Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/vBXIzmMooZKMog3VJrUIVMQmgno.roa
File:                     vBXIzmMooZKMog3VJrUIVMQmgno.roa (raw, json)
Hash identifier:          k1uPixlDAIAWxS/SMCD1KN5W63Y3s/YrYSv6/9n81AM=
Subject key identifier:   BC:15:C8:CE:63:28:A1:92:8C:A2:0D:D5:26:B5:08:54:C4:26:82:7A
Certificate issuer:       /CN=07c9fd0a08dd04bf986a5bda86e831df8048f2ae
Certificate serial:       018CC4254E6D1636E77D88D642D6975B493B
Authority key identifier: 07:C9:FD:0A:08:DD:04:BF:98:6A:5B:DA:86:E8:31:DF:80:48:F2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B8n9CgjdBL-Yalvahugx34BI8q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/vBXIzmMooZKMog3VJrUIVMQmgno.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58273
IP address blocks:        185.243.104.0/22 maxlen: 24
                          2a0d:f80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/B8n9CgjdBL-Yalvahugx34BI8q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/B8n9CgjdBL-Yalvahugx34BI8q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B8n9CgjdBL-Yalvahugx34BI8q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4e:6d:16:36:e7:7d:88:d6:42:d6:97:5b:49:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07c9fd0a08dd04bf986a5bda86e831df8048f2ae
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc15c8ce6328a1928ca20dd526b50854c426827a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:77:d6:32:66:75:75:51:2b:bc:78:c6:50:
                    b2:aa:0a:4a:a9:c6:a8:e7:3a:c6:34:e3:a3:67:02:
                    9b:da:32:1a:0e:9b:4d:6d:d4:01:96:bd:12:7c:35:
                    26:f6:96:d0:57:d5:43:92:aa:a5:83:de:ee:6d:69:
                    a9:aa:7d:30:6b:f0:5b:39:ce:38:ee:72:9e:ed:f5:
                    8c:37:e2:dd:9f:77:30:9f:7b:9d:41:b0:ac:6c:90:
                    00:8d:21:a0:d1:e4:8c:58:a8:21:64:7d:e9:1d:c2:
                    0d:00:fa:a2:1d:96:21:b3:90:25:ba:11:e8:52:8e:
                    07:3e:44:07:c9:49:86:2a:63:22:58:db:1d:0c:d1:
                    5f:75:c1:36:23:87:ec:11:12:08:e4:4d:4e:8f:46:
                    9f:59:27:83:32:f8:89:8c:38:81:d2:a2:de:ce:85:
                    2f:10:bf:9f:62:05:dc:1a:db:b6:e2:db:0c:2e:05:
                    95:4f:44:c2:47:25:19:97:e7:96:de:f5:0d:d8:a0:
                    81:99:58:e2:15:63:4c:12:fe:64:14:37:79:10:59:
                    9a:48:56:f0:02:b0:9d:b7:ff:d9:ae:b7:94:d9:22:
                    d9:b3:41:4f:13:b2:9c:ed:56:1c:68:14:61:dc:ab:
                    98:3c:fa:1e:88:67:9c:da:bc:5f:3f:b1:26:d1:9d:
                    76:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:15:C8:CE:63:28:A1:92:8C:A2:0D:D5:26:B5:08:54:C4:26:82:7A
            X509v3 Authority Key Identifier:
                keyid:07:C9:FD:0A:08:DD:04:BF:98:6A:5B:DA:86:E8:31:DF:80:48:F2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B8n9CgjdBL-Yalvahugx34BI8q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/vBXIzmMooZKMog3VJrUIVMQmgno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2376c5-1008-4c8e-a27a-de8a4f0aa956/1/B8n9CgjdBL-Yalvahugx34BI8q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.104.0/22
                IPv6:
                  2a0d:f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:9b:c7:12:27:9e:23:9d:7a:e4:ca:37:23:cb:25:40:af:69:
         66:e0:eb:3f:d6:72:b3:72:61:d7:42:6c:3f:6b:08:ca:a8:10:
         33:ed:73:5b:6e:2b:f5:fe:88:e3:78:d3:e3:74:3c:6a:57:15:
         50:35:94:0c:f0:b0:78:8c:e7:9e:4d:07:05:ab:0b:4a:a3:13:
         44:d1:bb:bf:70:c2:59:f7:48:43:77:b5:39:6e:7e:c7:22:01:
         0d:e2:e0:a9:a7:6e:3e:e1:64:bc:1a:ff:fc:24:d0:d6:16:19:
         a3:09:51:7a:6a:44:5f:ba:68:9e:97:69:94:b6:c5:19:23:e9:
         18:22:fb:fa:d8:36:66:b1:2b:2d:20:ee:67:32:f8:e0:51:b6:
         97:02:eb:15:7b:60:48:df:d3:bf:50:6f:c3:1a:d5:a4:e6:c6:
         b0:6b:f3:04:db:b7:a1:3d:9d:54:66:22:08:76:3d:47:7d:03:
         a7:e6:3e:de:52:8f:96:31:e0:a6:11:11:d6:f7:4f:4b:f1:b3:
         bf:64:25:1c:ea:b7:0a:c9:ca:9a:c1:51:26:48:fa:c3:90:7a:
         3a:68:b8:d7:4d:93:9f:ee:d2:d2:20:ba:c7:44:e9:a5:3d:74:
         b0:03:5e:e5:54:0c:17:fa:3c:57:cb:0e:3a:7e:76:cc:d4:fd:
         da:27:21:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJU5tFjbnfYjWQtaXW0k7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YzlmZDBhMDhkZDA0YmY5ODZhNWJkYTg2ZTgzMWRmODA0
OGYyYWUwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE1YzhjZTYzMjhhMTkyOGNhMjBkZDUyNmI1MDg1NGM0MjY4MjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnt31jJmdXVRK7x4xlCyqgpKqcao
5zrGNOOjZwKb2jIaDptNbdQBlr0SfDUm9pbQV9VDkqqlg97ubWmpqn0wa/BbOc44
7nKe7fWMN+Ldn3cwn3udQbCsbJAAjSGg0eSMWKghZH3pHcINAPqiHZYhs5AluhHo
Uo4HPkQHyUmGKmMiWNsdDNFfdcE2I4fsERII5E1Oj0afWSeDMviJjDiB0qLezoUv
EL+fYgXcGtu24tsMLgWVT0TCRyUZl+eW3vUN2KCBmVjiFWNMEv5kFDd5EFmaSFbw
ArCdt//ZrreU2SLZs0FPE7Kc7VYcaBRh3KuYPPoeiGec2rxfP7Em0Z12lQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLwVyM5jKKGSjKIN1Sa1CFTEJoJ6MB8GA1UdIwQY
MBaAFAfJ/QoI3QS/mGpb2oboMd+ASPKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjhuOUNnamRCTC1ZYWx2YWh1Z3gzNEJJOHE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yMzc2YzUtMTAwOC00YzhlLWEyN2Et
ZGU4YTRmMGFhOTU2LzEvdkJYSXptTW9vWktNb2czVkpyVUlWTVFtZ25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yMzc2YzUtMTAwOC00YzhlLWEyN2EtZGU4YTRmMGFhOTU2
LzEvQjhuOUNnamRCTC1ZYWx2YWh1Z3gzNEJJOHE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufNoMA0E
AgACMAcDBQMqDQ+AMA0GCSqGSIb3DQEBCwUAA4IBAQCXm8cSJ54jnXrkyjcjyyVA
r2lm4Os/1nKzcmHXQmw/awjKqBAz7XNbbiv1/ojjeNPjdDxqVxVQNZQM8LB4jOee
TQcFqwtKoxNE0bu/cMJZ90hDd7U5bn7HIgEN4uCpp24+4WS8Gv/8JNDWFhmjCVF6
akRfumiel2mUtsUZI+kYIvv62DZmsSstIO5nMvjgUbaXAusVe2BI39O/UG/DGtWk
5sawa/ME27ehPZ1UZiIIdj1HfQOn5j7eUo+WMeCmERHW909L8bO/ZCUc6rcKycqa
wVEmSPrDkHo6aLjXTZOf7tLSILrHROmlPXSwA17lVAwX+jxXyw46fnbM1P3aJyGA
-----END CERTIFICATE-----