Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/vu_4_hDDZvyKzi4MgSnjb_5tXJo.roa
File:                     vu_4_hDDZvyKzi4MgSnjb_5tXJo.roa (raw, json)
Hash identifier:          OsS0q59VDUyRicqzZ2lPxZalLDo2Tim74Y7+OavqfIg=
Subject key identifier:   BE:EF:F8:FE:10:C3:66:FC:8A:CE:2E:0C:81:29:E3:6F:FE:6D:5C:9A
Certificate issuer:       /CN=d45bab208653d4261ebf202f6036334119846055
Certificate serial:       018CC3B678BBD3E2ACB926ED21E0FDED684E
Authority key identifier: D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/vu_4_hDDZvyKzi4MgSnjb_5tXJo.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        193.37.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:78:bb:d3:e2:ac:b9:26:ed:21:e0:fd:ed:68:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bab208653d4261ebf202f6036334119846055
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beeff8fe10c366fc8ace2e0c8129e36ffe6d5c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:28:63:d1:9d:fd:4a:a2:9a:72:c0:7a:b5:ef:
                    89:12:ee:77:af:fc:a8:9c:47:5e:a3:88:b4:17:b0:
                    96:c0:b1:db:c0:53:1d:9d:56:44:ff:cc:25:ff:40:
                    4a:4c:db:8d:86:64:b4:c7:8e:55:40:45:5a:e1:62:
                    6f:2c:c3:10:1f:d0:8a:7a:6e:3e:b2:cd:6c:e0:d6:
                    26:dd:8f:a3:00:80:fe:d3:fc:d4:f7:d2:eb:c0:f2:
                    b8:37:a9:4f:d6:65:30:f4:90:8a:a1:50:e5:98:4d:
                    97:2d:09:2e:5f:d7:3e:5c:81:eb:c2:a4:e7:8e:a0:
                    b2:80:a2:95:6c:fc:c6:9e:d0:fb:c3:4a:c8:69:c4:
                    82:01:32:f4:76:4f:23:41:71:bc:df:4d:2f:46:23:
                    3d:c0:21:59:d4:74:ef:cb:59:98:c3:ad:6c:36:ef:
                    eb:79:fa:26:25:04:81:47:83:fc:24:04:34:b2:2f:
                    f1:33:4a:97:4d:f2:8e:1c:15:8a:6c:1d:f8:62:9a:
                    b6:1c:81:07:72:2e:b6:77:e1:2f:a8:3e:d9:d3:84:
                    ae:bd:6c:60:17:35:84:9d:95:07:98:03:75:ef:13:
                    bb:7b:9b:2e:a4:09:19:0e:40:ed:db:16:fc:1e:18:
                    3b:bb:a0:ff:1a:bc:d5:ff:d5:a4:a2:bb:df:fe:a3:
                    07:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:EF:F8:FE:10:C3:66:FC:8A:CE:2E:0C:81:29:E3:6F:FE:6D:5C:9A
            X509v3 Authority Key Identifier:
                keyid:D4:5B:AB:20:86:53:D4:26:1E:BF:20:2F:60:36:33:41:19:84:60:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FurIIZT1CYevyAvYDYzQRmEYFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/vu_4_hDDZvyKzi4MgSnjb_5tXJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0aec1f-6065-4d88-8454-124d3fb3906a/1/1FurIIZT1CYevyAvYDYzQRmEYFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:64:8a:99:64:4e:d3:14:22:ed:6f:27:92:cf:67:35:40:f6:
         d9:e9:a7:8e:e4:f0:65:25:04:61:2d:49:87:1f:5a:52:72:d0:
         85:ab:e1:1c:a9:e2:67:27:1a:08:1b:0d:b0:fe:c5:05:95:67:
         ca:c3:06:56:05:45:b7:02:48:96:7d:69:df:ff:40:01:9c:6b:
         13:45:a9:22:b1:f2:cd:13:9e:85:8f:5b:1f:e5:81:0a:7d:d3:
         52:0c:b1:41:c6:44:2d:86:56:c7:94:b0:cb:57:82:6b:5f:9b:
         05:5e:46:7d:f5:0e:ef:e4:0d:44:ce:a0:b4:04:6c:de:f3:55:
         1f:44:5c:69:52:ec:8e:7b:fc:50:57:ac:c4:05:77:29:01:5a:
         42:97:1b:da:24:48:01:01:4f:03:2d:d0:60:0f:40:76:91:33:
         e7:09:6c:44:d2:3f:87:69:c1:2f:28:00:6c:f3:f2:4e:42:73:
         c4:68:52:48:df:bf:5f:1e:28:70:9b:7d:49:41:b3:35:28:d8:
         da:de:da:66:9f:76:c8:40:7f:0a:06:b1:5d:65:b6:bc:36:3f:
         36:7a:fb:4b:e9:09:08:6a:24:85:66:43:76:fc:b6:41:f3:ae:
         02:3b:98:0a:ae:6e:40:4f:ef:66:ba:34:a7:47:ee:5a:7f:7c:
         e2:31:43:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtni70+KsuSbtIeD97WhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJhYjIwODY1M2Q0MjYxZWJmMjAyZjYwMzYzMzQxMTk4
NDYwNTUwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWVmZjhmZTEwYzM2NmZjOGFjZTJlMGM4MTI5ZTM2ZmZlNmQ1YzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhChj0Z39SqKacsB6te+JEu53r/yo
nEdeo4i0F7CWwLHbwFMdnVZE/8wl/0BKTNuNhmS0x45VQEVa4WJvLMMQH9CKem4+
ss1s4NYm3Y+jAID+0/zU99LrwPK4N6lP1mUw9JCKoVDlmE2XLQkuX9c+XIHrwqTn
jqCygKKVbPzGntD7w0rIacSCATL0dk8jQXG8300vRiM9wCFZ1HTvy1mYw61sNu/r
efomJQSBR4P8JAQ0si/xM0qXTfKOHBWKbB34Ypq2HIEHci62d+EvqD7Z04SuvWxg
FzWEnZUHmAN17xO7e5supAkZDkDt2xb8Hhg7u6D/GrzV/9Wkorvf/qMHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7v+P4Qw2b8is4uDIEp42/+bVyaMB8GA1UdIwQY
MBaAFNRbqyCGU9QmHr8gL2A2M0EZhGBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQt
MTI0ZDNmYjM5MDZhLzEvdnVfNF9oRERadnlLemk0TWdTbmpiXzV0WEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYWVjMWYtNjA2NS00ZDg4LTg0NTQtMTI0ZDNmYjM5MDZh
LzEvMUZ1cklJWlQxQ1lldnlBdllEWXpRUm1FWUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWHMA0G
CSqGSIb3DQEBCwUAA4IBAQBhZIqZZE7TFCLtbyeSz2c1QPbZ6aeO5PBlJQRhLUmH
H1pSctCFq+EcqeJnJxoIGw2w/sUFlWfKwwZWBUW3AkiWfWnf/0ABnGsTRakisfLN
E56Fj1sf5YEKfdNSDLFBxkQthlbHlLDLV4JrX5sFXkZ99Q7v5A1EzqC0BGze81Uf
RFxpUuyOe/xQV6zEBXcpAVpClxvaJEgBAU8DLdBgD0B2kTPnCWxE0j+HacEvKABs
8/JOQnPEaFJI379fHihwm31JQbM1KNja3tpmn3bIQH8KBrFdZba8Nj82evtL6QkI
aiSFZkN2/LZB864CO5gKrm5AT+9mujSnR+5af3ziMUMp
-----END CERTIFICATE-----