Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/vBZxo5xRa7wwp5UTXRhzpMnUDF4.roa
File:                     vBZxo5xRa7wwp5UTXRhzpMnUDF4.roa (raw, json)
Hash identifier:          slqEzKef+V0hkX2xxNfWrZesbPf6DnjOLtyVd2kenDI=
Subject key identifier:   BC:16:71:A3:9C:51:6B:BC:30:A7:95:13:5D:18:73:A4:C9:D4:0C:5E
Certificate issuer:       /CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
Certificate serial:       018CC79341981E24F017EE6C7860563E363C
Authority key identifier: 5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/vBZxo5xRa7wwp5UTXRhzpMnUDF4.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397651
IP address blocks:        193.46.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:41:98:1e:24:f0:17:ee:6c:78:60:56:3e:36:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc1671a39c516bbc30a795135d1873a4c9d40c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a4:71:97:73:c2:62:66:98:52:d1:10:73:61:
                    12:7d:20:18:c1:c7:3a:44:08:45:1a:21:80:3a:f4:
                    cc:10:04:5a:ca:18:2e:67:b3:de:20:5c:cb:a5:0c:
                    e1:e8:0d:5e:fa:0e:d7:8a:0f:0e:43:4f:db:ef:b4:
                    1b:00:4a:6e:bf:7f:17:6f:bb:85:2f:f2:00:3f:4b:
                    d0:ec:c9:6b:b2:78:0e:6c:bc:88:87:ff:5e:19:96:
                    cc:f0:03:24:79:c0:fd:53:88:6f:c0:c1:85:e3:aa:
                    31:cf:c1:fc:59:06:db:eb:5b:5e:d3:ea:19:09:16:
                    a1:d7:a7:1a:2e:49:77:fd:52:fd:81:95:7e:d9:b8:
                    e2:d8:a1:ab:af:eb:27:73:f3:5f:46:2f:62:b5:44:
                    64:aa:e0:5a:e8:c2:29:16:39:3c:5d:71:10:8e:9b:
                    f9:ab:df:5d:48:0d:c8:60:5d:37:59:9d:85:07:51:
                    9b:e6:81:87:c4:ce:69:59:83:42:a9:9f:6a:6e:f1:
                    8b:44:ef:b1:50:32:8f:e5:72:af:5a:35:9a:52:ff:
                    f1:98:0f:0b:1c:2a:da:64:c7:12:98:ec:02:86:23:
                    08:87:d4:2b:c9:90:66:92:68:e6:10:22:47:4a:ba:
                    17:ef:1c:75:19:64:8c:a7:52:4b:cc:cd:40:7a:f0:
                    c6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:16:71:A3:9C:51:6B:BC:30:A7:95:13:5D:18:73:A4:C9:D4:0C:5E
            X509v3 Authority Key Identifier:
                keyid:5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/vBZxo5xRa7wwp5UTXRhzpMnUDF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:da:4e:60:60:b2:61:d9:be:34:4a:f6:87:c4:00:2a:55:0c:
         0f:80:44:f7:01:c4:62:04:8c:77:c4:68:16:4d:24:e2:45:65:
         9d:bb:8a:02:94:55:37:43:9d:7d:dc:65:f4:a2:08:35:58:ea:
         4f:84:0f:32:ae:f6:11:a1:6a:b7:0f:57:75:b5:c6:fc:81:37:
         d1:83:76:e6:bb:bf:a7:76:c3:17:d1:06:0b:00:78:a1:8b:36:
         a0:d5:1f:73:4b:25:c0:8a:3f:68:b7:72:9c:29:2d:e1:6e:44:
         62:14:d5:9d:b7:e1:f0:0e:78:4a:7c:1d:79:e3:a8:18:21:ef:
         28:b9:bf:55:a2:7d:f8:23:39:60:d2:5d:2c:b5:5a:e1:81:03:
         fe:17:be:2a:d5:d6:bf:72:f8:41:cc:0f:2d:0f:10:af:bb:82:
         56:c4:cb:81:f4:c4:3f:5e:35:e7:eb:bd:0c:ab:fa:a5:2a:f7:
         96:55:b9:42:02:9e:e8:b1:48:57:6e:59:e4:0e:d8:42:1b:29:
         54:21:3c:2c:43:82:24:17:29:10:d6:1d:bd:c2:85:49:6f:a5:
         a1:09:3f:d1:48:ca:34:6e:e2:8c:c2:0d:36:ba:4c:78:af:3d:
         65:7f:db:61:8d:b9:d3:11:31:3f:2c:ff:66:f6:98:93:14:c2:
         b3:0f:0b:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk0GYHiTwF+5seGBWPjY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmE2MjU1ZGVkYWExYTFiNmIxN2NiOGVhOTFlMDJkNDEy
Yjg3MTgwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE2NzFhMzljNTE2YmJjMzBhNzk1MTM1ZDE4NzNhNGM5ZDQwYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6Rxl3PCYmaYUtEQc2ESfSAYwcc6
RAhFGiGAOvTMEARayhguZ7PeIFzLpQzh6A1e+g7Xig8OQ0/b77QbAEpuv38Xb7uF
L/IAP0vQ7MlrsngObLyIh/9eGZbM8AMkecD9U4hvwMGF46oxz8H8WQbb61te0+oZ
CRah16caLkl3/VL9gZV+2bji2KGrr+snc/NfRi9itURkquBa6MIpFjk8XXEQjpv5
q99dSA3IYF03WZ2FB1Gb5oGHxM5pWYNCqZ9qbvGLRO+xUDKP5XKvWjWaUv/xmA8L
HCraZMcSmOwChiMIh9QryZBmkmjmECJHSroX7xx1GWSMp1JLzM1AevDGOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwWcaOcUWu8MKeVE10Yc6TJ1AxeMB8GA1UdIwQY
MBaAFF+6YlXe2qGhtrF8uOqR4C1BK4cYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEt
NjFlNTEyYmEyNWI3LzEvdkJaeG81eFJhN3d3cDVVVFhSaHpwTW5VREY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEtNjFlNTEyYmEyNWI3
LzEvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5DMA0G
CSqGSIb3DQEBCwUAA4IBAQAn2k5gYLJh2b40SvaHxAAqVQwPgET3AcRiBIx3xGgW
TSTiRWWdu4oClFU3Q5193GX0ogg1WOpPhA8yrvYRoWq3D1d1tcb8gTfRg3bmu7+n
dsMX0QYLAHihizag1R9zSyXAij9ot3KcKS3hbkRiFNWdt+HwDnhKfB1546gYIe8o
ub9Von34Izlg0l0stVrhgQP+F74q1da/cvhBzA8tDxCvu4JWxMuB9MQ/XjXn670M
q/qlKveWVblCAp7osUhXblnkDthCGylUITwsQ4IkFykQ1h29woVJb6WhCT/RSMo0
buKMwg02ukx4rz1lf9thjbnTETE/LP9m9piTFMKzDwur
-----END CERTIFICATE-----