Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vAS0UbyymBvIPJDPI_8HH5A3Z7Y.roa
File:                     vAS0UbyymBvIPJDPI_8HH5A3Z7Y.roa (raw, json)
Hash identifier:          WQwm8pBE4LCy8XCfRNxgyPIQ/eXRG0H9FkE88sFt5Zw=
Subject key identifier:   BC:04:B4:51:BC:B2:98:1B:C8:3C:90:CF:23:FF:07:1F:90:37:67:B6
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC794407AD1F7855206A38376AEE40C9E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vAS0UbyymBvIPJDPI_8HH5A3Z7Y.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        89.149.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:40:7a:d1:f7:85:52:06:a3:83:76:ae:e4:0c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc04b451bcb2981bc83c90cf23ff071f903767b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5a:66:dc:57:a2:bd:f8:38:e6:d2:e8:d2:b4:
                    51:28:02:91:17:75:8a:b7:43:2c:93:9b:d9:45:9d:
                    15:83:bb:c6:b6:d3:90:3e:18:89:f3:a0:08:87:46:
                    07:54:8c:15:6f:1d:c1:a6:b0:d9:f0:3b:5c:f6:62:
                    75:33:4e:bc:13:ed:fa:d3:34:fb:9a:bc:c5:fc:12:
                    23:36:f4:6e:a5:ad:56:53:f8:9e:02:c7:42:16:2e:
                    89:1e:4c:54:2a:c8:22:39:08:25:cb:e1:95:5f:87:
                    b9:c4:3a:d1:da:51:f0:1c:77:8d:f1:b5:62:34:1e:
                    f5:66:f9:70:55:63:5c:04:fd:ce:06:14:82:56:d3:
                    59:4e:71:01:79:74:a7:37:a5:6d:51:87:65:dc:72:
                    ac:09:31:d7:ee:89:4b:b3:fd:17:18:f2:c8:21:31:
                    ad:c6:bf:57:ac:54:45:31:c3:33:d9:0b:2a:97:f8:
                    0a:2f:98:51:f8:69:d0:85:88:8d:84:31:de:b9:05:
                    9e:a4:d7:b8:16:42:94:c9:db:4b:73:ba:ca:6b:fc:
                    a6:19:05:5c:50:86:f9:9b:7a:e8:34:45:b5:d6:22:
                    d6:0f:01:24:5b:9d:de:08:4e:e4:1c:51:c5:76:54:
                    49:c5:a7:46:1c:de:86:d9:60:75:02:ea:d6:f9:75:
                    4a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:04:B4:51:BC:B2:98:1B:C8:3C:90:CF:23:FF:07:1F:90:37:67:B6
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/vAS0UbyymBvIPJDPI_8HH5A3Z7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.149.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a1:58:d6:8e:30:7b:de:a8:38:54:31:52:6e:8b:51:9a:f5:
         48:08:79:79:1b:c9:e9:05:0e:5d:61:9b:78:04:5c:9a:bd:3f:
         48:95:0f:60:11:c1:3d:38:fe:1d:b1:d5:cf:f5:bf:6f:31:2f:
         cb:ca:bf:a2:95:3f:4f:51:3b:18:1b:a3:ec:5e:86:1d:2b:cd:
         23:6f:31:ed:93:dd:a2:bc:3f:a3:ab:04:f2:4f:2a:4a:c1:35:
         7a:20:fb:7b:c1:92:93:09:02:a3:a4:ce:88:51:0d:49:3d:5c:
         2f:2d:8e:8c:26:a8:d8:d2:76:98:45:8e:e0:6a:60:ab:aa:29:
         4f:78:6a:b0:da:8a:dd:bc:fd:2c:78:dd:b2:8a:b0:5e:81:d4:
         39:0a:d5:1e:0c:cc:e0:06:d9:8e:4c:f6:9f:81:82:cc:b2:1c:
         42:33:7d:cf:25:9f:50:80:6a:c5:f2:4e:99:5a:44:91:21:67:
         bf:a0:d6:d6:b4:b2:a4:a8:13:19:ac:1e:1d:b3:65:8f:6f:7e:
         2b:6b:9d:2d:43:68:8a:68:22:2e:e3:6f:ee:28:b5:5a:fd:c1:
         1f:1d:6f:c1:ad:c0:3e:9d:21:4f:9a:06:a5:8e:4f:37:f0:f0:
         df:ed:42:e3:25:6c:2d:12:84:36:13:6d:48:a2:d6:31:ce:d7:
         fc:61:64:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEB60feFUgajg3au5AyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzA0YjQ1MWJjYjI5ODFiYzgzYzkwY2YyM2ZmMDcxZjkwMzc2N2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVpm3Feivfg45tLo0rRRKAKRF3WK
t0Msk5vZRZ0Vg7vGttOQPhiJ86AIh0YHVIwVbx3BprDZ8Dtc9mJ1M068E+360zT7
mrzF/BIjNvRupa1WU/ieAsdCFi6JHkxUKsgiOQgly+GVX4e5xDrR2lHwHHeN8bVi
NB71ZvlwVWNcBP3OBhSCVtNZTnEBeXSnN6VtUYdl3HKsCTHX7olLs/0XGPLIITGt
xr9XrFRFMcMz2Qsql/gKL5hR+GnQhYiNhDHeuQWepNe4FkKUydtLc7rKa/ymGQVc
UIb5m3roNEW11iLWDwEkW53eCE7kHFHFdlRJxadGHN6G2WB1AurW+XVKIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwEtFG8spgbyDyQzyP/Bx+QN2e2MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdkFTMFVieXltQnZJUEpEUElfOEhINUEzWjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZWUMA0G
CSqGSIb3DQEBCwUAA4IBAQAIoVjWjjB73qg4VDFSbotRmvVICHl5G8npBQ5dYZt4
BFyavT9IlQ9gEcE9OP4dsdXP9b9vMS/Lyr+ilT9PUTsYG6PsXoYdK80jbzHtk92i
vD+jqwTyTypKwTV6IPt7wZKTCQKjpM6IUQ1JPVwvLY6MJqjY0naYRY7gamCrqilP
eGqw2ordvP0seN2yirBegdQ5CtUeDMzgBtmOTPafgYLMshxCM33PJZ9QgGrF8k6Z
WkSRIWe/oNbWtLKkqBMZrB4ds2WPb34ra50tQ2iKaCIu42/uKLVa/cEfHW/BrcA+
nSFPmgaljk838PDf7ULjJWwtEoQ2E21IotYxztf8YWQm
-----END CERTIFICATE-----