Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/vXL-lHo8q8nNgnQNPYdQP8pqfOE.roa
File:                     vXL-lHo8q8nNgnQNPYdQP8pqfOE.roa (raw, json)
Hash identifier:          YkEfby5Im9io8yc0AvC+uGPM/C3DrFMsWsCKtnPhiAY=
Subject key identifier:   BD:72:FE:94:7A:3C:AB:C9:CD:82:74:0D:3D:87:50:3F:CA:6A:7C:E1
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       01934FD4DC3BED9DE2654EEF7665C1960BBA
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/vXL-lHo8q8nNgnQNPYdQP8pqfOE.roa
Signing time:             Thu 21 Nov 2024 17:46:10 +0000
ROA not before:           Thu 21 Nov 2024 17:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273133
IP address blocks:        185.217.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:d4:dc:3b:ed:9d:e2:65:4e:ef:76:65:c1:96:0b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Nov 21 17:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd72fe947a3cabc9cd82740d3d87503fca6a7ce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:99:61:c5:69:9f:61:d6:0a:3a:1e:0f:0a:6d:
                    ec:f4:0a:36:1e:37:1e:9f:71:d9:08:ad:a1:51:7f:
                    c7:ff:c5:97:59:02:97:4c:c6:09:db:96:6a:0b:b4:
                    11:4f:e7:5e:3c:c2:6d:96:28:37:ce:2f:62:4b:08:
                    ac:94:65:33:c5:89:e0:80:b4:40:58:22:d8:e9:5f:
                    bb:d0:47:62:53:9d:98:6d:25:52:c5:d0:74:7f:a7:
                    71:ec:d3:35:da:2b:d8:86:5b:95:d6:37:34:29:79:
                    60:d8:0b:d7:f8:3d:47:60:df:b6:b1:b6:1e:d3:a1:
                    01:1d:9c:ac:ff:62:fa:4d:8c:52:d0:e4:db:69:a2:
                    0d:6e:c8:fc:94:92:1a:da:48:d8:b2:be:24:ca:66:
                    9e:7d:1a:d7:50:f8:94:7b:69:8d:a1:9b:f5:18:22:
                    5a:1b:9c:3a:66:56:95:99:80:5b:49:ea:4e:24:c4:
                    d8:96:c2:1d:11:0c:9b:05:48:0d:d6:26:1e:ed:46:
                    31:62:ad:8a:b4:c6:1f:56:6a:bd:67:b2:8f:8a:77:
                    f1:f0:ea:63:ba:5e:de:25:3d:90:0d:38:4f:f7:10:
                    5c:77:ef:5d:9c:c5:9c:27:2c:61:9d:ee:60:e1:ca:
                    56:8e:f8:3f:af:ef:eb:da:9f:af:28:33:6c:aa:12:
                    34:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:72:FE:94:7A:3C:AB:C9:CD:82:74:0D:3D:87:50:3F:CA:6A:7C:E1
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/vXL-lHo8q8nNgnQNPYdQP8pqfOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:68:fb:f3:40:65:70:1d:3f:94:c5:cd:3a:d4:d2:20:95:99:
         0d:9d:4e:6f:52:af:08:ee:7a:85:e3:8b:32:e6:59:43:57:24:
         fb:20:34:20:ac:70:b2:32:8f:db:5c:73:49:a7:66:13:8e:33:
         88:22:0e:6d:74:f3:ea:93:66:9a:bc:f7:4c:29:7b:2a:23:ea:
         8a:22:f2:f3:9c:7b:5b:df:99:78:dd:2c:5c:86:6e:c7:01:20:
         d7:78:1b:86:9a:a0:2c:22:98:75:4f:f9:49:42:27:23:9e:d8:
         78:72:a8:5d:85:b3:42:c2:c5:be:20:31:39:da:5d:b3:fd:47:
         57:25:1e:fc:64:5c:ba:3e:ab:da:1d:e3:30:d6:85:13:18:9b:
         07:a3:e7:6b:37:ea:bf:87:41:47:ca:29:96:29:0f:f8:b2:4e:
         75:8c:14:a2:13:73:4c:20:fb:88:f9:bc:f4:20:6c:d8:04:5e:
         e6:aa:20:82:a0:14:29:5a:e8:e4:89:fc:cc:94:c4:86:8b:ba:
         b6:55:de:af:21:72:10:d2:28:0b:13:b1:43:93:58:5d:c6:6a:
         e8:e0:d2:df:73:5d:49:ba:e2:bc:d8:81:1c:0d:2b:72:b8:7d:
         ea:0f:f4:0c:8e:b1:0f:29:12:0a:68:8b:56:93:da:1a:ab:16:
         8c:d8:f9:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNP1Nw77Z3iZU7vdmXBlgu6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjQxMTIxMTc0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDcyZmU5NDdhM2NhYmM5Y2Q4Mjc0MGQzZDg3NTAzZmNhNmE3Y2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmplhxWmfYdYKOh4PCm3s9Ao2Hjce
n3HZCK2hUX/H/8WXWQKXTMYJ25ZqC7QRT+dePMJtlig3zi9iSwislGUzxYnggLRA
WCLY6V+70EdiU52YbSVSxdB0f6dx7NM12ivYhluV1jc0KXlg2AvX+D1HYN+2sbYe
06EBHZys/2L6TYxS0OTbaaINbsj8lJIa2kjYsr4kymaefRrXUPiUe2mNoZv1GCJa
G5w6ZlaVmYBbSepOJMTYlsIdEQybBUgN1iYe7UYxYq2KtMYfVmq9Z7KPinfx8Opj
ul7eJT2QDThP9xBcd+9dnMWcJyxhne5g4cpWjvg/r+/r2p+vKDNsqhI00wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1y/pR6PKvJzYJ0DT2HUD/KanzhMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvdlhMLWxIbzhxOG5OZ25RTlBZZFFQOHBxZk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudnYMA0G
CSqGSIb3DQEBCwUAA4IBAQCsaPvzQGVwHT+Uxc061NIglZkNnU5vUq8I7nqF44sy
5llDVyT7IDQgrHCyMo/bXHNJp2YTjjOIIg5tdPPqk2aavPdMKXsqI+qKIvLznHtb
35l43Sxchm7HASDXeBuGmqAsIph1T/lJQicjnth4cqhdhbNCwsW+IDE52l2z/UdX
JR78ZFy6PqvaHeMw1oUTGJsHo+drN+q/h0FHyimWKQ/4sk51jBSiE3NMIPuI+bz0
IGzYBF7mqiCCoBQpWujkifzMlMSGi7q2Vd6vIXIQ0igLE7FDk1hdxmro4NLfc11J
uuK82IEcDStyuH3qD/QMjrEPKRIKaItWk9oaqxaM2Ply
-----END CERTIFICATE-----