Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/vhEUu1_F0343qJHERE6VjW5tgyY.roa
File:                     vhEUu1_F0343qJHERE6VjW5tgyY.roa (raw, json)
Hash identifier:          QHtBRAz3pfVrHn4bzDG3CoPe8LieAGDC6ZLm6hHs+kg=
Subject key identifier:   BE:11:14:BB:5F:C5:D3:7E:37:A8:91:C4:44:4E:95:8D:6E:6D:83:26
Certificate issuer:       /CN=2b4ddfa3bbf15bc1db85d83799a01b9869ad5ce7
Certificate serial:       0192543232FBEB799D56D6B4C83D5F07FC26
Authority key identifier: 2B:4D:DF:A3:BB:F1:5B:C1:DB:85:D8:37:99:A0:1B:98:69:AD:5C:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/vhEUu1_F0343qJHERE6VjW5tgyY.roa
Signing time:             Thu 03 Oct 2024 21:03:48 +0000
ROA not before:           Thu 03 Oct 2024 21:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        193.109.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:32:32:fb:eb:79:9d:56:d6:b4:c8:3d:5f:07:fc:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b4ddfa3bbf15bc1db85d83799a01b9869ad5ce7
        Validity
            Not Before: Oct  3 21:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be1114bb5fc5d37e37a891c4444e958d6e6d8326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:6d:00:84:2b:53:17:d7:6d:be:54:bc:7f:
                    14:e1:db:c7:d6:25:02:cd:48:3e:2b:84:86:5a:f7:
                    41:ec:fa:d5:1d:aa:be:57:dd:e9:b7:b3:da:8f:8c:
                    29:97:aa:8d:8b:37:a8:41:65:93:fc:fc:ad:6c:7b:
                    83:c7:0b:45:7b:b4:99:d0:f1:ef:be:16:14:5a:4b:
                    7f:6a:b9:f9:51:14:bc:d8:a6:a7:26:d0:27:27:2f:
                    d3:37:d6:70:42:5d:62:35:da:74:18:bd:d9:5f:9d:
                    39:1b:7c:06:d9:c9:5d:45:9d:65:b3:50:8e:7c:2d:
                    20:64:25:ba:40:89:96:b6:41:5a:25:55:da:73:96:
                    59:23:23:e1:d8:f2:61:5b:91:05:1d:ff:62:72:e7:
                    9e:7e:ab:e2:2d:05:23:02:f4:aa:93:81:d3:d8:ff:
                    af:77:d6:ce:94:61:4b:f1:c4:c7:f6:f6:aa:58:0d:
                    7b:12:ac:f8:d6:5a:7e:bf:8a:94:6e:5f:e3:56:9c:
                    91:cb:aa:c4:0b:49:16:b0:4e:8a:28:fa:82:5e:01:
                    6e:36:f9:f2:1c:c5:6b:ae:0d:ed:3d:51:53:26:51:
                    2b:71:a5:54:d6:f3:c3:ec:42:34:4f:d1:f3:20:ba:
                    54:87:3b:98:b2:74:6f:c3:1d:37:4b:44:90:a4:ff:
                    0a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:11:14:BB:5F:C5:D3:7E:37:A8:91:C4:44:4E:95:8D:6E:6D:83:26
            X509v3 Authority Key Identifier:
                keyid:2B:4D:DF:A3:BB:F1:5B:C1:DB:85:D8:37:99:A0:1B:98:69:AD:5C:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K03fo7vxW8Hbhdg3maAbmGmtXOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/vhEUu1_F0343qJHERE6VjW5tgyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a12116-223c-4311-821e-fe8aea5d40a7/1/K03fo7vxW8Hbhdg3maAbmGmtXOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:fc:19:cf:4f:88:b9:43:2f:0a:18:b7:f5:0f:9f:b2:93:77:
         ac:55:f1:82:12:6d:bd:24:15:92:f8:ef:05:32:96:97:58:b0:
         ed:79:b3:a4:b2:a0:10:5c:cb:ef:86:76:17:47:3d:a6:af:df:
         0a:59:b6:95:ea:28:e6:d7:f3:55:ff:74:39:2e:9e:55:e7:94:
         13:a7:3e:67:40:01:1c:3a:d2:5e:bb:ee:aa:9d:ae:b3:3a:bb:
         d9:f0:b4:0d:e5:e8:ad:e9:87:93:4d:a5:d7:6e:d7:54:4d:74:
         63:30:7b:47:b9:bf:4c:af:2b:32:be:d8:85:7d:d5:51:83:c7:
         b5:88:58:f7:e1:fd:13:ed:3f:ba:2f:29:0f:18:c9:f2:29:ef:
         0b:c9:2f:7a:b3:a1:69:d1:b4:a3:a4:80:1f:b5:d5:70:44:9d:
         91:59:c4:96:8f:28:44:b5:f6:18:92:e8:89:6c:07:08:74:e5:
         95:1e:4e:46:29:fe:e1:ce:7d:33:41:b1:b2:21:a0:32:b4:96:
         b4:7b:c9:79:81:55:1d:ac:33:e2:4f:17:53:30:e3:93:95:37:
         d1:12:93:b8:df:35:49:88:61:d4:07:07:ab:01:2d:0a:bd:42:
         38:ac:d0:e0:8a:9b:05:6f:6a:e1:59:fa:bc:22:24:91:ab:98:
         d4:64:9e:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJUMjL763mdVta0yD1fB/wmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNGRkZmEzYmJmMTViYzFkYjg1ZDgzNzk5YTAxYjk4Njlh
ZDVjZTcwHhcNMjQxMDAzMjEwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTExMTRiYjVmYzVkMzdlMzdhODkxYzQ0NDRlOTU4ZDZlNmQ4MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweptAIQrUxfXbb5UvH8U4dvH1iUC
zUg+K4SGWvdB7PrVHaq+V93pt7Paj4wpl6qNizeoQWWT/PytbHuDxwtFe7SZ0PHv
vhYUWkt/arn5URS82KanJtAnJy/TN9ZwQl1iNdp0GL3ZX505G3wG2cldRZ1ls1CO
fC0gZCW6QImWtkFaJVXac5ZZIyPh2PJhW5EFHf9icueefqviLQUjAvSqk4HT2P+v
d9bOlGFL8cTH9vaqWA17Eqz41lp+v4qUbl/jVpyRy6rEC0kWsE6KKPqCXgFuNvny
HMVrrg3tPVFTJlErcaVU1vPD7EI0T9HzILpUhzuYsnRvwx03S0SQpP8KPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4RFLtfxdN+N6iRxEROlY1ubYMmMB8GA1UdIwQY
MBaAFCtN36O78VvB24XYN5mgG5hprVznMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzAzZm83dnhXOEhiaGRnM21hQWJtR210WE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hMTIxMTYtMjIzYy00MzExLTgyMWUt
ZmU4YWVhNWQ0MGE3LzEvdmhFVXUxX0YwMzQzcUpIRVJFNlZqVzV0Z3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hMTIxMTYtMjIzYy00MzExLTgyMWUtZmU4YWVhNWQ0MGE3
LzEvSzAzZm83dnhXOEhiaGRnM21hQWJtR210WE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW39MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ/BnPT4i5Qy8KGLf1D5+yk3esVfGCEm29JBWS+O8F
MpaXWLDtebOksqAQXMvvhnYXRz2mr98KWbaV6ijm1/NV/3Q5Lp5V55QTpz5nQAEc
OtJeu+6qna6zOrvZ8LQN5eit6YeTTaXXbtdUTXRjMHtHub9MrysyvtiFfdVRg8e1
iFj34f0T7T+6LykPGMnyKe8LyS96s6Fp0bSjpIAftdVwRJ2RWcSWjyhEtfYYkuiJ
bAcIdOWVHk5GKf7hzn0zQbGyIaAytJa0e8l5gVUdrDPiTxdTMOOTlTfREpO43zVJ
iGHUBwerAS0KvUI4rNDgipsFb2rhWfq8IiSRq5jUZJ4Y
-----END CERTIFICATE-----