Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/vQD2d5VTh9Kd8vL_SaFIJySVWgo.roa
File:                     vQD2d5VTh9Kd8vL_SaFIJySVWgo.roa (raw, json)
Hash identifier:          /vtgP7EJZXJ5FeE+JMl5Sj+9HCXIIlqc+/BqRYqqOEI=
Subject key identifier:   BD:00:F6:77:95:53:87:D2:9D:F2:F2:FF:49:A1:48:27:24:95:5A:0A
Certificate issuer:       /CN=48f47a31172fb549c696132880c6824fb0777b55
Certificate serial:       018CC94E6A008E064F4B590709350A466B0A
Authority key identifier: 48:F4:7A:31:17:2F:B5:49:C6:96:13:28:80:C6:82:4F:B0:77:7B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SPR6MRcvtUnGlhMogMaCT7B3e1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/vQD2d5VTh9Kd8vL_SaFIJySVWgo.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49509
IP address blocks:        185.79.80.0/23 maxlen: 24
                          2a02:23e9::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/SPR6MRcvtUnGlhMogMaCT7B3e1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/SPR6MRcvtUnGlhMogMaCT7B3e1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SPR6MRcvtUnGlhMogMaCT7B3e1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6a:00:8e:06:4f:4b:59:07:09:35:0a:46:6b:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48f47a31172fb549c696132880c6824fb0777b55
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd00f677955387d29df2f2ff49a1482724955a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ee:5e:b3:f7:a1:36:77:52:be:e5:1d:21:c6:
                    1c:e2:84:7e:95:5a:93:33:7a:d8:aa:ab:97:2e:96:
                    37:64:88:a2:bd:e1:f3:a8:ad:67:6f:77:9d:55:c4:
                    ae:99:d3:d9:f4:00:f9:a4:2f:21:49:9a:00:28:c0:
                    55:2e:27:33:98:9b:06:69:5a:78:35:4d:d7:9d:b4:
                    cf:70:3f:56:f1:3f:18:3b:39:48:03:0e:1f:b1:c8:
                    61:2d:cb:b4:69:e4:d0:5d:8f:f5:7d:68:6d:d4:c0:
                    5b:d9:86:1b:4a:d7:f6:e5:3a:34:49:7e:51:79:1f:
                    d9:7b:88:44:70:33:77:83:88:a9:ed:4d:9e:99:d3:
                    2f:1f:0e:30:e7:82:6e:41:aa:10:e4:90:2c:42:0a:
                    92:e1:53:44:a4:ab:14:71:89:77:94:c2:7b:14:71:
                    e7:7b:d2:c1:e4:04:29:75:a5:a4:17:58:f1:3e:41:
                    37:58:f9:51:4a:0d:72:01:2d:ea:65:43:00:ac:a9:
                    41:c5:d7:9b:12:02:b4:f6:66:f7:e4:c4:1e:2e:c0:
                    59:75:8e:4f:33:18:ea:f1:dc:be:d9:a3:33:bb:63:
                    84:e4:0a:51:41:42:f8:70:63:34:3b:6e:88:74:ef:
                    5f:6d:05:2e:81:bb:55:e5:0b:9f:01:c7:db:12:c3:
                    6d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:00:F6:77:95:53:87:D2:9D:F2:F2:FF:49:A1:48:27:24:95:5A:0A
            X509v3 Authority Key Identifier:
                keyid:48:F4:7A:31:17:2F:B5:49:C6:96:13:28:80:C6:82:4F:B0:77:7B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SPR6MRcvtUnGlhMogMaCT7B3e1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/vQD2d5VTh9Kd8vL_SaFIJySVWgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/090638-8a99-4063-93a0-6e9938972708/1/SPR6MRcvtUnGlhMogMaCT7B3e1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.80.0/23
                IPv6:
                  2a02:23e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:c5:24:94:b1:ac:85:12:07:47:9e:e0:4b:2f:7e:b5:04:0e:
         89:1f:f3:9d:c7:ec:8c:e8:d4:f5:88:8c:e1:95:2c:a7:ec:1f:
         2a:b1:b4:77:34:2d:19:17:3d:da:e5:aa:a0:92:fe:93:d9:fe:
         06:a9:06:e5:95:84:ca:9f:29:0c:43:49:31:85:74:a5:33:ff:
         95:46:9f:af:c2:00:a6:89:15:92:d9:75:45:30:dc:16:99:3c:
         de:e7:41:ce:71:15:41:28:14:97:cd:97:5a:6f:23:19:3e:e3:
         6f:b8:99:9e:49:b7:11:fb:3e:48:f1:ca:f5:69:ee:a1:f0:bd:
         9b:bc:86:d9:9a:4f:ae:66:04:ee:26:82:2b:97:15:a1:51:04:
         b8:30:d7:9c:26:fe:6f:e6:0f:f0:28:72:ec:8c:c0:b2:4a:6d:
         27:26:b7:d5:fb:ab:f0:c4:9d:ce:92:18:95:73:e1:26:6c:4b:
         e6:e6:2c:29:80:14:0c:c5:16:ab:13:16:35:f9:37:66:0c:7b:
         26:38:ad:bb:e1:0b:d1:2d:43:71:fc:79:9e:18:8d:d4:5c:88:
         02:a5:9f:af:6d:a0:78:ef:dc:09:d3:87:00:78:17:d3:43:2c:
         0d:ad:b8:74:39:18:ca:7b:48:21:88:69:f6:d3:53:10:48:fd:
         82:10:2a:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTmoAjgZPS1kHCTUKRmsKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZjQ3YTMxMTcyZmI1NDljNjk2MTMyODgwYzY4MjRmYjA3
NzdiNTUwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDAwZjY3Nzk1NTM4N2QyOWRmMmYyZmY0OWExNDgyNzI0OTU1YTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+5es/ehNndSvuUdIcYc4oR+lVqT
M3rYqquXLpY3ZIiiveHzqK1nb3edVcSumdPZ9AD5pC8hSZoAKMBVLiczmJsGaVp4
NU3XnbTPcD9W8T8YOzlIAw4fschhLcu0aeTQXY/1fWht1MBb2YYbStf25To0SX5R
eR/Ze4hEcDN3g4ip7U2emdMvHw4w54JuQaoQ5JAsQgqS4VNEpKsUcYl3lMJ7FHHn
e9LB5AQpdaWkF1jxPkE3WPlRSg1yAS3qZUMArKlBxdebEgK09mb35MQeLsBZdY5P
Mxjq8dy+2aMzu2OE5ApRQUL4cGM0O26IdO9fbQUugbtV5QufAcfbEsNt7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL0A9neVU4fSnfLy/0mhSCcklVoKMB8GA1UdIwQY
MBaAFEj0ejEXL7VJxpYTKIDGgk+wd3tVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1BSNk1SY3Z0VW5HbGhNb2dNYUNUN0IzZTFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTA2MzgtOGE5OS00MDYzLTkzYTAt
NmU5OTM4OTcyNzA4LzEvdlFEMmQ1VlRoOUtkOHZMX1NhRklKeVNWV2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTA2MzgtOGE5OS00MDYzLTkzYTAtNmU5OTM4OTcyNzA4
LzEvU1BSNk1SY3Z0VW5HbGhNb2dNYUNUN0IzZTFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuU9QMA0E
AgACMAcDBQAqAiPpMA0GCSqGSIb3DQEBCwUAA4IBAQB/xSSUsayFEgdHnuBLL361
BA6JH/Odx+yM6NT1iIzhlSyn7B8qsbR3NC0ZFz3a5aqgkv6T2f4GqQbllYTKnykM
Q0kxhXSlM/+VRp+vwgCmiRWS2XVFMNwWmTze50HOcRVBKBSXzZdabyMZPuNvuJme
SbcR+z5I8cr1ae6h8L2bvIbZmk+uZgTuJoIrlxWhUQS4MNecJv5v5g/wKHLsjMCy
Sm0nJrfV+6vwxJ3OkhiVc+EmbEvm5iwpgBQMxRarExY1+TdmDHsmOK274QvRLUNx
/HmeGI3UXIgCpZ+vbaB479wJ04cAeBfTQywNrbh0ORjKe0ghiGn201MQSP2CECrH
-----END CERTIFICATE-----