Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/vZxgW84d8J78rD3YPkL49VbM1ZM.roa
File:                     vZxgW84d8J78rD3YPkL49VbM1ZM.roa (raw, json)
Hash identifier:          TERCE/Zq16saZtJJxiL1yuyIOOGu2P5wPS8lfEW+NZ8=
Subject key identifier:   BD:9C:60:5B:CE:1D:F0:9E:FC:AC:3D:D8:3E:42:F8:F5:56:CC:D5:93
Certificate issuer:       /CN=6e542cede53a0c57145a6aff2f58196f02d4a12e
Certificate serial:       018CCA2A1F20BB67708F54BD3D25384FFD7F
Authority key identifier: 6E:54:2C:ED:E5:3A:0C:57:14:5A:6A:FF:2F:58:19:6F:02:D4:A1:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/blQs7eU6DFcUWmr_L1gZbwLUoS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/vZxgW84d8J78rD3YPkL49VbM1ZM.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207327
IP address blocks:        195.226.218.0/24 maxlen: 24
                          2a10:2d80::/29 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/blQs7eU6DFcUWmr_L1gZbwLUoS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/blQs7eU6DFcUWmr_L1gZbwLUoS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/blQs7eU6DFcUWmr_L1gZbwLUoS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:20:bb:67:70:8f:54:bd:3d:25:38:4f:fd:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e542cede53a0c57145a6aff2f58196f02d4a12e
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd9c605bce1df09efcac3dd83e42f8f556ccd593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ca:15:b0:2e:24:05:f6:69:88:92:95:90:03:
                    54:58:0b:3c:d8:0d:83:1f:52:5c:ca:96:4c:85:2e:
                    8c:6f:d8:40:93:d2:fc:c6:05:26:4d:d2:6b:91:3d:
                    d7:94:2a:68:32:28:12:ed:f2:9a:0c:87:d9:1b:04:
                    a7:d2:92:04:c7:b5:6b:27:86:4d:72:5b:e9:92:b8:
                    1a:01:59:22:0d:65:af:d2:ca:c8:ea:03:ec:ad:47:
                    59:a4:b7:b6:e9:ca:43:b8:ba:6d:c8:59:43:31:bc:
                    66:c9:66:23:56:3f:c2:05:1c:39:09:0b:40:29:22:
                    cc:63:0c:66:05:02:d4:66:4b:d3:20:35:cf:67:97:
                    8e:0b:7f:79:05:85:04:bc:21:55:63:e2:53:5e:0c:
                    64:69:8a:fa:82:b1:44:07:73:b5:7a:ef:41:d7:9b:
                    a3:0e:c3:06:d1:b5:c2:59:b1:b1:6c:ce:55:8e:44:
                    e6:05:a5:2c:3f:94:8c:b2:e6:56:07:e3:83:da:7e:
                    95:f7:92:99:ea:27:01:6b:8f:e1:29:cd:df:26:a6:
                    7e:e4:42:c3:85:ba:14:b8:94:69:15:b4:a5:7e:97:
                    e8:5e:35:b5:bd:cb:09:e6:08:85:23:39:86:5b:f0:
                    85:9d:d1:23:ac:a9:7c:af:26:d9:27:0e:5e:37:b1:
                    1c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9C:60:5B:CE:1D:F0:9E:FC:AC:3D:D8:3E:42:F8:F5:56:CC:D5:93
            X509v3 Authority Key Identifier:
                keyid:6E:54:2C:ED:E5:3A:0C:57:14:5A:6A:FF:2F:58:19:6F:02:D4:A1:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/blQs7eU6DFcUWmr_L1gZbwLUoS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/vZxgW84d8J78rD3YPkL49VbM1ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/32169a-4a5a-411b-b006-318c71b119f7/1/blQs7eU6DFcUWmr_L1gZbwLUoS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.218.0/24
                IPv6:
                  2a10:2d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:7c:59:aa:6f:42:c7:92:d6:22:6b:c3:a4:b8:5e:73:29:3c:
         16:9e:e3:b2:65:15:81:12:51:00:03:5a:b0:82:c8:a3:d2:27:
         da:56:5b:9b:61:79:74:5c:2f:91:43:5b:a1:87:0b:8e:59:02:
         c8:62:a3:64:51:77:bb:f3:25:87:bc:bc:02:85:c8:6b:e4:d6:
         e1:a1:d0:3f:a9:67:ff:2a:28:57:d6:86:d6:6e:2a:5d:18:db:
         09:e0:66:e5:e3:52:39:81:be:05:ed:c0:6a:3f:b3:84:04:a3:
         e4:24:bc:38:4c:74:75:95:26:7e:bc:84:7c:ee:b4:91:c7:da:
         5a:38:51:b3:bc:7a:0a:43:73:f3:81:43:61:54:93:d5:53:eb:
         8d:56:7d:f9:9a:2d:7a:b9:a5:79:7f:6a:1e:76:4e:3d:c2:11:
         3f:14:d1:d5:fb:c5:22:93:e0:c3:b8:2b:06:8f:3f:54:f2:f1:
         b1:dc:19:8e:b4:5b:99:19:74:0a:c6:d9:bf:7a:83:19:02:c2:
         fb:38:bc:a4:11:c0:f3:03:3e:95:bd:39:bf:82:db:ee:57:d7:
         1e:84:a2:05:70:69:0d:1a:27:eb:90:88:e1:6b:c6:a9:fe:f8:
         fc:7c:a7:65:d6:ad:d1:1c:d3:6e:85:70:94:2f:5c:73:c5:1a:
         19:82:12:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKh8gu2dwj1S9PSU4T/1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNTQyY2VkZTUzYTBjNTcxNDVhNmFmZjJmNTgxOTZmMDJk
NGExMmUwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDljNjA1YmNlMWRmMDllZmNhYzNkZDgzZTQyZjhmNTU2Y2NkNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcoVsC4kBfZpiJKVkANUWAs82A2D
H1JcypZMhS6Mb9hAk9L8xgUmTdJrkT3XlCpoMigS7fKaDIfZGwSn0pIEx7VrJ4ZN
clvpkrgaAVkiDWWv0srI6gPsrUdZpLe26cpDuLptyFlDMbxmyWYjVj/CBRw5CQtA
KSLMYwxmBQLUZkvTIDXPZ5eOC395BYUEvCFVY+JTXgxkaYr6grFEB3O1eu9B15uj
DsMG0bXCWbGxbM5VjkTmBaUsP5SMsuZWB+OD2n6V95KZ6icBa4/hKc3fJqZ+5ELD
hboUuJRpFbSlfpfoXjW1vcsJ5giFIzmGW/CFndEjrKl8rybZJw5eN7EcdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL2cYFvOHfCe/Kw92D5C+PVWzNWTMB8GA1UdIwQY
MBaAFG5ULO3lOgxXFFpq/y9YGW8C1KEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmxRczdlVTZERmNVV21yX0wxZ1pid0xVb1M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8zMjE2OWEtNGE1YS00MTFiLWIwMDYt
MzE4YzcxYjExOWY3LzEvdlp4Z1c4NGQ4Sjc4ckQzWVBrTDQ5VmJNMVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8zMjE2OWEtNGE1YS00MTFiLWIwMDYtMzE4YzcxYjExOWY3
LzEvYmxRczdlVTZERmNVV21yX0wxZ1pid0xVb1M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw+LaMA0E
AgACMAcDBQMqEC2AMA0GCSqGSIb3DQEBCwUAA4IBAQBSfFmqb0LHktYia8OkuF5z
KTwWnuOyZRWBElEAA1qwgsij0ifaVlubYXl0XC+RQ1uhhwuOWQLIYqNkUXe78yWH
vLwChchr5NbhodA/qWf/KihX1obWbipdGNsJ4Gbl41I5gb4F7cBqP7OEBKPkJLw4
THR1lSZ+vIR87rSRx9paOFGzvHoKQ3PzgUNhVJPVU+uNVn35mi16uaV5f2oedk49
whE/FNHV+8Uik+DDuCsGjz9U8vGx3BmOtFuZGXQKxtm/eoMZAsL7OLykEcDzAz6V
vTm/gtvuV9cehKIFcGkNGifrkIjha8ap/vj8fKdl1q3RHNNuhXCUL1xzxRoZghLP
-----END CERTIFICATE-----