Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/VbxgvESLIDiOBpyA2c1Mwqa8vpw.roa
File:                     VbxgvESLIDiOBpyA2c1Mwqa8vpw.roa (raw, json)
Hash identifier:          g8y/lryofHlFPuEugXWZP8Jb8WCzwq/LgCo0CtW87Dk=
Subject key identifier:   55:BC:60:BC:44:8B:20:38:8E:06:9C:80:D9:CD:4C:C2:A6:BC:BE:9C
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018F052D5764B7E2DF637863595C29C778FE
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/VbxgvESLIDiOBpyA2c1Mwqa8vpw.roa
Signing time:             Mon 22 Apr 2024 09:40:08 +0000
ROA not before:           Mon 22 Apr 2024 09:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        141.98.137.0/24 maxlen: 24
                          141.98.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:2d:57:64:b7:e2:df:63:78:63:59:5c:29:c7:78:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Apr 22 09:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55bc60bc448b20388e069c80d9cd4cc2a6bcbe9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ef:56:8c:e1:5e:25:3f:bf:36:9a:20:b4:d9:
                    c0:9e:32:db:29:67:32:89:90:7c:a9:3d:96:d5:97:
                    f7:56:58:90:6c:b7:c7:c0:90:24:ea:e7:cb:04:20:
                    7a:ad:d7:cc:f6:7d:fa:d0:57:28:ac:1e:bc:62:62:
                    6b:d1:00:3c:4f:d6:df:94:30:ae:7a:5b:52:2a:9a:
                    fa:da:11:6c:f6:00:4a:7b:f1:8c:27:8c:a0:5b:bd:
                    e7:4c:18:db:78:b1:28:9f:bc:67:22:b0:50:42:a9:
                    b2:76:b5:00:91:7b:13:e9:99:13:c2:22:c5:65:ff:
                    bc:89:e4:a0:65:8a:3f:3c:2f:90:32:00:0c:17:74:
                    f5:a1:4b:c0:22:27:68:d2:59:33:17:ca:95:78:25:
                    14:fc:3a:33:ad:82:f3:ee:7f:b6:af:61:4b:2b:e8:
                    f5:73:52:6b:2f:05:ee:ff:1e:4e:6f:eb:12:0c:0f:
                    30:4a:e2:d0:49:8b:dd:c4:cc:b7:a6:79:e0:fa:73:
                    e3:56:d4:87:a6:11:fe:e7:73:90:51:59:c5:83:2f:
                    7d:68:05:34:02:34:e5:a3:e4:c5:58:05:c3:5d:6b:
                    a1:49:d6:b6:f9:1b:20:5c:73:89:13:f5:d8:f8:a8:
                    04:ab:8e:93:40:75:5e:1f:65:fc:82:00:20:5d:c5:
                    3a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:BC:60:BC:44:8B:20:38:8E:06:9C:80:D9:CD:4C:C2:A6:BC:BE:9C
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/VbxgvESLIDiOBpyA2c1Mwqa8vpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.137.0/24
                  141.98.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:44:b5:43:1a:cd:9c:13:4d:35:6d:97:04:da:82:dd:a5:b4:
         71:4e:7d:7c:17:30:96:3f:6e:5d:7b:9d:75:54:5d:c5:af:6e:
         e3:f1:56:e6:1f:d6:1a:85:a0:92:6f:7e:93:27:c1:b9:33:4a:
         01:99:a9:0d:b1:97:30:07:db:73:6a:14:fe:ae:eb:84:98:0f:
         31:a8:e0:f5:b9:84:58:ba:00:43:eb:1b:5a:31:59:e4:f9:a5:
         4a:df:7b:b9:86:17:c0:b1:77:eb:16:79:91:46:c9:8a:fc:a9:
         68:72:88:5a:ee:79:75:5f:5f:f6:29:90:38:d3:2b:31:36:fb:
         88:ca:dd:30:fb:df:8c:02:aa:82:5d:19:ae:8d:c3:9f:10:fd:
         03:c4:00:e6:7b:14:d4:bf:ed:9d:fa:7b:4b:f6:20:e3:ba:48:
         d1:17:41:8e:e9:ee:3e:e7:b0:7f:44:df:97:54:40:c0:0c:74:
         96:b8:a1:0a:11:5d:6a:cf:51:78:01:9e:f8:93:2e:0b:19:17:
         9b:79:02:9f:2b:ff:79:9a:cb:96:cd:40:d9:74:94:e3:93:6c:
         3b:21:46:76:ca:e4:ab:f4:01:51:e8:14:9d:e5:be:52:33:2c:
         a9:f3:55:4f:25:d3:df:76:f2:c9:8e:43:27:c5:42:e4:a1:e1:
         ef:ef:d4:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8FLVdkt+LfY3hjWVwpx3j+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwNDIyMDk0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWJjNjBiYzQ0OGIyMDM4OGUwNjljODBkOWNkNGNjMmE2YmNiZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke9WjOFeJT+/NpogtNnAnjLbKWcy
iZB8qT2W1Zf3VliQbLfHwJAk6ufLBCB6rdfM9n360FcorB68YmJr0QA8T9bflDCu
eltSKpr62hFs9gBKe/GMJ4ygW73nTBjbeLEon7xnIrBQQqmydrUAkXsT6ZkTwiLF
Zf+8ieSgZYo/PC+QMgAMF3T1oUvAIido0lkzF8qVeCUU/DozrYLz7n+2r2FLK+j1
c1JrLwXu/x5Ob+sSDA8wSuLQSYvdxMy3pnng+nPjVtSHphH+53OQUVnFgy99aAU0
AjTlo+TFWAXDXWuhSda2+RsgXHOJE/XY+KgEq46TQHVeH2X8ggAgXcU6EwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFW8YLxEiyA4jgacgNnNTMKmvL6cMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvVmJ4Z3ZFU0xJRGlPQnB5QTJjMU13cWE4dnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjWKJAwQA
jWKLMA0GCSqGSIb3DQEBCwUAA4IBAQBxRLVDGs2cE001bZcE2oLdpbRxTn18FzCW
P25de511VF3Fr27j8VbmH9YahaCSb36TJ8G5M0oBmakNsZcwB9tzahT+ruuEmA8x
qOD1uYRYugBD6xtaMVnk+aVK33u5hhfAsXfrFnmRRsmK/Klocoha7nl1X1/2KZA4
0ysxNvuIyt0w+9+MAqqCXRmujcOfEP0DxADmexTUv+2d+ntL9iDjukjRF0GO6e4+
57B/RN+XVEDADHSWuKEKEV1qz1F4AZ74ky4LGRebeQKfK/95msuWzUDZdJTjk2w7
IUZ2yuSr9AFR6BSd5b5SMyyp81VPJdPfdvLJjkMnxULkoeHv79Rk
-----END CERTIFICATE-----