Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/vpFwSxxNIzbIVFfhLNHmZvlq2v0.roa
File:                     vpFwSxxNIzbIVFfhLNHmZvlq2v0.roa (raw, json)
Hash identifier:          KbvH8dSx10Z6V7QwG7y8p6LAXx0UDodk9v2o8hnZrv0=
Subject key identifier:   BE:91:70:4B:1C:4D:23:36:C8:54:57:E1:2C:D1:E6:66:F9:6A:DA:FD
Certificate issuer:       /CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
Certificate serial:       018D3FAFF245DE8DD4579248617BBF68EF25
Authority key identifier: 9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/vpFwSxxNIzbIVFfhLNHmZvlq2v0.roa
Signing time:             Thu 25 Jan 2024 08:15:11 +0000
ROA not before:           Thu 25 Jan 2024 08:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2269
IP address blocks:        138.195.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:af:f2:45:de:8d:d4:57:92:48:61:7b:bf:68:ef:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
        Validity
            Not Before: Jan 25 08:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be91704b1c4d2336c85457e12cd1e666f96adafd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b5:cb:01:7f:1e:fc:fb:9d:16:6f:e9:b7:d4:
                    03:8d:0f:f6:4d:6c:c8:38:ee:7a:8e:70:40:21:f3:
                    51:21:6f:5e:31:c1:75:72:68:3e:dd:c7:92:7a:d4:
                    3f:7e:0b:9e:7d:b1:3f:03:90:b7:5a:13:1f:1d:b4:
                    97:5f:38:b4:ce:2d:17:95:5c:00:ba:a2:61:db:23:
                    57:cb:90:73:d2:45:6a:ca:dc:e9:70:71:70:80:92:
                    62:69:79:b3:6e:3b:8b:60:3d:f8:b9:04:ce:6c:1c:
                    40:b4:1a:d6:62:f3:80:9e:34:7f:d0:57:ca:f9:cc:
                    a0:85:1c:92:3a:8e:0e:58:15:8d:4f:19:f7:e7:13:
                    2f:d0:22:26:b0:37:38:fe:fe:e3:0b:7a:43:52:51:
                    69:fc:41:4e:69:a2:52:37:84:b1:73:29:da:21:0c:
                    36:61:52:9f:2b:fd:bb:39:88:ec:7a:97:8c:22:4b:
                    bf:86:8e:d1:2e:72:f8:60:6c:db:bb:12:87:1a:86:
                    87:69:29:e9:e8:94:95:2f:5e:44:4d:d7:86:bd:c4:
                    63:6b:c3:2f:99:1f:90:10:a6:2d:ac:be:a5:db:b0:
                    2d:31:95:62:cf:69:30:8b:e6:1f:d7:90:35:08:e2:
                    3c:97:e3:67:04:4e:2e:36:e1:d8:01:b5:ea:dc:d2:
                    a7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:91:70:4B:1C:4D:23:36:C8:54:57:E1:2C:D1:E6:66:F9:6A:DA:FD
            X509v3 Authority Key Identifier:
                keyid:9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/vpFwSxxNIzbIVFfhLNHmZvlq2v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.195.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         64:e4:a8:25:90:a6:8a:1b:8f:70:e6:23:f2:7c:6e:1f:5a:5b:
         be:e2:d2:f0:95:b3:a0:03:d0:e3:a4:9c:ec:2c:25:4c:fc:2a:
         f0:60:9d:c5:88:03:db:30:58:f3:83:43:89:4c:f7:32:53:6c:
         c3:ca:80:3a:93:1a:68:b7:33:be:af:b1:e7:75:c3:90:6e:ff:
         e9:be:69:32:1e:36:84:f5:87:37:71:ba:ea:47:32:b7:fb:11:
         e0:fe:65:5f:19:3c:d9:16:80:54:f0:4b:f6:0f:8e:2b:dd:6c:
         9d:0d:64:2f:1f:c3:97:86:8b:ab:5a:7d:2e:05:77:3b:00:6f:
         36:55:99:9f:c4:a8:0d:64:1f:7a:33:87:80:5c:fa:1d:f7:dd:
         c8:b8:91:0d:fd:64:5d:5a:e7:40:1e:e0:b8:12:37:52:c3:2b:
         1c:73:45:c1:a3:f1:3f:cb:bd:24:86:7c:cc:69:45:d1:da:4f:
         57:22:c4:1e:5e:0f:be:37:9b:d5:3f:49:15:da:6e:69:69:bc:
         3f:68:82:74:64:03:f4:d0:1c:d7:f2:3c:2a:e5:c5:22:6a:01:
         e2:a2:e2:50:51:22:4f:14:56:72:76:42:2f:1f:31:26:c3:18:
         e8:62:c9:22:b8:4c:a3:24:c1:d3:5a:f2:f9:c6:4b:12:ea:5b:
         6e:80:d5:a9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY0/r/JF3o3UV5JIYXu/aO8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMzkzZWYxNjAyN2ZjMDNiYzVjMDQ1ZmY5Mjg5ZDRiYmI3
ZmYzNjQwHhcNMjQwMTI1MDgxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTkxNzA0YjFjNGQyMzM2Yzg1NDU3ZTEyY2QxZTY2NmY5NmFkYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7XLAX8e/PudFm/pt9QDjQ/2TWzI
OO56jnBAIfNRIW9eMcF1cmg+3ceSetQ/fguefbE/A5C3WhMfHbSXXzi0zi0XlVwA
uqJh2yNXy5Bz0kVqytzpcHFwgJJiaXmzbjuLYD34uQTObBxAtBrWYvOAnjR/0FfK
+cyghRySOo4OWBWNTxn35xMv0CImsDc4/v7jC3pDUlFp/EFOaaJSN4SxcynaIQw2
YVKfK/27OYjsepeMIku/ho7RLnL4YGzbuxKHGoaHaSnp6JSVL15ETdeGvcRja8Mv
mR+QEKYtrL6l27AtMZViz2kwi+Yf15A1COI8l+NnBE4uNuHYAbXq3NKnEwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFL6RcEscTSM2yFRX4SzR5mb5atr9MB8GA1UdIwQY
MBaAFJo5PvFgJ/wDvFwEX/konUu7f/NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgt
YWIyZDVlN2Q0YTdiLzEvdnBGd1N4eE5JemJJVkZmaExOSG1admxxMnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgtYWIyZDVlN2Q0YTdi
LzEvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAisMwDQYJ
KoZIhvcNAQELBQADggEBAGTkqCWQpoobj3DmI/J8bh9aW77i0vCVs6AD0OOknOws
JUz8KvBgncWIA9swWPODQ4lM9zJTbMPKgDqTGmi3M76vsed1w5Bu/+m+aTIeNoT1
hzdxuupHMrf7EeD+ZV8ZPNkWgFTwS/YPjivdbJ0NZC8fw5eGi6tafS4FdzsAbzZV
mZ/EqA1kH3ozh4Bc+h333ci4kQ39ZF1a50Ae4LgSN1LDKxxzRcGj8T/LvSSGfMxp
RdHaT1cixB5eD743m9U/SRXabmlpvD9ognRkA/TQHNfyPCrlxSJqAeKi4lBRIk8U
VnJ2Qi8fMSbDGOhiySK4TKMkwdNa8vnGSxLqW26A1ak=
-----END CERTIFICATE-----