Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vLtC3UsDTLKM2NyP4dMk5ZAeelA.roa
File:                     vLtC3UsDTLKM2NyP4dMk5ZAeelA.roa (raw, json)
Hash identifier:          AEtXItoHugLu8FI/lp9L7Wix+vogeIPnnKXGq+Q6lvQ=
Subject key identifier:   BC:BB:42:DD:4B:03:4C:B2:8C:D8:DC:8F:E1:D3:24:E5:90:1E:7A:50
Certificate issuer:       /CN=6b4137c95719de3b0651e44ad0683501ae67eb88
Certificate serial:       018DC781A983494DA4D41A64917ABEF16877
Authority key identifier: 6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vLtC3UsDTLKM2NyP4dMk5ZAeelA.roa
Signing time:             Tue 20 Feb 2024 17:12:59 +0000
ROA not before:           Tue 20 Feb 2024 17:12:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273171
IP address blocks:        185.240.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:81:a9:83:49:4d:a4:d4:1a:64:91:7a:be:f1:68:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4137c95719de3b0651e44ad0683501ae67eb88
        Validity
            Not Before: Feb 20 17:12:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcbb42dd4b034cb28cd8dc8fe1d324e5901e7a50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f8:f6:e4:dd:e8:78:6c:de:82:ab:50:e2:1c:
                    44:3a:e5:aa:da:bb:a5:36:7c:b8:71:4e:44:46:12:
                    f2:8a:9d:2f:e4:38:c5:44:d3:b1:ae:4b:8b:9b:a4:
                    a1:e0:26:8c:32:c8:ff:35:f2:76:5f:52:5a:49:4c:
                    12:e5:db:9c:6c:4d:2c:fc:19:05:9b:3f:94:86:f8:
                    d0:7b:c5:8d:66:cd:93:07:20:3b:78:bb:a4:8b:ef:
                    07:57:c3:67:25:c4:2b:a6:af:33:9a:8f:42:c4:f4:
                    f3:34:7d:e6:7c:d4:c3:a8:30:95:64:16:ed:19:4c:
                    6a:fc:bc:e1:8e:b8:d4:b1:3d:f1:f4:2b:28:66:b2:
                    49:28:4c:9c:0d:15:44:97:7f:b8:b7:a8:ab:20:a5:
                    a5:fe:98:2a:1d:8f:78:87:a9:92:a3:58:a1:d9:c1:
                    94:74:19:02:8e:05:63:93:b4:96:9b:64:e8:b5:1c:
                    f9:87:5e:47:fe:44:64:ae:a7:9d:c4:51:d7:c2:c8:
                    8d:61:75:c4:53:a7:cb:9a:65:95:42:5b:8c:22:97:
                    40:1e:e6:6b:61:1b:d4:aa:2e:d6:34:b3:1f:2c:44:
                    6d:b4:71:6c:c6:7c:4f:93:79:f3:11:be:4e:0b:34:
                    49:68:f4:03:eb:2d:2f:02:5e:14:4f:7e:1b:6d:ed:
                    0b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:BB:42:DD:4B:03:4C:B2:8C:D8:DC:8F:E1:D3:24:E5:90:1E:7A:50
            X509v3 Authority Key Identifier:
                keyid:6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vLtC3UsDTLKM2NyP4dMk5ZAeelA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:42:ac:81:5b:5b:f2:81:7e:38:bc:bd:42:fd:25:c7:95:a9:
         01:67:22:9c:c6:47:b6:99:f1:b6:ee:51:56:55:d8:a2:9f:ab:
         42:e1:a5:cf:6e:92:ce:ee:9e:f0:63:5d:0d:40:96:ea:c3:14:
         11:65:da:ea:21:10:c0:b1:34:27:8c:01:64:f1:84:70:c6:28:
         9c:1a:f5:ed:0b:79:ac:cc:fa:80:a2:ae:05:bb:0e:da:9c:5f:
         ef:c3:0e:36:b5:ce:47:ec:f1:91:ba:b6:c4:81:3a:44:29:c9:
         da:6f:d6:81:a3:86:e2:6b:b3:49:00:fc:89:3b:79:f1:b3:32:
         ef:b2:4f:36:df:c6:6c:88:bc:7d:17:12:20:a8:ce:82:94:f3:
         68:f2:ac:b1:25:50:36:bd:10:0b:2b:7a:75:b1:1c:5a:d3:16:
         60:20:20:7d:5a:18:3f:9d:7f:c4:a9:24:42:c8:ff:89:0f:0c:
         01:bd:04:92:21:1b:69:28:e9:e8:15:3a:ed:7f:ac:2b:cc:cb:
         38:ff:ce:31:f7:59:39:29:be:b4:66:48:cc:9b:b5:8e:c4:7f:
         fd:54:21:69:78:f4:c5:51:34:c5:7f:94:6a:97:34:3e:86:11:
         7a:31:c3:c1:2e:96:99:7e:cf:99:29:f5:e2:bd:a3:84:e8:68:
         89:3e:49:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HgamDSU2k1BpkkXq+8Wh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDEzN2M5NTcxOWRlM2IwNjUxZTQ0YWQwNjgzNTAxYWU2
N2ViODgwHhcNMjQwMjIwMTcxMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2JiNDJkZDRiMDM0Y2IyOGNkOGRjOGZlMWQzMjRlNTkwMWU3YTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvj25N3oeGzegqtQ4hxEOuWq2rul
Nny4cU5ERhLyip0v5DjFRNOxrkuLm6Sh4CaMMsj/NfJ2X1JaSUwS5ducbE0s/BkF
mz+UhvjQe8WNZs2TByA7eLuki+8HV8NnJcQrpq8zmo9CxPTzNH3mfNTDqDCVZBbt
GUxq/LzhjrjUsT3x9CsoZrJJKEycDRVEl3+4t6irIKWl/pgqHY94h6mSo1ih2cGU
dBkCjgVjk7SWm2TotRz5h15H/kRkrqedxFHXwsiNYXXEU6fLmmWVQluMIpdAHuZr
YRvUqi7WNLMfLERttHFsxnxPk3nzEb5OCzRJaPQD6y0vAl4UT34bbe0LCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLy7Qt1LA0yyjNjcj+HTJOWQHnpQMB8GA1UdIwQY
MBaAFGtBN8lXGd47BlHkStBoNQGuZ+uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMt
ODViMjZiM2VkOTgzLzEvdkx0QzNVc0RUTEtNMk55UDRkTWs1WkFlZWxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMtODViMjZiM2VkOTgz
LzEvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufDWMA0G
CSqGSIb3DQEBCwUAA4IBAQBuQqyBW1vygX44vL1C/SXHlakBZyKcxke2mfG27lFW
Vdiin6tC4aXPbpLO7p7wY10NQJbqwxQRZdrqIRDAsTQnjAFk8YRwxiicGvXtC3ms
zPqAoq4Fuw7anF/vww42tc5H7PGRurbEgTpEKcnab9aBo4bia7NJAPyJO3nxszLv
sk8238ZsiLx9FxIgqM6ClPNo8qyxJVA2vRALK3p1sRxa0xZgICB9Whg/nX/EqSRC
yP+JDwwBvQSSIRtpKOnoFTrtf6wrzMs4/84x91k5Kb60ZkjMm7WOxH/9VCFpePTF
UTTFf5RqlzQ+hhF6McPBLpaZfs+ZKfXivaOE6GiJPklC
-----END CERTIFICATE-----