Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/viPKHf6S3qU9p4j1xyxYMsb48mA.roa
File:                     viPKHf6S3qU9p4j1xyxYMsb48mA.roa (raw, json)
Hash identifier:          JW0Mz/h/KSJsbxkXyeowXR0jvS8oEidoRmy7rkGpKRM=
Subject key identifier:   BE:23:CA:1D:FE:92:DE:A5:3D:A7:88:F5:C7:2C:58:32:C6:F8:F2:60
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       018F673FAA6A3C0B9524D7084F60DE68A3BA
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/viPKHf6S3qU9p4j1xyxYMsb48mA.roa
Signing time:             Sat 11 May 2024 10:42:56 +0000
ROA not before:           Sat 11 May 2024 10:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.147.159.0/24 maxlen: 24
                          92.61.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:67:3f:aa:6a:3c:0b:95:24:d7:08:4f:60:de:68:a3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: May 11 10:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be23ca1dfe92dea53da788f5c72c5832c6f8f260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2a:93:af:9a:ae:b1:4d:c5:fc:ab:b0:7a:1b:
                    44:16:28:3f:90:7f:e4:b4:76:df:5b:cb:5f:42:2c:
                    7f:29:a7:c4:be:06:49:5b:0f:dd:9d:04:16:4d:42:
                    50:23:5c:40:e0:46:16:c4:84:a3:ea:5a:5e:82:0b:
                    a0:22:ba:51:bc:b4:c0:78:84:a7:c4:f1:5c:0b:bd:
                    b9:64:1e:94:ee:b1:46:08:f6:07:56:92:2d:50:26:
                    23:c8:ec:74:bf:9d:01:be:03:d0:13:81:4a:41:cc:
                    57:7c:30:31:90:b2:70:23:03:38:85:34:d7:79:35:
                    84:36:f4:af:f6:78:cf:b9:59:c1:ed:48:7d:0d:00:
                    f8:f1:3a:d0:44:a0:36:59:15:65:b1:49:e5:17:31:
                    d3:01:3e:0d:99:dd:c9:c5:77:c5:fe:cf:fd:1a:6e:
                    86:c2:89:27:8f:cc:c3:26:21:1b:b5:18:98:e4:90:
                    23:ac:49:c3:32:f3:91:2d:e8:1c:09:9b:82:b9:0f:
                    27:ff:0d:cd:87:af:35:73:ff:84:2c:c3:b5:d5:2d:
                    f4:eb:2f:60:b5:81:92:ee:56:0d:40:ae:33:65:10:
                    7c:97:42:b5:31:fb:84:e4:f2:d2:0f:cf:de:6a:26:
                    4d:9e:93:25:4b:fb:86:68:55:05:a5:24:2b:db:7f:
                    53:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:23:CA:1D:FE:92:DE:A5:3D:A7:88:F5:C7:2C:58:32:C6:F8:F2:60
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/viPKHf6S3qU9p4j1xyxYMsb48mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.159.0/24
                  92.61.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:21:1c:4f:2c:d5:c2:f9:5b:25:e1:f4:9c:d0:14:cf:41:7d:
         a5:6c:13:e8:0a:ee:68:2e:76:ca:0e:fb:75:f8:e7:45:ca:c2:
         5a:7a:8d:3e:8f:11:86:07:82:23:43:43:09:f4:c6:c0:72:c5:
         7d:d0:f4:0e:c7:ef:bd:85:e4:35:a8:9c:81:d0:36:21:2a:8d:
         3b:5c:52:24:c0:a1:ec:41:3b:24:25:ad:8b:b0:d0:00:59:4b:
         74:a6:59:f4:0b:84:3e:35:42:3c:f8:92:ec:6f:d1:ca:29:cf:
         51:0c:73:4d:29:52:ac:c0:35:22:6b:c1:72:0a:aa:a1:18:94:
         5c:80:60:2b:aa:0e:bb:1f:88:77:75:92:6e:ff:2a:b1:0b:c3:
         17:31:3d:55:85:71:3b:d9:ba:4a:9d:ff:0c:79:4e:df:18:46:
         3e:c6:f6:47:28:de:4f:1b:0a:c0:a6:4a:53:d4:ce:bb:80:53:
         34:81:43:37:37:72:d9:a0:35:b9:e8:f4:ef:74:6e:e1:57:0b:
         f5:4d:0b:d5:c2:8b:ff:e5:03:32:ba:0f:db:27:a6:7f:6e:df:
         38:d6:70:b8:11:bc:47:c8:9c:c4:ab:89:fd:6f:46:6d:7e:1d:
         1e:54:69:51:0f:55:fe:4c:53:9c:20:32:4f:e0:bc:b0:77:a9:
         98:d5:b4:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9nP6pqPAuVJNcIT2DeaKO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwNTExMTA0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTIzY2ExZGZlOTJkZWE1M2RhNzg4ZjVjNzJjNTgzMmM2ZjhmMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yqTr5qusU3F/KuwehtEFig/kH/k
tHbfW8tfQix/KafEvgZJWw/dnQQWTUJQI1xA4EYWxISj6lpeggugIrpRvLTAeISn
xPFcC725ZB6U7rFGCPYHVpItUCYjyOx0v50BvgPQE4FKQcxXfDAxkLJwIwM4hTTX
eTWENvSv9njPuVnB7Uh9DQD48TrQRKA2WRVlsUnlFzHTAT4Nmd3JxXfF/s/9Gm6G
woknj8zDJiEbtRiY5JAjrEnDMvORLegcCZuCuQ8n/w3Nh681c/+ELMO11S306y9g
tYGS7lYNQK4zZRB8l0K1MfuE5PLSD8/eaiZNnpMlS/uGaFUFpSQr239TBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL4jyh3+kt6lPaeI9ccsWDLG+PJgMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvdmlQS0hmNlMzcVU5cDRqMXh5eFlNc2I0OG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZOfAwQA
XD1nMA0GCSqGSIb3DQEBCwUAA4IBAQBmIRxPLNXC+Vsl4fSc0BTPQX2lbBPoCu5o
LnbKDvt1+OdFysJaeo0+jxGGB4IjQ0MJ9MbAcsV90PQOx++9heQ1qJyB0DYhKo07
XFIkwKHsQTskJa2LsNAAWUt0pln0C4Q+NUI8+JLsb9HKKc9RDHNNKVKswDUia8Fy
CqqhGJRcgGArqg67H4h3dZJu/yqxC8MXMT1VhXE72bpKnf8MeU7fGEY+xvZHKN5P
GwrApkpT1M67gFM0gUM3N3LZoDW56PTvdG7hVwv1TQvVwov/5QMyug/bJ6Z/bt84
1nC4EbxHyJzEq4n9b0Ztfh0eVGlRD1X+TFOcIDJP4Lywd6mY1bRE
-----END CERTIFICATE-----