Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/vYSgOCtKsAf5Dd6jyqneYyZYMJc.roa
File:                     vYSgOCtKsAf5Dd6jyqneYyZYMJc.roa (raw, json)
Hash identifier:          4o42a0loFeLdB3Q5nW3ECltrmhHVEujkp4BEkPDNM/8=
Subject key identifier:   BD:84:A0:38:2B:4A:B0:07:F9:0D:DE:A3:CA:A9:DE:63:26:58:30:97
Certificate issuer:       /CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
Certificate serial:       018CC3B70605A057D4540D7DBAAABDDA3DBE
Authority key identifier: 2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/vYSgOCtKsAf5Dd6jyqneYyZYMJc.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49792
IP address blocks:        185.103.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 00:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:06:05:a0:57:d4:54:0d:7d:ba:aa:bd:da:3d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6a434c4b5d239c4e6e41b7e585c8d58f8995ab
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd84a0382b4ab007f90ddea3caa9de6326583097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:29:81:18:7a:b3:96:98:33:3b:37:cf:1a:8e:
                    27:09:ce:02:4c:e4:ae:42:d8:3d:d7:b8:c2:17:4a:
                    b8:66:a3:8a:7b:d3:11:a2:34:6c:b0:5d:de:8a:7d:
                    6c:89:e7:5c:e3:7c:86:c2:39:5d:8a:03:f0:e9:37:
                    a7:4f:97:79:37:b0:2b:f5:7c:51:5a:40:3e:f2:b0:
                    9e:83:dd:b9:bc:8f:43:2b:d1:dc:78:af:13:71:41:
                    f4:46:d9:47:60:ac:fc:54:f6:da:6f:1c:23:b3:0d:
                    96:b5:7b:17:69:d2:e6:86:3d:77:5b:96:c7:42:31:
                    f1:a9:20:65:be:01:0f:34:8b:bb:b3:1d:00:3b:30:
                    ff:c6:c6:76:d1:92:41:20:02:19:59:25:d9:b0:d2:
                    89:b8:76:f9:25:cd:d0:7d:8c:ea:65:d4:94:5e:9f:
                    c6:c6:3d:07:b6:ec:fe:8d:72:f1:2c:55:32:5b:38:
                    49:7d:2b:7d:9a:91:38:99:fd:ad:d5:35:d5:1e:2a:
                    25:3e:47:12:3b:38:bc:4f:f1:d1:9f:73:46:49:6e:
                    c7:5f:42:c3:7a:f0:ae:3a:64:24:af:38:e5:e9:8f:
                    00:8b:cf:59:d0:82:cc:0b:02:b8:c7:90:35:9e:c7:
                    e1:c7:33:b8:f2:fa:20:c1:bb:68:4f:cd:06:8c:ea:
                    53:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:84:A0:38:2B:4A:B0:07:F9:0D:DE:A3:CA:A9:DE:63:26:58:30:97
            X509v3 Authority Key Identifier:
                keyid:2F:6A:43:4C:4B:5D:23:9C:4E:6E:41:B7:E5:85:C8:D5:8F:89:95:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L2pDTEtdI5xObkG35YXI1Y-Jlas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/vYSgOCtKsAf5Dd6jyqneYyZYMJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/98abe5-bd01-464f-96ab-40b6d67fcd94/1/L2pDTEtdI5xObkG35YXI1Y-Jlas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:09:48:4a:90:f0:52:9e:3a:c2:d1:ab:5d:57:88:66:8d:d2:
         44:4f:71:d3:44:cb:65:1f:e6:14:f9:c2:cb:be:b2:af:d4:54:
         22:53:8f:f5:3c:09:82:b3:7b:0d:7d:c0:ba:65:b4:0e:d0:99:
         59:7d:2d:d0:78:37:01:a8:fd:55:f8:1b:f7:00:fc:59:7c:f0:
         b4:15:80:83:ca:17:9d:83:40:3c:69:2b:ce:93:fc:4d:a9:b9:
         0f:53:1d:6d:8e:e1:6c:fa:68:38:a8:c2:14:89:0a:25:d5:e7:
         f7:91:b8:f3:34:16:cb:66:2f:42:55:0e:aa:f0:97:bd:27:85:
         af:f8:47:cb:6c:65:87:07:9e:85:04:d4:86:84:1b:ae:09:1b:
         06:bd:72:91:1e:b6:4b:88:f5:ce:cc:b0:0e:38:74:f7:4b:b9:
         2c:26:77:5c:dc:9b:40:dd:6f:7c:e4:20:c0:23:9d:57:53:b0:
         4d:99:50:bc:1f:27:4c:6f:de:50:64:6a:9c:cd:df:ed:e4:8b:
         97:cb:2b:28:c7:70:fa:4b:7f:7b:1e:85:84:d4:12:4e:03:b7:
         22:b0:5c:50:0f:da:59:63:08:09:e9:30:fc:ce:05:5a:90:39:
         e7:82:59:06:de:be:04:15:dd:2a:2a:63:09:ed:ef:39:7b:37:
         52:47:b1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwYFoFfUVA19uqq92j2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmE0MzRjNGI1ZDIzOWM0ZTZlNDFiN2U1ODVjOGQ1OGY4
OTk1YWIwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg0YTAzODJiNGFiMDA3ZjkwZGRlYTNjYWE5ZGU2MzI2NTgzMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CmBGHqzlpgzOzfPGo4nCc4CTOSu
Qtg917jCF0q4ZqOKe9MRojRssF3ein1siedc43yGwjldigPw6TenT5d5N7Ar9XxR
WkA+8rCeg925vI9DK9HceK8TcUH0RtlHYKz8VPbabxwjsw2WtXsXadLmhj13W5bH
QjHxqSBlvgEPNIu7sx0AOzD/xsZ20ZJBIAIZWSXZsNKJuHb5Jc3QfYzqZdSUXp/G
xj0Htuz+jXLxLFUyWzhJfSt9mpE4mf2t1TXVHiolPkcSOzi8T/HRn3NGSW7HX0LD
evCuOmQkrzjl6Y8Ai89Z0ILMCwK4x5A1nsfhxzO48vogwbtoT80GjOpTIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2EoDgrSrAH+Q3eo8qp3mMmWDCXMB8GA1UdIwQY
MBaAFC9qQ0xLXSOcTm5Bt+WFyNWPiZWrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWIt
NDBiNmQ2N2ZjZDk0LzEvdllTZ09DdEtzQWY1RGQ2anlxbmVZeVpZTUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85OGFiZTUtYmQwMS00NjRmLTk2YWItNDBiNmQ2N2ZjZDk0
LzEvTDJwRFRFdGRJNXhPYmtHMzVZWEkxWS1KbGFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWdUMA0G
CSqGSIb3DQEBCwUAA4IBAQBHCUhKkPBSnjrC0atdV4hmjdJET3HTRMtlH+YU+cLL
vrKv1FQiU4/1PAmCs3sNfcC6ZbQO0JlZfS3QeDcBqP1V+Bv3APxZfPC0FYCDyhed
g0A8aSvOk/xNqbkPUx1tjuFs+mg4qMIUiQol1ef3kbjzNBbLZi9CVQ6q8Je9J4Wv
+EfLbGWHB56FBNSGhBuuCRsGvXKRHrZLiPXOzLAOOHT3S7ksJndc3JtA3W985CDA
I51XU7BNmVC8HydMb95QZGqczd/t5IuXyysox3D6S397HoWE1BJOA7cisFxQD9pZ
YwgJ6TD8zgVakDnnglkG3r4EFd0qKmMJ7e85ezdSR7Fc
-----END CERTIFICATE-----