Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/vEbvUZgOvA4VdeefLXJeuS4fA24.roa
File:                     vEbvUZgOvA4VdeefLXJeuS4fA24.roa (raw, json)
Hash identifier:          dgAVeky1PkoEkYsQuK+dP4g2CvVnX6j2bWzg+rTQF6I=
Subject key identifier:   BC:46:EF:51:98:0E:BC:0E:15:75:E7:9F:2D:72:5E:B9:2E:1F:03:6E
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       018CC425540BCB0D60327C23A2DE74085039
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/vEbvUZgOvA4VdeefLXJeuS4fA24.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50265
IP address blocks:        91.233.88.0/24 maxlen: 24
                          193.106.68.0/22 maxlen: 24
                          2a00:46e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:0b:cb:0d:60:32:7c:23:a2:de:74:08:50:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc46ef51980ebc0e1575e79f2d725eb92e1f036e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f9:23:1c:56:7a:ce:e7:42:0b:9e:96:9e:51:
                    f6:9c:0f:9b:ae:44:14:82:93:c7:de:28:90:54:eb:
                    e9:50:08:3c:25:27:b4:0e:6d:34:67:c4:d6:28:2b:
                    52:97:03:be:95:43:d2:e5:a6:3c:95:06:3b:5a:5a:
                    18:52:3d:d7:3a:59:34:94:24:73:29:cd:35:b2:c9:
                    d7:82:aa:60:8d:c2:58:46:74:75:18:51:39:11:90:
                    aa:50:e4:9c:e6:6c:43:86:3d:e7:ab:05:4d:96:5c:
                    d9:db:76:89:11:36:c6:c6:f3:84:d7:ed:71:b0:79:
                    d5:44:bc:34:fa:53:72:01:39:a6:b4:92:de:28:02:
                    67:fe:bd:24:80:34:7d:f0:6e:d4:8d:72:dd:7f:88:
                    2b:bd:a5:b6:37:83:20:5e:8e:66:26:ef:43:2c:a3:
                    f7:35:a0:b1:62:f7:96:ba:61:27:8c:d7:2a:71:a0:
                    ea:5a:fa:11:7a:1c:0d:63:72:21:f7:ba:e4:df:2b:
                    10:3a:d9:e5:2e:13:4b:e9:01:e6:13:ff:e9:2a:05:
                    0c:7c:5b:d6:9c:15:d2:f3:0b:02:65:18:89:9c:99:
                    c8:ea:ae:81:e9:d0:be:36:80:8e:81:a7:9c:df:36:
                    19:dc:06:b2:c2:fa:4d:3e:81:e4:a7:a5:ed:e0:6d:
                    86:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:46:EF:51:98:0E:BC:0E:15:75:E7:9F:2D:72:5E:B9:2E:1F:03:6E
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/vEbvUZgOvA4VdeefLXJeuS4fA24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.88.0/24
                  193.106.68.0/22
                IPv6:
                  2a00:46e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:cd:cd:e5:56:3d:18:8f:30:53:43:e0:c7:f0:fe:fb:af:6c:
         3c:b9:59:a3:71:82:46:ca:5a:13:b7:c8:f4:77:78:1f:1e:02:
         e8:3a:b4:93:b1:9c:7c:6f:2a:12:6a:a6:0f:84:b9:f4:59:5d:
         24:ef:65:b2:7e:ed:15:00:7c:a8:13:1f:aa:9c:61:a1:31:f0:
         15:67:75:94:43:4c:3f:e3:ec:cd:51:a0:76:9a:0e:bc:a7:35:
         58:51:12:5f:e4:2f:be:22:83:a3:0e:91:3a:57:f8:ab:53:ea:
         4f:a1:75:1e:7b:db:f9:ae:85:0e:cb:97:5e:e1:6b:84:5c:13:
         42:90:ce:81:1f:90:f1:ae:6e:26:b4:ee:4e:5e:ad:f0:03:9e:
         23:36:05:25:88:11:50:1f:36:00:86:d0:1f:11:4e:0f:43:8c:
         80:cd:85:6a:18:af:5d:39:38:99:ac:af:19:c4:78:32:4a:d2:
         3a:19:6e:31:68:e7:50:87:de:13:90:41:73:83:31:6f:b9:4a:
         7a:83:55:67:20:88:b4:4e:ef:c0:72:2d:0d:ec:5c:2f:28:58:
         d7:81:e1:a5:8b:5c:b0:07:3f:ef:8a:7c:6b:54:dd:c9:e2:26:
         a4:21:49:da:0b:64:60:5c:be:23:a7:64:08:18:eb:65:94:b4:
         8c:d5:84:83
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJVQLyw1gMnwjot50CFA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzQ2ZWY1MTk4MGViYzBlMTU3NWU3OWYyZDcyNWViOTJlMWYwMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPkjHFZ6zudCC56WnlH2nA+brkQU
gpPH3iiQVOvpUAg8JSe0Dm00Z8TWKCtSlwO+lUPS5aY8lQY7WloYUj3XOlk0lCRz
Kc01ssnXgqpgjcJYRnR1GFE5EZCqUOSc5mxDhj3nqwVNllzZ23aJETbGxvOE1+1x
sHnVRLw0+lNyATmmtJLeKAJn/r0kgDR98G7UjXLdf4grvaW2N4MgXo5mJu9DLKP3
NaCxYveWumEnjNcqcaDqWvoRehwNY3Ih97rk3ysQOtnlLhNL6QHmE//pKgUMfFvW
nBXS8wsCZRiJnJnI6q6B6dC+NoCOgaec3zYZ3AaywvpNPoHkp6Xt4G2GYQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLxG71GYDrwOFXXnny1yXrkuHwNuMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvdkVidlVaZ092QTRWZGVlZkxYSmV1UzRmQTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+lYAwQC
wWpEMA0EAgACMAcDBQAqAEbgMA0GCSqGSIb3DQEBCwUAA4IBAQAuzc3lVj0YjzBT
Q+DH8P77r2w8uVmjcYJGyloTt8j0d3gfHgLoOrSTsZx8byoSaqYPhLn0WV0k72Wy
fu0VAHyoEx+qnGGhMfAVZ3WUQ0w/4+zNUaB2mg68pzVYURJf5C++IoOjDpE6V/ir
U+pPoXUee9v5roUOy5de4WuEXBNCkM6BH5Dxrm4mtO5OXq3wA54jNgUliBFQHzYA
htAfEU4PQ4yAzYVqGK9dOTiZrK8ZxHgyStI6GW4xaOdQh94TkEFzgzFvuUp6g1Vn
IIi0Tu/Aci0N7FwvKFjXgeGli1ywBz/vinxrVN3J4iakIUnaC2RgXL4jp2QIGOtl
lLSM1YSD
-----END CERTIFICATE-----