Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/vcIeZdTlxw9Su_mBbrhYpn4Vo9Y.roa
File:                     vcIeZdTlxw9Su_mBbrhYpn4Vo9Y.roa (raw, json)
Hash identifier:          IU6j1MRvYNQDGQNx/WOccn7qP2wDGkHrSNr57UzMFaU=
Subject key identifier:   BD:C2:1E:65:D4:E5:C7:0F:52:BB:F9:81:6E:B8:58:A6:7E:15:A3:D6
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       018CC9BC0F43BBC3F07258147672737D166B
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/vcIeZdTlxw9Su_mBbrhYpn4Vo9Y.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        193.106.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0f:43:bb:c3:f0:72:58:14:76:72:73:7d:16:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdc21e65d4e5c70f52bbf9816eb858a67e15a3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dc:1b:b9:9f:62:b7:d0:f9:0c:a0:19:09:ef:
                    9e:ed:fe:cb:5e:c7:bd:5a:37:9c:de:de:36:fb:58:
                    bf:36:5a:20:2e:87:b5:fa:d0:d2:3d:e7:05:93:11:
                    f9:d8:67:87:f5:55:18:71:90:b9:bd:06:0d:b3:b0:
                    f9:c2:a9:15:b8:e2:d9:24:f2:b8:18:47:42:08:16:
                    42:1a:f5:e0:e4:50:c5:6d:f9:ea:70:79:4b:0d:b1:
                    58:53:4a:2b:60:43:5c:f7:56:42:6a:23:19:d2:28:
                    2e:fb:1a:49:3e:c5:d8:fe:b3:f5:5d:7c:bb:44:0b:
                    c2:32:9d:d0:e5:4b:41:be:fa:70:0f:55:01:d1:60:
                    e7:84:c4:1d:e9:d8:b2:ea:e3:f6:f2:a2:ba:6b:64:
                    08:55:44:72:3c:04:4c:c8:53:f7:af:4b:6d:2a:52:
                    62:83:f2:b1:1b:e3:9b:d8:ab:19:99:af:a8:c6:c3:
                    7a:01:66:72:ec:bc:3c:bd:25:ad:b6:4c:90:d6:88:
                    28:ac:bb:60:7b:71:35:93:97:ca:e4:bd:1d:44:46:
                    27:1f:b3:c0:a2:a8:f3:47:a5:57:85:3f:cc:33:35:
                    21:90:55:4b:a9:5b:19:ca:58:86:9c:13:6a:70:29:
                    2c:dd:57:53:b1:b3:4e:d2:ed:0f:7f:f3:9c:b9:d8:
                    20:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C2:1E:65:D4:E5:C7:0F:52:BB:F9:81:6E:B8:58:A6:7E:15:A3:D6
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/vcIeZdTlxw9Su_mBbrhYpn4Vo9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:6f:d9:60:7b:df:5e:f1:fe:bc:43:98:21:12:da:8b:2a:b3:
         fc:d6:cd:17:ec:50:98:b8:a2:9f:43:59:8f:ca:c9:13:39:6f:
         e6:c9:32:2b:7b:0a:6b:b2:0e:22:b7:23:48:a5:04:1d:9e:ba:
         15:61:df:76:bd:a0:55:ed:1f:29:b1:86:21:cc:34:bb:76:c6:
         97:66:5e:9d:5c:bb:89:3f:06:12:2d:02:12:06:1f:65:38:9d:
         4c:e5:65:f8:e8:f5:6d:1c:c5:8e:27:81:df:7d:d2:ae:68:a7:
         af:6f:00:b3:77:14:0f:a7:31:72:1e:a0:d0:cb:85:b6:6c:0f:
         b9:d9:e1:4d:2b:21:9e:1d:89:07:c9:70:0d:60:e4:fd:1b:e4:
         77:47:f5:4e:b9:1a:33:f9:ab:0f:bf:dd:95:8b:a0:c9:de:a0:
         eb:d2:ce:84:89:c3:c3:18:f4:0c:c5:af:eb:77:94:7f:bf:af:
         d7:0b:1d:b7:7e:cf:d6:24:42:69:b3:19:b9:ed:5e:55:26:6d:
         42:90:71:9a:3c:75:b1:e6:b3:8d:79:fa:da:58:d6:5c:af:70:
         49:e1:05:9f:9d:f7:9f:d5:0e:65:71:db:04:4c:3c:14:0c:6c:
         ea:fa:23:bb:45:d1:fc:05:58:92:0c:1e:f4:78:0c:84:f3:a0:
         ad:1b:ce:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvA9Du8PwclgUdnJzfRZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGMyMWU2NWQ0ZTVjNzBmNTJiYmY5ODE2ZWI4NThhNjdlMTVhM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9wbuZ9it9D5DKAZCe+e7f7LXse9
Wjec3t42+1i/NlogLoe1+tDSPecFkxH52GeH9VUYcZC5vQYNs7D5wqkVuOLZJPK4
GEdCCBZCGvXg5FDFbfnqcHlLDbFYU0orYENc91ZCaiMZ0igu+xpJPsXY/rP1XXy7
RAvCMp3Q5UtBvvpwD1UB0WDnhMQd6diy6uP28qK6a2QIVURyPARMyFP3r0ttKlJi
g/KxG+Ob2KsZma+oxsN6AWZy7Lw8vSWttkyQ1ogorLtge3E1k5fK5L0dREYnH7PA
oqjzR6VXhT/MMzUhkFVLqVsZyliGnBNqcCks3VdTsbNO0u0Pf/OcudggXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3CHmXU5ccPUrv5gW64WKZ+FaPWMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvdmNJZVpkVGx4dzlTdV9tQmJyaFlwbjRWbzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrHMA0G
CSqGSIb3DQEBCwUAA4IBAQASb9lge99e8f68Q5ghEtqLKrP81s0X7FCYuKKfQ1mP
yskTOW/myTIrewprsg4ityNIpQQdnroVYd92vaBV7R8psYYhzDS7dsaXZl6dXLuJ
PwYSLQISBh9lOJ1M5WX46PVtHMWOJ4HffdKuaKevbwCzdxQPpzFyHqDQy4W2bA+5
2eFNKyGeHYkHyXANYOT9G+R3R/VOuRoz+asPv92Vi6DJ3qDr0s6EicPDGPQMxa/r
d5R/v6/XCx23fs/WJEJpsxm57V5VJm1CkHGaPHWx5rONefraWNZcr3BJ4QWfnfef
1Q5lcdsETDwUDGzq+iO7RdH8BViSDB70eAyE86CtG87o
-----END CERTIFICATE-----