Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/vYujAm0GTTMu5nxMyzvZIetpjH8.roa
File:                     vYujAm0GTTMu5nxMyzvZIetpjH8.roa (raw, json)
Hash identifier:          whnAkLbxuvT16RYWTvmize9sMISE/swDlxbAnZUNL3o=
Subject key identifier:   BD:8B:A3:02:6D:06:4D:33:2E:E6:7C:4C:CB:3B:D9:21:EB:69:8C:7F
Certificate issuer:       /CN=7e86dcde711d545353974b33955108d9df40b6e9
Certificate serial:       018CC802592591F61FD0E9F33BF923A6647F
Authority key identifier: 7E:86:DC:DE:71:1D:54:53:53:97:4B:33:95:51:08:D9:DF:40:B6:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fobc3nEdVFNTl0szlVEI2d9Atuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/vYujAm0GTTMu5nxMyzvZIetpjH8.roa
Signing time:             Tue 02 Jan 2024 02:30:46 +0000
ROA not before:           Tue 02 Jan 2024 02:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199803
IP address blocks:        185.138.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/fobc3nEdVFNTl0szlVEI2d9Atuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/fobc3nEdVFNTl0szlVEI2d9Atuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fobc3nEdVFNTl0szlVEI2d9Atuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:59:25:91:f6:1f:d0:e9:f3:3b:f9:23:a6:64:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e86dcde711d545353974b33955108d9df40b6e9
        Validity
            Not Before: Jan  2 02:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd8ba3026d064d332ee67c4ccb3bd921eb698c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:23:d5:ce:26:f9:60:7c:bc:ea:0c:77:ce:5e:
                    55:6f:c2:18:36:71:fe:92:ac:94:68:6a:8b:fa:d2:
                    80:8b:c7:8f:bd:48:2b:63:db:9b:11:67:1c:07:b8:
                    9e:92:b2:e8:8b:c7:c7:e5:37:d0:2a:ad:bb:1f:23:
                    94:2d:b1:a7:e4:b2:eb:32:3b:c8:fc:71:50:ed:a9:
                    39:b3:f2:26:7e:72:30:eb:d6:e0:b6:65:4d:5d:da:
                    d9:e3:27:64:24:9d:b7:99:e0:cd:34:ee:02:ab:8f:
                    22:cb:d7:40:e3:4f:b3:17:c2:5d:79:c6:9a:67:f3:
                    e9:a7:5a:70:8c:46:a5:f9:b9:57:2f:f1:8e:96:2b:
                    9f:52:7d:ef:ad:50:42:11:df:0b:77:25:dd:7f:34:
                    82:b2:e6:de:ed:9a:c3:b1:f6:9c:17:1f:5f:21:1d:
                    80:8d:c3:84:a3:02:df:c8:12:6f:2d:7a:58:b2:14:
                    e1:8d:21:0a:1a:5b:e9:0f:9b:f9:b9:5a:b7:46:cc:
                    a2:06:2e:01:24:52:5f:91:6e:bb:e4:5d:a5:47:0c:
                    2f:70:30:85:2d:d8:48:95:f3:86:95:96:fd:f4:39:
                    0d:db:b1:45:2e:64:6a:11:b6:42:b8:18:c5:f4:67:
                    1a:d5:be:45:d9:bd:b1:16:ef:c1:0c:c6:c9:6c:91:
                    bc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:8B:A3:02:6D:06:4D:33:2E:E6:7C:4C:CB:3B:D9:21:EB:69:8C:7F
            X509v3 Authority Key Identifier:
                keyid:7E:86:DC:DE:71:1D:54:53:53:97:4B:33:95:51:08:D9:DF:40:B6:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fobc3nEdVFNTl0szlVEI2d9Atuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/vYujAm0GTTMu5nxMyzvZIetpjH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/63e413-35ca-49e0-8285-35f1a9088b42/1/fobc3nEdVFNTl0szlVEI2d9Atuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:4d:a2:34:a0:9a:c1:ce:3e:a8:b3:37:14:9a:b1:2c:23:e4:
         90:b5:da:a0:fc:24:b7:7c:e1:c1:ab:3f:94:53:5c:d2:02:bd:
         ae:c4:a1:c4:2e:cf:3d:74:b7:b6:31:c0:d0:60:24:13:6e:c3:
         cf:e7:69:15:85:b2:09:cb:97:3d:86:13:63:40:58:aa:d4:66:
         96:9b:22:c9:0f:7c:52:d4:75:28:88:78:56:e7:a6:b8:a7:b4:
         2a:cc:1f:39:dc:6e:90:4b:e8:44:c5:95:73:d2:a6:6d:3f:34:
         f9:f0:ea:0f:ea:c3:b4:c1:ce:5f:6c:21:41:1c:2e:34:dd:e1:
         fa:88:68:55:2b:7a:0a:60:2a:90:2f:00:a2:8c:22:d7:c8:40:
         d0:cd:ab:56:3d:00:6f:67:66:9d:8d:67:d6:fa:09:aa:cb:5d:
         bb:b1:06:d1:8d:fe:28:ca:89:e4:d9:a5:74:08:cd:8f:82:96:
         b7:b3:21:c0:7c:ea:b7:1c:9c:ad:43:3c:42:ca:a9:1a:3e:a2:
         29:8c:73:40:51:fc:94:3a:cd:f3:ee:66:0f:36:ff:da:49:89:
         af:e7:cf:c7:32:90:ad:96:fb:af:b9:bb:fe:32:b7:8d:c9:d4:
         a2:81:27:4f:51:10:b9:10:56:55:1e:15:e8:5f:24:ea:3f:df:
         fb:21:76:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAlklkfYf0OnzO/kjpmR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlODZkY2RlNzExZDU0NTM1Mzk3NGIzMzk1NTEwOGQ5ZGY0
MGI2ZTkwHhcNMjQwMTAyMDIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDhiYTMwMjZkMDY0ZDMzMmVlNjdjNGNjYjNiZDkyMWViNjk4YzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCPVzib5YHy86gx3zl5Vb8IYNnH+
kqyUaGqL+tKAi8ePvUgrY9ubEWccB7iekrLoi8fH5TfQKq27HyOULbGn5LLrMjvI
/HFQ7ak5s/ImfnIw69bgtmVNXdrZ4ydkJJ23meDNNO4Cq48iy9dA40+zF8Jdecaa
Z/Ppp1pwjEal+blXL/GOliufUn3vrVBCEd8LdyXdfzSCsube7ZrDsfacFx9fIR2A
jcOEowLfyBJvLXpYshThjSEKGlvpD5v5uVq3RsyiBi4BJFJfkW675F2lRwwvcDCF
LdhIlfOGlZb99DkN27FFLmRqEbZCuBjF9Gca1b5F2b2xFu/BDMbJbJG8JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2LowJtBk0zLuZ8TMs72SHraYx/MB8GA1UdIwQY
MBaAFH6G3N5xHVRTU5dLM5VRCNnfQLbpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm9iYzNuRWRWRk5UbDBzemxWRUkyZDlBdHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82M2U0MTMtMzVjYS00OWUwLTgyODUt
MzVmMWE5MDg4YjQyLzEvdll1akFtMEdUVE11NW54TXl6dlpJZXRwakg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82M2U0MTMtMzVjYS00OWUwLTgyODUtMzVmMWE5MDg4YjQy
LzEvZm9iYzNuRWRWRk5UbDBzemxWRUkyZDlBdHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYpsMA0G
CSqGSIb3DQEBCwUAA4IBAQAyTaI0oJrBzj6oszcUmrEsI+SQtdqg/CS3fOHBqz+U
U1zSAr2uxKHELs89dLe2McDQYCQTbsPP52kVhbIJy5c9hhNjQFiq1GaWmyLJD3xS
1HUoiHhW56a4p7QqzB853G6QS+hExZVz0qZtPzT58OoP6sO0wc5fbCFBHC403eH6
iGhVK3oKYCqQLwCijCLXyEDQzatWPQBvZ2adjWfW+gmqy127sQbRjf4oyonk2aV0
CM2Pgpa3syHAfOq3HJytQzxCyqkaPqIpjHNAUfyUOs3z7mYPNv/aSYmv58/HMpCt
lvuvubv+MreNydSigSdPURC5EFZVHhXoXyTqP9/7IXax
-----END CERTIFICATE-----