Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vydS9y6_rJ7_awta2mG1W05GwVk.roa
File:                     vydS9y6_rJ7_awta2mG1W05GwVk.roa (raw, json)
Hash identifier:          UN2R7mEOSQ8dM2KDU/XcoKDgWDNch/c8fV+bLxcsf2U=
Subject key identifier:   BF:27:52:F7:2E:BF:AC:9E:FF:6B:0B:5A:DA:61:B5:5B:4E:46:C1:59
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01929AA943151FD15EA7EE14245B77A474A6
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vydS9y6_rJ7_awta2mG1W05GwVk.roa
Signing time:             Thu 17 Oct 2024 13:27:16 +0000
ROA not before:           Thu 17 Oct 2024 13:27:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        193.168.202.0/24 maxlen: 24
                          207.244.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:a9:43:15:1f:d1:5e:a7:ee:14:24:5b:77:a4:74:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Oct 17 13:27:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf2752f72ebfac9eff6b0b5ada61b55b4e46c159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:66:51:c2:18:ed:29:6a:ed:b5:2c:3e:93:2f:
                    69:72:63:16:8f:9a:85:c1:25:77:f6:07:38:d6:a5:
                    b5:37:a2:1a:35:cc:c3:42:27:e4:b9:55:ea:6b:89:
                    fa:ff:8d:1c:b2:25:60:3c:ff:68:6c:bb:d0:de:2b:
                    2b:66:5a:8b:3f:ae:d2:43:0c:41:7e:ef:60:55:58:
                    51:30:d9:87:6d:eb:4d:43:8e:9d:44:72:14:b9:3d:
                    f1:10:3d:56:00:d0:9d:93:c8:85:68:90:01:0e:b2:
                    0d:f2:48:24:7b:87:3d:c9:70:03:b2:32:38:53:0b:
                    33:89:52:d2:77:30:14:a4:77:ca:4c:0b:6a:88:fd:
                    80:a9:32:18:cf:f3:ff:9e:57:5f:4a:da:3d:98:45:
                    39:8a:68:96:55:99:eb:29:ce:08:5f:07:83:3b:a4:
                    c3:4f:02:05:09:e4:c6:d0:5c:9b:87:65:a3:bc:fa:
                    ee:fe:08:c3:fc:24:b1:2e:70:d9:a0:dd:b9:0c:d2:
                    7c:57:a4:b7:75:c7:90:aa:f7:1f:eb:7f:f2:17:1d:
                    85:5b:c5:c0:17:08:04:c5:bd:af:86:b7:61:e1:f3:
                    86:67:9d:c8:d5:f8:f1:72:4a:b5:ec:ca:e7:3a:21:
                    7c:2c:69:88:11:45:4a:59:27:a1:bc:b6:15:8e:51:
                    3a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:27:52:F7:2E:BF:AC:9E:FF:6B:0B:5A:DA:61:B5:5B:4E:46:C1:59
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/vydS9y6_rJ7_awta2mG1W05GwVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.202.0/24
                  207.244.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f7:ad:d3:db:d5:2f:87:b7:2e:bf:42:be:54:9b:e7:6c:ad:
         0a:d0:df:77:45:3e:63:c4:32:52:f6:c1:66:38:3a:6c:b4:96:
         dc:a1:99:d3:4a:02:53:68:89:84:52:c4:1c:b7:7f:ab:2d:30:
         c4:08:92:f1:a0:55:d2:85:02:d5:84:ec:0d:1d:29:90:46:e0:
         8a:ee:71:7b:7b:9a:09:82:9a:a8:0a:4a:41:db:21:2a:55:61:
         79:2f:73:b1:cd:83:cd:13:62:3b:b8:3a:8c:41:43:e2:2f:7e:
         55:a7:ec:2d:0e:cc:11:6d:2e:3a:88:2a:56:13:9b:a5:e1:d2:
         3f:c7:c0:6e:da:7c:d3:b0:ce:0d:08:2f:76:c7:4b:aa:75:4d:
         2b:5a:6d:dc:05:f3:c7:fc:ac:64:db:fa:a5:d7:8a:f5:5a:5d:
         d1:f8:51:9a:3e:cb:be:eb:b4:3e:3c:6f:7c:b4:87:7b:3c:f1:
         06:9c:9a:4c:f6:68:ca:db:40:cd:fd:1f:1c:8c:7f:f2:00:71:
         7a:e5:58:4c:1d:9e:e5:44:d5:11:cf:89:4d:d7:bf:65:81:51:
         b5:07:0f:fe:dd:cb:63:d7:8b:21:3d:af:57:c7:0f:d8:09:9a:
         37:27:eb:42:3d:19:3d:fb:71:27:b1:10:b7:08:07:1a:3c:b8:
         e8:cc:70:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKaqUMVH9Fep+4UJFt3pHSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMDE3MTMyNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjI3NTJmNzJlYmZhYzllZmY2YjBiNWFkYTYxYjU1YjRlNDZjMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2ZRwhjtKWrttSw+ky9pcmMWj5qF
wSV39gc41qW1N6IaNczDQifkuVXqa4n6/40csiVgPP9obLvQ3isrZlqLP67SQwxB
fu9gVVhRMNmHbetNQ46dRHIUuT3xED1WANCdk8iFaJABDrIN8kgke4c9yXADsjI4
UwsziVLSdzAUpHfKTAtqiP2AqTIYz/P/nldfSto9mEU5imiWVZnrKc4IXweDO6TD
TwIFCeTG0Fybh2WjvPru/gjD/CSxLnDZoN25DNJ8V6S3dceQqvcf63/yFx2FW8XA
FwgExb2vhrdh4fOGZ53I1fjxckq17MrnOiF8LGmIEUVKWSehvLYVjlE6qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL8nUvcuv6ye/2sLWtphtVtORsFZMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdnlkUzl5Nl9ySjdfYXd0YTJtRzFXMDVHd1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwajKAwQA
z/TRMA0GCSqGSIb3DQEBCwUAA4IBAQBB963T29Uvh7cuv0K+VJvnbK0K0N93RT5j
xDJS9sFmODpstJbcoZnTSgJTaImEUsQct3+rLTDECJLxoFXShQLVhOwNHSmQRuCK
7nF7e5oJgpqoCkpB2yEqVWF5L3OxzYPNE2I7uDqMQUPiL35Vp+wtDswRbS46iCpW
E5ul4dI/x8Bu2nzTsM4NCC92x0uqdU0rWm3cBfPH/Kxk2/ql14r1Wl3R+FGaPsu+
67Q+PG98tId7PPEGnJpM9mjK20DN/R8cjH/yAHF65VhMHZ7lRNURz4lN179lgVG1
Bw/+3ctj14shPa9Xxw/YCZo3J+tCPRk9+3EnsRC3CAcaPLjozHD5
-----END CERTIFICATE-----