Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/VPNe19xvXzWoRGMIFX7-3BDvCy4.roa
File:                     VPNe19xvXzWoRGMIFX7-3BDvCy4.roa (raw, json)
Hash identifier:          Xjgf+vzurd/vncL7NiVWDAtL7P/PLCpabCTrIajDNzg=
Subject key identifier:   54:F3:5E:D7:DC:6F:5F:35:A8:44:63:08:15:7E:FE:DC:10:EF:0B:2E
Certificate issuer:       /CN=29878a2888c9ac3123c795ff9681f1957ca0f964
Certificate serial:       018CCA99A89CD31E8E92F5A827B3843D8988
Authority key identifier: 29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/VPNe19xvXzWoRGMIFX7-3BDvCy4.roa
Signing time:             Tue 02 Jan 2024 14:35:16 +0000
ROA not before:           Tue 02 Jan 2024 14:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50304
IP address blocks:        185.97.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a8:9c:d3:1e:8e:92:f5:a8:27:b3:84:3d:89:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29878a2888c9ac3123c795ff9681f1957ca0f964
        Validity
            Not Before: Jan  2 14:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54f35ed7dc6f5f35a8446308157efedc10ef0b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1a:24:55:55:45:a0:3d:53:9a:6f:31:ad:8b:
                    c7:ae:01:d2:93:6e:7e:2d:5a:25:0f:61:4f:b0:87:
                    c1:c5:f7:58:d2:10:06:28:28:f4:c3:01:10:94:a5:
                    a2:4b:82:c0:06:98:81:fa:d9:6f:df:ef:e8:45:3b:
                    9b:22:39:3c:db:48:06:08:6c:70:22:97:5e:8d:42:
                    1c:78:99:9c:a8:b5:27:54:12:ba:3b:55:1f:9f:ba:
                    fc:10:77:cc:73:88:74:50:58:24:7e:9d:ee:8a:a3:
                    94:e3:c8:86:f9:9b:34:9b:37:a8:43:d7:c6:24:a9:
                    6d:94:9f:ff:3e:92:27:cb:8f:71:f0:1f:91:43:96:
                    86:a6:d4:50:85:93:c0:dd:fa:02:4f:a2:52:b9:f3:
                    b6:d8:ea:bb:41:3f:27:3c:02:08:8a:f5:ac:2d:43:
                    68:b0:3e:da:88:ce:79:60:da:85:63:8b:b7:77:d7:
                    90:2d:45:a5:c6:e9:2d:fb:41:8a:44:34:14:02:4a:
                    45:9e:9d:1a:25:a5:37:ca:4d:36:09:3d:9c:14:8a:
                    9b:04:50:56:59:dd:03:45:13:ba:48:7e:b3:2b:06:
                    70:e5:fd:cd:b3:a1:d4:82:e1:5f:66:77:67:f5:89:
                    c4:39:77:80:47:c3:69:92:0d:57:1e:af:37:93:59:
                    d0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F3:5E:D7:DC:6F:5F:35:A8:44:63:08:15:7E:FE:DC:10:EF:0B:2E
            X509v3 Authority Key Identifier:
                keyid:29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/VPNe19xvXzWoRGMIFX7-3BDvCy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:07:40:ce:39:84:96:4a:94:69:d3:ed:a1:d4:e0:8e:9d:23:
         bf:57:15:df:3e:24:d6:09:18:ae:8d:5b:da:c6:e1:13:8c:20:
         6d:82:a5:ee:cf:09:fe:0f:c2:e9:00:2c:b2:0f:fa:24:03:44:
         96:0e:6a:2c:21:2d:a1:4f:2a:69:8b:b7:65:e5:ba:5c:ef:d6:
         17:8d:75:33:80:c2:7b:47:98:14:b9:67:00:e9:d3:c7:a9:19:
         6c:80:68:5f:7a:77:14:c8:c6:65:90:87:8c:eb:fe:b9:46:45:
         1e:1b:64:fa:3a:63:2e:b6:47:4d:5d:c3:1e:a3:57:3e:54:78:
         65:dc:39:a3:fa:a6:49:50:95:a6:c4:7b:4c:7d:2d:33:fb:aa:
         33:6b:69:ec:5f:92:f3:0a:83:f2:ee:0c:33:1b:69:49:a8:4a:
         98:90:a2:24:f2:78:c9:70:15:b7:63:ab:de:a2:56:ea:22:07:
         32:70:c1:27:37:c0:c3:52:36:c3:76:d0:e6:24:41:0c:7c:ad:
         e5:07:3c:6b:69:11:c9:c3:68:06:67:02:d4:40:3b:25:7a:ba:
         a6:92:c2:04:fa:74:6a:a3:9b:43:01:d1:31:a1:47:13:bb:c1:
         16:a1:ec:0d:8c:f6:c3:e8:8d:e2:50:aa:3c:d9:17:96:aa:5b:
         27:9a:46:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmaic0x6OkvWoJ7OEPYmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODc4YTI4ODhjOWFjMzEyM2M3OTVmZjk2ODFmMTk1N2Nh
MGY5NjQwHhcNMjQwMTAyMTQzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGYzNWVkN2RjNmY1ZjM1YTg0NDYzMDgxNTdlZmVkYzEwZWYwYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxokVVVFoD1Tmm8xrYvHrgHSk25+
LVolD2FPsIfBxfdY0hAGKCj0wwEQlKWiS4LABpiB+tlv3+/oRTubIjk820gGCGxw
IpdejUIceJmcqLUnVBK6O1Ufn7r8EHfMc4h0UFgkfp3uiqOU48iG+Zs0mzeoQ9fG
JKltlJ//PpIny49x8B+RQ5aGptRQhZPA3foCT6JSufO22Oq7QT8nPAIIivWsLUNo
sD7aiM55YNqFY4u3d9eQLUWlxukt+0GKRDQUAkpFnp0aJaU3yk02CT2cFIqbBFBW
Wd0DRRO6SH6zKwZw5f3Ns6HUguFfZndn9YnEOXeAR8Npkg1XHq83k1nQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTzXtfcb181qERjCBV+/twQ7wsuMB8GA1UdIwQY
MBaAFCmHiiiIyawxI8eV/5aB8ZV8oPlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDIt
NTE3NTFiMjlmOGI0LzEvVlBOZTE5eHZYeldvUkdNSUZYNy0zQkR2Q3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDItNTE3NTFiMjlmOGI0
LzEvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWHXMA0G
CSqGSIb3DQEBCwUAA4IBAQCKB0DOOYSWSpRp0+2h1OCOnSO/VxXfPiTWCRiujVva
xuETjCBtgqXuzwn+D8LpACyyD/okA0SWDmosIS2hTyppi7dl5bpc79YXjXUzgMJ7
R5gUuWcA6dPHqRlsgGhfencUyMZlkIeM6/65RkUeG2T6OmMutkdNXcMeo1c+VHhl
3Dmj+qZJUJWmxHtMfS0z+6oza2nsX5LzCoPy7gwzG2lJqEqYkKIk8njJcBW3Y6ve
olbqIgcycMEnN8DDUjbDdtDmJEEMfK3lBzxraRHJw2gGZwLUQDslerqmksIE+nRq
o5tDAdExoUcTu8EWoewNjPbD6I3iUKo82ReWqlsnmkYL
-----END CERTIFICATE-----