Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vQ09MMNUpTYVaQikv6l_FD6gPS8.roa
File:                     vQ09MMNUpTYVaQikv6l_FD6gPS8.roa (raw, json)
Hash identifier:          kOXrqOYBIJDldGKH3ZUNaf2Al5RvTNywCqZY2NKG/NU=
Subject key identifier:   BD:0D:3D:30:C3:54:A5:36:15:69:08:A4:BF:A9:7F:14:3E:A0:3D:2F
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018D6486DD8629017F2C157487553891B4E8
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vQ09MMNUpTYVaQikv6l_FD6gPS8.roa
Signing time:             Thu 01 Feb 2024 11:56:16 +0000
ROA not before:           Thu 01 Feb 2024 11:56:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60591
IP address blocks:        45.87.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:86:dd:86:29:01:7f:2c:15:74:87:55:38:91:b4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Feb  1 11:56:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd0d3d30c354a536156908a4bfa97f143ea03d2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:82:ae:14:88:82:d7:e5:a4:4b:09:f7:f5:fb:
                    6f:db:9e:b5:90:9a:e5:94:9d:a9:56:f9:be:dc:c1:
                    30:fb:f1:cf:08:be:22:09:3f:f6:77:df:e9:6d:cd:
                    ee:ae:c8:60:84:08:ca:f0:5b:85:60:d0:b1:3e:91:
                    30:53:84:33:44:a1:67:a6:a2:75:5e:2e:05:9e:cb:
                    5c:f8:d4:b0:9c:b5:6d:6d:2b:9d:0d:f0:0b:7a:ab:
                    dd:9a:16:f2:96:35:40:59:18:a2:22:3e:ba:29:ff:
                    5b:18:19:d1:d2:14:74:1e:7b:12:55:c1:8f:b7:10:
                    dc:ed:cc:40:c1:3f:48:a1:c0:9b:e1:90:d4:b1:f7:
                    38:ec:d1:37:8c:60:15:f8:94:7d:1d:6e:c1:9a:5f:
                    26:97:ab:2c:1f:24:d9:79:7f:05:eb:4f:ec:b2:30:
                    c9:78:78:3f:5e:5c:4a:94:52:52:52:b2:14:f2:7f:
                    db:50:2c:99:d2:15:66:56:19:91:92:50:b5:f0:81:
                    d7:32:90:20:86:be:43:a4:7f:7b:9b:74:ad:9f:14:
                    ab:11:d5:a9:04:0e:0b:c9:a5:8f:33:a6:92:61:54:
                    d0:ba:0b:c6:b6:85:e0:71:ff:bc:6c:d0:7b:82:00:
                    2a:8e:72:6a:1a:b3:39:cf:52:4c:e1:dc:21:f6:4c:
                    97:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:0D:3D:30:C3:54:A5:36:15:69:08:A4:BF:A9:7F:14:3E:A0:3D:2F
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vQ09MMNUpTYVaQikv6l_FD6gPS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:37:68:19:0f:62:11:ae:94:8b:c1:61:33:91:82:b9:75:50:
         42:d6:39:d0:1f:82:f7:55:47:b1:c2:d2:e4:ec:a5:d7:44:fa:
         c0:24:18:61:28:a1:b2:87:ab:ca:69:b7:46:3b:25:7f:eb:c4:
         41:33:da:a6:0a:68:84:8e:62:18:1e:1e:66:24:44:1b:95:af:
         3f:54:bb:5a:35:be:a7:21:ad:30:f7:ff:8a:ed:2e:83:c3:c9:
         cf:b6:60:85:f8:7b:91:39:52:b0:da:45:57:ef:9c:61:d5:17:
         70:16:e8:d5:0b:5c:3b:20:55:af:1b:3f:85:3b:48:6b:4c:8c:
         2c:06:c9:2d:d8:b8:23:f1:86:d6:d8:e5:6d:4b:14:d8:6d:bf:
         5c:b3:34:60:29:26:1c:6c:e6:e1:06:6f:17:ba:08:26:6d:69:
         fc:b2:30:90:2b:8a:99:33:78:0d:39:db:06:f3:6c:b5:e1:36:
         ff:2e:ee:31:0f:d4:cd:32:c5:e3:92:8c:b4:81:0d:ae:cb:83:
         ad:54:bf:94:b9:e5:f8:70:04:ef:9c:65:c6:03:81:12:27:73:
         17:49:ef:30:52:5d:e3:6f:93:06:26:84:38:8e:55:cb:8e:a8:
         17:17:11:6c:76:33:93:cb:76:dd:cd:b5:92:98:16:0c:4f:93:
         c3:37:bc:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1kht2GKQF/LBV0h1U4kbToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMjAxMTE1NjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDBkM2QzMGMzNTRhNTM2MTU2OTA4YTRiZmE5N2YxNDNlYTAzZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIKuFIiC1+WkSwn39ftv2561kJrl
lJ2pVvm+3MEw+/HPCL4iCT/2d9/pbc3urshghAjK8FuFYNCxPpEwU4QzRKFnpqJ1
Xi4Fnstc+NSwnLVtbSudDfALeqvdmhbyljVAWRiiIj66Kf9bGBnR0hR0HnsSVcGP
txDc7cxAwT9IocCb4ZDUsfc47NE3jGAV+JR9HW7Bml8ml6ssHyTZeX8F60/ssjDJ
eHg/XlxKlFJSUrIU8n/bUCyZ0hVmVhmRklC18IHXMpAghr5DpH97m3StnxSrEdWp
BA4LyaWPM6aSYVTQugvGtoXgcf+8bNB7ggAqjnJqGrM5z1JM4dwh9kyXMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0NPTDDVKU2FWkIpL+pfxQ+oD0vMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvdlEwOU1NTlVwVFlWYVFpa3Y2bF9GRDZnUFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVfbMA0G
CSqGSIb3DQEBCwUAA4IBAQAnN2gZD2IRrpSLwWEzkYK5dVBC1jnQH4L3VUexwtLk
7KXXRPrAJBhhKKGyh6vKabdGOyV/68RBM9qmCmiEjmIYHh5mJEQbla8/VLtaNb6n
Ia0w9/+K7S6Dw8nPtmCF+HuROVKw2kVX75xh1RdwFujVC1w7IFWvGz+FO0hrTIws
Bskt2Lgj8YbW2OVtSxTYbb9cszRgKSYcbObhBm8XuggmbWn8sjCQK4qZM3gNOdsG
82y14Tb/Lu4xD9TNMsXjkoy0gQ2uy4OtVL+UueX4cATvnGXGA4ESJ3MXSe8wUl3j
b5MGJoQ4jlXLjqgXFxFsdjOTy3bdzbWSmBYMT5PDN7x4
-----END CERTIFICATE-----