJ60KJckJjs
-----END CERTIFICATE-----