Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/vhQJyi5d8g_phjvCa6E6ESbJ00E.roa
File:                     vhQJyi5d8g_phjvCa6E6ESbJ00E.roa (raw, json)
Hash identifier:          llOlLW2/oCtn2O8r0DH7vvzrFsPSedQNTs+TtKuZ7YA=
Subject key identifier:   BE:14:09:CA:2E:5D:F2:0F:E9:86:3B:C2:6B:A1:3A:11:26:C9:D3:41
Certificate issuer:       /CN=68cef722dabe5975ca4f9ba8616388ec6c656a20
Certificate serial:       018CC4939241B16E3033521844C83DB88720
Authority key identifier: 68:CE:F7:22:DA:BE:59:75:CA:4F:9B:A8:61:63:88:EC:6C:65:6A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/vhQJyi5d8g_phjvCa6E6ESbJ00E.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        91.240.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:92:41:b1:6e:30:33:52:18:44:c8:3d:b8:87:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cef722dabe5975ca4f9ba8616388ec6c656a20
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be1409ca2e5df20fe9863bc26ba13a1126c9d341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:f3:49:8b:77:b0:da:41:12:96:10:ca:11:
                    8c:26:3d:01:46:54:e1:6e:18:c2:c0:5b:25:44:54:
                    79:cb:89:86:40:20:75:78:79:90:3a:94:29:f2:a6:
                    67:7a:a1:7d:1e:55:14:20:8e:d2:95:e1:44:31:46:
                    42:5c:67:95:18:36:bd:7f:f8:45:18:80:81:11:5c:
                    0b:66:1b:ae:51:99:67:85:cb:46:1f:fa:86:99:c7:
                    2a:63:e6:62:f4:10:27:eb:24:e6:88:ab:13:74:26:
                    33:97:28:2c:e7:04:65:dc:83:06:85:3d:30:a0:59:
                    e8:83:a1:93:4f:05:0a:bc:fb:4a:99:90:57:04:2b:
                    a8:cf:ac:4a:51:92:db:a5:92:8e:43:30:d5:1c:ff:
                    c4:1e:67:83:7c:8b:81:3c:ca:ba:b1:d5:1e:a9:f1:
                    b5:d5:ab:49:4b:6a:01:32:c6:30:61:87:98:cf:41:
                    40:11:e0:f7:7e:ae:42:78:0c:dd:b3:f3:04:42:4e:
                    9c:61:4c:8b:a3:03:e4:1d:9d:d4:f3:18:43:af:9e:
                    10:2c:4f:48:6a:07:38:ab:76:25:e7:3c:8a:60:5a:
                    d3:0c:a6:f1:7a:64:c5:94:df:95:e3:7e:ec:8d:95:
                    74:6d:ee:f4:5c:96:83:fd:33:45:60:e8:e6:b4:3f:
                    1d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:14:09:CA:2E:5D:F2:0F:E9:86:3B:C2:6B:A1:3A:11:26:C9:D3:41
            X509v3 Authority Key Identifier:
                keyid:68:CE:F7:22:DA:BE:59:75:CA:4F:9B:A8:61:63:88:EC:6C:65:6A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/vhQJyi5d8g_phjvCa6E6ESbJ00E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:70:82:68:32:c5:1e:4e:2e:ed:5c:77:46:53:3a:0d:f2:c1:
         3b:39:cd:cf:32:e0:19:ee:09:4f:8d:60:db:2c:5c:6d:b5:8c:
         32:80:3b:b6:71:f2:e4:a7:e0:2e:3e:d6:17:0f:02:5e:d0:80:
         bc:20:50:58:be:06:0a:9a:c0:56:63:e3:56:bb:ff:4e:8c:61:
         5e:32:e4:a9:2a:48:97:eb:27:a4:df:66:22:be:52:fe:00:f8:
         4f:62:a4:89:be:ea:d2:2a:db:41:18:0b:29:55:13:00:0c:6a:
         80:42:80:b1:85:ac:9a:25:e4:c9:5b:40:36:eb:d3:07:a4:3a:
         b2:f8:8f:56:a2:13:32:77:38:fb:85:45:b1:dd:3a:f1:a3:cd:
         a4:8c:96:07:db:9e:48:3e:fe:4c:4c:52:37:31:cb:3d:43:62:
         7b:3e:68:ec:78:df:d2:aa:cb:1c:f2:4b:e1:21:a4:b3:23:ed:
         f8:bd:51:63:b3:60:27:90:fe:0b:c9:af:12:26:ed:1d:9b:82:
         59:41:8c:04:63:65:80:86:5e:3c:a3:9c:36:a0:2f:57:61:2b:
         bd:1e:fb:ed:96:12:6b:84:2a:15:31:23:07:16:d5:4a:61:c5:
         2c:75:72:de:34:73:c0:91:ff:2c:90:51:f5:31:19:b0:e6:25:
         0f:3c:e1:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5JBsW4wM1IYRMg9uIcgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2VmNzIyZGFiZTU5NzVjYTRmOWJhODYxNjM4OGVjNmM2
NTZhMjAwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTE0MDljYTJlNWRmMjBmZTk4NjNiYzI2YmExM2ExMTI2YzlkMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7jzSYt3sNpBEpYQyhGMJj0BRlTh
bhjCwFslRFR5y4mGQCB1eHmQOpQp8qZneqF9HlUUII7SleFEMUZCXGeVGDa9f/hF
GICBEVwLZhuuUZlnhctGH/qGmccqY+Zi9BAn6yTmiKsTdCYzlygs5wRl3IMGhT0w
oFnog6GTTwUKvPtKmZBXBCuoz6xKUZLbpZKOQzDVHP/EHmeDfIuBPMq6sdUeqfG1
1atJS2oBMsYwYYeYz0FAEeD3fq5CeAzds/MEQk6cYUyLowPkHZ3U8xhDr54QLE9I
agc4q3Yl5zyKYFrTDKbxemTFlN+V437sjZV0be70XJaD/TNFYOjmtD8dbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4UCcouXfIP6YY7wmuhOhEmydNBMB8GA1UdIwQY
MBaAFGjO9yLavll1yk+bqGFjiOxsZWogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU03M0l0cS1XWFhLVDV1b1lXT0k3R3hsYWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83OTBjMTUtMjA1OC00YzM5LTkwY2It
Y2Q2NzdhYjQzMWFhLzEvdmhRSnlpNWQ4Z19waGp2Q2E2RTZFU2JKMDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83OTBjMTUtMjA1OC00YzM5LTkwY2ItY2Q2NzdhYjQzMWFh
LzEvYU03M0l0cS1XWFhLVDV1b1lXT0k3R3hsYWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DoMA0G
CSqGSIb3DQEBCwUAA4IBAQBbcIJoMsUeTi7tXHdGUzoN8sE7Oc3PMuAZ7glPjWDb
LFxttYwygDu2cfLkp+AuPtYXDwJe0IC8IFBYvgYKmsBWY+NWu/9OjGFeMuSpKkiX
6yek32YivlL+APhPYqSJvurSKttBGAspVRMADGqAQoCxhayaJeTJW0A269MHpDqy
+I9WohMydzj7hUWx3Trxo82kjJYH255IPv5MTFI3Mcs9Q2J7PmjseN/Sqssc8kvh
IaSzI+34vVFjs2AnkP4Lya8SJu0dm4JZQYwEY2WAhl48o5w2oC9XYSu9HvvtlhJr
hCoVMSMHFtVKYcUsdXLeNHPAkf8skFH1MRmw5iUPPOGQ
-----END CERTIFICATE-----