Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/vfbOVHxNUFn2HxC9SrEA2opRG0I.roa
File:                     vfbOVHxNUFn2HxC9SrEA2opRG0I.roa (raw, json)
Hash identifier:          bjQPu55S6eU3TJTm3ciFgD9B21NJZm06I5T7NUiDXzc=
Subject key identifier:   BD:F6:CE:54:7C:4D:50:59:F6:1F:10:BD:4A:B1:00:DA:8A:51:1B:42
Certificate issuer:       /CN=47e42233ed630b0b89f52c077ff0d5c2b37d4dfa
Certificate serial:       018CC26D355DA28A169967D3D8160B00D151
Authority key identifier: 47:E4:22:33:ED:63:0B:0B:89:F5:2C:07:7F:F0:D5:C2:B3:7D:4D:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/vfbOVHxNUFn2HxC9SrEA2opRG0I.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47374
IP address blocks:        185.219.69.0/24 maxlen: 24
                          185.219.68.0/22 maxlen: 22
                          185.219.68.0/24 maxlen: 24
                          185.219.71.0/24 maxlen: 24
                          185.219.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:35:5d:a2:8a:16:99:67:d3:d8:16:0b:00:d1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e42233ed630b0b89f52c077ff0d5c2b37d4dfa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdf6ce547c4d5059f61f10bd4ab100da8a511b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a3:fc:13:5b:bd:97:bc:f3:55:77:d0:ab:3a:
                    62:3e:7d:c0:c9:96:3c:8c:d5:08:c5:b8:78:69:b8:
                    88:3e:e2:97:2e:9a:50:a0:70:39:42:83:e6:ad:3f:
                    d7:a5:9f:9d:51:f5:aa:cf:10:3a:0e:d4:60:92:d4:
                    0b:7b:59:27:48:b8:8a:4a:93:40:e2:4b:03:a9:f8:
                    1d:b1:9c:03:c2:c4:55:3d:6e:40:ef:35:4f:c8:dd:
                    ba:95:3c:04:7a:6e:0a:a6:df:6e:1d:1e:9f:f2:64:
                    0d:3e:1f:bb:21:75:a9:8f:ef:b7:c8:78:29:46:d9:
                    c5:33:e8:d7:dd:21:9c:db:24:87:31:4a:25:d2:0d:
                    bb:da:e3:87:22:55:7e:e8:01:a3:f5:96:29:6f:14:
                    48:87:76:6c:6d:58:31:e2:ea:73:d2:41:89:27:89:
                    de:fc:ba:b2:b6:5a:dc:21:86:db:da:86:7c:60:f4:
                    fa:76:6d:66:3c:3e:91:1f:6a:0f:f3:66:76:a4:99:
                    26:03:33:9a:c2:ef:8b:a4:08:21:a5:a1:a8:79:90:
                    79:fa:72:86:53:37:dd:85:94:29:6b:b1:3e:26:26:
                    c5:2d:64:48:fa:ba:0d:cd:5d:09:dc:cc:a9:52:91:
                    a0:d0:84:98:79:e9:c4:df:35:9a:ef:c0:72:ac:65:
                    41:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F6:CE:54:7C:4D:50:59:F6:1F:10:BD:4A:B1:00:DA:8A:51:1B:42
            X509v3 Authority Key Identifier:
                keyid:47:E4:22:33:ED:63:0B:0B:89:F5:2C:07:7F:F0:D5:C2:B3:7D:4D:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/vfbOVHxNUFn2HxC9SrEA2opRG0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e94817-f259-4ffa-9ba3-7eb95cc0f749/1/R-QiM-1jCwuJ9SwHf_DVwrN9Tfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:0a:8d:3d:93:f6:e9:f0:b0:17:01:55:07:0e:f1:73:0b:af:
         96:34:86:9b:9e:f8:ac:f4:02:38:61:cf:47:ea:eb:a5:91:af:
         f9:90:8a:0d:5d:ad:3a:3e:e4:0d:6a:a6:74:e0:ec:70:6a:a5:
         d4:c1:a3:21:dc:36:6f:69:c4:e1:f5:1b:89:26:3b:76:2d:76:
         b2:e1:dc:06:61:25:03:cd:8d:d7:36:98:92:7c:9d:f7:f3:d0:
         03:e8:e6:33:d5:e4:8d:0c:61:fc:13:02:51:7c:c7:f8:f6:e7:
         a0:f6:12:ac:f1:5d:d0:df:fd:6a:0f:60:27:bb:0e:a7:29:d2:
         75:b2:11:27:74:30:cd:c5:68:f3:57:fa:84:67:64:08:34:25:
         a1:b1:f7:71:74:dd:d0:df:20:d9:5b:6c:77:f3:81:2e:36:c4:
         23:4a:61:be:51:21:f8:77:25:63:37:18:5f:89:59:8c:39:be:
         c6:ba:5b:09:41:88:a1:07:55:99:08:bd:d1:71:c1:03:2b:79:
         01:d5:f6:02:da:de:a4:bc:1b:f7:4d:e8:5f:6e:7f:e5:46:5b:
         d8:01:ae:dd:9c:19:a9:fc:da:56:71:f8:d4:3d:88:d1:83:08:
         0c:46:3f:31:aa:fe:97:1d:84:f7:9e:37:2b:93:4d:98:1f:c2:
         18:1f:1c:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTVdoooWmWfT2BYLANFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTQyMjMzZWQ2MzBiMGI4OWY1MmMwNzdmZjBkNWMyYjM3
ZDRkZmEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY2Y2U1NDdjNGQ1MDU5ZjYxZjEwYmQ0YWIxMDBkYThhNTExYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6P8E1u9l7zzVXfQqzpiPn3AyZY8
jNUIxbh4abiIPuKXLppQoHA5QoPmrT/XpZ+dUfWqzxA6DtRgktQLe1knSLiKSpNA
4ksDqfgdsZwDwsRVPW5A7zVPyN26lTwEem4Kpt9uHR6f8mQNPh+7IXWpj++3yHgp
RtnFM+jX3SGc2ySHMUol0g272uOHIlV+6AGj9ZYpbxRIh3ZsbVgx4upz0kGJJ4ne
/LqytlrcIYbb2oZ8YPT6dm1mPD6RH2oP82Z2pJkmAzOawu+LpAghpaGoeZB5+nKG
UzfdhZQpa7E+JibFLWRI+roNzV0J3MypUpGg0ISYeenE3zWa78ByrGVBzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL32zlR8TVBZ9h8QvUqxANqKURtCMB8GA1UdIwQY
MBaAFEfkIjPtYwsLifUsB3/w1cKzfU36MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1RaU0tMWpDd3VKOVN3SGZfRFZ3ck45VGZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lOTQ4MTctZjI1OS00ZmZhLTliYTMt
N2ViOTVjYzBmNzQ5LzEvdmZiT1ZIeE5VRm4ySHhDOVNyRUEyb3BSRzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lOTQ4MTctZjI1OS00ZmZhLTliYTMtN2ViOTVjYzBmNzQ5
LzEvUi1RaU0tMWpDd3VKOVN3SGZfRFZ3ck45VGZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudtEMA0G
CSqGSIb3DQEBCwUAA4IBAQBpCo09k/bp8LAXAVUHDvFzC6+WNIabnvis9AI4Yc9H
6uulka/5kIoNXa06PuQNaqZ04OxwaqXUwaMh3DZvacTh9RuJJjt2LXay4dwGYSUD
zY3XNpiSfJ3389AD6OYz1eSNDGH8EwJRfMf49ueg9hKs8V3Q3/1qD2Anuw6nKdJ1
shEndDDNxWjzV/qEZ2QINCWhsfdxdN3Q3yDZW2x384EuNsQjSmG+USH4dyVjNxhf
iVmMOb7GulsJQYihB1WZCL3RccEDK3kB1fYC2t6kvBv3Tehfbn/lRlvYAa7dnBmp
/NpWcfjUPYjRgwgMRj8xqv6XHYT3njcrk02YH8IYHxzZ
-----END CERTIFICATE-----