Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vrkz6ACK8t41L6oasr9fMGLSPvQ.roa
File:                     vrkz6ACK8t41L6oasr9fMGLSPvQ.roa (raw, json)
Hash identifier:          ifFTvfTy2cyIaSUTDZamkfILdE4FJzVtybGURA9UkJU=
Subject key identifier:   BE:B9:33:E8:00:8A:F2:DE:35:2F:AA:1A:B2:BF:5F:30:62:D2:3E:F4
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2C90E6A4D0CDAC301F7BC75069BC
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vrkz6ACK8t41L6oasr9fMGLSPvQ.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50138
IP address blocks:        185.212.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:90:e6:a4:d0:cd:ac:30:1f:7b:c7:50:69:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beb933e8008af2de352faa1ab2bf5f3062d23ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5b:47:b0:34:5a:01:3f:e6:70:76:ad:d7:4f:
                    01:0d:cd:a1:23:ea:c9:50:e9:dc:30:df:b9:76:39:
                    b7:f7:2e:28:92:32:56:28:8d:41:ea:c3:94:f6:f0:
                    e1:87:62:5e:f8:87:a1:de:7c:47:c1:ca:f6:49:70:
                    a4:0c:ea:5e:46:79:27:8e:16:fb:62:0b:ee:d4:af:
                    9e:80:aa:67:f7:db:ad:d7:56:5e:20:91:e3:b5:a2:
                    64:f5:89:ab:55:1f:fb:ff:7a:ad:f2:62:ef:20:37:
                    0d:0c:17:5a:77:b3:f4:d9:21:ff:de:ee:71:cd:6e:
                    67:1f:7e:d3:84:d0:af:6a:21:03:f6:22:20:e3:2b:
                    7c:8b:9a:51:39:94:30:79:87:f6:93:a7:25:27:f6:
                    c2:9f:d7:3b:50:34:cd:7a:6b:b8:67:bc:ad:37:b8:
                    9a:4c:60:76:ac:66:0e:36:c2:86:6f:0e:79:33:75:
                    27:63:3b:f6:67:7a:17:97:a8:b5:92:29:32:38:cb:
                    d1:71:b5:cc:b0:09:11:fd:3f:54:f5:fa:65:81:d8:
                    a5:98:f6:c8:ca:cf:67:8b:33:a5:92:32:30:59:39:
                    81:c5:ed:f0:75:37:0b:ad:38:27:5b:3c:5e:f1:cc:
                    4d:38:be:82:c1:87:cf:02:a5:bb:13:53:97:1b:b2:
                    64:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B9:33:E8:00:8A:F2:DE:35:2F:AA:1A:B2:BF:5F:30:62:D2:3E:F4
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vrkz6ACK8t41L6oasr9fMGLSPvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:25:72:85:41:15:6c:bd:52:da:72:7c:e3:3f:3d:59:e1:4d:
         9a:13:92:de:28:35:52:2e:96:64:6e:b2:02:08:99:18:90:f4:
         a4:b2:24:96:09:cb:ec:52:81:98:1e:0d:20:b6:e1:05:7c:12:
         5a:7b:13:6f:eb:8e:1c:04:27:ee:31:8b:42:c1:a2:8a:4d:7e:
         da:bc:d8:6d:88:48:74:7a:76:4e:51:d4:15:13:58:90:aa:ba:
         6a:be:0e:7e:fc:62:f4:77:70:7c:25:8b:f2:e9:46:88:6c:8d:
         e0:7d:5a:69:fe:91:61:89:fa:50:3e:c8:19:ee:17:0f:d8:e4:
         b3:61:fb:8c:a3:6f:51:34:e9:43:be:f2:50:86:71:1c:95:e6:
         4c:72:2e:20:81:ee:bc:b1:0b:2b:8d:28:47:ae:76:86:30:56:
         f6:cc:ac:b3:d7:a8:f9:44:53:5b:97:46:ad:00:b4:11:ae:ce:
         37:19:06:9e:8e:c5:76:60:2e:22:60:8a:59:9d:23:db:a2:4e:
         f8:b1:67:0b:34:9d:cd:b1:67:ae:83:de:1a:08:d8:0f:51:84:
         e0:45:5a:5b:12:14:5a:01:5d:82:db:af:80:8d:9a:bd:52:25:
         0e:4e:39:68:5b:55:c4:d4:3a:ee:f8:4a:ec:b4:20:c3:b2:2e:
         61:ed:b7:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yyQ5qTQzawwH3vHUGm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWI5MzNlODAwOGFmMmRlMzUyZmFhMWFiMmJmNWYzMDYyZDIzZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFtHsDRaAT/mcHat108BDc2hI+rJ
UOncMN+5djm39y4okjJWKI1B6sOU9vDhh2Je+Ieh3nxHwcr2SXCkDOpeRnknjhb7
Ygvu1K+egKpn99ut11ZeIJHjtaJk9YmrVR/7/3qt8mLvIDcNDBdad7P02SH/3u5x
zW5nH37ThNCvaiED9iIg4yt8i5pROZQweYf2k6clJ/bCn9c7UDTNemu4Z7ytN7ia
TGB2rGYONsKGbw55M3UnYzv2Z3oXl6i1kikyOMvRcbXMsAkR/T9U9fplgdilmPbI
ys9nizOlkjIwWTmBxe3wdTcLrTgnWzxe8cxNOL6CwYfPAqW7E1OXG7Jk9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL65M+gAivLeNS+qGrK/XzBi0j70MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdnJrejZBQ0s4dDQxTDZvYXNyOWZNR0xTUHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQJMA0G
CSqGSIb3DQEBCwUAA4IBAQCuJXKFQRVsvVLacnzjPz1Z4U2aE5LeKDVSLpZkbrIC
CJkYkPSksiSWCcvsUoGYHg0gtuEFfBJaexNv644cBCfuMYtCwaKKTX7avNhtiEh0
enZOUdQVE1iQqrpqvg5+/GL0d3B8JYvy6UaIbI3gfVpp/pFhifpQPsgZ7hcP2OSz
YfuMo29RNOlDvvJQhnEcleZMci4gge68sQsrjShHrnaGMFb2zKyz16j5RFNbl0at
ALQRrs43GQaejsV2YC4iYIpZnSPbok74sWcLNJ3NsWeug94aCNgPUYTgRVpbEhRa
AV2C26+AjZq9UiUOTjloW1XE1Dru+ErstCDDsi5h7bey
-----END CERTIFICATE-----