Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/vzv2_IPWTcI-SC77NR_Ebq2VV98.roa
File:                     vzv2_IPWTcI-SC77NR_Ebq2VV98.roa (raw, json)
Hash identifier:          JkF3PLSkxYNtD65F0FtbeMcCbVYCImsJXSWvo3hpI84=
Subject key identifier:   BF:3B:F6:FC:83:D6:4D:C2:3E:48:2E:FB:35:1F:C4:6E:AD:95:57:DF
Certificate issuer:       /CN=9b19758a087876816dc19361eaf1e9412de73f86
Certificate serial:       018CC5DC20817CFAE3C968BAC4C058127221
Authority key identifier: 9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/vzv2_IPWTcI-SC77NR_Ebq2VV98.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216120
IP address blocks:        185.150.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:81:7c:fa:e3:c9:68:ba:c4:c0:58:12:72:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b19758a087876816dc19361eaf1e9412de73f86
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf3bf6fc83d64dc23e482efb351fc46ead9557df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:81:ba:61:63:41:dd:65:c7:df:67:cf:d5:d2:
                    87:3b:19:c5:36:00:63:32:97:11:28:00:1b:80:ce:
                    75:fe:f1:c0:bb:da:d8:b0:3b:68:4a:fe:33:05:c3:
                    9c:4d:d3:2a:fc:c7:1f:6d:5d:38:2f:a6:eb:56:e8:
                    e3:66:f9:0b:97:d9:66:ff:5e:e9:67:2e:f5:48:b9:
                    f5:f5:f0:35:dc:80:50:6b:0e:95:0c:0f:0c:49:f0:
                    fb:f5:f3:d0:5c:1d:eb:79:8a:92:87:6d:63:28:00:
                    1f:5f:2a:6d:c1:98:73:6e:9e:62:2a:d4:05:55:47:
                    04:5a:e2:62:e5:76:e1:26:44:ed:ff:46:f5:22:c0:
                    08:b6:8d:6f:4b:88:f1:35:22:7a:33:7c:0c:91:95:
                    68:d1:4c:2e:0b:34:fa:a9:9f:11:8f:2b:e0:02:e5:
                    25:e2:42:9e:e5:17:27:bb:a1:9d:1a:28:a2:e6:76:
                    96:e7:58:96:dd:8d:fb:65:cf:17:7f:13:99:38:02:
                    fc:ba:e1:8c:74:26:93:30:ee:ec:4a:e8:c6:ec:bb:
                    e8:62:89:ae:76:a3:ae:8a:bf:7e:94:c2:91:e7:98:
                    a8:2e:6a:8a:99:7f:5c:c2:b7:9d:7a:10:6b:1d:01:
                    41:52:2a:ca:1a:53:c7:5b:f1:fa:d5:90:bd:68:58:
                    50:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3B:F6:FC:83:D6:4D:C2:3E:48:2E:FB:35:1F:C4:6E:AD:95:57:DF
            X509v3 Authority Key Identifier:
                keyid:9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/vzv2_IPWTcI-SC77NR_Ebq2VV98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c2:71:d8:f5:1b:91:77:43:2c:ac:10:7a:30:3b:f7:7e:d3:
         8b:9c:46:fc:d4:b8:8a:9b:ac:5d:68:f4:4f:d7:d4:02:0b:a2:
         58:db:78:04:ef:7e:6a:07:4f:2e:b2:6b:b3:ae:4a:1e:bf:55:
         31:10:0a:69:9d:2b:9f:bb:e7:32:5d:c6:c1:65:48:f7:c8:76:
         4b:d3:9d:e3:cf:3a:48:c1:84:51:67:52:e3:80:91:d7:3c:49:
         65:15:d5:9c:bc:cf:a3:6f:78:5b:9c:52:be:01:95:62:43:0d:
         7c:e9:e7:8c:83:7b:30:78:1f:f8:ee:8b:77:2b:75:03:50:39:
         2c:74:2f:12:79:fd:3a:2d:d8:c0:cf:a0:14:6d:a8:d9:64:c6:
         03:b9:1f:7e:4d:44:55:3e:53:d6:41:b2:a6:15:be:eb:5a:1a:
         11:ad:96:f7:58:d6:c4:62:d5:6e:17:41:e2:e7:1b:32:77:7b:
         76:93:30:f3:c5:b2:be:91:36:f1:84:34:1e:48:bf:5d:c2:0a:
         6e:29:8a:e0:d3:24:0e:15:99:cd:b7:8f:86:2c:54:9c:e5:10:
         42:d7:0f:36:d4:81:a6:6f:56:04:27:91:99:14:6c:6c:a1:a8:
         30:72:e6:c3:11:85:8d:46:81:df:93:11:97:cb:bc:42:6c:07:
         02:f4:a3:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CCBfPrjyWi6xMBYEnIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTk3NThhMDg3ODc2ODE2ZGMxOTM2MWVhZjFlOTQxMmRl
NzNmODYwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjNiZjZmYzgzZDY0ZGMyM2U0ODJlZmIzNTFmYzQ2ZWFkOTU1N2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4G6YWNB3WXH32fP1dKHOxnFNgBj
MpcRKAAbgM51/vHAu9rYsDtoSv4zBcOcTdMq/McfbV04L6brVujjZvkLl9lm/17p
Zy71SLn19fA13IBQaw6VDA8MSfD79fPQXB3reYqSh21jKAAfXyptwZhzbp5iKtQF
VUcEWuJi5XbhJkTt/0b1IsAIto1vS4jxNSJ6M3wMkZVo0UwuCzT6qZ8RjyvgAuUl
4kKe5Rcnu6GdGiii5naW51iW3Y37Zc8XfxOZOAL8uuGMdCaTMO7sSujG7LvoYomu
dqOuir9+lMKR55ioLmqKmX9cwredehBrHQFBUirKGlPHW/H61ZC9aFhQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL879vyD1k3CPkgu+zUfxG6tlVffMB8GA1UdIwQY
MBaAFJsZdYoIeHaBbcGTYerx6UEt5z+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTkt
NDEzZGE2NjdhOGJlLzEvdnp2Ml9JUFdUY0ktU0M3N05SX0VicTJWVjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTktNDEzZGE2NjdhOGJl
LzEvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZYTMA0G
CSqGSIb3DQEBCwUAA4IBAQBJwnHY9RuRd0MsrBB6MDv3ftOLnEb81LiKm6xdaPRP
19QCC6JY23gE735qB08usmuzrkoev1UxEAppnSufu+cyXcbBZUj3yHZL053jzzpI
wYRRZ1LjgJHXPEllFdWcvM+jb3hbnFK+AZViQw186eeMg3sweB/47ot3K3UDUDks
dC8Sef06LdjAz6AUbajZZMYDuR9+TURVPlPWQbKmFb7rWhoRrZb3WNbEYtVuF0Hi
5xsyd3t2kzDzxbK+kTbxhDQeSL9dwgpuKYrg0yQOFZnNt4+GLFSc5RBC1w821IGm
b1YEJ5GZFGxsoagwcubDEYWNRoHfkxGXy7xCbAcC9KOe
-----END CERTIFICATE-----