Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/VbmmV2yyE6vmCUd0455mxv-BNZM.roa
File:                     VbmmV2yyE6vmCUd0455mxv-BNZM.roa (raw, json)
Hash identifier:          bTMZwtQMQLleItplOcfnRUg74wJYpXzNP9ssN/LiDm0=
Subject key identifier:   55:B9:A6:57:6C:B2:13:AB:E6:09:47:74:E3:9E:66:C6:FF:81:35:93
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       018F4E88B1CCCAB27750B404689FD713148C
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/VbmmV2yyE6vmCUd0455mxv-BNZM.roa
Signing time:             Mon 06 May 2024 15:32:12 +0000
ROA not before:           Mon 06 May 2024 15:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26737
IP address blocks:        45.129.240.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:88:b1:cc:ca:b2:77:50:b4:04:68:9f:d7:13:14:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: May  6 15:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55b9a6576cb213abe6094774e39e66c6ff813593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:de:a4:74:d2:e0:16:d7:bc:47:6e:9c:72:
                    21:29:ae:77:5a:c9:72:f0:bb:db:cb:dd:14:db:ec:
                    0a:57:20:6c:61:bb:f4:8b:0a:06:be:cf:bf:5b:31:
                    60:67:5c:ba:3f:b6:c9:dc:1e:0d:40:c5:2d:97:dd:
                    90:a6:a5:28:c2:f9:33:61:d4:8f:e3:6e:3f:24:05:
                    9e:3a:e8:b6:e0:30:d8:b2:bd:66:55:7b:6a:dc:1f:
                    82:cc:55:69:09:15:ba:23:0e:5a:cc:9f:1c:b8:20:
                    1e:74:67:d8:5f:e4:2c:f1:23:f4:47:a1:ad:72:42:
                    c7:00:39:1e:10:a0:3d:bc:5c:63:34:d8:9f:4a:ff:
                    e4:2a:82:fa:54:11:fd:17:8d:16:7d:b1:14:95:01:
                    97:bd:2a:3e:0f:fd:0d:14:f8:84:87:3d:97:40:c3:
                    95:98:1d:df:57:76:0a:47:5e:71:a6:8a:ca:1f:5e:
                    e1:de:4e:7a:ad:d8:10:86:6d:4f:8d:aa:bf:68:25:
                    71:1f:2b:0b:c5:52:c3:62:22:5a:e1:28:48:fd:c4:
                    f9:8d:70:72:09:fa:39:2f:8d:db:03:02:d4:32:8d:
                    d5:4a:be:70:31:4e:13:c9:9e:82:dc:66:67:1f:0d:
                    d5:79:4f:fe:8e:aa:7b:e9:42:c9:51:75:2d:4f:79:
                    d2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B9:A6:57:6C:B2:13:AB:E6:09:47:74:E3:9E:66:C6:FF:81:35:93
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/VbmmV2yyE6vmCUd0455mxv-BNZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:6d:98:32:ae:56:29:61:96:08:59:de:fb:56:e1:74:e1:89:
         51:34:86:15:d9:32:69:60:ba:dd:db:d3:66:1a:1f:75:36:5b:
         81:41:84:2a:52:6b:5f:cb:5c:24:7e:4b:22:3e:42:2f:f0:63:
         ea:9f:d8:0e:7a:68:94:97:74:d5:43:ea:67:97:c2:ba:c7:3f:
         f2:36:ee:cd:07:8d:2d:52:65:77:e5:a9:a8:ca:53:1a:b3:62:
         12:38:a2:fb:26:e5:d9:12:54:64:bd:20:05:de:bf:a0:e4:f0:
         08:f7:76:9b:fe:17:69:d5:c9:6f:49:4d:c1:74:c9:66:1d:31:
         03:8c:3e:46:a6:0f:63:09:55:22:d0:a9:29:fb:a0:53:92:1e:
         6a:40:c3:01:90:8b:df:55:9f:62:a0:cb:f4:0b:07:cd:d5:b6:
         04:cc:ff:49:a1:b0:8d:5c:97:1f:6d:c8:03:ee:e4:52:62:26:
         c5:ce:ed:ff:f2:46:c5:85:97:25:52:c4:1c:71:30:1d:41:17:
         89:38:52:70:41:19:78:e9:03:29:e1:64:26:e4:aa:7b:2b:c9:
         65:a0:7b:11:6f:fa:6a:48:ff:58:7c:13:18:9d:25:01:0f:ce:
         36:fc:64:43:09:bd:e4:83:dc:4c:b4:0c:ab:88:04:15:6e:c6:
         dd:91:8b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9OiLHMyrJ3ULQEaJ/XExSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNTA2MTUzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI5YTY1NzZjYjIxM2FiZTYwOTQ3NzRlMzllNjZjNmZmODEzNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1bepHTS4BbXvEdunHIhKa53Wsly
8Lvby90U2+wKVyBsYbv0iwoGvs+/WzFgZ1y6P7bJ3B4NQMUtl92QpqUowvkzYdSP
424/JAWeOui24DDYsr1mVXtq3B+CzFVpCRW6Iw5azJ8cuCAedGfYX+Qs8SP0R6Gt
ckLHADkeEKA9vFxjNNifSv/kKoL6VBH9F40WfbEUlQGXvSo+D/0NFPiEhz2XQMOV
mB3fV3YKR15xporKH17h3k56rdgQhm1Pjaq/aCVxHysLxVLDYiJa4ShI/cT5jXBy
Cfo5L43bAwLUMo3VSr5wMU4TyZ6C3GZnHw3VeU/+jqp76ULJUXUtT3nSKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFW5pldsshOr5glHdOOeZsb/gTWTMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvVmJtbVYyeXlFNnZtQ1VkMDQ1NW14di1CTlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAMbZgyrlYpYZYIWd77VuF04YlRNIYV2TJpYLrd29Nm
Gh91NluBQYQqUmtfy1wkfksiPkIv8GPqn9gOemiUl3TVQ+pnl8K6xz/yNu7NB40t
UmV35amoylMas2ISOKL7JuXZElRkvSAF3r+g5PAI93ab/hdp1clvSU3BdMlmHTED
jD5Gpg9jCVUi0Kkp+6BTkh5qQMMBkIvfVZ9ioMv0CwfN1bYEzP9JobCNXJcfbcgD
7uRSYibFzu3/8kbFhZclUsQccTAdQReJOFJwQRl46QMp4WQm5Kp7K8lloHsRb/pq
SP9YfBMYnSUBD842/GRDCb3kg9xMtAyriAQVbsbdkYtF
-----END CERTIFICATE-----