Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/VWAfHhXf6_u4za-y2etLdMzTe1g.roa
File:                     VWAfHhXf6_u4za-y2etLdMzTe1g.roa (raw, json)
Hash identifier:          Vx0LHpiKyafeajJohCLolGCtm2YJNKrOW73f64n0pnA=
Subject key identifier:   55:60:1F:1E:15:DF:EB:FB:B8:CD:AF:B2:D9:EB:4B:74:CC:D3:7B:58
Certificate issuer:       /CN=b1cdc26d44eaf85654481e9581043e14887765b4
Certificate serial:       018CC493290EECA98617E10244FEDFEACCBF
Authority key identifier: B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/VWAfHhXf6_u4za-y2etLdMzTe1g.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202329
IP address blocks:        45.140.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:29:0e:ec:a9:86:17:e1:02:44:fe:df:ea:cc:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1cdc26d44eaf85654481e9581043e14887765b4
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55601f1e15dfebfbb8cdafb2d9eb4b74ccd37b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:83:1e:66:8a:92:ba:a3:77:d1:a5:3e:40:9b:
                    c5:67:96:fe:a7:fb:f9:19:32:61:d6:8e:27:f1:9d:
                    d4:19:41:0e:f6:34:0f:fe:22:02:57:d0:55:95:50:
                    4d:6a:68:9a:e9:ed:0e:40:1e:c0:68:a6:71:87:fe:
                    52:c8:c2:e7:a4:b4:aa:ca:a5:a5:be:c5:0a:5b:47:
                    de:8f:8b:56:21:a4:b8:f7:15:19:2a:0b:13:1e:c5:
                    42:36:4b:0f:fa:00:af:75:49:38:09:50:f7:4c:5a:
                    ac:ad:0c:91:1c:24:cf:8b:be:ee:64:85:34:1f:73:
                    71:83:c4:43:6c:92:7f:bf:9e:a6:c3:a7:fc:88:73:
                    b6:25:39:ff:8e:b8:68:8d:5d:e5:8b:47:cd:b3:d2:
                    8c:63:b7:87:c9:2d:54:16:e6:75:a4:be:2b:70:f8:
                    26:6b:aa:96:3c:39:98:19:a9:b5:9b:77:19:50:78:
                    dd:cc:1e:b3:86:c9:4c:b2:c4:f4:de:56:5f:5d:0e:
                    b3:15:dc:c5:8d:16:77:5a:c8:b2:8c:be:17:0c:b8:
                    8c:e3:a1:9b:e5:3a:7e:04:85:9d:3c:6f:93:8b:b3:
                    0b:af:76:6e:cf:77:1c:a7:e1:04:ee:e3:11:8e:ac:
                    c4:a0:47:c2:ae:89:d2:56:7f:bd:95:11:9f:86:a3:
                    fd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:60:1F:1E:15:DF:EB:FB:B8:CD:AF:B2:D9:EB:4B:74:CC:D3:7B:58
            X509v3 Authority Key Identifier:
                keyid:B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/VWAfHhXf6_u4za-y2etLdMzTe1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:73:9f:52:03:67:49:e4:ef:2e:21:29:de:28:4c:a2:a6:3d:
         16:fd:f3:46:52:72:8a:2a:b2:96:21:75:a6:2a:c7:f7:97:08:
         b7:42:51:46:d7:7b:fb:9d:3a:f5:65:24:e5:c4:b4:1e:7c:ca:
         38:3b:91:cb:ff:57:b4:c6:1e:24:4b:ee:f3:86:fd:56:40:b0:
         60:d4:a8:4b:d1:d3:ca:ac:01:31:58:7a:14:eb:33:4d:63:30:
         b2:0a:bb:b3:8d:30:f0:67:8a:e1:49:0e:05:37:d8:fd:d1:5a:
         31:b5:74:cf:23:af:28:c8:ba:f7:0a:9b:34:49:e0:ac:ef:fa:
         64:74:ee:c7:d7:e2:19:f7:8f:9f:e6:5f:45:5d:d2:07:79:ec:
         f4:30:33:97:ea:cd:6d:17:08:53:33:b9:aa:d3:36:64:e2:5e:
         bb:cf:8b:7d:36:2f:6b:35:73:17:67:e0:99:9a:3b:65:e7:0f:
         a8:bb:94:d3:93:79:27:63:3f:e4:37:fc:6e:79:84:03:7d:fd:
         47:75:61:72:62:7e:90:5b:bf:9a:e0:f1:7a:ca:62:1c:44:f6:
         b5:70:5e:33:f1:ce:5e:29:cd:2a:84:22:92:33:00:00:bb:13:
         1a:30:b6:0e:24:91:a7:69:87:60:7f:72:14:95:5a:2d:64:be:
         04:74:6f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkykO7KmGF+ECRP7f6sy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxY2RjMjZkNDRlYWY4NTY1NDQ4MWU5NTgxMDQzZTE0ODg3
NzY1YjQwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYwMWYxZTE1ZGZlYmZiYjhjZGFmYjJkOWViNGI3NGNjZDM3YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoMeZoqSuqN30aU+QJvFZ5b+p/v5
GTJh1o4n8Z3UGUEO9jQP/iICV9BVlVBNamia6e0OQB7AaKZxh/5SyMLnpLSqyqWl
vsUKW0fej4tWIaS49xUZKgsTHsVCNksP+gCvdUk4CVD3TFqsrQyRHCTPi77uZIU0
H3Nxg8RDbJJ/v56mw6f8iHO2JTn/jrhojV3li0fNs9KMY7eHyS1UFuZ1pL4rcPgm
a6qWPDmYGam1m3cZUHjdzB6zhslMssT03lZfXQ6zFdzFjRZ3WsiyjL4XDLiM46Gb
5Tp+BIWdPG+Ti7MLr3Zuz3ccp+EE7uMRjqzEoEfCronSVn+9lRGfhqP9bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVgHx4V3+v7uM2vstnrS3TM03tYMB8GA1UdIwQY
MBaAFLHNwm1E6vhWVEgelYEEPhSId2W0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjIt
OGY5Y2EwZWJjY2FiLzEvVldBZkhoWGY2X3U0emEteTJldExkTXpUZTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjItOGY5Y2EwZWJjY2Fi
LzEvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYy3MA0G
CSqGSIb3DQEBCwUAA4IBAQBlc59SA2dJ5O8uISneKEyipj0W/fNGUnKKKrKWIXWm
Ksf3lwi3QlFG13v7nTr1ZSTlxLQefMo4O5HL/1e0xh4kS+7zhv1WQLBg1KhL0dPK
rAExWHoU6zNNYzCyCruzjTDwZ4rhSQ4FN9j90VoxtXTPI68oyLr3Cps0SeCs7/pk
dO7H1+IZ94+f5l9FXdIHeez0MDOX6s1tFwhTM7mq0zZk4l67z4t9Ni9rNXMXZ+CZ
mjtl5w+ou5TTk3knYz/kN/xueYQDff1HdWFyYn6QW7+a4PF6ymIcRPa1cF4z8c5e
Kc0qhCKSMwAAuxMaMLYOJJGnaYdgf3IUlVotZL4EdG8M
-----END CERTIFICATE-----