Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/VSeSuBv33yJ-HDgum5tC6vV8pRg.roa
File:                     VSeSuBv33yJ-HDgum5tC6vV8pRg.roa (raw, json)
Hash identifier:          eA68MyfAuXS0Wh9DEz05tzwYxlwwI5jsKFA64DFzjLA=
Subject key identifier:   55:27:92:B8:1B:F7:DF:22:7E:1C:38:2E:9B:9B:42:EA:F5:7C:A5:18
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF93C21E16EB8C20079D02A4386AF8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/VSeSuBv33yJ-HDgum5tC6vV8pRg.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        193.34.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:93:c2:1e:16:eb:8c:20:07:9d:02:a4:38:6a:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=552792b81bf7df227e1c382e9b9b42eaf57ca518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f6:a9:c9:fc:5a:17:cc:27:d9:23:1d:b8:d3:
                    29:9c:f4:62:08:9c:1c:fd:f9:9a:1f:ee:ee:84:f5:
                    b3:ed:ad:1f:b6:9f:17:9f:78:0d:16:81:21:d5:1d:
                    aa:bc:7c:2a:e5:06:6b:76:0c:20:e9:31:56:fc:e9:
                    7a:2a:66:50:3d:aa:e0:27:f8:91:91:19:e1:8f:0c:
                    37:b8:0e:42:ab:c8:eb:c7:25:90:30:31:00:7b:d8:
                    c0:5c:97:ab:6a:3c:19:08:e8:90:58:dc:a7:51:4b:
                    22:17:62:77:7d:79:82:23:d9:cb:92:f7:56:e5:35:
                    ec:1f:57:2a:e3:61:0e:7b:3d:ca:dd:53:ee:34:93:
                    ab:53:28:cb:ea:11:91:d1:f3:48:7a:6f:70:ee:d1:
                    c8:d0:3a:76:b0:75:a8:17:99:28:41:e1:08:40:00:
                    91:5e:30:49:ad:86:44:f1:d4:b7:8f:4c:45:c3:3a:
                    1a:53:e6:ec:eb:26:70:3d:7a:87:08:78:f6:3f:5c:
                    d3:80:82:46:9d:b2:1f:39:f3:3d:28:19:08:a9:84:
                    b1:00:1e:7d:5d:82:84:6d:9d:56:c8:23:98:da:b1:
                    aa:16:2c:a6:55:f7:19:d9:42:a9:d5:d7:8a:ab:0e:
                    e3:1e:35:be:c4:e7:1b:f4:2b:23:4f:48:59:5b:f4:
                    ef:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:27:92:B8:1B:F7:DF:22:7E:1C:38:2E:9B:9B:42:EA:F5:7C:A5:18
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/VSeSuBv33yJ-HDgum5tC6vV8pRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:fd:55:4f:1d:c5:97:13:98:00:b1:6a:d7:54:70:d0:de:33:
         8d:c4:94:3f:75:b1:22:26:3e:c6:33:55:06:9b:48:c7:1b:fe:
         c3:4f:55:ba:84:32:bc:65:a8:32:12:8d:b7:63:16:30:92:44:
         fb:81:f8:58:94:24:1b:4d:27:e9:d7:eb:42:6f:e0:25:ff:c2:
         3d:a7:66:74:35:7f:41:08:a0:95:28:2e:40:c4:4f:b5:7f:3e:
         9c:39:ec:cd:f5:71:86:a8:30:91:9f:20:44:25:38:e4:02:56:
         e1:3c:35:43:05:a2:0f:ba:90:dd:7a:0e:c0:90:d5:34:f6:76:
         72:78:24:5f:56:e9:fc:1c:af:70:6b:6b:56:96:20:9c:39:ad:
         dc:ae:fa:61:e4:e6:f7:f8:f3:bc:56:68:ed:d9:f2:55:7e:5a:
         cb:6c:71:d0:b4:a6:84:e4:f7:c5:81:22:20:e2:26:62:7c:68:
         05:c4:bd:1f:8e:b7:c4:2e:ec:5b:b8:74:5b:0a:c7:bf:2d:14:
         52:7b:00:61:a5:b9:93:0c:3e:ca:87:9e:90:76:13:1e:0b:38:
         24:26:02:90:57:3d:0c:46:f7:47:de:21:9f:2b:82:6b:f3:e4:
         db:29:87:1e:56:4f:64:98:41:9b:90:b5:32:57:94:7d:e5:b4:
         5d:4a:20:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35PCHhbrjCAHnQKkOGr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTI3OTJiODFiZjdkZjIyN2UxYzM4MmU5YjliNDJlYWY1N2NhNTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPapyfxaF8wn2SMduNMpnPRiCJwc
/fmaH+7uhPWz7a0ftp8Xn3gNFoEh1R2qvHwq5QZrdgwg6TFW/Ol6KmZQPargJ/iR
kRnhjww3uA5Cq8jrxyWQMDEAe9jAXJerajwZCOiQWNynUUsiF2J3fXmCI9nLkvdW
5TXsH1cq42EOez3K3VPuNJOrUyjL6hGR0fNIem9w7tHI0Dp2sHWoF5koQeEIQACR
XjBJrYZE8dS3j0xFwzoaU+bs6yZwPXqHCHj2P1zTgIJGnbIfOfM9KBkIqYSxAB59
XYKEbZ1WyCOY2rGqFiymVfcZ2UKp1deKqw7jHjW+xOcb9CsjT0hZW/TvUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUnkrgb998ifhw4LpubQur1fKUYMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVlNlU3VCdjMzeUotSERndW01dEM2dlY4cFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSLoMA0G
CSqGSIb3DQEBCwUAA4IBAQA9/VVPHcWXE5gAsWrXVHDQ3jONxJQ/dbEiJj7GM1UG
m0jHG/7DT1W6hDK8ZagyEo23YxYwkkT7gfhYlCQbTSfp1+tCb+Al/8I9p2Z0NX9B
CKCVKC5AxE+1fz6cOezN9XGGqDCRnyBEJTjkAlbhPDVDBaIPupDdeg7AkNU09nZy
eCRfVun8HK9wa2tWliCcOa3crvph5Ob3+PO8Vmjt2fJVflrLbHHQtKaE5PfFgSIg
4iZifGgFxL0fjrfELuxbuHRbCse/LRRSewBhpbmTDD7Kh56QdhMeCzgkJgKQVz0M
RvdH3iGfK4Jr8+TbKYceVk9kmEGbkLUyV5R95bRdSiDT
-----END CERTIFICATE-----