Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/VaevHXaXSSH0RuCHiFyfIOvqtnQ.roa
File:                     VaevHXaXSSH0RuCHiFyfIOvqtnQ.roa (raw, json)
Hash identifier:          XZNcSnQJ5faVenv1PHuVvx/XohtzYMtv8HjuX8PeYCA=
Subject key identifier:   55:A7:AF:1D:76:97:49:21:F4:46:E0:87:88:5C:9F:20:EB:EA:B6:74
Certificate issuer:       /CN=0d8611b51799189931e30ae1be95acda81e3e1cc
Certificate serial:       018CC793E2AE73FA28179E016BFBFD70ED4D
Authority key identifier: 0D:86:11:B5:17:99:18:99:31:E3:0A:E1:BE:95:AC:DA:81:E3:E1:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYYRtReZGJkx4wrhvpWs2oHj4cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/VaevHXaXSSH0RuCHiFyfIOvqtnQ.roa
Signing time:             Tue 02 Jan 2024 00:30:06 +0000
ROA not before:           Tue 02 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43034
IP address blocks:        193.200.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/DYYRtReZGJkx4wrhvpWs2oHj4cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/DYYRtReZGJkx4wrhvpWs2oHj4cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYYRtReZGJkx4wrhvpWs2oHj4cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e2:ae:73:fa:28:17:9e:01:6b:fb:fd:70:ed:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8611b51799189931e30ae1be95acda81e3e1cc
        Validity
            Not Before: Jan  2 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55a7af1d76974921f446e087885c9f20ebeab674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1a:1b:8d:84:ff:81:6f:66:2e:01:c9:23:12:
                    bb:61:d6:e5:52:1e:f8:1d:7c:48:e5:7f:27:7f:03:
                    88:1c:da:6c:ae:af:56:2c:40:88:6f:c4:c8:20:12:
                    4f:98:3e:f6:c4:18:f5:68:a4:9e:d1:f0:29:9c:77:
                    b1:bf:ca:e7:05:47:49:a0:cc:da:47:9d:3e:ee:c0:
                    6d:c2:b2:45:2e:01:9b:0e:40:5d:b5:7c:57:bb:bb:
                    22:44:8f:9e:f7:b1:cf:6f:f8:41:13:dc:ef:f5:c5:
                    2d:59:b7:39:4c:c8:3a:97:2f:7f:92:3a:b2:de:54:
                    81:03:fe:4e:49:c9:49:3b:1c:73:8f:85:79:77:18:
                    b9:35:d6:cb:12:69:5d:25:9b:e3:14:71:2e:1a:40:
                    76:3a:14:86:cf:57:aa:a6:9e:ef:d1:ff:02:3f:e4:
                    31:29:2b:78:b4:0a:0c:34:61:b1:70:fe:c3:ba:39:
                    42:3a:f4:1f:c1:f6:ce:c1:7a:66:1f:7a:e3:80:e5:
                    12:eb:90:28:7e:76:19:69:29:be:0c:62:d5:3e:a8:
                    0a:14:b2:c2:71:9a:e2:21:c0:db:26:2c:f0:3c:d6:
                    2a:58:33:c6:06:46:f3:b7:81:5a:d0:52:de:cb:ba:
                    d0:05:5b:60:15:0a:6c:4a:49:99:89:e7:df:9c:4c:
                    a0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A7:AF:1D:76:97:49:21:F4:46:E0:87:88:5C:9F:20:EB:EA:B6:74
            X509v3 Authority Key Identifier:
                keyid:0D:86:11:B5:17:99:18:99:31:E3:0A:E1:BE:95:AC:DA:81:E3:E1:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYYRtReZGJkx4wrhvpWs2oHj4cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/VaevHXaXSSH0RuCHiFyfIOvqtnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a2b2b8-cf1c-43e3-b0d3-fd31e1e3f5b9/1/DYYRtReZGJkx4wrhvpWs2oHj4cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ad:c7:a3:61:72:53:9a:39:e4:18:ae:c5:e9:15:e0:02:f5:
         74:e2:44:35:fe:d0:3a:69:2d:92:76:ee:bd:ab:25:52:a0:f1:
         30:cb:93:dd:b6:42:1c:c1:6c:b5:3e:34:46:5b:b8:6d:f4:62:
         f1:3c:9f:30:57:6b:5b:ed:51:ed:a4:60:45:83:61:68:2a:7e:
         fc:1c:71:5a:dc:54:be:cd:6a:91:c9:e4:a0:33:28:e2:cb:b5:
         d0:a6:fc:97:16:da:96:d8:74:2d:e8:13:73:b6:4c:5f:33:ab:
         6a:ec:24:f9:f4:da:37:6c:d6:42:87:9a:1c:e9:04:9e:d2:c8:
         8a:0a:33:fa:22:0b:11:c6:c0:86:f4:ce:92:cc:ea:8a:fe:73:
         50:bd:d9:cf:24:01:5c:d9:5d:80:b9:54:89:1a:91:2f:06:88:
         18:7c:9c:e1:d4:cb:3a:0e:93:b8:ef:91:24:95:1b:47:63:97:
         38:0c:97:2b:19:b6:21:bc:ae:0c:c5:4f:f5:15:57:8c:a0:f5:
         96:9a:8a:ae:6e:b1:6b:c9:98:91:32:7b:78:a2:6b:9c:e7:7b:
         72:6b:6e:aa:b7:9e:92:66:f1:be:98:f4:c8:e9:36:5f:27:84:
         b9:77:0f:39:be:d9:8d:57:0a:b8:9e:f8:e1:aa:ac:36:3b:4c:
         2d:40:fd:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+Kuc/ooF54Ba/v9cO1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODYxMWI1MTc5OTE4OTkzMWUzMGFlMWJlOTVhY2RhODFl
M2UxY2MwHhcNMjQwMTAyMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWE3YWYxZDc2OTc0OTIxZjQ0NmUwODc4ODVjOWYyMGViZWFiNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhobjYT/gW9mLgHJIxK7YdblUh74
HXxI5X8nfwOIHNpsrq9WLECIb8TIIBJPmD72xBj1aKSe0fApnHexv8rnBUdJoMza
R50+7sBtwrJFLgGbDkBdtXxXu7siRI+e97HPb/hBE9zv9cUtWbc5TMg6ly9/kjqy
3lSBA/5OSclJOxxzj4V5dxi5NdbLEmldJZvjFHEuGkB2OhSGz1eqpp7v0f8CP+Qx
KSt4tAoMNGGxcP7DujlCOvQfwfbOwXpmH3rjgOUS65AofnYZaSm+DGLVPqgKFLLC
cZriIcDbJizwPNYqWDPGBkbzt4Fa0FLey7rQBVtgFQpsSkmZieffnEygBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWnrx12l0kh9Ebgh4hcnyDr6rZ0MB8GA1UdIwQY
MBaAFA2GEbUXmRiZMeMK4b6VrNqB4+HMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFlZUnRSZVpHSmt4NHdyaHZwV3Myb0hqNGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9hMmIyYjgtY2YxYy00M2UzLWIwZDMt
ZmQzMWUxZTNmNWI5LzEvVmFldkhYYVhTU0gwUnVDSGlGeWZJT3ZxdG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9hMmIyYjgtY2YxYy00M2UzLWIwZDMtZmQzMWUxZTNmNWI5
LzEvRFlZUnRSZVpHSmt4NHdyaHZwV3Myb0hqNGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjPMA0G
CSqGSIb3DQEBCwUAA4IBAQBCrcejYXJTmjnkGK7F6RXgAvV04kQ1/tA6aS2Sdu69
qyVSoPEwy5PdtkIcwWy1PjRGW7ht9GLxPJ8wV2tb7VHtpGBFg2FoKn78HHFa3FS+
zWqRyeSgMyjiy7XQpvyXFtqW2HQt6BNztkxfM6tq7CT59No3bNZCh5oc6QSe0siK
CjP6IgsRxsCG9M6SzOqK/nNQvdnPJAFc2V2AuVSJGpEvBogYfJzh1Ms6DpO475Ek
lRtHY5c4DJcrGbYhvK4MxU/1FVeMoPWWmoqubrFryZiRMnt4omuc53tya26qt56S
ZvG+mPTI6TZfJ4S5dw85vtmNVwq4nvjhqqw2O0wtQP1T
-----END CERTIFICATE-----