Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/vtLeVWlLPi-xFAWVU0VpABisBSs.roa
File:                     vtLeVWlLPi-xFAWVU0VpABisBSs.roa (raw, json)
Hash identifier:          za8y+nRRP1ca4JjYDaJ9RJfKlWRDdU5UNanu9V40fQI=
Subject key identifier:   BE:D2:DE:55:69:4B:3E:2F:B1:14:05:95:53:45:69:00:18:AC:05:2B
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018FCD5F0617A49C2BEBDD9CDA735C8CBDFF
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/vtLeVWlLPi-xFAWVU0VpABisBSs.roa
Signing time:             Fri 31 May 2024 06:38:27 +0000
ROA not before:           Fri 31 May 2024 06:38:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        85.203.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:36:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cd:5f:06:17:a4:9c:2b:eb:dd:9c:da:73:5c:8c:bd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: May 31 06:38:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bed2de55694b3e2fb11405955345690018ac052b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b4:4a:11:19:c6:d3:22:d3:54:71:11:d0:7d:
                    7f:75:f2:3f:ef:1a:19:2e:72:57:16:cc:c4:7e:88:
                    5f:39:3e:da:d9:40:e8:37:17:72:18:3d:9d:45:4e:
                    f1:a8:d9:09:0a:f9:0b:67:32:42:28:86:cb:aa:70:
                    2b:f4:35:74:86:80:39:6a:14:30:23:a5:45:3a:21:
                    e9:29:18:ec:5e:3c:9f:45:70:ab:33:58:40:0b:91:
                    0c:f8:02:65:6a:37:18:d4:3a:00:bf:a1:56:97:46:
                    49:a2:9e:2c:03:e6:78:ad:74:1c:7c:b7:f8:5a:87:
                    2c:cb:cb:19:46:4a:a4:7e:d6:44:b9:18:2f:81:bd:
                    53:eb:14:a6:bb:4d:61:a4:34:0a:85:bf:eb:6e:fd:
                    2e:2e:44:95:7e:c4:8b:a9:91:9e:0f:38:fb:74:21:
                    81:34:9b:ed:ee:82:f5:6e:16:43:af:3c:6a:38:ef:
                    04:53:61:20:86:7d:f0:3c:90:d7:dd:e8:b9:23:8c:
                    96:a6:7b:a9:81:2f:ae:8d:a9:ba:98:57:d9:a7:0a:
                    40:d2:ff:85:84:72:6f:01:6e:0d:cf:38:ee:77:e5:
                    5f:43:f9:cb:08:8a:5a:67:a7:b4:9d:e2:7f:25:63:
                    9c:95:88:41:7f:95:c3:0f:bd:d1:cd:54:28:37:3a:
                    88:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D2:DE:55:69:4B:3E:2F:B1:14:05:95:53:45:69:00:18:AC:05:2B
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/vtLeVWlLPi-xFAWVU0VpABisBSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:5c:77:84:f1:15:d5:b1:aa:fe:32:40:82:b5:cb:88:db:0e:
         1c:91:c4:2d:db:59:55:e1:8e:0e:2d:8c:78:65:c6:55:c7:1d:
         8d:d2:61:7d:ce:0d:ff:de:51:d8:29:bf:24:83:8a:b3:54:b3:
         0f:78:2b:85:77:e0:cc:37:c4:4a:09:d6:58:ed:84:87:e9:25:
         06:d5:35:fc:dd:37:b5:6f:44:1a:c7:0d:8e:c0:43:4f:78:2a:
         52:97:5b:6a:33:63:c5:68:34:aa:6f:92:29:e8:d5:af:46:f8:
         e2:4f:df:e5:57:cf:28:5c:c1:39:d5:e5:3d:5d:8f:38:da:f3:
         41:97:87:9a:4b:f0:61:2d:42:9e:95:70:a9:aa:e2:26:d2:29:
         d3:25:3d:f6:56:1d:84:72:c2:45:61:28:c4:da:0c:a0:af:bd:
         37:e3:32:95:75:6f:2e:a1:a5:c6:f0:ae:61:6f:bf:c4:ab:7b:
         60:a8:2c:04:f2:c6:4f:c6:db:3b:56:48:5d:68:b2:28:38:d8:
         e9:b8:c6:3d:c7:cf:8b:85:45:b2:9d:e3:8f:d3:4c:81:5a:e2:
         b9:40:88:f0:0b:8b:20:66:de:36:e6:40:5c:79:b2:b2:1b:4b:
         e7:e6:ce:6d:d6:09:da:88:54:67:e5:55:e8:45:e4:d2:27:3b:
         a4:c4:14:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/NXwYXpJwr692c2nNcjL3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwNTMxMDYzODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWQyZGU1NTY5NGIzZTJmYjExNDA1OTU1MzQ1NjkwMDE4YWMwNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rRKERnG0yLTVHER0H1/dfI/7xoZ
LnJXFszEfohfOT7a2UDoNxdyGD2dRU7xqNkJCvkLZzJCKIbLqnAr9DV0hoA5ahQw
I6VFOiHpKRjsXjyfRXCrM1hAC5EM+AJlajcY1DoAv6FWl0ZJop4sA+Z4rXQcfLf4
Wocsy8sZRkqkftZEuRgvgb1T6xSmu01hpDQKhb/rbv0uLkSVfsSLqZGeDzj7dCGB
NJvt7oL1bhZDrzxqOO8EU2Eghn3wPJDX3ei5I4yWpnupgS+ujam6mFfZpwpA0v+F
hHJvAW4Nzzjud+VfQ/nLCIpaZ6e0neJ/JWOclYhBf5XDD73RzVQoNzqIRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7S3lVpSz4vsRQFlVNFaQAYrAUrMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvdnRMZVZXbExQaS14RkFXVlUwVnBBQmlzQlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsnMA0G
CSqGSIb3DQEBCwUAA4IBAQAMXHeE8RXVsar+MkCCtcuI2w4ckcQt21lV4Y4OLYx4
ZcZVxx2N0mF9zg3/3lHYKb8kg4qzVLMPeCuFd+DMN8RKCdZY7YSH6SUG1TX83Te1
b0Qaxw2OwENPeCpSl1tqM2PFaDSqb5Ip6NWvRvjiT9/lV88oXME51eU9XY842vNB
l4eaS/BhLUKelXCpquIm0inTJT32Vh2EcsJFYSjE2gygr7034zKVdW8uoaXG8K5h
b7/Eq3tgqCwE8sZPxts7VkhdaLIoONjpuMY9x8+LhUWyneOP00yBWuK5QIjwC4sg
Zt425kBcebKyG0vn5s5t1gnaiFRn5VXoReTSJzukxBQT
-----END CERTIFICATE-----