Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/VIOV2Sw0pGpsEc5ELd3PKpGAov4.roa
File:                     VIOV2Sw0pGpsEc5ELd3PKpGAov4.roa (raw, json)
Hash identifier:          dg8sBGXoXhoEtHhFs39kJSrNmD/UqitU7mUAVkfs84E=
Subject key identifier:   54:83:95:D9:2C:34:A4:6A:6C:11:CE:44:2D:DD:CF:2A:91:80:A2:FE
Certificate issuer:       /CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
Certificate serial:       018CC348F5698332D912964957D14859E002
Authority key identifier: 91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/VIOV2Sw0pGpsEc5ELd3PKpGAov4.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49020
IP address blocks:        45.142.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f5:69:83:32:d9:12:96:49:57:d1:48:59:e0:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=548395d92c34a46a6c11ce442dddcf2a9180a2fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:47:fd:17:17:02:8d:02:42:71:ba:8d:88:91:
                    48:cc:16:ed:af:c9:57:fa:65:16:08:fb:6e:3c:b0:
                    92:24:9e:f7:6c:55:fc:2d:c3:6e:c1:06:0f:29:e4:
                    bd:1d:67:9c:ed:85:82:fd:1c:18:e1:5a:c7:1e:f8:
                    96:42:e6:3c:9b:23:bd:d1:fd:b7:05:b1:b6:de:11:
                    a0:95:4f:77:1a:6f:d6:08:73:44:7c:f1:d1:2d:5a:
                    68:61:58:e5:f8:2d:0b:7c:86:d4:02:45:fe:0a:54:
                    53:3b:43:f7:ac:51:ff:ae:1f:c4:bb:64:14:2b:ab:
                    53:57:68:9d:8e:e8:fb:21:fe:87:16:14:e8:bd:d9:
                    0a:82:67:d5:40:c2:91:45:fd:66:0d:de:67:cd:ec:
                    50:b5:72:06:10:8d:0d:2d:cf:62:63:c7:9b:09:25:
                    36:e0:53:74:74:a7:1c:56:6e:35:1c:98:7e:eb:00:
                    d7:22:11:bc:68:40:eb:e4:cd:ff:4c:ff:fd:52:d5:
                    4d:de:d8:d8:9e:62:79:64:fa:aa:83:df:fb:2f:ad:
                    e3:d0:ec:db:c6:e8:b4:66:85:1f:ec:69:6b:4b:30:
                    b2:58:16:0d:9b:a7:ba:05:0d:74:04:be:5a:92:ad:
                    f9:45:7b:97:ff:dc:c6:c8:38:f7:f4:8d:65:32:37:
                    57:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:83:95:D9:2C:34:A4:6A:6C:11:CE:44:2D:DD:CF:2A:91:80:A2:FE
            X509v3 Authority Key Identifier:
                keyid:91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/VIOV2Sw0pGpsEc5ELd3PKpGAov4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:39:be:dc:b4:bb:9a:80:2b:f7:d3:39:2c:43:40:ce:b2:a5:
         66:d7:17:ae:15:af:70:3e:21:bb:bc:7d:3d:50:4b:f1:05:a9:
         60:2a:1e:9c:79:a5:b4:d9:9d:72:b1:78:00:06:8f:8d:61:00:
         25:08:2e:eb:89:5c:a6:81:8b:d2:35:58:c8:34:e4:9f:6f:0c:
         69:f6:fc:4f:cb:2a:70:92:fe:8b:07:1a:61:09:30:b8:ce:b7:
         c7:f9:ba:a2:75:2d:e7:e7:f4:6d:b4:82:8b:56:fc:ee:c4:91:
         3f:40:5f:f6:96:ee:6d:19:f3:48:c7:6f:12:b1:32:cf:cd:27:
         c2:70:93:7d:84:0a:1e:cd:2b:64:54:4c:ab:f0:20:15:63:52:
         ab:14:c2:1d:22:ec:b8:45:8b:38:52:a2:85:fb:23:08:8e:20:
         90:fe:bf:50:38:c0:a3:07:f9:d0:95:3e:0b:98:a5:a2:f0:0a:
         b3:33:90:d7:9e:1f:01:e3:6e:c5:f4:49:15:9d:19:c8:68:ee:
         08:b7:47:4e:e4:eb:d5:a7:d1:e6:2f:77:60:4e:71:8b:c3:17:
         1f:3f:3f:d9:9a:fe:2e:c9:cf:34:6d:a4:b9:65:c1:18:db:9f:
         3e:ea:21:2e:56:80:1d:de:80:22:24:5b:7f:b0:27:ca:0e:15:
         b2:ed:57:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPVpgzLZEpZJV9FIWeACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxODkwMTY2MmE4ZWM1ZmY0ZDNmNDhkMjkwOTkyMzBhMDU3
NWVjOGEwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgzOTVkOTJjMzRhNDZhNmMxMWNlNDQyZGRkY2YyYTkxODBhMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUf9FxcCjQJCcbqNiJFIzBbtr8lX
+mUWCPtuPLCSJJ73bFX8LcNuwQYPKeS9HWec7YWC/RwY4VrHHviWQuY8myO90f23
BbG23hGglU93Gm/WCHNEfPHRLVpoYVjl+C0LfIbUAkX+ClRTO0P3rFH/rh/Eu2QU
K6tTV2idjuj7If6HFhTovdkKgmfVQMKRRf1mDd5nzexQtXIGEI0NLc9iY8ebCSU2
4FN0dKccVm41HJh+6wDXIhG8aEDr5M3/TP/9UtVN3tjYnmJ5ZPqqg9/7L63j0Ozb
xui0ZoUf7GlrSzCyWBYNm6e6BQ10BL5akq35RXuX/9zGyDj39I1lMjdXPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSDldksNKRqbBHORC3dzyqRgKL+MB8GA1UdIwQY
MBaAFJGJAWYqjsX/TT9I0pCZIwoFdeyKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQt
ZTgxMWUyM2MxODA0LzEvVklPVjJTdzBwR3BzRWM1RUxkM1BLcEdBb3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQtZTgxMWUyM2MxODA0
LzEva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY6KMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Ob7ctLuagCv30zksQ0DOsqVm1xeuFa9wPiG7vH09
UEvxBalgKh6ceaW02Z1ysXgABo+NYQAlCC7riVymgYvSNVjINOSfbwxp9vxPyypw
kv6LBxphCTC4zrfH+bqidS3n5/RttIKLVvzuxJE/QF/2lu5tGfNIx28SsTLPzSfC
cJN9hAoezStkVEyr8CAVY1KrFMIdIuy4RYs4UqKF+yMIjiCQ/r9QOMCjB/nQlT4L
mKWi8AqzM5DXnh8B427F9EkVnRnIaO4It0dO5OvVp9HmL3dgTnGLwxcfPz/Zmv4u
yc80baS5ZcEY258+6iEuVoAd3oAiJFt/sCfKDhWy7Ve+
-----END CERTIFICATE-----