Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/vdHvgLbQDQzbHgoD4KjbSUHMF38.roa
File:                     vdHvgLbQDQzbHgoD4KjbSUHMF38.roa (raw, json)
Hash identifier:          nrICqjf0FN5lopu9i1Uv+/6zMDZaYlNWnVIWyCrjoKA=
Subject key identifier:   BD:D1:EF:80:B6:D0:0D:0C:DB:1E:0A:03:E0:A8:DB:49:41:CC:17:7F
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348AAD663AD352D72EFC0112E65E6B7
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/vdHvgLbQDQzbHgoD4KjbSUHMF38.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205782
IP address blocks:        194.27.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:d6:63:ad:35:2d:72:ef:c0:11:2e:65:e6:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdd1ef80b6d00d0cdb1e0a03e0a8db4941cc177f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fa:f3:ae:b8:d1:3d:0b:e8:b0:36:ef:ad:be:
                    c9:b8:9f:f1:16:49:f1:37:ca:30:b0:0a:6e:49:de:
                    b9:b3:dd:f9:83:78:dc:9e:0e:d9:71:13:5f:2d:25:
                    81:07:8a:4b:9c:fe:30:e0:5d:16:c6:32:e9:48:a9:
                    2b:d9:99:37:b0:c3:b3:72:b6:0c:20:91:01:af:b1:
                    32:12:85:ca:bb:6c:d9:f0:3a:f2:b7:fd:bb:7f:a9:
                    6c:e0:ac:9d:1a:a5:51:ef:4c:2e:10:2c:7a:d1:49:
                    4e:64:38:61:ed:97:40:38:9e:f4:b7:d2:db:ac:2b:
                    3a:27:35:a8:7b:1f:3c:a4:ee:09:ce:34:54:9d:17:
                    f7:cb:86:15:e1:59:ef:44:24:43:56:ed:71:4c:4b:
                    71:4d:d8:f5:fd:c0:01:81:bf:63:b8:7d:b5:1f:61:
                    c1:ce:11:a1:f4:89:a0:4a:f9:03:8b:ac:d0:1c:e3:
                    97:bc:6f:9f:b1:12:2b:4d:f4:34:08:92:e3:d1:ee:
                    88:7b:dc:5b:68:12:60:49:5c:d6:88:a0:51:7f:13:
                    a3:d8:fe:91:96:0d:43:01:96:e4:9b:d5:b9:a8:7d:
                    d1:67:02:85:5f:44:d8:0b:0b:77:dd:43:ac:1c:bf:
                    17:7e:a3:89:6a:92:4e:e4:3a:0e:82:bf:b1:21:8e:
                    79:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D1:EF:80:B6:D0:0D:0C:DB:1E:0A:03:E0:A8:DB:49:41:CC:17:7F
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/vdHvgLbQDQzbHgoD4KjbSUHMF38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.27.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:04:e4:96:27:5b:9b:e6:41:03:74:73:3e:f0:fb:74:ab:32:
         12:ce:87:75:88:51:01:27:b8:b2:fe:5c:63:a7:2d:2f:68:65:
         d1:4d:b5:27:ce:ab:e6:be:19:89:13:84:20:b7:0c:90:8d:e8:
         bd:7a:69:f0:57:d0:09:8f:09:14:26:f0:88:63:fd:0b:4a:f4:
         12:57:e3:77:aa:9d:be:03:27:2d:6a:86:bc:33:f6:61:62:46:
         48:c7:bd:32:ee:19:5c:23:91:aa:d6:df:53:a8:6c:fc:da:53:
         9f:50:39:38:bf:a3:e2:1e:ae:5b:f5:f2:5f:40:c0:b0:99:11:
         af:e4:86:2f:c5:e4:c2:a2:63:67:98:f5:0f:aa:a9:2f:6e:de:
         b9:90:a9:88:4f:f0:3c:a1:5b:45:28:dc:94:d0:e6:18:61:63:
         fc:91:b7:82:6a:b1:bd:e2:24:e6:ad:d5:df:42:f0:ff:f3:fd:
         f6:dd:c0:de:5b:4c:7c:36:68:9e:eb:a8:98:ea:4c:30:32:cc:
         c3:da:6a:49:bb:a4:9f:a1:16:03:18:85:7a:fc:04:29:bd:de:
         6f:b4:4d:23:33:a8:86:ca:24:00:4f:89:6f:d3:4e:1b:12:44:
         f5:27:b4:35:45:dc:9e:a0:48:9d:c2:3b:3f:c5:26:7b:a8:bf:
         f6:21:be:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKrWY601LXLvwBEuZea3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQxZWY4MGI2ZDAwZDBjZGIxZTBhMDNlMGE4ZGI0OTQxY2MxNzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/rzrrjRPQvosDbvrb7JuJ/xFknx
N8owsApuSd65s935g3jcng7ZcRNfLSWBB4pLnP4w4F0WxjLpSKkr2Zk3sMOzcrYM
IJEBr7EyEoXKu2zZ8Dryt/27f6ls4KydGqVR70wuECx60UlOZDhh7ZdAOJ70t9Lb
rCs6JzWoex88pO4JzjRUnRf3y4YV4VnvRCRDVu1xTEtxTdj1/cABgb9juH21H2HB
zhGh9ImgSvkDi6zQHOOXvG+fsRIrTfQ0CJLj0e6Ie9xbaBJgSVzWiKBRfxOj2P6R
lg1DAZbkm9W5qH3RZwKFX0TYCwt33UOsHL8XfqOJapJO5DoOgr+xIY55lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3R74C20A0M2x4KA+Co20lBzBd/MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvdmRIdmdMYlFEUXpiSGdvRDRLamJTVUhNRjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhveMA0G
CSqGSIb3DQEBCwUAA4IBAQBWBOSWJ1ub5kEDdHM+8Pt0qzISzod1iFEBJ7iy/lxj
py0vaGXRTbUnzqvmvhmJE4QgtwyQjei9emnwV9AJjwkUJvCIY/0LSvQSV+N3qp2+
Ayctaoa8M/ZhYkZIx70y7hlcI5Gq1t9TqGz82lOfUDk4v6PiHq5b9fJfQMCwmRGv
5IYvxeTComNnmPUPqqkvbt65kKmIT/A8oVtFKNyU0OYYYWP8kbeCarG94iTmrdXf
QvD/8/323cDeW0x8Nmie66iY6kwwMszD2mpJu6SfoRYDGIV6/AQpvd5vtE0jM6iG
yiQAT4lv004bEkT1J7Q1RdyeoEidwjs/xSZ7qL/2Ib6A
-----END CERTIFICATE-----