Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/vYX_vvdRNRPkWMX35Gz8yeM-s9E.roa
File:                     vYX_vvdRNRPkWMX35Gz8yeM-s9E.roa (raw, json)
Hash identifier:          KL7cFjaktApytasQS3MfXHfYS6b2/m7dxHJCx2dYW00=
Subject key identifier:   BD:85:FF:BE:F7:51:35:13:E4:58:C5:F7:E4:6C:FC:C9:E3:3E:B3:D1
Certificate issuer:       /CN=0533048d6ff424bf19215771cf257bc15b67ee15
Certificate serial:       018CC26D70057B99B89753A5F81598D1A5F1
Authority key identifier: 05:33:04:8D:6F:F4:24:BF:19:21:57:71:CF:25:7B:C1:5B:67:EE:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/vYX_vvdRNRPkWMX35Gz8yeM-s9E.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12611
IP address blocks:        194.169.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:05:7b:99:b8:97:53:a5:f8:15:98:d1:a5:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0533048d6ff424bf19215771cf257bc15b67ee15
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd85ffbef7513513e458c5f7e46cfcc9e33eb3d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5a:3b:62:db:26:67:6e:47:45:c4:f6:94:c9:
                    45:8a:35:8b:18:6b:2c:c3:da:53:48:76:a2:bd:4f:
                    c8:51:e2:38:fc:0f:39:d3:60:29:ee:55:6c:5d:b1:
                    e1:cf:b3:fa:ad:c1:e4:79:09:c2:a9:5d:d7:ee:c6:
                    c9:79:6a:c9:38:98:08:b3:b0:b4:93:f3:44:5c:54:
                    a3:9f:db:50:e3:23:79:bc:c6:a0:fc:07:f5:90:34:
                    92:d5:b9:1b:8e:de:a5:73:f7:d5:d1:b4:2a:bb:6c:
                    bc:d8:33:a0:be:5d:e1:14:a2:99:a5:b5:8c:80:2c:
                    42:ea:74:45:47:59:d2:4d:2f:c3:a6:e4:14:2d:f1:
                    69:08:76:02:b5:82:3c:cf:de:8e:69:ed:60:68:65:
                    71:2f:bb:05:38:ff:e2:d9:90:01:b4:da:ee:3c:d1:
                    e4:b1:1d:e3:31:71:72:77:c7:1a:18:2a:6d:2a:1e:
                    74:91:5d:22:7e:48:93:36:44:43:1f:76:b3:a6:2b:
                    f9:48:40:a3:82:a9:8c:5f:24:04:c0:a3:29:fe:5d:
                    ba:4b:e2:5b:3c:a4:91:14:41:01:fe:73:8d:dd:b0:
                    08:c3:2a:14:cb:0e:a9:19:98:32:31:6a:af:3c:0d:
                    16:f1:2b:12:d9:ec:96:21:4a:d9:83:19:d5:57:b1:
                    da:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:85:FF:BE:F7:51:35:13:E4:58:C5:F7:E4:6C:FC:C9:E3:3E:B3:D1
            X509v3 Authority Key Identifier:
                keyid:05:33:04:8D:6F:F4:24:BF:19:21:57:71:CF:25:7B:C1:5B:67:EE:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/vYX_vvdRNRPkWMX35Gz8yeM-s9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b8:c3:7a:b4:65:0a:3b:3f:76:ad:8a:fb:9c:af:73:50:d4:
         a6:28:f4:e7:de:d0:2f:d2:bc:83:7e:34:2a:5b:ed:a2:8b:44:
         e0:c4:1f:76:1d:5c:cb:2e:e6:90:12:6b:89:33:7b:bb:2e:38:
         55:6d:ce:fa:b4:66:59:3e:48:ad:f3:91:af:b9:cd:96:75:eb:
         43:b1:08:d8:2f:3a:e2:1e:63:2b:6f:77:f0:48:67:b5:52:92:
         f4:69:d5:f7:c2:58:de:98:8e:b1:c0:bb:db:c7:a8:fe:f1:d9:
         85:2b:aa:45:b1:84:2a:fe:7f:05:ca:47:d4:b5:37:36:ac:4b:
         a6:97:bd:7b:7b:3d:e6:38:e0:4a:97:28:c1:fa:d9:24:1e:c4:
         75:77:5c:da:e0:97:31:88:8f:97:1c:74:42:3b:6c:21:e1:9c:
         b4:bc:17:81:cd:8b:a6:7b:89:51:02:b2:d6:22:97:94:d1:a2:
         85:c7:03:0e:13:d3:24:ff:56:77:8a:ce:64:c0:9f:f9:1d:d9:
         0a:6d:64:a5:9a:fe:af:db:8c:15:15:60:7b:03:b9:8b:b2:9a:
         cb:fb:cd:4c:26:33:54:0c:ec:70:e7:f4:aa:c3:61:f9:20:f6:
         e9:ba:37:98:08:bb:04:87:e9:8c:29:d4:af:cc:61:38:67:cc:
         d7:42:09:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXAFe5m4l1Ol+BWY0aXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzMwNDhkNmZmNDI0YmYxOTIxNTc3MWNmMjU3YmMxNWI2
N2VlMTUwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg1ZmZiZWY3NTEzNTEzZTQ1OGM1ZjdlNDZjZmNjOWUzM2ViM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Vo7YtsmZ25HRcT2lMlFijWLGGss
w9pTSHaivU/IUeI4/A8502Ap7lVsXbHhz7P6rcHkeQnCqV3X7sbJeWrJOJgIs7C0
k/NEXFSjn9tQ4yN5vMag/Af1kDSS1bkbjt6lc/fV0bQqu2y82DOgvl3hFKKZpbWM
gCxC6nRFR1nSTS/DpuQULfFpCHYCtYI8z96Oae1gaGVxL7sFOP/i2ZABtNruPNHk
sR3jMXFyd8caGCptKh50kV0ifkiTNkRDH3azpiv5SECjgqmMXyQEwKMp/l26S+Jb
PKSRFEEB/nON3bAIwyoUyw6pGZgyMWqvPA0W8SsS2eyWIUrZgxnVV7HaWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2F/773UTUT5FjF9+Rs/MnjPrPRMB8GA1UdIwQY
MBaAFAUzBI1v9CS/GSFXcc8le8FbZ+4VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRNRWpXXzBKTDhaSVZkeHp5Vjd3VnRuN2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zZTQ4OTktYWFjYy00ZWZkLTkzZGYt
YTYxYTk4MzU5YzRhLzEvdllYX3Z2ZFJOUlBrV01YMzVHejh5ZU0tczlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zZTQ4OTktYWFjYy00ZWZkLTkzZGYtYTYxYTk4MzU5YzRh
LzEvQlRNRWpXXzBKTDhaSVZkeHp5Vjd3VnRuN2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqn7MA0G
CSqGSIb3DQEBCwUAA4IBAQBOuMN6tGUKOz92rYr7nK9zUNSmKPTn3tAv0ryDfjQq
W+2ii0TgxB92HVzLLuaQEmuJM3u7LjhVbc76tGZZPkit85Gvuc2WdetDsQjYLzri
HmMrb3fwSGe1UpL0adX3wljemI6xwLvbx6j+8dmFK6pFsYQq/n8FykfUtTc2rEum
l717ez3mOOBKlyjB+tkkHsR1d1za4JcxiI+XHHRCO2wh4Zy0vBeBzYume4lRArLW
IpeU0aKFxwMOE9Mk/1Z3is5kwJ/5HdkKbWSlmv6v24wVFWB7A7mLsprL+81MJjNU
DOxw5/Sqw2H5IPbpujeYCLsEh+mMKdSvzGE4Z8zXQgku
-----END CERTIFICATE-----