Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/vBuizAjSNCqzxl2DSalKXnZotd0.roa
File:                     vBuizAjSNCqzxl2DSalKXnZotd0.roa (raw, json)
Hash identifier:          jdEpoStXxeq/UMvus4J0mZoVLZFfgqAtRq8pEA2LpZM=
Subject key identifier:   BC:1B:A2:CC:08:D2:34:2A:B3:C6:5D:83:49:A9:4A:5E:76:68:B5:DD
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       0191DC80698D3207D558005E1F15FAB291DB
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/vBuizAjSNCqzxl2DSalKXnZotd0.roa
Signing time:             Tue 10 Sep 2024 15:14:48 +0000
ROA not before:           Tue 10 Sep 2024 15:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.51.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:dc:80:69:8d:32:07:d5:58:00:5e:1f:15:fa:b2:91:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Sep 10 15:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc1ba2cc08d2342ab3c65d8349a94a5e7668b5dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:75:a4:5c:f6:e8:8f:3b:ea:c9:06:e0:f2:
                    2a:57:ac:14:f6:a9:8d:22:31:b5:32:56:6c:8a:ca:
                    f5:7b:06:76:06:a2:c7:1c:ff:80:0b:88:ee:27:09:
                    d6:11:47:94:50:d4:6c:b3:91:26:00:30:23:aa:23:
                    9b:fc:b9:c0:ba:d0:5a:2e:a1:7c:3d:8d:0a:58:07:
                    86:f4:47:ea:06:e8:a3:3b:ae:e9:7d:7e:f8:15:ef:
                    a1:c1:41:a2:a8:af:bc:71:d5:25:71:ad:c2:e8:01:
                    69:32:2e:00:08:56:51:ba:bc:83:73:93:98:a8:43:
                    48:c6:7c:5c:79:8e:bb:67:72:c3:12:9a:f7:5b:25:
                    12:37:85:e3:0c:66:d9:4c:5b:de:69:99:25:9e:db:
                    cb:af:89:8f:f4:ea:42:3e:f7:9e:a5:70:b1:fb:55:
                    4f:b8:42:23:5d:85:32:5d:00:48:98:c4:4e:a3:0c:
                    a5:c8:ae:3e:e5:1b:d4:ed:22:d9:27:a6:b7:3b:dd:
                    4a:96:0f:70:9f:5e:b8:b2:64:04:b8:b5:af:72:dd:
                    83:93:02:d6:51:a6:78:40:8f:1c:c5:ee:55:38:17:
                    bf:83:bd:f7:ae:59:ea:c9:1a:6d:6f:28:24:5d:bd:
                    8f:10:b4:7b:07:0c:8e:36:98:d4:ee:48:97:ab:01:
                    44:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:1B:A2:CC:08:D2:34:2A:B3:C6:5D:83:49:A9:4A:5E:76:68:B5:DD
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/vBuizAjSNCqzxl2DSalKXnZotd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:81:6a:ef:c4:a7:f0:47:03:ae:8b:fb:cf:be:ed:15:67:71:
         a5:9f:e9:ad:f6:b3:a6:a8:8c:ed:03:2c:77:57:21:11:39:9d:
         4f:b4:be:ca:77:f5:2c:05:26:2f:5a:d5:17:dc:d2:64:c9:69:
         da:7b:a6:43:47:05:85:3d:71:1b:57:83:79:48:c9:20:45:5d:
         99:7a:5e:cd:8e:d0:2b:51:77:5a:6e:40:89:96:3d:a3:b4:41:
         87:03:c6:fd:2f:5a:b2:df:c5:8c:ed:1d:4f:9f:be:b1:5a:87:
         9f:4f:73:d1:8e:d5:3f:89:c2:c9:54:60:3c:f4:8f:16:2f:b2:
         f4:2c:34:52:d4:54:e4:b7:9f:bf:cf:dd:50:45:27:bc:aa:96:
         af:1a:74:e2:ad:8b:0f:03:fb:80:a4:8d:fa:5d:91:29:91:d3:
         31:4c:45:13:43:93:bf:de:4c:8e:67:3d:39:86:2c:1f:c9:f6:
         1a:81:75:f3:d8:68:07:e8:01:c9:21:96:8f:4f:d5:b1:ba:42:
         54:f7:1c:f8:d1:ab:77:dd:84:58:4c:ad:5a:68:ff:d5:f5:5f:
         15:ce:a6:70:d7:a4:17:fd:30:d5:8b:54:0c:8d:7f:ab:04:e5:
         58:90:1a:9f:dd:b5:be:57:49:51:c5:f2:1a:ca:ce:02:5b:53:
         49:66:98:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHcgGmNMgfVWABeHxX6spHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjQwOTEwMTUxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzFiYTJjYzA4ZDIzNDJhYjNjNjVkODM0OWE5NGE1ZTc2NjhiNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW91pFz26I876skG4PIqV6wU9qmN
IjG1MlZsisr1ewZ2BqLHHP+AC4juJwnWEUeUUNRss5EmADAjqiOb/LnAutBaLqF8
PY0KWAeG9EfqBuijO67pfX74Fe+hwUGiqK+8cdUlca3C6AFpMi4ACFZRuryDc5OY
qENIxnxceY67Z3LDEpr3WyUSN4XjDGbZTFveaZklntvLr4mP9OpCPveepXCx+1VP
uEIjXYUyXQBImMROowylyK4+5RvU7SLZJ6a3O91Klg9wn164smQEuLWvct2DkwLW
UaZ4QI8cxe5VOBe/g733rlnqyRptbygkXb2PELR7BwyONpjU7kiXqwFE8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwboswI0jQqs8Zdg0mpSl52aLXdMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvdkJ1aXpBalNOQ3F6eGwyRFNhbEtYblpvdGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTMXMA0G
CSqGSIb3DQEBCwUAA4IBAQAUgWrvxKfwRwOui/vPvu0VZ3Gln+mt9rOmqIztAyx3
VyEROZ1PtL7Kd/UsBSYvWtUX3NJkyWnae6ZDRwWFPXEbV4N5SMkgRV2Zel7NjtAr
UXdabkCJlj2jtEGHA8b9L1qy38WM7R1Pn76xWoefT3PRjtU/icLJVGA89I8WL7L0
LDRS1FTkt5+/z91QRSe8qpavGnTirYsPA/uApI36XZEpkdMxTEUTQ5O/3kyOZz05
hiwfyfYagXXz2GgH6AHJIZaPT9WxukJU9xz40at33YRYTK1aaP/V9V8VzqZw16QX
/TDVi1QMjX+rBOVYkBqf3bW+V0lRxfIays4CW1NJZpiI
-----END CERTIFICATE-----