Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/VNxKLLeO4MCfEGyXp2_wjGm4Bnk.roa
File:                     VNxKLLeO4MCfEGyXp2_wjGm4Bnk.roa (raw, json)
Hash identifier:          UXZ5z1mYeu8IXgXNww30xqrDce1snqZCWGjlMCmfL84=
Subject key identifier:   54:DC:4A:2C:B7:8E:E0:C0:9F:10:6C:97:A7:6F:F0:8C:69:B8:06:79
Certificate issuer:       /CN=f5a107f16bc6b00b764c39acfd633363646d5996
Certificate serial:       0192426FD828A80185A9E2BB53DC57AC2DD7
Authority key identifier: F5:A1:07:F1:6B:C6:B0:0B:76:4C:39:AC:FD:63:33:63:64:6D:59:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9aEH8WvGsAt2TDms_WMzY2RtWZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/VNxKLLeO4MCfEGyXp2_wjGm4Bnk.roa
Signing time:             Mon 30 Sep 2024 10:17:58 +0000
ROA not before:           Mon 30 Sep 2024 10:17:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.26.130.0/24 maxlen: 24
                          2001:678:7f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/9aEH8WvGsAt2TDms_WMzY2RtWZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/9aEH8WvGsAt2TDms_WMzY2RtWZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9aEH8WvGsAt2TDms_WMzY2RtWZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:6f:d8:28:a8:01:85:a9:e2:bb:53:dc:57:ac:2d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a107f16bc6b00b764c39acfd633363646d5996
        Validity
            Not Before: Sep 30 10:17:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54dc4a2cb78ee0c09f106c97a76ff08c69b80679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bc:ea:9f:98:79:83:e3:37:1e:36:ea:ce:98:
                    10:8b:80:d5:56:35:a8:45:ff:55:b4:0d:1d:17:eb:
                    23:30:ca:77:56:35:bb:77:0f:1d:7e:b4:1b:b3:92:
                    9b:70:b4:5a:d8:65:20:1a:bc:5d:68:89:8d:1b:4c:
                    64:85:22:e5:81:84:c6:42:83:03:6d:67:d9:04:5f:
                    d6:1e:75:e4:e0:5c:90:3c:26:89:4f:0a:10:8f:88:
                    8b:d7:5e:5a:52:68:ef:cc:15:90:76:71:92:45:46:
                    fd:48:b0:ad:6c:7b:5e:5d:60:4b:dc:d2:6b:3b:43:
                    78:d6:55:53:50:68:87:c7:b5:1a:4a:3c:03:08:20:
                    cf:8d:cb:68:b1:46:2b:c6:7e:3c:5c:86:7f:5e:dd:
                    0d:ba:4d:15:6b:de:60:7a:b8:d3:69:2e:5b:9a:b3:
                    75:16:aa:40:01:dc:d3:ff:17:57:5b:fe:c4:80:2b:
                    cf:25:6c:cf:b5:34:eb:85:a5:ba:c0:70:c6:7c:7e:
                    99:c3:38:77:5d:b7:e6:76:81:ea:e7:b3:27:46:d9:
                    0c:75:b1:43:cc:eb:e4:34:f2:9d:6c:e7:89:07:74:
                    58:88:33:de:2f:45:e6:90:b0:a4:bc:c2:c4:aa:96:
                    b1:c8:81:3a:19:cf:4a:81:80:49:37:b8:60:9b:ec:
                    a3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:DC:4A:2C:B7:8E:E0:C0:9F:10:6C:97:A7:6F:F0:8C:69:B8:06:79
            X509v3 Authority Key Identifier:
                keyid:F5:A1:07:F1:6B:C6:B0:0B:76:4C:39:AC:FD:63:33:63:64:6D:59:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9aEH8WvGsAt2TDms_WMzY2RtWZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/VNxKLLeO4MCfEGyXp2_wjGm4Bnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f0ba5e-6bb3-4858-8b2b-9f1cfb8d1428/1/9aEH8WvGsAt2TDms_WMzY2RtWZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.130.0/24
                IPv6:
                  2001:678:7f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:6a:b0:39:e4:73:48:cb:c4:fc:9b:72:78:0e:fd:5e:63:a0:
         ec:9b:8b:86:49:67:31:22:df:d9:66:e9:62:1e:de:ea:ac:93:
         50:86:4d:b0:2b:d7:70:79:2e:23:32:d4:1e:55:a5:f1:19:c7:
         87:53:81:44:0c:e5:38:36:0c:9b:07:b1:74:e4:1c:4d:54:3d:
         d2:12:f1:ee:5e:ac:6d:64:dc:ac:f3:de:ce:11:57:9c:f5:e8:
         08:a1:e4:36:91:51:68:bc:75:f6:19:02:9f:c6:63:e9:e3:de:
         31:6e:4b:57:85:d9:1e:e5:b0:72:20:16:e3:6a:3f:dc:0c:b3:
         5b:c1:e3:df:6c:b8:cc:02:97:39:55:25:6e:ae:90:bc:ce:c9:
         55:17:94:0c:d4:e9:04:39:85:5a:ed:a3:2f:7e:43:2b:36:ee:
         25:6b:df:2f:2e:b8:de:db:34:ca:77:94:43:5a:66:33:15:8e:
         b5:fd:d5:33:14:26:73:fa:dd:a5:92:50:a4:7d:f2:74:e2:f8:
         3e:0a:88:cd:e0:5b:78:83:f3:92:9d:12:27:47:89:c6:9a:91:
         97:82:07:d4:b2:fc:04:23:ea:58:9e:68:61:23:77:b7:6a:4b:
         ad:53:2e:1c:62:e0:3a:e5:05:a3:ae:a6:d5:ea:9d:f4:ac:bf:
         d3:8e:8b:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJCb9goqAGFqeK7U9xXrC3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YTEwN2YxNmJjNmIwMGI3NjRjMzlhY2ZkNjMzMzYzNjQ2
ZDU5OTYwHhcNMjQwOTMwMTAxNzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGRjNGEyY2I3OGVlMGMwOWYxMDZjOTdhNzZmZjA4YzY5YjgwNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrzqn5h5g+M3HjbqzpgQi4DVVjWo
Rf9VtA0dF+sjMMp3VjW7dw8dfrQbs5KbcLRa2GUgGrxdaImNG0xkhSLlgYTGQoMD
bWfZBF/WHnXk4FyQPCaJTwoQj4iL115aUmjvzBWQdnGSRUb9SLCtbHteXWBL3NJr
O0N41lVTUGiHx7UaSjwDCCDPjctosUYrxn48XIZ/Xt0Nuk0Va95gerjTaS5bmrN1
FqpAAdzT/xdXW/7EgCvPJWzPtTTrhaW6wHDGfH6Zwzh3XbfmdoHq57MnRtkMdbFD
zOvkNPKdbOeJB3RYiDPeL0XmkLCkvMLEqpaxyIE6Gc9KgYBJN7hgm+yjgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFTcSiy3juDAnxBsl6dv8IxpuAZ5MB8GA1UdIwQY
MBaAFPWhB/FrxrALdkw5rP1jM2NkbVmWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWFFSDhXdkdzQXQyVERtc19XTXpZMlJ0V1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMGJhNWUtNmJiMy00ODU4LThiMmIt
OWYxY2ZiOGQxNDI4LzEvVk54S0xMZU80TUNmRUd5WHAyX3dqR200Qm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMGJhNWUtNmJiMy00ODU4LThiMmItOWYxY2ZiOGQxNDI4
LzEvOWFFSDhXdkdzQXQyVERtc19XTXpZMlJ0V1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRqCMA8E
AgACMAkDBwAgAQZ4B/AwDQYJKoZIhvcNAQELBQADggEBAFlqsDnkc0jLxPybcngO
/V5joOybi4ZJZzEi39lm6WIe3uqsk1CGTbAr13B5LiMy1B5VpfEZx4dTgUQM5Tg2
DJsHsXTkHE1UPdIS8e5erG1k3Kzz3s4RV5z16Aih5DaRUWi8dfYZAp/GY+nj3jFu
S1eF2R7lsHIgFuNqP9wMs1vB499suMwClzlVJW6ukLzOyVUXlAzU6QQ5hVrtoy9+
Qys27iVr3y8uuN7bNMp3lENaZjMVjrX91TMUJnP63aWSUKR98nTi+D4KiM3gW3iD
85KdEidHicaakZeCB9Sy/AQj6lieaGEjd7dqS61TLhxi4DrlBaOuptXqnfSsv9OO
i+Q=
-----END CERTIFICATE-----