Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vQBTGOlJZHVCuaz38Dx3y1bXJLc.roa
File:                     vQBTGOlJZHVCuaz38Dx3y1bXJLc.roa (raw, json)
Hash identifier:          +vUOZ4uQbSTG97BrVtnyolsIa5Z/u0Ewb3XZNoii7fw=
Subject key identifier:   BD:00:53:18:E9:49:64:75:42:B9:AC:F7:F0:3C:77:CB:56:D7:24:B7
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0F99B608836DD71D5F8868E14C12
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vQBTGOlJZHVCuaz38Dx3y1bXJLc.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48020
IP address blocks:        89.45.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:99:b6:08:83:6d:d7:1d:5f:88:68:e1:4c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd005318e949647542b9acf7f03c77cb56d724b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:65:2c:47:32:6c:85:7f:7a:51:f7:be:69:d6:
                    eb:ef:df:0a:db:a9:0b:00:e5:f7:b5:b6:ed:a0:dd:
                    49:82:11:f6:8e:61:9d:bc:cd:35:94:9c:0e:10:43:
                    44:01:2b:6c:2b:ae:87:b3:c9:e5:85:da:a9:3c:e1:
                    0a:02:98:81:7a:3f:aa:56:3d:fb:01:ac:10:92:73:
                    42:55:e8:5b:e1:0e:25:c9:a1:98:2e:91:cd:a0:51:
                    d4:ab:1e:ca:9d:77:bf:fd:b4:36:a9:c7:78:c2:0f:
                    7f:71:10:88:3a:41:d8:39:d5:34:b1:a6:8e:dc:54:
                    04:c2:3a:c5:c6:17:7c:62:16:83:00:26:3a:70:19:
                    f7:db:78:d8:07:1b:b2:31:be:4d:be:d4:cf:81:79:
                    42:55:4e:af:cb:c2:dc:6c:5a:17:5d:10:4d:fa:89:
                    fd:b9:1d:ac:cb:6c:a2:db:04:28:aa:43:fa:c4:1e:
                    66:e6:65:89:2e:0c:c9:36:1a:70:9a:e8:60:c6:4a:
                    70:81:fa:c7:29:13:e4:d8:ca:22:69:e0:bf:dc:d5:
                    fd:21:f7:5e:6a:ac:5f:37:91:f2:49:16:3c:32:84:
                    5f:da:a7:a5:3c:0b:9a:53:44:06:40:94:03:b9:72:
                    e5:71:22:70:83:8a:98:a1:62:2c:99:5e:cd:07:54:
                    2e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:00:53:18:E9:49:64:75:42:B9:AC:F7:F0:3C:77:CB:56:D7:24:B7
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/vQBTGOlJZHVCuaz38Dx3y1bXJLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:8a:09:b0:84:99:75:83:c7:75:8d:f6:94:8a:e7:13:b8:10:
         08:25:30:91:9f:50:d4:32:02:b5:85:80:4d:25:28:d0:b9:35:
         79:30:c8:83:b2:a1:84:02:7a:1f:5d:21:17:c4:f7:80:91:6c:
         1a:94:e9:ca:ec:e8:5d:ae:d4:ca:79:c1:ac:81:81:a5:5e:91:
         c6:84:63:34:66:9f:f5:b2:06:06:a1:76:10:05:57:ab:5f:96:
         5e:bb:32:b6:15:d7:90:89:4b:42:74:8d:65:46:11:10:cf:89:
         ee:e3:13:5d:20:6e:f4:49:51:de:1e:1c:0e:1b:5e:eb:fb:37:
         f7:77:0b:19:0d:32:1d:a8:c2:6a:e1:ef:46:fa:01:f1:f5:8c:
         43:2f:db:c8:06:a6:ed:11:87:e7:71:08:69:e1:bd:30:75:ca:
         fd:40:54:ff:fd:68:32:be:0c:e3:4a:68:5b:eb:ef:1a:f4:d2:
         e9:79:e2:52:7c:b1:cc:da:34:02:a8:16:45:fe:8c:91:0b:8b:
         2d:05:dc:40:78:d3:5e:f5:b5:4f:90:23:f1:78:04:9a:2f:23:
         2c:f1:e4:9f:2a:a0:e9:e9:a2:0b:3c:3e:82:af:b7:24:ca:c0:
         e2:14:06:2c:ec:e7:06:d2:5b:07:12:43:e4:29:45:47:51:ac:
         eb:ea:87:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg+ZtgiDbdcdX4ho4UwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDAwNTMxOGU5NDk2NDc1NDJiOWFjZjdmMDNjNzdjYjU2ZDcyNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2UsRzJshX96Ufe+adbr798K26kL
AOX3tbbtoN1JghH2jmGdvM01lJwOEENEAStsK66Hs8nlhdqpPOEKApiBej+qVj37
AawQknNCVehb4Q4lyaGYLpHNoFHUqx7KnXe//bQ2qcd4wg9/cRCIOkHYOdU0saaO
3FQEwjrFxhd8YhaDACY6cBn323jYBxuyMb5NvtTPgXlCVU6vy8LcbFoXXRBN+on9
uR2sy2yi2wQoqkP6xB5m5mWJLgzJNhpwmuhgxkpwgfrHKRPk2MoiaeC/3NX9Ifde
aqxfN5HySRY8MoRf2qelPAuaU0QGQJQDuXLlcSJwg4qYoWIsmV7NB1QuAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0AUxjpSWR1Qrms9/A8d8tW1yS3MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdlFCVEdPbEpaSFZDdWF6MzhEeDN5MWJYSkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS3QMA0G
CSqGSIb3DQEBCwUAA4IBAQC9igmwhJl1g8d1jfaUiucTuBAIJTCRn1DUMgK1hYBN
JSjQuTV5MMiDsqGEAnofXSEXxPeAkWwalOnK7OhdrtTKecGsgYGlXpHGhGM0Zp/1
sgYGoXYQBVerX5ZeuzK2FdeQiUtCdI1lRhEQz4nu4xNdIG70SVHeHhwOG17r+zf3
dwsZDTIdqMJq4e9G+gHx9YxDL9vIBqbtEYfncQhp4b0wdcr9QFT//WgyvgzjSmhb
6+8a9NLpeeJSfLHM2jQCqBZF/oyRC4stBdxAeNNe9bVPkCPxeASaLyMs8eSfKqDp
6aILPD6Cr7ckysDiFAYs7OcG0lsHEkPkKUVHUazr6odg
-----END CERTIFICATE-----