Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/vlG2X2-KiyuW7QcTolqQ3C44Nio.roa
File:                     vlG2X2-KiyuW7QcTolqQ3C44Nio.roa (raw, json)
Hash identifier:          3Ly+2tHhr6/koZ+e8mZIElZBni1Yxk8MiGHecbZGyeM=
Subject key identifier:   BE:51:B6:5F:6F:8A:8B:2B:96:ED:07:13:A2:5A:90:DC:2E:38:36:2A
Certificate issuer:       /CN=cbb7c20b55a470dab892f4c91ea0010bd1c39f34
Certificate serial:       018CC500385A503E218B3BB977A20698147F
Authority key identifier: CB:B7:C2:0B:55:A4:70:DA:B8:92:F4:C9:1E:A0:01:0B:D1:C3:9F:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/vlG2X2-KiyuW7QcTolqQ3C44Nio.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4134
IP address blocks:        147.78.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:38:5a:50:3e:21:8b:3b:b9:77:a2:06:98:14:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbb7c20b55a470dab892f4c91ea0010bd1c39f34
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be51b65f6f8a8b2b96ed0713a25a90dc2e38362a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:48:4c:22:c8:f5:8b:ff:91:88:97:04:ab:68:
                    92:e1:7f:7b:be:c3:57:25:05:13:36:0a:47:3d:49:
                    8c:a6:8d:a9:5f:a0:52:23:6f:a9:a2:96:78:60:35:
                    ca:40:6a:f0:fd:77:44:9c:fe:4b:69:50:7a:cc:a8:
                    cf:bc:3f:0f:4f:1a:40:19:65:66:ea:ac:ad:89:30:
                    88:cf:8c:c4:d3:0b:e3:67:18:a4:2a:1b:62:ac:13:
                    ca:c5:88:16:7d:cb:71:ed:3d:f5:69:b8:c9:24:9d:
                    f2:5b:54:06:bf:56:eb:0d:0d:82:bb:c7:81:d7:1f:
                    ce:21:39:c4:ab:68:06:19:d8:f5:0b:8e:d1:d4:7d:
                    e8:76:7d:56:85:7b:6f:60:ee:70:31:ba:ca:39:b8:
                    bc:b2:cc:05:90:ea:1c:30:9d:40:b8:06:c7:75:d6:
                    89:b4:3d:76:b8:e7:eb:14:30:6c:e5:0e:d5:87:5f:
                    55:c1:e7:08:a0:90:d3:fe:b1:27:5b:b6:b3:5e:d1:
                    6e:b5:75:ce:f7:00:e2:53:78:e9:98:ec:f8:1c:bc:
                    49:1b:29:55:07:7f:17:b1:cf:92:b3:d7:bf:8e:30:
                    d6:3f:8b:a8:22:34:a6:14:f2:7b:8f:11:cc:a2:35:
                    24:1b:ad:6e:ae:84:06:63:27:de:ed:df:ec:99:a5:
                    f9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:51:B6:5F:6F:8A:8B:2B:96:ED:07:13:A2:5A:90:DC:2E:38:36:2A
            X509v3 Authority Key Identifier:
                keyid:CB:B7:C2:0B:55:A4:70:DA:B8:92:F4:C9:1E:A0:01:0B:D1:C3:9F:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/vlG2X2-KiyuW7QcTolqQ3C44Nio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:6c:b5:e6:3b:82:0b:d6:89:d7:fe:62:14:0b:74:33:96:cc:
         c9:b9:db:27:3b:91:af:df:8e:b4:9f:f5:f9:93:fe:c7:5a:7b:
         a6:a2:67:cb:a0:97:8a:09:1f:6f:d8:60:8c:41:b7:3e:a3:48:
         f7:f7:2e:0c:7f:f6:eb:98:54:91:57:73:48:15:23:d1:3b:f1:
         10:65:58:80:06:f7:10:70:bd:41:16:2b:b4:06:62:3b:56:9c:
         a7:a2:bf:ec:b6:dd:5a:09:12:bd:22:27:a1:05:f7:31:4a:ce:
         2c:20:b2:25:42:5d:eb:db:78:f3:29:47:d2:6f:e2:ed:75:be:
         9a:f6:ce:9a:66:d7:ec:57:c5:fb:2c:2f:22:9a:b9:c1:aa:94:
         a9:03:1c:d9:16:8b:e5:85:04:1c:17:34:2f:5a:66:4b:28:24:
         61:7d:56:95:ab:bc:78:30:6b:61:c1:bf:cb:84:bc:de:bf:ea:
         db:18:f9:73:78:a3:ce:1d:13:e6:02:b9:de:ed:20:18:49:b7:
         86:43:0d:a6:a8:3e:b5:04:b0:d6:8f:d8:17:ed:18:31:a8:49:
         37:d2:22:21:7b:2e:04:88:32:f2:10:0f:cc:10:20:d1:90:56:
         31:b3:a1:09:07:5c:42:80:ca:14:3b:38:40:d5:c2:dd:57:50:
         fb:27:15:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADhaUD4hizu5d6IGmBR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYjdjMjBiNTVhNDcwZGFiODkyZjRjOTFlYTAwMTBiZDFj
MzlmMzQwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUxYjY1ZjZmOGE4YjJiOTZlZDA3MTNhMjVhOTBkYzJlMzgzNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0hMIsj1i/+RiJcEq2iS4X97vsNX
JQUTNgpHPUmMpo2pX6BSI2+popZ4YDXKQGrw/XdEnP5LaVB6zKjPvD8PTxpAGWVm
6qytiTCIz4zE0wvjZxikKhtirBPKxYgWfctx7T31abjJJJ3yW1QGv1brDQ2Cu8eB
1x/OITnEq2gGGdj1C47R1H3odn1WhXtvYO5wMbrKObi8sswFkOocMJ1AuAbHddaJ
tD12uOfrFDBs5Q7Vh19VwecIoJDT/rEnW7azXtFutXXO9wDiU3jpmOz4HLxJGylV
B38Xsc+Ss9e/jjDWP4uoIjSmFPJ7jxHMojUkG61uroQGYyfe7d/smaX5pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5Rtl9viosrlu0HE6JakNwuODYqMB8GA1UdIwQY
MBaAFMu3wgtVpHDauJL0yR6gAQvRw580MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTdmQ0MxV2tjTnE0a3ZUSkhxQUJDOUhEbnpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83ZjBjMjQtNDQwYS00ZmY3LWEwYzgt
MjU2MzM5NzM2YzJiLzEvdmxHMlgyLUtpeXVXN1FjVG9scVEzQzQ0TmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83ZjBjMjQtNDQwYS00ZmY3LWEwYzgtMjU2MzM5NzM2YzJi
LzEveTdmQ0MxV2tjTnE0a3ZUSkhxQUJDOUhEbnpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk06GMA0G
CSqGSIb3DQEBCwUAA4IBAQBpbLXmO4IL1onX/mIUC3QzlszJudsnO5Gv3460n/X5
k/7HWnumomfLoJeKCR9v2GCMQbc+o0j39y4Mf/brmFSRV3NIFSPRO/EQZViABvcQ
cL1BFiu0BmI7Vpynor/stt1aCRK9IiehBfcxSs4sILIlQl3r23jzKUfSb+Ltdb6a
9s6aZtfsV8X7LC8imrnBqpSpAxzZFovlhQQcFzQvWmZLKCRhfVaVq7x4MGthwb/L
hLzev+rbGPlzeKPOHRPmArne7SAYSbeGQw2mqD61BLDWj9gX7RgxqEk30iIhey4E
iDLyEA/MECDRkFYxs6EJB1xCgMoUOzhA1cLdV1D7JxUs
-----END CERTIFICATE-----