Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/vko9WSKbSibrCeLhnWjS0lqS-1Y.roa
File:                     vko9WSKbSibrCeLhnWjS0lqS-1Y.roa (raw, json)
Hash identifier:          AufjCOoJddmM4zvUzRJAFaeksfclGSSyceLyoADPLp4=
Subject key identifier:   BE:4A:3D:59:22:9B:4A:26:EB:09:E2:E1:9D:68:D2:D2:5A:92:FB:56
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       01914DAA6AF3452BAD70A69B9C916D9FE777
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/vko9WSKbSibrCeLhnWjS0lqS-1Y.roa
Signing time:             Tue 13 Aug 2024 21:34:59 +0000
ROA not before:           Tue 13 Aug 2024 21:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206754
IP address blocks:        185.194.112.0/24 maxlen: 24
                          2a0a:4a40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4d:aa:6a:f3:45:2b:ad:70:a6:9b:9c:91:6d:9f:e7:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Aug 13 21:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be4a3d59229b4a26eb09e2e19d68d2d25a92fb56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a5:b3:e3:14:40:0f:ee:4c:e4:a4:f5:1b:c0:
                    08:d1:ad:76:06:b0:06:f9:26:01:5b:c8:06:af:1f:
                    97:e0:a9:f8:35:e1:6c:b7:0d:5a:78:08:91:d7:08:
                    0d:4d:a8:63:24:76:86:2c:d6:83:18:8a:42:87:25:
                    1a:da:09:cb:fc:20:f6:21:0c:ff:5c:17:c3:6f:bf:
                    1b:c4:e5:4f:03:d8:b0:09:fd:05:d1:86:72:8d:a3:
                    9f:72:88:75:59:0c:09:79:8d:bf:7d:7c:66:ed:84:
                    49:73:5f:5d:3d:f1:51:18:27:37:88:db:a8:1d:37:
                    fe:6e:bc:72:15:fe:fd:d0:be:7b:7a:30:f6:70:95:
                    df:77:91:25:5e:2e:0a:69:09:20:73:e9:4f:2a:7a:
                    d5:ff:9e:6c:8b:0c:8c:2b:33:4c:da:fc:97:b6:ea:
                    19:46:7a:2b:f1:bc:6c:e9:69:dc:bf:c1:14:1e:ad:
                    8d:82:56:ab:d0:b7:8d:20:08:9a:eb:b4:35:db:dd:
                    fb:8c:ef:c0:7d:0c:22:b3:50:52:59:ee:1a:60:dd:
                    e1:c7:c8:b7:64:4f:60:5b:b0:cd:4c:08:70:0b:28:
                    d1:7a:01:48:cc:32:58:66:ff:4d:c4:7b:ee:10:f6:
                    61:aa:f8:0a:32:9b:cc:f9:85:d1:e1:fa:75:2c:b6:
                    12:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4A:3D:59:22:9B:4A:26:EB:09:E2:E1:9D:68:D2:D2:5A:92:FB:56
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/vko9WSKbSibrCeLhnWjS0lqS-1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.112.0/24
                IPv6:
                  2a0a:4a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:7f:09:57:86:e8:e1:1f:d0:f3:6a:97:24:c6:68:ff:57:45:
         b3:01:90:85:5f:5d:c7:9f:8e:18:6c:6c:0b:57:5e:97:99:eb:
         c5:90:b2:de:b8:1f:56:26:46:ac:f0:3a:92:0e:88:55:f4:6c:
         36:8f:b4:bd:9a:b1:f3:09:6d:e8:8a:1f:96:df:e8:9a:98:60:
         6e:ae:84:ce:74:c5:69:ac:31:57:5a:6a:c4:4f:a0:31:84:6e:
         f8:b1:e7:1e:f9:a2:22:0e:0e:ae:dc:1d:5b:bd:3a:8e:49:7b:
         46:b9:b7:51:37:ff:2d:08:70:22:fd:ce:63:a0:a7:82:cc:8e:
         8d:05:45:fe:74:33:12:32:a3:46:bf:1a:5e:23:fb:d5:43:c8:
         26:68:4d:f0:2f:cf:aa:3b:00:d8:b0:bb:ec:6e:17:62:7b:af:
         fa:2d:d1:33:dd:32:25:a2:ae:13:e8:d3:0e:52:b6:78:d6:39:
         bc:f3:c7:36:a4:04:a4:73:87:63:d1:2a:7b:60:41:8f:d0:b1:
         83:3e:1c:b5:47:21:c6:5a:27:73:60:7f:36:75:e9:ac:10:4a:
         76:03:7c:98:3e:99:1c:e7:2c:dd:ab:6e:b7:38:c4:f0:de:8b:
         3b:a5:a2:3c:10:e4:b2:6c:1f:ad:68:e5:02:c4:c8:45:95:70:
         f9:27:ad:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZFNqmrzRSutcKabnJFtn+d3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjQwODEzMjEzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRhM2Q1OTIyOWI0YTI2ZWIwOWUyZTE5ZDY4ZDJkMjVhOTJmYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqWz4xRAD+5M5KT1G8AI0a12BrAG
+SYBW8gGrx+X4Kn4NeFstw1aeAiR1wgNTahjJHaGLNaDGIpChyUa2gnL/CD2IQz/
XBfDb78bxOVPA9iwCf0F0YZyjaOfcoh1WQwJeY2/fXxm7YRJc19dPfFRGCc3iNuo
HTf+brxyFf790L57ejD2cJXfd5ElXi4KaQkgc+lPKnrV/55siwyMKzNM2vyXtuoZ
Rnor8bxs6Wncv8EUHq2Nglar0LeNIAia67Q12937jO/AfQwis1BSWe4aYN3hx8i3
ZE9gW7DNTAhwCyjRegFIzDJYZv9NxHvuEPZhqvgKMpvM+YXR4fp1LLYSfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL5KPVkim0om6wni4Z1o0tJakvtWMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvdmtvOVdTS2JTaWJyQ2VMaG5XalMwbHFTLTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucJwMA0E
AgACMAcDBQMqCkpAMA0GCSqGSIb3DQEBCwUAA4IBAQBxfwlXhujhH9Dzapckxmj/
V0WzAZCFX13Hn44YbGwLV16XmevFkLLeuB9WJkas8DqSDohV9Gw2j7S9mrHzCW3o
ih+W3+iamGBuroTOdMVprDFXWmrET6AxhG74sece+aIiDg6u3B1bvTqOSXtGubdR
N/8tCHAi/c5joKeCzI6NBUX+dDMSMqNGvxpeI/vVQ8gmaE3wL8+qOwDYsLvsbhdi
e6/6LdEz3TIloq4T6NMOUrZ41jm888c2pASkc4dj0Sp7YEGP0LGDPhy1RyHGWidz
YH82demsEEp2A3yYPpkc5yzdq263OMTw3os7paI8EOSybB+taOUCxMhFlXD5J60D
-----END CERTIFICATE-----