Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/vubdtat8dmJBz04Dcs03ejHVcw8.roa
File:                     vubdtat8dmJBz04Dcs03ejHVcw8.roa (raw, json)
Hash identifier:          L2es/YHRzu4MYeTlTsxKzqiIfKredP2T073o76K1evM=
Subject key identifier:   BE:E6:DD:B5:AB:7C:76:62:41:CF:4E:03:72:CD:37:7A:31:D5:73:0F
Certificate issuer:       /CN=8c74849a970a9304df45f8e28b6eb87ff09e0bea
Certificate serial:       018CC4247AA6E3751F36C21FEC6AC690CFF8
Authority key identifier: 8C:74:84:9A:97:0A:93:04:DF:45:F8:E2:8B:6E:B8:7F:F0:9E:0B:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jHSEmpcKkwTfRfjii264f_CeC-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/vubdtat8dmJBz04Dcs03ejHVcw8.roa
Signing time:             Mon 01 Jan 2024 08:29:34 +0000
ROA not before:           Mon 01 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198119
IP address blocks:        195.137.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/jHSEmpcKkwTfRfjii264f_CeC-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/jHSEmpcKkwTfRfjii264f_CeC-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jHSEmpcKkwTfRfjii264f_CeC-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7a:a6:e3:75:1f:36:c2:1f:ec:6a:c6:90:cf:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c74849a970a9304df45f8e28b6eb87ff09e0bea
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bee6ddb5ab7c766241cf4e0372cd377a31d5730f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c7:2c:1e:0e:3e:83:be:cb:e7:46:ba:e0:fd:
                    ee:d3:e3:89:d4:47:62:43:65:13:c3:9f:a6:57:31:
                    12:db:7d:6e:ac:83:1a:27:ef:be:12:f3:03:15:c6:
                    20:31:bb:43:35:88:f4:fc:98:be:a3:f8:9a:48:7a:
                    3f:4e:11:43:d2:8d:bb:cd:0e:6d:4e:bf:f7:14:4d:
                    ee:e8:06:17:e3:fd:53:a6:f2:b0:7b:da:a2:cb:71:
                    a6:a2:71:f6:42:f0:51:5e:0f:b3:22:7d:d7:58:e0:
                    1e:c8:ec:a2:67:8d:1d:a4:88:f7:1c:b4:4b:59:e1:
                    85:d1:bf:d1:f8:25:4b:ef:80:ab:95:95:2e:a0:13:
                    85:5d:d6:1a:9b:01:70:43:90:b5:c6:46:79:fd:bd:
                    7e:71:1b:d5:d8:79:b4:40:8c:3c:29:e6:ee:9e:1b:
                    07:7e:33:98:6c:f2:91:e6:99:de:d6:42:8a:3f:f4:
                    d5:47:cc:af:2c:8e:c9:2d:62:33:ba:3a:fd:63:c3:
                    95:3d:91:04:a9:7c:ff:47:3b:53:70:af:01:83:6e:
                    4a:b0:db:04:2b:07:9e:65:ec:db:0b:af:a4:44:07:
                    cc:54:80:8f:89:13:21:dd:e1:0e:61:c0:f9:05:4e:
                    3f:b9:da:c5:c5:41:ba:44:b8:90:c0:f2:42:af:e4:
                    d1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E6:DD:B5:AB:7C:76:62:41:CF:4E:03:72:CD:37:7A:31:D5:73:0F
            X509v3 Authority Key Identifier:
                keyid:8C:74:84:9A:97:0A:93:04:DF:45:F8:E2:8B:6E:B8:7F:F0:9E:0B:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jHSEmpcKkwTfRfjii264f_CeC-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/vubdtat8dmJBz04Dcs03ejHVcw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2cb95d-8f0c-42dd-91b9-29ffd0ef560a/1/jHSEmpcKkwTfRfjii264f_CeC-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:83:27:0a:94:e7:b9:58:66:08:54:cd:ed:fb:69:37:11:cc:
         bd:a2:87:87:d7:da:8b:73:44:4f:d2:dd:b9:37:b3:64:ff:e9:
         0f:88:24:40:25:96:cf:19:a4:c4:9f:e3:1f:b2:dd:d7:9d:c1:
         c0:a2:21:4e:b5:16:00:26:eb:25:93:8c:47:ca:24:ff:d4:a5:
         9b:0c:cd:7d:88:ca:01:41:9b:77:03:d3:80:2f:ff:26:84:cf:
         6e:88:b6:fc:b4:c3:be:5f:e9:36:8d:e3:9c:52:6f:f5:f4:03:
         d8:7d:ca:1d:64:ad:d1:9c:9a:48:e2:ba:56:12:28:e7:db:67:
         ca:81:0d:3c:68:04:a9:a9:3c:d3:5e:19:f6:b9:0f:0f:2d:5c:
         20:93:39:aa:da:fb:71:da:ee:cd:7e:b0:eb:e8:f0:a6:4c:06:
         15:ae:c7:08:2a:8e:e3:4c:d7:cf:70:ca:bc:27:d5:4b:a5:c9:
         b9:fd:ce:40:ad:d8:e2:ee:cf:49:5a:07:f0:62:92:ca:be:f2:
         f9:21:fc:51:f3:b0:23:08:59:10:5a:af:9d:94:8f:ca:f8:8f:
         be:0f:90:04:b3:37:63:d1:20:d9:1c:75:3a:07:9d:9e:e1:0f:
         17:02:fa:3f:13:c3:18:15:c1:47:bb:5c:f1:4e:45:b6:cc:31:
         7e:73:12:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHqm43UfNsIf7GrGkM/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjNzQ4NDlhOTcwYTkzMDRkZjQ1ZjhlMjhiNmViODdmZjA5
ZTBiZWEwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWU2ZGRiNWFiN2M3NjYyNDFjZjRlMDM3MmNkMzc3YTMxZDU3MzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqccsHg4+g77L50a64P3u0+OJ1Edi
Q2UTw5+mVzES231urIMaJ+++EvMDFcYgMbtDNYj0/Ji+o/iaSHo/ThFD0o27zQ5t
Tr/3FE3u6AYX4/1TpvKwe9qiy3GmonH2QvBRXg+zIn3XWOAeyOyiZ40dpIj3HLRL
WeGF0b/R+CVL74CrlZUuoBOFXdYamwFwQ5C1xkZ5/b1+cRvV2Hm0QIw8KebunhsH
fjOYbPKR5pne1kKKP/TVR8yvLI7JLWIzujr9Y8OVPZEEqXz/RztTcK8Bg25KsNsE
KweeZezbC6+kRAfMVICPiRMh3eEOYcD5BU4/udrFxUG6RLiQwPJCr+TR5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7m3bWrfHZiQc9OA3LNN3ox1XMPMB8GA1UdIwQY
MBaAFIx0hJqXCpME30X44otuuH/wngvqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakhTRW1wY0trd1RmUmZqaWkyNjRmX0NlQy1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yY2I5NWQtOGYwYy00MmRkLTkxYjkt
MjlmZmQwZWY1NjBhLzEvdnViZHRhdDhkbUpCejA0RGNzMDNlakhWY3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yY2I5NWQtOGYwYy00MmRkLTkxYjktMjlmZmQwZWY1NjBh
LzEvakhTRW1wY0trd1RmUmZqaWkyNjRmX0NlQy1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4nnMA0G
CSqGSIb3DQEBCwUAA4IBAQA3gycKlOe5WGYIVM3t+2k3Ecy9ooeH19qLc0RP0t25
N7Nk/+kPiCRAJZbPGaTEn+Mfst3XncHAoiFOtRYAJuslk4xHyiT/1KWbDM19iMoB
QZt3A9OAL/8mhM9uiLb8tMO+X+k2jeOcUm/19APYfcodZK3RnJpI4rpWEijn22fK
gQ08aASpqTzTXhn2uQ8PLVwgkzmq2vtx2u7NfrDr6PCmTAYVrscIKo7jTNfPcMq8
J9VLpcm5/c5Ardji7s9JWgfwYpLKvvL5IfxR87AjCFkQWq+dlI/K+I++D5AEszdj
0SDZHHU6B52e4Q8XAvo/E8MYFcFHu1zxTkW2zDF+cxK6
-----END CERTIFICATE-----