Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/VDH_NhveP92gHVR9W0PtDpH2LCE.roa
File:                     VDH_NhveP92gHVR9W0PtDpH2LCE.roa (raw, json)
Hash identifier:          JKera3NSJOODIRa+80UpxHqkjDaA28WMPTi8Ip7wjjw=
Subject key identifier:   54:31:FF:36:1B:DE:3F:DD:A0:1D:54:7D:5B:43:ED:0E:91:F6:2C:21
Certificate issuer:       /CN=2845f1f4d59f811d6323db4d86d4f41854ede744
Certificate serial:       018CC8DE74EB69EC7FB3F653C4345D60C94D
Authority key identifier: 28:45:F1:F4:D5:9F:81:1D:63:23:DB:4D:86:D4:F4:18:54:ED:E7:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/VDH_NhveP92gHVR9W0PtDpH2LCE.roa
Signing time:             Tue 02 Jan 2024 06:31:11 +0000
ROA not before:           Tue 02 Jan 2024 06:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47336
IP address blocks:        195.182.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:74:eb:69:ec:7f:b3:f6:53:c4:34:5d:60:c9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2845f1f4d59f811d6323db4d86d4f41854ede744
        Validity
            Not Before: Jan  2 06:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5431ff361bde3fdda01d547d5b43ed0e91f62c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a3:1a:c7:ba:38:ed:cb:9e:a8:9a:64:95:b4:
                    07:57:36:6f:71:0e:fd:a5:25:f3:d5:ee:a7:d6:db:
                    e4:e6:97:9d:87:d0:cc:d3:7e:cd:4e:87:90:32:f8:
                    f8:b7:02:22:b4:86:15:ce:eb:a5:3a:ef:20:1b:e6:
                    d9:fa:58:ae:1b:3a:05:08:42:bf:28:d4:c5:a0:f8:
                    e3:6b:3a:35:ef:23:c8:f8:e0:f4:f2:4a:82:ad:f2:
                    7a:8c:90:b9:5c:ca:3a:0a:57:f8:21:d8:67:6f:d8:
                    e1:c3:4c:11:04:41:18:d0:6a:9c:8a:39:32:12:3b:
                    6f:a8:64:5f:bc:4b:b2:05:38:af:ac:cf:e9:b7:14:
                    a1:a6:61:4f:af:4c:64:e1:da:84:c4:15:a2:ea:32:
                    69:4d:c3:d3:fd:6f:db:4b:36:94:cc:02:7b:ab:a3:
                    7f:09:aa:68:b4:fa:59:99:9a:16:4e:d3:c2:4f:22:
                    bf:4e:f6:38:09:64:84:30:4e:17:8e:60:e7:5e:93:
                    a3:d6:d2:4c:22:9c:92:02:6f:f1:28:35:ee:b4:2b:
                    08:b5:d0:52:a1:eb:26:cc:bb:db:e4:27:f8:47:de:
                    a8:69:5b:a5:3d:fc:16:ba:57:d9:25:4b:df:33:bf:
                    b4:46:75:f7:52:76:52:45:9a:e8:6a:7d:1b:1c:bd:
                    7a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:31:FF:36:1B:DE:3F:DD:A0:1D:54:7D:5B:43:ED:0E:91:F6:2C:21
            X509v3 Authority Key Identifier:
                keyid:28:45:F1:F4:D5:9F:81:1D:63:23:DB:4D:86:D4:F4:18:54:ED:E7:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/VDH_NhveP92gHVR9W0PtDpH2LCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:35:69:65:63:f4:dd:b1:61:96:ad:53:54:bc:78:14:b8:68:
         8c:6a:a3:dc:17:ba:7f:37:c2:d6:0a:4e:28:4a:73:8b:af:86:
         cb:b9:80:cd:33:fd:73:f2:80:e0:24:32:bb:e2:b1:19:f3:a6:
         f4:27:ee:f3:44:0a:8d:5c:61:50:16:ab:a5:66:1f:8f:34:36:
         62:67:5f:56:91:04:20:1d:d8:e9:ed:cf:8d:ec:f5:1f:4a:b3:
         0d:a8:cc:00:a0:b5:49:2a:5a:2d:e8:3d:f2:ab:6f:a5:a2:b1:
         50:5f:36:3b:33:e5:b9:13:4d:98:32:a2:41:6d:29:10:c1:2f:
         d2:db:2c:38:b1:dc:7d:91:5f:00:a1:e5:4e:ab:7d:12:5e:85:
         b2:d4:d1:23:08:11:40:3a:d5:ba:31:aa:9c:be:ed:68:26:ab:
         5f:66:7a:e0:74:18:c5:dd:88:97:36:cd:c5:fa:a0:22:11:80:
         13:4c:ea:64:46:55:d6:d6:59:4d:66:6c:ae:99:65:18:56:23:
         1a:15:cc:87:9d:b6:4d:b5:3b:4f:1e:e3:43:b0:52:ef:60:ee:
         2b:ee:3f:84:9f:d1:c5:d0:86:7a:cb:ba:a9:63:65:43:b1:6c:
         25:cc:6e:86:b6:30:b2:e8:ce:73:b7:89:75:0e:5c:ab:d6:18:
         10:0f:0f:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nTraex/s/ZTxDRdYMlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NDVmMWY0ZDU5ZjgxMWQ2MzIzZGI0ZDg2ZDRmNDE4NTRl
ZGU3NDQwHhcNMjQwMTAyMDYzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDMxZmYzNjFiZGUzZmRkYTAxZDU0N2Q1YjQzZWQwZTkxZjYyYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaMax7o47cueqJpklbQHVzZvcQ79
pSXz1e6n1tvk5pedh9DM037NToeQMvj4twIitIYVzuulOu8gG+bZ+liuGzoFCEK/
KNTFoPjjazo17yPI+OD08kqCrfJ6jJC5XMo6Clf4Idhnb9jhw0wRBEEY0Gqcijky
EjtvqGRfvEuyBTivrM/ptxShpmFPr0xk4dqExBWi6jJpTcPT/W/bSzaUzAJ7q6N/
CapotPpZmZoWTtPCTyK/TvY4CWSEME4XjmDnXpOj1tJMIpySAm/xKDXutCsItdBS
oesmzLvb5Cf4R96oaVulPfwWulfZJUvfM7+0RnX3UnZSRZroan0bHL16ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQx/zYb3j/doB1UfVtD7Q6R9iwhMB8GA1UdIwQY
MBaAFChF8fTVn4EdYyPbTYbU9BhU7edEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0VYeDlOV2ZnUjFqSTl0Tmh0VDBHRlR0NTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS85MDY5Y2UtZGZlMS00YjhhLWFmMDMt
MjI2ZjNiODAzMWI3LzEvVkRIX05odmVQOTJnSFZSOVcwUHREcEgyTENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS85MDY5Y2UtZGZlMS00YjhhLWFmMDMtMjI2ZjNiODAzMWI3
LzEvS0VYeDlOV2ZnUjFqSTl0Tmh0VDBHRlR0NTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7Y9MA0G
CSqGSIb3DQEBCwUAA4IBAQAVNWllY/TdsWGWrVNUvHgUuGiMaqPcF7p/N8LWCk4o
SnOLr4bLuYDNM/1z8oDgJDK74rEZ86b0J+7zRAqNXGFQFqulZh+PNDZiZ19WkQQg
Hdjp7c+N7PUfSrMNqMwAoLVJKlot6D3yq2+lorFQXzY7M+W5E02YMqJBbSkQwS/S
2yw4sdx9kV8AoeVOq30SXoWy1NEjCBFAOtW6Maqcvu1oJqtfZnrgdBjF3YiXNs3F
+qAiEYATTOpkRlXW1llNZmyumWUYViMaFcyHnbZNtTtPHuNDsFLvYO4r7j+En9HF
0IZ6y7qpY2VDsWwlzG6GtjCy6M5zt4l1Dlyr1hgQDw8P
-----END CERTIFICATE-----