Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/VBBWuuSdX_fQMlh018bwLkqWmx4.roa
File:                     VBBWuuSdX_fQMlh018bwLkqWmx4.roa (raw, json)
Hash identifier:          mSZfJrweCCQkYwuZRVnwxmYCwNxAjCA4nCbxdndk6Cc=
Subject key identifier:   54:10:56:BA:E4:9D:5F:F7:D0:32:58:74:D7:C6:F0:2E:4A:96:9B:1E
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79549F19F3AB2F143458CC2D54E81FB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/VBBWuuSdX_fQMlh018bwLkqWmx4.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40975
IP address blocks:        46.102.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:49:f1:9f:3a:b2:f1:43:45:8c:c2:d5:4e:81:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=541056bae49d5ff7d0325874d7c6f02e4a969b1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:25:83:c5:4f:2b:40:35:82:6e:29:78:b1:6e:
                    8c:d9:96:e7:6c:de:45:0e:a1:39:50:bf:81:85:29:
                    b0:00:7d:e4:7c:2e:7c:ba:66:b2:c8:79:5e:a0:8a:
                    f0:13:23:5d:bd:c0:58:4b:a6:a9:ea:c2:a9:62:b9:
                    06:cd:cd:98:5c:48:d2:c9:ba:33:f0:b0:8d:2f:85:
                    28:ba:00:2c:cd:e5:ca:cb:08:d4:f2:25:84:be:72:
                    77:01:03:50:90:9f:65:9e:6a:6b:7a:a9:8b:05:15:
                    a9:86:9c:98:5d:d5:90:2c:c3:45:2a:07:22:5f:32:
                    a9:bb:7a:50:ce:2c:c9:98:7f:4c:a4:0c:92:97:a7:
                    c6:37:5a:73:d0:7a:f3:cb:c4:90:a3:fe:95:10:57:
                    66:38:9a:b8:b6:dc:9f:e7:c7:26:e8:a0:98:80:3c:
                    51:80:a5:fb:40:0f:b6:7a:26:58:9b:5a:0f:84:6f:
                    c0:4a:2e:98:0f:25:03:3a:e7:0c:91:ba:ad:19:4b:
                    3a:91:9d:ff:84:4a:41:b8:2f:4d:e2:9c:e7:6d:c5:
                    55:29:09:eb:59:03:39:5d:aa:05:e0:a1:69:60:f7:
                    47:65:5a:e1:e6:da:ea:a9:21:cb:63:19:be:bc:09:
                    3c:00:7b:ac:13:84:c0:33:3e:86:73:09:26:78:ed:
                    b0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:10:56:BA:E4:9D:5F:F7:D0:32:58:74:D7:C6:F0:2E:4A:96:9B:1E
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/VBBWuuSdX_fQMlh018bwLkqWmx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:dc:66:89:90:c5:97:b8:c6:30:12:97:b2:75:4f:6e:73:09:
         28:a2:f5:31:ce:c4:bd:52:60:05:68:83:2e:2c:3b:f5:14:79:
         8f:b7:43:00:93:09:26:02:17:9a:7d:56:d9:e9:bd:cf:76:9a:
         87:aa:0e:d0:e9:4d:e0:2f:5b:0e:6a:ed:e3:e2:c0:f3:8a:59:
         90:e2:10:5e:cd:60:f5:ee:41:58:3c:e2:73:2d:a8:b9:b7:d0:
         6c:09:e0:10:79:41:7c:ba:a9:86:1c:e2:9e:65:6d:82:1c:a7:
         15:83:b5:cb:fa:d6:cf:b9:b7:b4:32:a2:4e:b6:e7:b2:5f:ad:
         a5:41:d9:bc:db:5b:a8:69:72:b0:d2:9a:17:52:0d:4d:47:2d:
         fa:af:e3:1e:a0:28:95:75:97:4e:d7:2a:7a:b8:f5:d3:74:64:
         a8:a3:af:c3:d9:58:9b:ba:51:10:54:a1:93:48:c4:99:a3:ab:
         bc:11:3f:42:cd:fa:ee:65:56:db:98:98:97:b6:00:39:c4:69:
         0e:58:c0:a0:72:d9:3e:af:61:a5:ea:f3:3f:8c:7e:c0:5c:d9:
         a2:12:23:a8:b7:61:7f:79:39:86:a3:4f:8e:43:82:01:23:7e:
         e2:ba:f3:91:2c:84:0e:03:87:7a:85:3f:c1:2b:59:ff:f4:da:
         ca:f1:c8:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUnxnzqy8UNFjMLVToH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDEwNTZiYWU0OWQ1ZmY3ZDAzMjU4NzRkN2M2ZjAyZTRhOTY5YjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSWDxU8rQDWCbil4sW6M2ZbnbN5F
DqE5UL+BhSmwAH3kfC58umayyHleoIrwEyNdvcBYS6ap6sKpYrkGzc2YXEjSyboz
8LCNL4UougAszeXKywjU8iWEvnJ3AQNQkJ9lnmpreqmLBRWphpyYXdWQLMNFKgci
XzKpu3pQzizJmH9MpAySl6fGN1pz0Hrzy8SQo/6VEFdmOJq4ttyf58cm6KCYgDxR
gKX7QA+2eiZYm1oPhG/ASi6YDyUDOucMkbqtGUs6kZ3/hEpBuC9N4pznbcVVKQnr
WQM5XaoF4KFpYPdHZVrh5trqqSHLYxm+vAk8AHusE4TAMz6GcwkmeO2wHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFQQVrrknV/30DJYdNfG8C5KlpseMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1ZCQld1dVNkWF9mUU1saDAxOGJ3TGtxV214NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuZusw
DQYJKoZIhvcNAQELBQADggEBAGDcZomQxZe4xjASl7J1T25zCSii9THOxL1SYAVo
gy4sO/UUeY+3QwCTCSYCF5p9Vtnpvc92moeqDtDpTeAvWw5q7ePiwPOKWZDiEF7N
YPXuQVg84nMtqLm30GwJ4BB5QXy6qYYc4p5lbYIcpxWDtcv61s+5t7Qyok6257Jf
raVB2bzbW6hpcrDSmhdSDU1HLfqv4x6gKJV1l07XKnq49dN0ZKijr8PZWJu6URBU
oZNIxJmjq7wRP0LN+u5lVtuYmJe2ADnEaQ5YwKBy2T6vYaXq8z+MfsBc2aISI6i3
YX95OYajT45DggEjfuK685EshA4Dh3qFP8ErWf/02srxyHQ=
-----END CERTIFICATE-----