Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/vUWFTuzky7VTuPd9DXKBf2kXOHs.roa
File:                     vUWFTuzky7VTuPd9DXKBf2kXOHs.roa (raw, json)
Hash identifier:          vBDyRtJ7Kud7xDeBmWcAxlXu37cAODLWLVHbMjHxd7g=
Subject key identifier:   BD:45:85:4E:EC:E4:CB:B5:53:B8:F7:7D:0D:72:81:7F:69:17:38:7B
Certificate issuer:       /CN=e8df3e9cb69cca58ac702a2d5e9135c3bcab7200
Certificate serial:       018CC2DB3C682B88F8535884314503A2177C
Authority key identifier: E8:DF:3E:9C:B6:9C:CA:58:AC:70:2A:2D:5E:91:35:C3:BC:AB:72:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/vUWFTuzky7VTuPd9DXKBf2kXOHs.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56466
IP address blocks:        185.162.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3c:68:2b:88:f8:53:58:84:31:45:03:a2:17:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8df3e9cb69cca58ac702a2d5e9135c3bcab7200
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd45854eece4cbb553b8f77d0d72817f6917387b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8d:e5:a8:8f:3b:97:86:ee:06:56:80:e8:72:
                    d5:13:1d:4f:aa:9e:6f:5a:4a:c8:c8:9c:cd:28:1b:
                    17:ba:f6:b1:a7:39:fa:e1:9b:92:82:0f:50:32:19:
                    9f:19:66:1f:17:80:b4:7a:d0:ad:fe:de:51:e8:78:
                    51:d0:1a:e4:4d:b4:e5:03:27:58:f6:25:31:98:d7:
                    67:32:31:af:97:9c:77:15:61:7e:fe:66:d3:36:9a:
                    be:1a:4a:d9:30:00:f6:78:89:ef:8e:74:55:d4:14:
                    6c:75:cb:6f:ff:80:ab:7b:50:fa:06:1a:cb:6d:6d:
                    26:87:95:4e:3a:14:67:54:38:53:81:a0:78:56:19:
                    cd:45:da:e0:0b:7f:a9:cf:89:29:03:86:62:da:bc:
                    81:40:41:b7:52:6f:06:87:b4:35:06:2f:8d:52:39:
                    c5:60:c3:5e:05:73:79:88:38:29:42:ab:4d:21:e0:
                    86:a2:15:88:3d:55:bb:4a:d2:ed:4b:74:ec:18:00:
                    bb:52:d3:2b:fa:6c:0e:6b:94:cc:f3:ff:cf:05:c2:
                    aa:da:b1:f6:4c:83:36:d8:2a:5a:8c:c1:57:fa:9d:
                    15:bb:c3:5e:2c:58:ac:c1:6c:a6:14:31:21:15:ca:
                    81:ee:64:2b:f9:70:cb:2b:02:ee:0c:05:1c:2a:40:
                    30:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:45:85:4E:EC:E4:CB:B5:53:B8:F7:7D:0D:72:81:7F:69:17:38:7B
            X509v3 Authority Key Identifier:
                keyid:E8:DF:3E:9C:B6:9C:CA:58:AC:70:2A:2D:5E:91:35:C3:BC:AB:72:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/vUWFTuzky7VTuPd9DXKBf2kXOHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:8d:4f:43:74:12:b3:cc:6b:d1:54:dc:8a:f0:90:ee:f0:ef:
         04:90:39:05:c9:96:f4:96:4b:5f:77:e2:9c:1c:ea:1c:60:4a:
         1d:77:4b:ce:ab:96:34:58:c4:85:44:66:68:25:ca:6a:1e:b6:
         aa:ba:95:d5:a8:2b:3e:7b:3a:87:d7:7b:f9:1d:db:e2:29:14:
         a7:a6:85:36:4c:5e:46:0a:fd:6a:1b:c2:49:34:93:58:cc:6c:
         91:16:7e:d4:5e:65:b2:38:5f:11:a3:86:03:7c:3f:ad:3d:2a:
         d1:41:03:28:ab:b9:b7:2b:09:4f:a3:46:57:83:c9:26:19:74:
         a4:cd:46:57:09:82:a0:a3:d9:05:1f:52:30:a9:92:de:91:f0:
         c4:b6:bb:68:10:3c:70:0a:f8:c1:06:8b:50:17:25:be:59:71:
         8e:87:c8:5b:d4:83:30:ce:64:ef:93:a6:f5:b3:f9:39:46:ea:
         a1:74:2d:97:73:10:ae:d9:5e:18:8f:df:17:68:52:37:37:52:
         f4:c1:f4:2a:b6:5a:21:85:eb:65:63:26:df:0c:ab:43:93:32:
         1b:07:19:d5:06:fa:ef:49:0f:10:4a:0a:ec:12:fa:68:7d:99:
         a1:2e:3e:fe:7c:5d:36:9b:82:8d:4b:fb:fa:1d:06:dd:3b:5e:
         9c:31:ab:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zxoK4j4U1iEMUUDohd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZGYzZTljYjY5Y2NhNThhYzcwMmEyZDVlOTEzNWMzYmNh
YjcyMDAwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQ1ODU0ZWVjZTRjYmI1NTNiOGY3N2QwZDcyODE3ZjY5MTczODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI3lqI87l4buBlaA6HLVEx1Pqp5v
WkrIyJzNKBsXuvaxpzn64ZuSgg9QMhmfGWYfF4C0etCt/t5R6HhR0BrkTbTlAydY
9iUxmNdnMjGvl5x3FWF+/mbTNpq+GkrZMAD2eInvjnRV1BRsdctv/4Cre1D6BhrL
bW0mh5VOOhRnVDhTgaB4VhnNRdrgC3+pz4kpA4Zi2ryBQEG3Um8Gh7Q1Bi+NUjnF
YMNeBXN5iDgpQqtNIeCGohWIPVW7StLtS3TsGAC7UtMr+mwOa5TM8//PBcKq2rH2
TIM22CpajMFX+p0Vu8NeLFiswWymFDEhFcqB7mQr+XDLKwLuDAUcKkAwUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1FhU7s5Mu1U7j3fQ1ygX9pFzh7MB8GA1UdIwQY
MBaAFOjfPpy2nMpYrHAqLV6RNcO8q3IAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk44LW5MYWN5bGlzY0NvdFhwRTF3N3lyY2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lNWRmZTItYTk2Ny00NzEyLWJlZTYt
MzIxODdlMjQ4ODlmLzEvdlVXRlR1emt5N1ZUdVBkOURYS0JmMmtYT0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lNWRmZTItYTk2Ny00NzEyLWJlZTYtMzIxODdlMjQ4ODlm
LzEvNk44LW5MYWN5bGlzY0NvdFhwRTF3N3lyY2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaLYMA0G
CSqGSIb3DQEBCwUAA4IBAQBLjU9DdBKzzGvRVNyK8JDu8O8EkDkFyZb0lktfd+Kc
HOocYEodd0vOq5Y0WMSFRGZoJcpqHraqupXVqCs+ezqH13v5HdviKRSnpoU2TF5G
Cv1qG8JJNJNYzGyRFn7UXmWyOF8Ro4YDfD+tPSrRQQMoq7m3KwlPo0ZXg8kmGXSk
zUZXCYKgo9kFH1IwqZLekfDEtrtoEDxwCvjBBotQFyW+WXGOh8hb1IMwzmTvk6b1
s/k5RuqhdC2XcxCu2V4Yj98XaFI3N1L0wfQqtlohhetlYybfDKtDkzIbBxnVBvrv
SQ8QSgrsEvpofZmhLj7+fF02m4KNS/v6HQbdO16cMauv
-----END CERTIFICATE-----