Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/vrDbAJdP8mVX1BMd6HBUmMGwHZE.roa
File:                     vrDbAJdP8mVX1BMd6HBUmMGwHZE.roa (raw, json)
Hash identifier:          B6PLU5IsvyBpCwKQ7OOa5EKam/m+er7jApaI9hBf8u8=
Subject key identifier:   BE:B0:DB:00:97:4F:F2:65:57:D4:13:1D:E8:70:54:98:C1:B0:1D:91
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018D6EA978275D9764B59C6B36E050A8CE43
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/vrDbAJdP8mVX1BMd6HBUmMGwHZE.roa
Signing time:             Sat 03 Feb 2024 11:10:16 +0000
ROA not before:           Sat 03 Feb 2024 11:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211142
IP address blocks:        185.83.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6e:a9:78:27:5d:97:64:b5:9c:6b:36:e0:50:a8:ce:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Feb  3 11:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beb0db00974ff26557d4131de8705498c1b01d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:8e:a7:33:29:fc:ec:7d:c2:8d:c5:60:82:
                    09:73:3b:03:8c:b6:df:18:41:d1:1b:f2:fd:87:31:
                    d3:b0:ab:37:5c:b6:31:f1:14:58:d6:90:26:df:e5:
                    1d:06:04:c6:3e:ea:65:a4:31:9e:fb:2a:64:4e:77:
                    98:1d:99:65:88:c7:93:87:c6:31:46:b7:a8:e4:ca:
                    dc:4b:32:78:c3:54:db:e6:54:41:80:84:1c:cd:09:
                    53:62:c2:e3:79:65:61:55:0a:40:d8:45:d7:a8:34:
                    2a:6e:ad:d6:07:64:f9:85:72:f6:95:26:1b:2d:94:
                    0f:db:95:91:9a:26:50:54:41:0e:33:87:f6:c6:9e:
                    c5:c1:09:5f:30:a3:3c:98:d0:78:b7:ff:43:d0:69:
                    2c:22:4b:c5:94:00:1f:59:a6:57:24:f7:16:ee:57:
                    f3:6a:67:3f:c6:bf:d2:62:1f:76:0c:bd:be:c8:dc:
                    82:8b:6a:89:6b:82:01:54:2b:2b:12:c3:41:16:56:
                    a7:ae:76:93:55:6f:24:95:8f:7d:3e:27:81:98:b4:
                    bf:2c:89:8c:f3:12:ab:a0:4e:53:ad:2f:b7:55:02:
                    df:a2:d7:1c:b5:78:3d:1a:4a:5d:4e:e5:d8:de:c9:
                    14:a2:c7:e9:0a:cc:3d:f4:4e:14:1b:c9:80:6d:c6:
                    7f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B0:DB:00:97:4F:F2:65:57:D4:13:1D:E8:70:54:98:C1:B0:1D:91
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/vrDbAJdP8mVX1BMd6HBUmMGwHZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:40:65:4c:c6:03:3f:e3:a4:6f:e9:f2:f0:b5:bd:9b:13:58:
         1e:25:9f:d2:0f:ad:b1:51:8f:a0:a1:58:05:8d:e3:86:99:88:
         55:f8:af:7e:76:78:e2:74:a5:48:8e:00:a6:b8:61:98:99:2d:
         c0:5c:6d:a4:06:a3:02:a3:f7:e4:bb:7a:50:6b:7f:97:2d:0f:
         ae:24:6c:22:21:ec:f4:d5:05:b3:76:75:b1:90:1b:ef:9a:3b:
         ee:c9:be:af:65:5c:11:0c:69:14:6e:9b:5f:06:28:69:19:cb:
         56:f1:25:33:1c:81:c8:5a:4c:bf:15:b4:1b:fa:5c:d7:ed:38:
         d5:dc:24:1a:22:08:de:76:0b:4a:71:05:69:16:c4:1c:f0:8f:
         98:c5:74:ee:ef:16:26:f1:46:e7:ac:2e:8f:88:7c:fb:72:89:
         3f:bd:fb:ec:2e:b4:b7:03:ce:4f:dd:71:1f:11:7c:57:70:f2:
         c4:23:d8:9e:57:b5:9c:dd:60:ad:89:9f:93:95:1e:4b:79:8e:
         fc:ab:d0:52:a2:ad:86:f6:e1:ea:5b:a0:c2:20:af:96:3c:14:
         78:82:fd:77:e1:b7:21:4c:d1:7f:65:89:bc:3f:84:cd:b1:d3:
         81:de:0f:32:8a:8e:6e:6f:24:8c:f2:79:77:64:d9:cb:c6:63:
         bb:14:e7:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1uqXgnXZdktZxrNuBQqM5DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMjAzMTExMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWIwZGIwMDk3NGZmMjY1NTdkNDEzMWRlODcwNTQ5OGMxYjAxZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL2OpzMp/Ox9wo3FYIIJczsDjLbf
GEHRG/L9hzHTsKs3XLYx8RRY1pAm3+UdBgTGPuplpDGe+ypkTneYHZlliMeTh8Yx
Rreo5MrcSzJ4w1Tb5lRBgIQczQlTYsLjeWVhVQpA2EXXqDQqbq3WB2T5hXL2lSYb
LZQP25WRmiZQVEEOM4f2xp7FwQlfMKM8mNB4t/9D0GksIkvFlAAfWaZXJPcW7lfz
amc/xr/SYh92DL2+yNyCi2qJa4IBVCsrEsNBFlanrnaTVW8klY99PieBmLS/LImM
8xKroE5TrS+3VQLfotcctXg9GkpdTuXY3skUosfpCsw99E4UG8mAbcZ/yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6w2wCXT/JlV9QTHehwVJjBsB2RMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvdnJEYkFKZFA4bVZYMUJNZDZIQlVtTUd3SFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPlMA0G
CSqGSIb3DQEBCwUAA4IBAQCPQGVMxgM/46Rv6fLwtb2bE1geJZ/SD62xUY+goVgF
jeOGmYhV+K9+dnjidKVIjgCmuGGYmS3AXG2kBqMCo/fku3pQa3+XLQ+uJGwiIez0
1QWzdnWxkBvvmjvuyb6vZVwRDGkUbptfBihpGctW8SUzHIHIWky/FbQb+lzX7TjV
3CQaIgjedgtKcQVpFsQc8I+YxXTu7xYm8UbnrC6PiHz7cok/vfvsLrS3A85P3XEf
EXxXcPLEI9ieV7Wc3WCtiZ+TlR5LeY78q9BSoq2G9uHqW6DCIK+WPBR4gv134bch
TNF/ZYm8P4TNsdOB3g8yio5ubySM8nl3ZNnLxmO7FOeq
-----END CERTIFICATE-----