Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/vavU8x_SSO0NQ9TW1Uxm7PibzJo.roa
File:                     vavU8x_SSO0NQ9TW1Uxm7PibzJo.roa (raw, json)
Hash identifier:          nSkNs5WbloAAx3bu9ek/AIzEXjvqCYjfMqeBupBKivA=
Subject key identifier:   BD:AB:D4:F3:1F:D2:48:ED:0D:43:D4:D6:D5:4C:66:EC:F8:9B:CC:9A
Certificate issuer:       /CN=729e4620c5991e06e1cc056e9cdd1de2b7958873
Certificate serial:       018FED55A1FA86DA4D3DCAF910E7E0FE06C2
Authority key identifier: 72:9E:46:20:C5:99:1E:06:E1:CC:05:6E:9C:DD:1D:E2:B7:95:88:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/vavU8x_SSO0NQ9TW1Uxm7PibzJo.roa
Signing time:             Thu 06 Jun 2024 11:36:03 +0000
ROA not before:           Thu 06 Jun 2024 11:36:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        91.223.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:55:a1:fa:86:da:4d:3d:ca:f9:10:e7:e0:fe:06:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729e4620c5991e06e1cc056e9cdd1de2b7958873
        Validity
            Not Before: Jun  6 11:36:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdabd4f31fd248ed0d43d4d6d54c66ecf89bcc9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:dd:82:c3:4e:09:10:c6:d2:7d:91:65:5a:3d:
                    f8:1a:9e:f0:4d:cc:64:b2:c0:f1:e4:db:24:ca:2c:
                    93:2c:03:a8:8b:5c:d5:6b:73:c9:58:fe:88:f3:01:
                    0c:b5:e0:f4:92:ee:c5:9e:ed:93:b2:0e:f6:f3:6f:
                    41:5c:cd:2d:09:f2:8f:35:7d:e3:ac:06:51:5b:78:
                    88:c5:95:68:5b:13:ee:9a:93:90:e8:03:16:b7:e9:
                    c2:cd:e6:5d:80:7c:e6:04:58:43:1d:fd:ba:71:73:
                    7b:2d:26:ee:28:9b:5c:2b:ab:37:a9:5e:41:8e:05:
                    7a:3f:df:7c:d9:0e:f9:61:14:78:b4:da:ba:a8:5a:
                    35:4a:dd:a9:38:68:ce:1d:68:3b:89:c0:43:b6:51:
                    43:81:51:0e:8b:f0:ff:6b:a1:19:6f:b4:d2:f9:86:
                    b9:9e:9f:c4:9d:12:02:ba:0e:74:33:ef:40:9d:a6:
                    f1:01:c7:9d:58:1b:f2:3f:77:c1:11:bf:c3:8c:f9:
                    d2:bb:0c:60:8b:ae:77:d4:13:06:cd:f2:0d:1b:4b:
                    cd:17:84:79:c3:57:b6:cd:f4:4f:a3:77:c5:bb:4c:
                    2c:9c:7d:c0:29:7e:91:b1:99:56:78:d3:99:f5:1b:
                    4d:97:18:ac:d7:2e:ed:77:e0:c3:4b:fb:26:b2:93:
                    10:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:AB:D4:F3:1F:D2:48:ED:0D:43:D4:D6:D5:4C:66:EC:F8:9B:CC:9A
            X509v3 Authority Key Identifier:
                keyid:72:9E:46:20:C5:99:1E:06:E1:CC:05:6E:9C:DD:1D:E2:B7:95:88:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/vavU8x_SSO0NQ9TW1Uxm7PibzJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:68:9f:c8:b4:ed:10:fb:d3:64:fe:0d:88:7d:ed:07:28:dc:
         cd:9c:f4:93:61:e1:ba:cd:f6:2a:a2:49:28:cb:21:a1:ea:9e:
         00:1f:38:27:be:3c:3c:ab:7d:f9:6b:e1:60:b2:e0:f5:20:81:
         e0:13:66:1d:42:b0:04:69:19:99:17:79:2f:54:3e:45:61:78:
         86:f3:0a:0f:39:c9:db:2e:01:e8:c9:1a:40:3f:e3:05:fd:02:
         f6:b8:5f:cd:ec:13:09:28:c6:35:d5:f6:09:77:fc:30:2d:86:
         40:1f:86:57:4c:2d:41:db:c8:59:19:02:75:b8:8f:7d:70:af:
         f4:fe:72:5b:5f:9e:14:2e:26:05:df:39:e2:25:6f:ae:03:89:
         df:ec:42:cc:aa:dd:ac:29:31:cd:af:9b:1f:44:d7:9f:34:ba:
         6d:9b:ac:27:b3:71:17:91:00:41:1b:ed:3b:49:68:5f:8e:84:
         d9:3b:18:a5:2a:7d:d8:6f:80:b7:fe:98:b5:bc:1c:b5:ae:61:
         4f:15:d3:0f:07:78:a6:24:fa:36:04:b5:97:0b:3e:35:96:df:
         04:3f:9c:ae:dc:4f:7f:cc:c8:70:d0:23:fd:8a:e1:f6:a6:3e:
         4f:d6:05:f7:06:ec:3f:c0:9e:42:83:55:90:df:e6:58:de:1f:
         80:c2:be:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/tVaH6htpNPcr5EOfg/gbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWU0NjIwYzU5OTFlMDZlMWNjMDU2ZTljZGQxZGUyYjc5
NTg4NzMwHhcNMjQwNjA2MTEzNjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGFiZDRmMzFmZDI0OGVkMGQ0M2Q0ZDZkNTRjNjZlY2Y4OWJjYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d2Cw04JEMbSfZFlWj34Gp7wTcxk
ssDx5NskyiyTLAOoi1zVa3PJWP6I8wEMteD0ku7Fnu2Tsg72829BXM0tCfKPNX3j
rAZRW3iIxZVoWxPumpOQ6AMWt+nCzeZdgHzmBFhDHf26cXN7LSbuKJtcK6s3qV5B
jgV6P9982Q75YRR4tNq6qFo1St2pOGjOHWg7icBDtlFDgVEOi/D/a6EZb7TS+Ya5
np/EnRICug50M+9AnabxAcedWBvyP3fBEb/DjPnSuwxgi6531BMGzfING0vNF4R5
w1e2zfRPo3fFu0wsnH3AKX6RsZlWeNOZ9RtNlxis1y7td+DDS/smspMQvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2r1PMf0kjtDUPU1tVMZuz4m8yaMB8GA1UdIwQY
MBaAFHKeRiDFmR4G4cwFbpzdHeK3lYhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3A1R0lNV1pIZ2JoekFWdW5OMGQ0cmVWaUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9kNDczOWUtYWZmYy00OWJhLTg2OTQt
MjBmZTE4ZjdlMTI4LzEvdmF2VTh4X1NTTzBOUTlUVzFVeG03UGliekpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9kNDczOWUtYWZmYy00OWJhLTg2OTQtMjBmZTE4ZjdlMTI4
LzEvY3A1R0lNV1pIZ2JoekFWdW5OMGQ0cmVWaUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+EMA0G
CSqGSIb3DQEBCwUAA4IBAQCnaJ/ItO0Q+9Nk/g2Ife0HKNzNnPSTYeG6zfYqokko
yyGh6p4AHzgnvjw8q335a+FgsuD1IIHgE2YdQrAEaRmZF3kvVD5FYXiG8woPOcnb
LgHoyRpAP+MF/QL2uF/N7BMJKMY11fYJd/wwLYZAH4ZXTC1B28hZGQJ1uI99cK/0
/nJbX54ULiYF3zniJW+uA4nf7ELMqt2sKTHNr5sfRNefNLptm6wns3EXkQBBG+07
SWhfjoTZOxilKn3Yb4C3/pi1vBy1rmFPFdMPB3imJPo2BLWXCz41lt8EP5yu3E9/
zMhw0CP9iuH2pj5P1gX3Buw/wJ5Cg1WQ3+ZY3h+Awr7F
-----END CERTIFICATE-----