Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/vv_nmRF-gDvmP2LkFvZKYL0dFJ8.roa
File:                     vv_nmRF-gDvmP2LkFvZKYL0dFJ8.roa (raw, json)
Hash identifier:          r5iAPLyGmNYKc6uqXiqNuwy910WBoAe6izao5SEsqOQ=
Subject key identifier:   BE:FF:E7:99:11:7E:80:3B:E6:3F:62:E4:16:F6:4A:60:BD:1D:14:9F
Certificate issuer:       /CN=67edadc765fa8f2fa19eb20963cf5bd235d01b43
Certificate serial:       018CC348F952B44A52A8C162F8C0545F0746
Authority key identifier: 67:ED:AD:C7:65:FA:8F:2F:A1:9E:B2:09:63:CF:5B:D2:35:D0:1B:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/vv_nmRF-gDvmP2LkFvZKYL0dFJ8.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62291
IP address blocks:        178.251.48.0/22 maxlen: 24
                          178.251.54.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f9:52:b4:4a:52:a8:c1:62:f8:c0:54:5f:07:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67edadc765fa8f2fa19eb20963cf5bd235d01b43
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beffe799117e803be63f62e416f64a60bd1d149f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:62:6d:50:02:5d:3f:26:18:7c:22:68:9b:
                    8a:af:d0:38:01:8d:a0:de:b8:85:7f:8d:59:6d:fd:
                    73:b2:a6:11:24:13:b6:38:c3:2f:16:e5:d9:5b:4a:
                    a0:ec:42:cb:df:be:1c:df:b6:6f:94:2a:b6:11:27:
                    71:c5:1f:63:84:18:27:b9:15:f5:5f:da:52:0f:eb:
                    53:be:e1:f9:f5:8e:7a:6d:70:e8:bc:5e:fd:09:76:
                    43:31:c0:0f:25:5c:5a:0f:da:71:0c:09:94:b7:2e:
                    d7:67:a0:78:af:b2:08:4a:db:7e:81:23:0b:7c:94:
                    8a:98:da:7d:ea:41:61:0e:54:bf:c7:be:a4:e2:b6:
                    c4:ea:a3:e4:a6:1e:ca:55:28:a8:b3:33:f5:7e:54:
                    6e:53:b4:e6:93:63:93:51:05:7e:7a:58:07:81:42:
                    44:2e:52:20:fc:81:9b:b9:0c:2a:2b:7f:3b:55:cb:
                    4e:91:f3:0d:2b:bf:92:50:6b:09:69:b8:e1:a2:23:
                    c9:24:fb:06:82:cb:7a:70:5c:25:8c:12:d1:99:b8:
                    58:c9:64:6d:68:76:25:d7:34:34:73:d2:78:1f:df:
                    e8:d2:1b:8c:92:e6:ad:14:4e:9a:8c:9f:f8:0c:6d:
                    a8:b1:67:ed:b4:fc:99:e3:10:fc:74:18:63:0e:a7:
                    6a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FF:E7:99:11:7E:80:3B:E6:3F:62:E4:16:F6:4A:60:BD:1D:14:9F
            X509v3 Authority Key Identifier:
                keyid:67:ED:AD:C7:65:FA:8F:2F:A1:9E:B2:09:63:CF:5B:D2:35:D0:1B:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/vv_nmRF-gDvmP2LkFvZKYL0dFJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.48.0/22
                  178.251.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:39:08:87:74:fb:20:e2:fb:32:fa:34:2b:36:7d:88:0c:54:
         27:19:65:6c:33:29:6b:67:c2:2d:3e:e1:e0:1f:af:b6:ff:96:
         d4:30:6e:04:42:f1:2e:88:95:61:65:77:0c:2b:5e:b5:ec:b9:
         88:ad:bc:aa:0e:39:a7:b0:74:ce:8b:39:76:76:68:07:a6:a2:
         66:d5:1a:08:96:fe:d0:65:93:83:02:4b:16:5a:a3:cf:01:37:
         5f:95:02:52:5b:50:f7:2f:4d:5f:b3:9c:94:66:44:fe:95:ee:
         fb:59:40:eb:f9:6c:29:cf:c7:a9:27:ac:1b:72:74:d5:bf:27:
         fc:f7:19:ed:af:15:2e:ad:7f:e0:35:8a:ad:68:ff:8f:a7:4a:
         43:13:79:56:91:1f:b2:e9:5b:d5:1e:94:53:b0:6c:b3:fd:57:
         fe:b0:20:a7:74:f0:0c:bb:17:29:fd:28:29:3f:54:f3:e8:4b:
         7f:48:1b:be:90:63:c5:b4:fe:3f:6c:ab:57:16:73:6f:dd:91:
         65:bd:e0:b3:03:09:48:a3:47:e7:d0:60:40:df:35:d1:4c:97:
         43:27:78:2d:f7:b5:bc:17:a7:e4:23:e6:f1:64:aa:0b:73:ca:
         de:ea:4d:82:4d:ea:48:ee:b4:bd:a5:5f:f5:20:f5:41:2f:bd:
         d9:58:6b:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSPlStEpSqMFi+MBUXwdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWRhZGM3NjVmYThmMmZhMTllYjIwOTYzY2Y1YmQyMzVk
MDFiNDMwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZmZTc5OTExN2U4MDNiZTYzZjYyZTQxNmY2NGE2MGJkMWQxNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts1ibVACXT8mGHwiaJuKr9A4AY2g
3riFf41Zbf1zsqYRJBO2OMMvFuXZW0qg7ELL374c37ZvlCq2ESdxxR9jhBgnuRX1
X9pSD+tTvuH59Y56bXDovF79CXZDMcAPJVxaD9pxDAmUty7XZ6B4r7IIStt+gSML
fJSKmNp96kFhDlS/x76k4rbE6qPkph7KVSioszP1flRuU7Tmk2OTUQV+elgHgUJE
LlIg/IGbuQwqK387VctOkfMNK7+SUGsJabjhoiPJJPsGgst6cFwljBLRmbhYyWRt
aHYl1zQ0c9J4H9/o0huMkuatFE6ajJ/4DG2osWfttPyZ4xD8dBhjDqdqoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7/55kRfoA75j9i5Bb2SmC9HRSfMB8GA1UdIwQY
MBaAFGftrcdl+o8voZ6yCWPPW9I10BtDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi0ydHgyWDZqeS1obnJJSlk4OWIwalhRRzBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82NjNjNmMtMTNiZi00NDAwLTg0ODIt
MjFlMGE2NmQ1NDQ0LzEvdnZfbm1SRi1nRHZtUDJMa0Z2WktZTDBkRko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82NjNjNmMtMTNiZi00NDAwLTg0ODItMjFlMGE2NmQ1NDQ0
LzEvWi0ydHgyWDZqeS1obnJJSlk4OWIwalhRRzBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsvswAwQB
svs2MA0GCSqGSIb3DQEBCwUAA4IBAQApOQiHdPsg4vsy+jQrNn2IDFQnGWVsMylr
Z8ItPuHgH6+2/5bUMG4EQvEuiJVhZXcMK1617LmIrbyqDjmnsHTOizl2dmgHpqJm
1RoIlv7QZZODAksWWqPPATdflQJSW1D3L01fs5yUZkT+le77WUDr+Wwpz8epJ6wb
cnTVvyf89xntrxUurX/gNYqtaP+Pp0pDE3lWkR+y6VvVHpRTsGyz/Vf+sCCndPAM
uxcp/SgpP1Tz6Et/SBu+kGPFtP4/bKtXFnNv3ZFlveCzAwlIo0fn0GBA3zXRTJdD
J3gt97W8F6fkI+bxZKoLc8re6k2CTepI7rS9pV/1IPVBL73ZWGsS
-----END CERTIFICATE-----