Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vMBNkOx_1dq71Xie9Clje8lcGUo.roa
File:                     vMBNkOx_1dq71Xie9Clje8lcGUo.roa (raw, json)
Hash identifier:          VEGfmCVuTagKTpPu0M8zOBSSnvWJORGwrXlGlFewkDs=
Subject key identifier:   BC:C0:4D:90:EC:7F:D5:DA:BB:D5:78:9E:F4:29:63:7B:C9:5C:19:4A
Certificate issuer:       /CN=6b4137c95719de3b0651e44ad0683501ae67eb88
Certificate serial:       018DC774D8642E758A108308FB62DFB50018
Authority key identifier: 6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vMBNkOx_1dq71Xie9Clje8lcGUo.roa
Signing time:             Tue 20 Feb 2024 16:58:59 +0000
ROA not before:           Tue 20 Feb 2024 16:58:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273163
IP address blocks:        185.240.212.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:74:d8:64:2e:75:8a:10:83:08:fb:62:df:b5:00:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4137c95719de3b0651e44ad0683501ae67eb88
        Validity
            Not Before: Feb 20 16:58:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcc04d90ec7fd5dabbd5789ef429637bc95c194a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9d:91:75:86:9d:dd:d5:f3:4a:1b:8a:5e:cf:
                    47:af:d8:ab:03:b3:ad:54:61:47:5c:cb:79:21:3e:
                    15:85:d9:2d:0a:13:56:b7:0b:2d:a6:1b:21:7d:81:
                    3b:3a:67:b3:2b:45:b0:bc:99:49:3b:9e:1e:e3:74:
                    5a:ea:65:50:13:7c:f7:4d:dd:de:56:b0:92:49:68:
                    4a:cc:3e:32:95:a1:3b:3c:b2:9b:75:c8:cc:f3:cf:
                    97:85:85:0d:7b:4a:55:ab:b8:93:3c:1b:6f:c7:0f:
                    ab:db:df:94:df:c3:50:7a:73:c4:ea:9a:cd:29:bc:
                    75:38:3f:b2:b6:8d:23:c6:a2:30:45:0d:4b:80:fb:
                    77:94:76:43:f9:4b:df:78:5c:93:00:0d:72:05:8b:
                    66:8f:f0:2e:d5:a3:9f:a0:8d:d7:eb:95:76:de:d2:
                    1c:22:cb:5d:15:5b:40:7f:11:c2:95:aa:9c:3f:bd:
                    cc:fc:ea:35:38:af:fb:38:35:04:a1:fb:02:0a:84:
                    e6:36:2e:c3:5e:78:e5:69:c7:b2:56:40:1f:e9:29:
                    e7:dd:8f:46:61:14:5e:c3:01:25:1b:a5:50:50:db:
                    9a:c1:ef:6a:d6:ef:e4:f2:74:5a:26:b2:33:84:0a:
                    1c:4d:8d:d1:34:64:61:4b:12:fe:cb:df:35:bf:0b:
                    cd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C0:4D:90:EC:7F:D5:DA:BB:D5:78:9E:F4:29:63:7B:C9:5C:19:4A
            X509v3 Authority Key Identifier:
                keyid:6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/vMBNkOx_1dq71Xie9Clje8lcGUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:a4:85:52:f7:36:38:f9:c9:20:12:fe:43:3f:e9:e4:1a:3f:
         fb:ab:dd:d6:10:2a:d7:13:ab:bf:30:83:b1:00:d4:04:e9:18:
         93:02:33:9e:5c:38:fc:aa:40:00:6b:92:46:48:0e:7a:9b:a8:
         64:a4:c8:d2:17:96:44:08:1f:7c:9c:a7:c5:d7:8b:41:d7:53:
         8c:0d:70:57:c6:31:c8:15:a3:80:fb:60:68:46:db:66:1e:52:
         f6:ae:ad:52:39:7f:71:ad:46:4e:6a:06:c2:a4:60:19:c9:78:
         d8:58:94:c4:5d:78:c5:50:61:4a:d7:f7:90:ef:24:2b:0e:c5:
         ac:66:9a:c1:c6:36:f9:25:a9:15:dc:8d:7a:62:da:f9:a8:63:
         51:98:11:f9:87:de:48:1a:59:da:c5:e8:31:b7:be:52:8d:50:
         cf:12:4f:5d:11:c2:14:3e:c9:2d:e3:18:68:55:21:1d:85:7e:
         e4:e3:a9:6f:d0:60:37:3b:0f:f8:f8:c3:f9:9e:9d:19:d0:de:
         54:90:db:a2:31:7e:ec:3d:f7:ab:3d:3e:c1:e7:46:51:0e:bd:
         16:f2:fb:e2:36:32:14:dc:da:45:5f:c0:9c:b7:21:9b:28:f4:
         55:bf:ce:b3:9c:6a:2f:80:7c:fc:3c:1c:4d:6f:81:35:eb:95:
         56:b7:a5:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HdNhkLnWKEIMI+2LftQAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDEzN2M5NTcxOWRlM2IwNjUxZTQ0YWQwNjgzNTAxYWU2
N2ViODgwHhcNMjQwMjIwMTY1ODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2MwNGQ5MGVjN2ZkNWRhYmJkNTc4OWVmNDI5NjM3YmM5NWMxOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZ2RdYad3dXzShuKXs9Hr9irA7Ot
VGFHXMt5IT4VhdktChNWtwstphshfYE7OmezK0WwvJlJO54e43Ra6mVQE3z3Td3e
VrCSSWhKzD4ylaE7PLKbdcjM88+XhYUNe0pVq7iTPBtvxw+r29+U38NQenPE6prN
Kbx1OD+yto0jxqIwRQ1LgPt3lHZD+UvfeFyTAA1yBYtmj/Au1aOfoI3X65V23tIc
IstdFVtAfxHClaqcP73M/Oo1OK/7ODUEofsCCoTmNi7DXnjlaceyVkAf6Snn3Y9G
YRRewwElG6VQUNuawe9q1u/k8nRaJrIzhAocTY3RNGRhSxL+y981vwvN1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzATZDsf9Xau9V4nvQpY3vJXBlKMB8GA1UdIwQY
MBaAFGtBN8lXGd47BlHkStBoNQGuZ+uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMt
ODViMjZiM2VkOTgzLzEvdk1CTmtPeF8xZHE3MVhpZTlDbGplOGxjR1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMtODViMjZiM2VkOTgz
LzEvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufDUMA0G
CSqGSIb3DQEBCwUAA4IBAQB4pIVS9zY4+ckgEv5DP+nkGj/7q93WECrXE6u/MIOx
ANQE6RiTAjOeXDj8qkAAa5JGSA56m6hkpMjSF5ZECB98nKfF14tB11OMDXBXxjHI
FaOA+2BoRttmHlL2rq1SOX9xrUZOagbCpGAZyXjYWJTEXXjFUGFK1/eQ7yQrDsWs
ZprBxjb5JakV3I16Ytr5qGNRmBH5h95IGlnaxegxt75SjVDPEk9dEcIUPskt4xho
VSEdhX7k46lv0GA3Ow/4+MP5np0Z0N5UkNuiMX7sPferPT7B50ZRDr0W8vviNjIU
3NpFX8CctyGbKPRVv86znGovgHz8PBxNb4E165VWt6Uw
-----END CERTIFICATE-----