Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/vyStDx6HAZ0SN7FBmO1Ur_EBxKU.roa
File:                     vyStDx6HAZ0SN7FBmO1Ur_EBxKU.roa (raw, json)
Hash identifier:          NfbojpmrOKW4HQ8k4veIgDmUH7xMa4dzvilbjoWTZdE=
Subject key identifier:   BF:24:AD:0F:1E:87:01:9D:12:37:B1:41:98:ED:54:AF:F1:01:C4:A5
Certificate issuer:       /CN=f7822d4597e5493d15178bfb10e6841dd17e5897
Certificate serial:       018CC7953FB599AC1A81DC56380007C7C090
Authority key identifier: F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/vyStDx6HAZ0SN7FBmO1Ur_EBxKU.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        146.133.124.0/24 maxlen: 24
                          146.133.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3f:b5:99:ac:1a:81:dc:56:38:00:07:c7:c0:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7822d4597e5493d15178bfb10e6841dd17e5897
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf24ad0f1e87019d1237b14198ed54aff101c4a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:49:59:79:f3:25:3d:8d:36:64:6e:dd:4f:d9:
                    92:83:81:8d:8f:3d:9b:0b:b2:f2:0f:23:a1:f5:57:
                    9e:5d:23:4a:5d:7e:ba:f6:64:21:08:9e:58:39:eb:
                    ea:8d:ff:a3:78:6f:85:1f:ab:dd:f5:9b:8d:63:aa:
                    45:4b:7b:99:b2:0f:bf:6d:50:02:5b:9a:e3:8e:69:
                    eb:f3:59:3d:23:db:f9:3a:86:88:24:29:f4:9a:5b:
                    11:07:3e:07:83:b6:52:d4:c2:23:89:90:00:ea:c9:
                    37:57:3b:0e:ad:35:9e:c9:a3:a0:61:98:4f:06:c7:
                    c6:ef:96:3e:f1:2b:be:1c:a5:89:3d:d4:2f:8b:c3:
                    81:34:24:c9:48:0a:1a:33:28:1f:06:1b:77:fe:da:
                    a2:46:1e:0d:7d:69:b8:61:be:6f:5e:e7:07:d1:ab:
                    d1:cc:0e:5f:53:61:92:4a:60:4b:84:ec:e3:93:0a:
                    3a:09:69:83:80:cb:d6:22:df:f1:a3:a7:20:b2:15:
                    e2:7f:d2:2b:f8:c2:00:25:98:c6:4b:36:85:e7:a6:
                    82:b4:a1:48:17:09:28:b7:02:37:a3:c8:f8:57:f6:
                    bb:25:cc:f6:bc:a9:fe:84:29:2a:2d:5c:72:5e:82:
                    3e:81:2d:a8:45:49:03:6b:c6:51:1f:09:1d:64:d1:
                    47:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:24:AD:0F:1E:87:01:9D:12:37:B1:41:98:ED:54:AF:F1:01:C4:A5
            X509v3 Authority Key Identifier:
                keyid:F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/vyStDx6HAZ0SN7FBmO1Ur_EBxKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.133.124.0/24
                  146.133.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:65:7e:c9:df:fc:89:25:93:fe:65:a5:cf:9e:9b:52:31:f4:
         01:61:ba:36:9f:e8:fc:0b:d4:35:b3:fa:a3:f1:36:e8:66:63:
         67:7b:fd:3b:96:09:f9:07:59:95:4e:cc:5a:c9:6a:69:6a:82:
         72:02:14:75:21:44:4c:93:09:be:2d:1d:4f:7c:b4:93:e3:41:
         3a:4b:68:87:e2:f1:6a:4a:23:56:40:f7:1a:b5:8f:f7:a0:f6:
         7f:a4:63:82:57:81:d7:b7:0c:9d:cd:b1:f3:da:56:09:43:40:
         19:7a:dd:74:f4:be:ed:7f:23:56:b2:b2:ff:40:cf:fe:8d:b8:
         fc:30:d1:bf:07:97:84:21:82:4a:7a:5a:d5:58:5a:f7:d0:cf:
         64:b9:df:04:06:0e:cf:2e:7f:1e:a8:10:2d:fb:58:7a:d6:7c:
         bb:89:50:41:5f:f9:3d:81:c0:30:c7:87:24:e1:0d:d4:be:c9:
         b7:87:2d:65:38:4d:af:6e:49:ff:66:73:88:b1:b8:ba:d3:55:
         ba:01:25:56:ba:82:88:2f:05:77:63:6c:8e:51:79:fb:2e:e8:
         30:d0:d3:85:9b:b1:c9:80:bd:ae:83:b5:6f:7c:92:b3:47:eb:
         91:e5:33:d6:72:14:40:02:61:18:f4:0b:08:43:f6:3c:02:6e:
         55:a4:14:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlT+1mawagdxWOAAHx8CQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ODIyZDQ1OTdlNTQ5M2QxNTE3OGJmYjEwZTY4NDFkZDE3
ZTU4OTcwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjI0YWQwZjFlODcwMTlkMTIzN2IxNDE5OGVkNTRhZmYxMDFjNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0lZefMlPY02ZG7dT9mSg4GNjz2b
C7LyDyOh9VeeXSNKXX669mQhCJ5YOevqjf+jeG+FH6vd9ZuNY6pFS3uZsg+/bVAC
W5rjjmnr81k9I9v5OoaIJCn0mlsRBz4Hg7ZS1MIjiZAA6sk3VzsOrTWeyaOgYZhP
BsfG75Y+8Su+HKWJPdQvi8OBNCTJSAoaMygfBht3/tqiRh4NfWm4Yb5vXucH0avR
zA5fU2GSSmBLhOzjkwo6CWmDgMvWIt/xo6cgshXif9Ir+MIAJZjGSzaF56aCtKFI
FwkotwI3o8j4V/a7Jcz2vKn+hCkqLVxyXoI+gS2oRUkDa8ZRHwkdZNFHFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL8krQ8ehwGdEjexQZjtVK/xAcSlMB8GA1UdIwQY
MBaAFPeCLUWX5Uk9FReL+xDmhB3RfliXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYt
ODYyZTk5OTczZmMzLzEvdnlTdER4NkhBWjBTTjdGQm1PMVVyX0VCeEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYtODYyZTk5OTczZmMz
LzEvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkoV8AwQA
koV/MA0GCSqGSIb3DQEBCwUAA4IBAQB5ZX7J3/yJJZP+ZaXPnptSMfQBYbo2n+j8
C9Q1s/qj8TboZmNne/07lgn5B1mVTsxayWppaoJyAhR1IURMkwm+LR1PfLST40E6
S2iH4vFqSiNWQPcatY/3oPZ/pGOCV4HXtwydzbHz2lYJQ0AZet109L7tfyNWsrL/
QM/+jbj8MNG/B5eEIYJKelrVWFr30M9kud8EBg7PLn8eqBAt+1h61ny7iVBBX/k9
gcAwx4ck4Q3Uvsm3hy1lOE2vbkn/ZnOIsbi601W6ASVWuoKILwV3Y2yOUXn7Lugw
0NOFm7HJgL2ug7VvfJKzR+uR5TPWchRAAmEY9AsIQ/Y8Am5VpBSm
-----END CERTIFICATE-----