Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/vhqJsExlP6cH_j-Bp3dDbLXzdWA.roa
File:                     vhqJsExlP6cH_j-Bp3dDbLXzdWA.roa (raw, json)
Hash identifier:          ph4NIcz44Nbj2aLKeKkMYEdQ7opA/r0JVv9U+fuBDuw=
Subject key identifier:   BE:1A:89:B0:4C:65:3F:A7:07:FE:3F:81:A7:77:43:6C:B5:F3:75:60
Certificate issuer:       /CN=2146e560a3f5cac7c64fe0f13be663d94c871453
Certificate serial:       018F95B2A70E1ED48B4A05D8E4B2D6B261EA
Authority key identifier: 21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/vhqJsExlP6cH_j-Bp3dDbLXzdWA.roa
Signing time:             Mon 20 May 2024 11:11:04 +0000
ROA not before:           Mon 20 May 2024 11:11:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        185.167.78.0/24 maxlen: 24
                          2a14:7380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:b2:a7:0e:1e:d4:8b:4a:05:d8:e4:b2:d6:b2:61:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2146e560a3f5cac7c64fe0f13be663d94c871453
        Validity
            Not Before: May 20 11:11:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be1a89b04c653fa707fe3f81a777436cb5f37560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3e:80:ed:d0:19:6a:05:31:3c:76:73:7e:73:
                    f6:41:b4:de:c0:a4:c3:6e:07:4c:5a:25:8a:97:a7:
                    ce:84:c4:89:6c:c3:96:77:f2:40:f6:26:94:62:68:
                    02:05:ac:f2:8f:3e:90:cc:5d:1a:76:e6:8e:98:88:
                    b8:81:5a:93:e2:77:9b:69:b0:c6:3a:18:c1:df:d9:
                    6f:f4:b1:28:10:c8:66:58:87:17:bc:69:23:2d:c7:
                    28:b4:21:af:c2:00:02:f1:1e:98:ab:bb:39:e7:7c:
                    5c:0c:25:1d:e2:57:73:2e:7b:7d:76:1f:18:b9:ac:
                    06:5b:ae:69:3b:80:63:90:ad:74:38:54:92:aa:d5:
                    28:0b:ab:4f:b6:de:2b:28:11:12:64:fc:e6:b4:80:
                    8b:62:34:ef:f8:10:a1:21:f1:71:2c:f5:e5:19:0d:
                    ce:b5:7d:16:71:bf:20:8b:5f:75:b7:cc:0a:43:4c:
                    e9:3d:48:da:ef:01:bb:23:60:d1:c6:2d:f5:15:29:
                    d2:04:bc:69:22:20:0e:22:9a:ff:9b:75:1f:39:64:
                    dc:dc:19:c3:ba:b3:45:ad:4e:29:bb:eb:cf:e6:36:
                    de:af:ac:70:1e:9e:cb:3f:d7:4f:9f:99:db:a6:ed:
                    a6:3d:24:1d:a6:3d:af:47:11:e7:ec:7b:4f:8c:a7:
                    dc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:1A:89:B0:4C:65:3F:A7:07:FE:3F:81:A7:77:43:6C:B5:F3:75:60
            X509v3 Authority Key Identifier:
                keyid:21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/vhqJsExlP6cH_j-Bp3dDbLXzdWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.78.0/24
                IPv6:
                  2a14:7380::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:68:ad:a3:79:f7:a9:2b:a7:c0:23:98:08:f8:f2:b4:87:52:
         ae:ce:5a:93:59:3a:f8:8f:30:60:94:ba:3a:eb:86:dc:aa:9b:
         ab:a2:e4:08:66:ac:17:7b:c0:12:23:29:b6:b5:ca:90:09:f3:
         2c:28:6d:04:47:55:66:eb:9a:51:3b:33:af:80:90:b9:51:77:
         b6:0e:3f:70:c1:54:ef:38:79:4f:cf:08:6a:69:7c:5a:04:3b:
         29:55:90:0c:fd:47:80:3e:8c:5d:ed:a7:bc:35:31:27:75:cd:
         82:56:e4:a0:f2:3c:6d:d9:19:69:6b:56:df:3b:79:16:78:14:
         4c:52:0f:f4:2a:6b:a3:d9:88:a6:00:a0:38:19:26:4e:f7:b7:
         85:3f:77:78:27:c9:4b:d1:fa:59:8c:a5:e1:ca:e9:77:2b:1e:
         ec:f8:8e:f8:80:ac:f2:4d:e4:84:e4:0f:0b:a1:2b:54:96:a9:
         70:cc:aa:6a:81:47:fa:e3:01:4e:ca:d7:bd:ca:3e:ae:f0:b2:
         7b:8f:83:94:30:98:d1:75:e2:2d:9e:af:c1:30:b6:3d:b5:c8:
         32:98:de:ad:f6:7e:4e:41:7c:88:ad:aa:4a:bb:c7:4c:2e:36:
         76:1d:3b:98:fd:7b:b2:00:e1:0d:0c:1e:83:15:5a:3a:cb:f4:
         30:5f:c4:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+VsqcOHtSLSgXY5LLWsmHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNDZlNTYwYTNmNWNhYzdjNjRmZTBmMTNiZTY2M2Q5NGM4
NzE0NTMwHhcNMjQwNTIwMTExMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTFhODliMDRjNjUzZmE3MDdmZTNmODFhNzc3NDM2Y2I1ZjM3NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j6A7dAZagUxPHZzfnP2QbTewKTD
bgdMWiWKl6fOhMSJbMOWd/JA9iaUYmgCBazyjz6QzF0aduaOmIi4gVqT4nebabDG
OhjB39lv9LEoEMhmWIcXvGkjLccotCGvwgAC8R6Yq7s553xcDCUd4ldzLnt9dh8Y
uawGW65pO4BjkK10OFSSqtUoC6tPtt4rKBESZPzmtICLYjTv+BChIfFxLPXlGQ3O
tX0Wcb8gi191t8wKQ0zpPUja7wG7I2DRxi31FSnSBLxpIiAOIpr/m3UfOWTc3BnD
urNFrU4pu+vP5jber6xwHp7LP9dPn5nbpu2mPSQdpj2vRxHn7HtPjKfcuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL4aibBMZT+nB/4/gad3Q2y183VgMB8GA1UdIwQY
MBaAFCFG5WCj9crHxk/g8TvmY9lMhxRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTkt
NWJlNDY3NGI0NjdjLzEvdmhxSnNFeGxQNmNIX2otQnAzZERiTFh6ZFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTktNWJlNDY3NGI0Njdj
LzEvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuadOMA0E
AgACMAcDBQMqFHOAMA0GCSqGSIb3DQEBCwUAA4IBAQCDaK2jefepK6fAI5gI+PK0
h1KuzlqTWTr4jzBglLo664bcqpurouQIZqwXe8ASIym2tcqQCfMsKG0ER1Vm65pR
OzOvgJC5UXe2Dj9wwVTvOHlPzwhqaXxaBDspVZAM/UeAPoxd7ae8NTEndc2CVuSg
8jxt2Rlpa1bfO3kWeBRMUg/0Kmuj2YimAKA4GSZO97eFP3d4J8lL0fpZjKXhyul3
Kx7s+I74gKzyTeSE5A8LoStUlqlwzKpqgUf64wFOyte9yj6u8LJ7j4OUMJjRdeIt
nq/BMLY9tcgymN6t9n5OQXyIrapKu8dMLjZ2HTuY/XuyAOENDB6DFVo6y/QwX8Rz
-----END CERTIFICATE-----