Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/vb5va3BZBg2wD8iHLCSA4yPjArc.roa
File:                     vb5va3BZBg2wD8iHLCSA4yPjArc.roa (raw, json)
Hash identifier:          uv2IzMkLk/dS3S0QoZkGuQkdv//dK81fW1Rv7w8pI1M=
Subject key identifier:   BD:BE:6F:6B:70:59:06:0D:B0:0F:C8:87:2C:24:80:E3:23:E3:02:B7
Certificate issuer:       /CN=23051215f6f1bd227db7f40df748d64c106f84a3
Certificate serial:       01920BF8353A5E2A56390C89476AD9125163
Authority key identifier: 23:05:12:15:F6:F1:BD:22:7D:B7:F4:0D:F7:48:D6:4C:10:6F:84:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwUSFfbxvSJ9t_QN90jWTBBvhKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/vb5va3BZBg2wD8iHLCSA4yPjArc.roa
Signing time:             Thu 19 Sep 2024 20:27:48 +0000
ROA not before:           Thu 19 Sep 2024 20:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25220
IP address blocks:        91.223.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/IwUSFfbxvSJ9t_QN90jWTBBvhKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/IwUSFfbxvSJ9t_QN90jWTBBvhKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwUSFfbxvSJ9t_QN90jWTBBvhKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0b:f8:35:3a:5e:2a:56:39:0c:89:47:6a:d9:12:51:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23051215f6f1bd227db7f40df748d64c106f84a3
        Validity
            Not Before: Sep 19 20:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdbe6f6b7059060db00fc8872c2480e323e302b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a7:13:0d:6f:81:33:6e:31:b0:53:84:53:69:
                    63:1a:cc:29:b3:ed:c8:4a:42:f0:e1:32:35:56:f0:
                    4d:b7:27:5e:63:c3:0f:21:75:34:66:f3:7c:22:d2:
                    38:96:b4:c4:f4:36:18:eb:e6:0d:05:98:fe:24:9b:
                    15:08:fa:71:ce:b7:93:42:c8:85:a9:0f:55:21:4f:
                    db:b1:0b:cd:33:d3:0a:78:0c:23:5b:49:11:cb:f2:
                    6e:31:8d:5f:9a:61:8c:23:45:40:39:d6:c7:c9:80:
                    fe:8e:52:08:3e:c2:6e:50:3d:da:6d:aa:08:dd:d4:
                    ae:c3:3c:0e:a0:53:e2:51:94:7d:fd:98:8c:a8:e6:
                    3a:c6:1a:78:01:14:d9:67:ec:39:75:d3:e6:7d:f1:
                    65:31:de:87:26:0d:4d:65:b0:49:b5:f1:a8:e8:1e:
                    93:c1:29:f5:34:2f:f8:ba:2f:59:99:fb:ca:ec:28:
                    c8:8d:be:55:fc:db:23:08:06:33:2d:25:5a:c3:ef:
                    b3:5d:d0:1d:8d:9d:22:3c:8b:62:a5:53:5b:53:77:
                    b7:95:4b:70:e5:98:04:16:a7:d5:dc:08:b9:68:72:
                    5b:69:85:36:61:f7:e8:69:36:fd:b5:98:82:ab:73:
                    ff:aa:dd:97:a7:69:09:3a:00:cd:97:c8:99:fd:90:
                    ce:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:BE:6F:6B:70:59:06:0D:B0:0F:C8:87:2C:24:80:E3:23:E3:02:B7
            X509v3 Authority Key Identifier:
                keyid:23:05:12:15:F6:F1:BD:22:7D:B7:F4:0D:F7:48:D6:4C:10:6F:84:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwUSFfbxvSJ9t_QN90jWTBBvhKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/vb5va3BZBg2wD8iHLCSA4yPjArc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb486-79a0-4396-833b-6c6f0e319ca1/1/IwUSFfbxvSJ9t_QN90jWTBBvhKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a9:34:70:e9:86:ef:fd:28:71:f2:32:36:d4:29:73:1a:dd:
         15:aa:85:39:15:e0:c6:80:86:3c:d1:2a:73:d8:67:46:d3:8f:
         2f:8a:13:a9:f9:d9:fe:d0:31:d3:0e:91:f9:a6:20:d4:7e:dd:
         2a:36:44:61:7c:02:da:f5:bc:a6:5f:ae:0b:8b:7b:df:00:00:
         f5:54:93:fb:19:08:cb:35:ec:39:6e:b5:b5:e2:7b:5c:40:42:
         67:ad:c2:a1:90:cd:1e:75:88:9d:2b:ba:df:49:3e:0d:44:ac:
         88:f3:ff:d3:0c:b2:fb:ac:aa:c7:f7:57:55:8e:1a:fd:f1:7e:
         3b:e5:d9:7b:cc:1e:d4:fc:2a:b3:f8:df:13:39:db:4f:ab:ba:
         41:b6:28:50:4f:ea:7d:2c:7d:9c:8e:db:d1:3d:0e:8c:c6:19:
         99:f7:2c:30:4f:07:5d:9e:10:dd:38:18:a4:d0:0b:9d:76:e8:
         03:46:44:19:c4:67:af:57:c6:cd:f3:1b:19:31:7f:10:78:05:
         4f:46:a4:9e:ca:61:3a:b6:e4:b5:2e:fe:df:cb:34:39:07:1d:
         63:11:ee:0e:82:41:44:fa:b3:ba:2b:23:84:04:44:05:12:29:
         5d:ca:25:0d:42:15:41:3e:14:70:8f:73:ad:04:32:1c:cb:29:
         d2:83:fd:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIL+DU6XipWOQyJR2rZElFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDUxMjE1ZjZmMWJkMjI3ZGI3ZjQwZGY3NDhkNjRjMTA2
Zjg0YTMwHhcNMjQwOTE5MjAyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGJlNmY2YjcwNTkwNjBkYjAwZmM4ODcyYzI0ODBlMzIzZTMwMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6cTDW+BM24xsFOEU2ljGswps+3I
SkLw4TI1VvBNtydeY8MPIXU0ZvN8ItI4lrTE9DYY6+YNBZj+JJsVCPpxzreTQsiF
qQ9VIU/bsQvNM9MKeAwjW0kRy/JuMY1fmmGMI0VAOdbHyYD+jlIIPsJuUD3abaoI
3dSuwzwOoFPiUZR9/ZiMqOY6xhp4ARTZZ+w5ddPmffFlMd6HJg1NZbBJtfGo6B6T
wSn1NC/4ui9ZmfvK7CjIjb5V/NsjCAYzLSVaw++zXdAdjZ0iPItipVNbU3e3lUtw
5ZgEFqfV3Ai5aHJbaYU2YffoaTb9tZiCq3P/qt2Xp2kJOgDNl8iZ/ZDOIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2+b2twWQYNsA/IhywkgOMj4wK3MB8GA1UdIwQY
MBaAFCMFEhX28b0ifbf0DfdI1kwQb4SjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdVU0ZmYnh2U0o5dF9RTjkwaldUQkJ2aEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI0ODYtNzlhMC00Mzk2LTgzM2It
NmM2ZjBlMzE5Y2ExLzEvdmI1dmEzQlpCZzJ3RDhpSExDU0E0eVBqQXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI0ODYtNzlhMC00Mzk2LTgzM2ItNmM2ZjBlMzE5Y2Ex
LzEvSXdVU0ZmYnh2U0o5dF9RTjkwaldUQkJ2aEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/3MA0G
CSqGSIb3DQEBCwUAA4IBAQCKqTRw6Ybv/Shx8jI21ClzGt0VqoU5FeDGgIY80Spz
2GdG048vihOp+dn+0DHTDpH5piDUft0qNkRhfALa9bymX64Li3vfAAD1VJP7GQjL
New5brW14ntcQEJnrcKhkM0edYidK7rfST4NRKyI8//TDLL7rKrH91dVjhr98X47
5dl7zB7U/Cqz+N8TOdtPq7pBtihQT+p9LH2cjtvRPQ6MxhmZ9ywwTwddnhDdOBik
0AuddugDRkQZxGevV8bN8xsZMX8QeAVPRqSeymE6tuS1Lv7fyzQ5Bx1jEe4OgkFE
+rO6KyOEBEQFEildyiUNQhVBPhRwj3OtBDIcyynSg/09
-----END CERTIFICATE-----