Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/vePyqbStWivJobjj1oVuVxnD0vI.roa
File:                     vePyqbStWivJobjj1oVuVxnD0vI.roa (raw, json)
Hash identifier:          eUSSXm08ep0EQYGw2J1+acsDCabZSz+FGBz4Cj1zFfc=
Subject key identifier:   BD:E3:F2:A9:B4:AD:5A:2B:C9:A1:B8:E3:D6:85:6E:57:19:C3:D2:F2
Certificate issuer:       /CN=2e890193743bdf24dd22c3ed6f28b3031a2ec806
Certificate serial:       018CC2DB1C0320160E6214BABF664CA6EB1B
Authority key identifier: 2E:89:01:93:74:3B:DF:24:DD:22:C3:ED:6F:28:B3:03:1A:2E:C8:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/vePyqbStWivJobjj1oVuVxnD0vI.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211735
IP address blocks:        185.242.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1c:03:20:16:0e:62:14:ba:bf:66:4c:a6:eb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e890193743bdf24dd22c3ed6f28b3031a2ec806
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bde3f2a9b4ad5a2bc9a1b8e3d6856e5719c3d2f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:aa:55:ff:d2:26:9b:ff:0e:4a:26:5a:ec:fc:
                    0c:b4:5f:dc:0c:c2:18:88:9c:72:1a:2e:64:3f:ff:
                    ef:e3:18:23:6a:47:5d:b9:67:e1:14:98:d4:dc:c3:
                    0a:69:c6:da:59:6c:cd:1e:e7:27:5a:d4:5c:25:9c:
                    3f:89:6c:a4:05:47:a3:72:45:16:95:da:55:1c:03:
                    f9:97:4f:d1:83:68:2f:ec:4c:0e:f7:e3:91:94:bd:
                    5c:53:ba:c1:8d:bb:14:65:6a:b4:f4:30:9b:8c:a5:
                    3d:08:86:72:e2:0b:32:52:3a:19:95:00:f3:fe:83:
                    79:48:05:e8:9a:27:57:f9:7f:01:24:66:6f:60:97:
                    6d:ea:1d:47:a7:f1:40:a4:12:60:72:c1:04:e3:c2:
                    da:65:61:43:67:a3:b7:83:31:16:c4:51:98:a8:ff:
                    77:1f:65:22:7a:48:2a:d0:71:54:fd:e0:36:cc:fd:
                    67:ec:62:2b:c3:58:f4:7f:22:cd:1e:f7:1f:42:b6:
                    26:c5:f9:09:15:0d:e8:92:7c:7d:10:ff:54:4c:aa:
                    ed:01:d5:a5:b0:fe:dc:c1:75:89:a3:96:c7:bf:55:
                    f5:5f:c8:37:f5:89:39:80:ac:8f:b3:96:9f:8e:10:
                    4e:f0:cd:d3:e6:1b:4e:b3:dc:1c:42:af:01:e6:1d:
                    19:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E3:F2:A9:B4:AD:5A:2B:C9:A1:B8:E3:D6:85:6E:57:19:C3:D2:F2
            X509v3 Authority Key Identifier:
                keyid:2E:89:01:93:74:3B:DF:24:DD:22:C3:ED:6F:28:B3:03:1A:2E:C8:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/vePyqbStWivJobjj1oVuVxnD0vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b7:d0:0d:71:f0:40:ce:f2:b2:14:3c:e6:c7:6c:f3:30:18:
         49:88:e2:c5:a7:95:de:5e:e2:2a:b5:22:e1:d4:34:97:94:8a:
         1e:92:91:64:93:ea:93:e0:40:ce:b3:b9:3d:9a:f5:31:54:ee:
         03:95:f6:5e:83:28:c4:fb:f5:9c:d5:89:c7:1a:e6:61:93:5e:
         d2:a8:27:f5:d4:ce:ea:ed:91:48:a9:c4:cf:24:08:bf:46:cb:
         5e:fe:53:3e:a1:eb:53:3d:4d:4b:6f:a6:ab:f7:a0:01:fa:bb:
         27:c6:bf:2e:65:f5:91:1d:60:e2:cf:c5:ee:45:4d:d3:d7:e2:
         48:ad:6e:44:cd:04:9c:19:d4:f4:cc:9b:66:3a:c8:61:d3:58:
         0a:12:3e:69:d8:c7:62:43:a4:d3:e8:02:8d:a8:f7:98:4d:0f:
         ac:5d:fc:7a:62:03:0a:f0:a5:46:b7:1d:1d:c0:e0:cb:20:76:
         5f:16:a0:1b:5f:8a:e0:26:25:ec:64:25:45:df:45:11:1d:cb:
         d2:c8:da:0f:94:1d:ca:67:10:a8:c6:a3:10:f0:0b:67:f0:36:
         81:7e:a5:35:22:71:01:3b:9e:b1:06:64:17:a3:2e:d9:30:7a:
         d4:8a:fa:8e:c8:ca:0e:4e:bd:c5:27:b3:64:a6:17:d0:a0:d6:
         3b:52:0d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xwDIBYOYhS6v2ZMpusbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODkwMTkzNzQzYmRmMjRkZDIyYzNlZDZmMjhiMzAzMWEy
ZWM4MDYwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGUzZjJhOWI0YWQ1YTJiYzlhMWI4ZTNkNjg1NmU1NzE5YzNkMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqpV/9Imm/8OSiZa7PwMtF/cDMIY
iJxyGi5kP//v4xgjakdduWfhFJjU3MMKacbaWWzNHucnWtRcJZw/iWykBUejckUW
ldpVHAP5l0/Rg2gv7EwO9+ORlL1cU7rBjbsUZWq09DCbjKU9CIZy4gsyUjoZlQDz
/oN5SAXomidX+X8BJGZvYJdt6h1Hp/FApBJgcsEE48LaZWFDZ6O3gzEWxFGYqP93
H2Uiekgq0HFU/eA2zP1n7GIrw1j0fyLNHvcfQrYmxfkJFQ3oknx9EP9UTKrtAdWl
sP7cwXWJo5bHv1X1X8g39Yk5gKyPs5afjhBO8M3T5htOs9wcQq8B5h0ZhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3j8qm0rVoryaG449aFblcZw9LyMB8GA1UdIwQY
MBaAFC6JAZN0O98k3SLD7W8oswMaLsgGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9rQmszUTczeVRkSXNQdGJ5aXpBeG91eUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy84YzI3YWEtYjUwMC00Yzk2LTg0ZWMt
ZjhiZTQ5NTI1MmIwLzEvdmVQeXFiU3RXaXZKb2JqajFvVnVWeG5EMHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy84YzI3YWEtYjUwMC00Yzk2LTg0ZWMtZjhiZTQ5NTI1MmIw
LzEvTG9rQmszUTczeVRkSXNQdGJ5aXpBeG91eUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufKwMA0G
CSqGSIb3DQEBCwUAA4IBAQCRt9ANcfBAzvKyFDzmx2zzMBhJiOLFp5XeXuIqtSLh
1DSXlIoekpFkk+qT4EDOs7k9mvUxVO4DlfZegyjE+/Wc1YnHGuZhk17SqCf11M7q
7ZFIqcTPJAi/Rste/lM+oetTPU1Lb6ar96AB+rsnxr8uZfWRHWDiz8XuRU3T1+JI
rW5EzQScGdT0zJtmOshh01gKEj5p2MdiQ6TT6AKNqPeYTQ+sXfx6YgMK8KVGtx0d
wODLIHZfFqAbX4rgJiXsZCVF30URHcvSyNoPlB3KZxCoxqMQ8Atn8DaBfqU1InEB
O56xBmQXoy7ZMHrUivqOyMoOTr3FJ7NkphfQoNY7Ug1s
-----END CERTIFICATE-----