Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/vNkZF0REnfkJcCPMB-9URniLbww.roa
File:                     vNkZF0REnfkJcCPMB-9URniLbww.roa (raw, json)
Hash identifier:          H6/mqxN83RpseQf5U3XPDuffXwz8sBVYpsmZYYrjO2c=
Subject key identifier:   BC:D9:19:17:44:44:9D:F9:09:70:23:CC:07:EF:54:46:78:8B:6F:0C
Certificate issuer:       /CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
Certificate serial:       018D6BB453FDF5EFFF7DD1D1DD81E70AEDA8
Authority key identifier: FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/vNkZF0REnfkJcCPMB-9URniLbww.roa
Signing time:             Fri 02 Feb 2024 21:23:16 +0000
ROA not before:           Fri 02 Feb 2024 21:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51430
IP address blocks:        176.67.83.0/24 maxlen: 24
                          2a05:e9c0:2200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6b:b4:53:fd:f5:ef:ff:7d:d1:d1:dd:81:e7:0a:ed:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
        Validity
            Not Before: Feb  2 21:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcd9191744449df9097023cc07ef5446788b6f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c5:f1:b8:cb:8d:a0:a9:ca:d9:b6:d2:be:10:
                    bf:d1:19:42:96:44:66:5b:6f:6c:84:38:f2:1f:8c:
                    15:d8:59:67:02:16:94:b8:9d:26:cb:48:c5:2e:0e:
                    e8:46:c8:6f:83:34:c5:b0:1e:81:7c:71:c9:24:2e:
                    be:61:fa:b1:6b:c0:96:ab:a7:47:ae:ef:bb:f9:3b:
                    22:60:0b:9f:94:34:80:5f:ee:b0:0c:24:ad:64:78:
                    23:ce:fc:f4:96:2b:ef:8e:3a:f1:92:33:eb:6a:8e:
                    0e:f8:a1:3f:81:18:1d:3b:8b:5c:33:bc:b6:a6:f3:
                    73:52:c0:bb:ef:92:b7:1b:91:0c:3c:e4:c9:fb:65:
                    10:6b:e7:22:4e:c7:cd:65:69:7f:bb:2b:6b:5c:f7:
                    ac:84:50:ec:10:99:7b:c1:7f:e3:bd:9d:8f:40:c9:
                    d1:d5:e8:8d:ff:8f:4a:f4:f6:33:dc:f6:c1:e3:64:
                    11:5e:44:f2:86:1d:8a:3d:73:b6:5a:e1:1a:64:55:
                    08:83:84:b0:e7:82:af:cb:d7:14:fc:ff:df:ad:64:
                    ab:24:7b:bc:8f:22:65:1c:fb:d8:57:26:ca:b9:2e:
                    e1:a4:81:0e:53:43:d4:3f:33:8b:ce:90:8b:87:c1:
                    39:fb:0d:d6:1f:72:76:70:8c:be:1a:59:ed:22:9d:
                    23:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D9:19:17:44:44:9D:F9:09:70:23:CC:07:EF:54:46:78:8B:6F:0C
            X509v3 Authority Key Identifier:
                keyid:FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/vNkZF0REnfkJcCPMB-9URniLbww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.83.0/24
                IPv6:
                  2a05:e9c0:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:56:56:32:a1:72:db:a5:09:1a:c6:2c:ea:78:cf:05:25:bc:
         c6:40:27:b1:e0:10:37:48:35:c2:eb:f4:99:a0:5e:4a:5d:92:
         98:17:d6:3c:2f:90:0f:ed:56:d9:af:1a:be:7c:9e:9b:29:e6:
         c9:83:f4:f4:78:d1:93:4b:de:bc:23:f6:ba:39:80:67:47:fd:
         73:89:db:59:f6:c9:9e:e5:e0:65:ed:3c:eb:6f:3a:87:b0:ca:
         36:de:32:59:bd:49:b5:2a:8d:7a:d1:65:65:c8:f1:68:8a:7f:
         c6:19:f3:f8:58:f9:c1:1e:8a:b6:89:f0:43:50:33:66:8e:a6:
         c6:ed:a4:bc:98:0d:32:e0:93:55:c6:d5:4d:0c:5b:83:0a:17:
         2c:02:28:ce:d1:90:c9:f7:40:77:7a:33:8e:50:6c:6c:ee:2e:
         28:3b:fb:aa:8b:d4:04:cf:68:64:d2:36:48:d5:7a:31:7d:c5:
         15:08:61:25:b0:ea:f7:f1:7d:50:4b:13:27:56:fc:82:54:66:
         35:ef:b5:9d:c2:ec:7e:45:54:7a:69:16:45:f3:cd:2f:4d:fd:
         97:d0:26:f9:9d:b3:de:f5:52:b8:3b:f0:b3:2c:55:25:34:a6:
         58:c7:63:00:4c:df:42:60:fc:ef:70:23:35:9a:c5:28:b9:82:
         39:01:3b:7e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY1rtFP99e//fdHR3YHnCu2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODE5OWU4MzQ1NTY3ZDg1MTZiNzg4ZmUyZTFkMzk3ZTI3
YzczYTQwHhcNMjQwMjAyMjEyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2Q5MTkxNzQ0NDQ5ZGY5MDk3MDIzY2MwN2VmNTQ0Njc4OGI2ZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisXxuMuNoKnK2bbSvhC/0RlClkRm
W29shDjyH4wV2FlnAhaUuJ0my0jFLg7oRshvgzTFsB6BfHHJJC6+Yfqxa8CWq6dH
ru+7+TsiYAuflDSAX+6wDCStZHgjzvz0livvjjrxkjPrao4O+KE/gRgdO4tcM7y2
pvNzUsC775K3G5EMPOTJ+2UQa+ciTsfNZWl/uytrXPeshFDsEJl7wX/jvZ2PQMnR
1eiN/49K9PYz3PbB42QRXkTyhh2KPXO2WuEaZFUIg4Sw54Kvy9cU/P/frWSrJHu8
jyJlHPvYVybKuS7hpIEOU0PUPzOLzpCLh8E5+w3WH3J2cIy+GlntIp0jVwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLzZGRdERJ35CXAjzAfvVEZ4i28MMB8GA1UdIwQY
MBaAFP6Bmeg0VWfYUWt4j+Lh05fifHOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQt
ODQwY2NiMzRiM2Y1LzEvdk5rWkYwUkVuZmtKY0NQTUItOVVSbmlMYnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQtODQwY2NiMzRiM2Y1
LzEvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAsENTMA4E
AgACMAgDBgAqBenAIjANBgkqhkiG9w0BAQsFAAOCAQEAJFZWMqFy26UJGsYs6njP
BSW8xkAnseAQN0g1wuv0maBeSl2SmBfWPC+QD+1W2a8avnyemynmyYP09HjRk0ve
vCP2ujmAZ0f9c4nbWfbJnuXgZe086286h7DKNt4yWb1JtSqNetFlZcjxaIp/xhnz
+Fj5wR6KtonwQ1AzZo6mxu2kvJgNMuCTVcbVTQxbgwoXLAIoztGQyfdAd3ozjlBs
bO4uKDv7qovUBM9oZNI2SNV6MX3FFQhhJbDq9/F9UEsTJ1b8glRmNe+1ncLsfkVU
emkWRfPNL039l9Am+Z2z3vVSuDvwsyxVJTSmWMdjAEzfQmD873AjNZrFKLmCOQE7
fg==
-----END CERTIFICATE-----