Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vsBn7CJej4AQKhe4pcMeWDlLiHw.roa
File:                     vsBn7CJej4AQKhe4pcMeWDlLiHw.roa (raw, json)
Hash identifier:          hMteDqJqx9pSNyzTcxlc89NH2+ZWpEyABSZaqOqlUUE=
Subject key identifier:   BE:C0:67:EC:22:5E:8F:80:10:2A:17:B8:A5:C3:1E:58:39:4B:88:7C
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DC65D234527D622287E74C06F0BA
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vsBn7CJej4AQKhe4pcMeWDlLiHw.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51817
IP address blocks:        194.209.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dc:65:d2:34:52:7d:62:22:87:e7:4c:06:f0:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bec067ec225e8f80102a17b8a5c31e58394b887c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:31:e0:0c:94:19:78:47:69:93:79:ae:fb:c8:
                    d4:20:c8:82:55:00:c6:20:b4:34:23:ca:ff:c3:50:
                    4a:49:0a:d7:aa:17:7d:5e:09:ae:9d:a5:05:18:a8:
                    ff:ac:7e:31:ce:a7:b6:3a:f8:db:e1:58:3b:7b:c5:
                    4b:82:80:d2:97:a3:c1:7f:e5:19:ca:57:7e:f6:96:
                    7d:a0:96:93:1d:f3:c7:fe:56:1c:8b:eb:78:6c:5e:
                    7a:96:27:98:8c:70:51:fa:74:2f:c5:ff:9a:03:6a:
                    59:71:f0:4a:f9:68:51:48:3a:ca:12:87:b6:19:a8:
                    cf:35:ad:2d:df:59:74:53:ef:0c:a6:16:fb:9c:ef:
                    59:f5:c7:8d:36:fb:5a:cb:c6:40:7b:92:09:43:f0:
                    0f:14:45:1c:d4:f7:6e:8c:80:0f:18:a8:19:20:1b:
                    37:6a:54:13:c3:0f:f6:03:44:3d:e4:f3:db:d6:38:
                    08:23:06:c2:fc:02:48:d3:95:b1:71:43:d9:a1:b3:
                    28:96:50:f8:95:76:10:35:02:7c:a7:d7:9e:df:8d:
                    5c:0b:8c:bc:43:1f:d0:49:01:a4:5b:86:84:a6:91:
                    77:70:10:f1:b0:f1:ef:c2:14:23:5c:66:bc:6b:70:
                    55:c5:99:d1:5e:f0:8c:b0:08:4d:1a:a9:b0:d4:0b:
                    7a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C0:67:EC:22:5E:8F:80:10:2A:17:B8:A5:C3:1E:58:39:4B:88:7C
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vsBn7CJej4AQKhe4pcMeWDlLiHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:4d:46:2e:46:5f:5f:4d:75:8e:0b:88:2c:9e:3e:15:67:
         77:7b:23:95:27:dc:e8:7b:ad:46:61:ba:d0:0c:79:70:00:34:
         23:c1:77:80:b1:23:23:23:b2:4c:b2:0c:12:28:bf:2c:c7:70:
         b0:21:35:e5:ac:9e:78:7e:aa:7c:dc:83:46:4a:26:50:eb:e8:
         77:09:90:17:11:5a:b1:80:26:d7:f4:56:70:39:bf:fd:7f:02:
         e3:cf:0d:19:6e:3f:83:cf:89:7e:73:91:04:5c:5f:6f:f5:e1:
         2a:1e:63:e7:07:8d:79:01:ed:2b:32:59:fc:d7:ac:f7:0a:c9:
         9c:cb:8d:6f:99:a8:51:fb:31:71:d3:55:1a:5c:67:32:d8:42:
         3a:be:85:8b:e4:19:23:0f:13:92:04:60:fa:3b:0c:8b:23:31:
         4f:d5:cd:6e:09:53:7a:1b:7f:75:95:30:c4:24:77:5c:26:1a:
         9c:ef:2a:b9:b9:b4:79:dc:81:83:11:02:29:90:51:2d:22:07:
         2f:f5:b6:f7:b4:35:c9:92:70:ec:03:2b:4d:e4:91:23:75:42:
         9e:c5:4a:d1:05:6f:8f:55:5f:bb:25:6a:5d:5a:f9:08:15:63:
         7b:ae:ee:4a:5d:82:f3:1f:8b:d5:d5:af:13:9c:75:12:88:12:
         a8:a1:7c:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNxl0jRSfWIih+dMBvC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWMwNjdlYzIyNWU4ZjgwMTAyYTE3YjhhNWMzMWU1ODM5NGI4ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8zHgDJQZeEdpk3mu+8jUIMiCVQDG
ILQ0I8r/w1BKSQrXqhd9XgmunaUFGKj/rH4xzqe2Ovjb4Vg7e8VLgoDSl6PBf+UZ
yld+9pZ9oJaTHfPH/lYci+t4bF56lieYjHBR+nQvxf+aA2pZcfBK+WhRSDrKEoe2
GajPNa0t31l0U+8Mphb7nO9Z9ceNNvtay8ZAe5IJQ/APFEUc1PdujIAPGKgZIBs3
alQTww/2A0Q95PPb1jgIIwbC/AJI05WxcUPZobMollD4lXYQNQJ8p9ee341cC4y8
Qx/QSQGkW4aEppF3cBDxsPHvwhQjXGa8a3BVxZnRXvCMsAhNGqmw1At6QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7AZ+wiXo+AECoXuKXDHlg5S4h8MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvdnNCbjdDSmVqNEFRS2hlNHBjTWVXRGxMaUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtGqMA0G
CSqGSIb3DQEBCwUAA4IBAQAfiE1GLkZfX011jguILJ4+FWd3eyOVJ9zoe61GYbrQ
DHlwADQjwXeAsSMjI7JMsgwSKL8sx3CwITXlrJ54fqp83INGSiZQ6+h3CZAXEVqx
gCbX9FZwOb/9fwLjzw0Zbj+Dz4l+c5EEXF9v9eEqHmPnB415Ae0rMln816z3Csmc
y41vmahR+zFx01UaXGcy2EI6voWL5BkjDxOSBGD6OwyLIzFP1c1uCVN6G391lTDE
JHdcJhqc7yq5ubR53IGDEQIpkFEtIgcv9bb3tDXJknDsAytN5JEjdUKexUrRBW+P
VV+7JWpdWvkIFWN7ru5KXYLzH4vV1a8TnHUSiBKooXw8
-----END CERTIFICATE-----