Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vDGYWejcrtAFAm-yxpz7OVscFlY.roa
File:                     vDGYWejcrtAFAm-yxpz7OVscFlY.roa (raw, json)
Hash identifier:          hom+rdaNB3lNVCjJtAoBBdBmmya7SnH2Ulg2Xz2BdRE=
Subject key identifier:   BC:31:98:59:E8:DC:AE:D0:05:02:6F:B2:C6:9C:FB:39:5B:1C:16:56
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A6BE38063383E0DEDDF33A7A63235
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vDGYWejcrtAFAm-yxpz7OVscFlY.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        195.133.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6b:e3:80:63:38:3e:0d:ed:df:33:a7:a6:32:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc319859e8dcaed005026fb2c69cfb395b1c1656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ac:c4:71:06:fb:f8:8f:19:a9:cd:a5:13:b4:
                    3d:ce:15:e0:ed:b0:ff:62:1e:9a:20:2f:de:65:ba:
                    e9:2d:38:24:91:83:59:9c:ab:b6:a7:3b:2e:79:02:
                    88:2f:34:56:94:20:c9:4e:30:a7:0e:6a:f2:f6:e0:
                    b1:c9:69:97:4e:d9:5c:6f:c6:ab:25:c7:89:2b:b1:
                    66:a2:52:6e:b6:f0:9d:f9:13:fa:82:88:e4:38:30:
                    aa:99:ee:92:3c:46:f9:c8:51:7d:22:22:f0:80:79:
                    b4:bb:30:fd:2b:c9:ee:7a:dd:8e:92:51:fb:f0:ad:
                    bd:ca:2a:63:21:55:f8:e9:cc:be:5e:9c:d3:f3:0e:
                    10:77:ba:8e:96:59:4c:6a:ed:77:c4:02:42:31:7f:
                    d4:d9:f8:ac:f7:d4:89:30:60:ff:f5:97:e3:eb:8c:
                    14:53:78:45:c2:3d:36:ee:bf:0d:76:db:0f:8e:5d:
                    a3:af:bc:5b:9e:fa:81:db:7f:ec:6d:1c:c7:71:4d:
                    5c:52:c3:4e:68:e9:84:52:93:df:b5:09:f3:7b:e9:
                    54:a5:12:da:05:1b:05:ef:dd:aa:07:16:55:fc:c3:
                    48:40:67:b2:14:fc:bf:ba:a5:11:34:a9:c7:7f:88:
                    e4:21:99:29:fc:4c:74:08:3b:d6:15:cc:c4:2e:c8:
                    e0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:31:98:59:E8:DC:AE:D0:05:02:6F:B2:C6:9C:FB:39:5B:1C:16:56
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vDGYWejcrtAFAm-yxpz7OVscFlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:07:83:e6:ae:e3:4a:65:91:78:12:28:53:d4:26:e2:cb:5e:
         3d:9b:19:18:c2:fb:1b:35:f4:14:7c:19:c1:0c:ba:72:bf:fd:
         81:db:39:37:ab:a8:a7:41:60:df:68:f2:1c:ea:1a:0a:36:58:
         c8:2a:b5:20:02:c6:a1:aa:6e:15:25:e4:19:e7:c9:29:94:08:
         58:39:af:6e:08:b0:75:55:94:94:8b:e9:ec:51:da:91:9e:53:
         8f:2e:d4:dc:51:7f:89:44:29:e3:dc:36:10:03:cf:89:31:15:
         dc:ad:28:7b:bb:ff:b4:41:fd:5a:cc:25:f8:1f:85:3f:76:03:
         44:3f:58:d6:f6:d5:fc:b7:11:25:bb:e3:15:cd:81:7e:80:e1:
         33:02:ca:8e:62:e3:0b:ae:04:8e:9c:05:3d:ae:47:9c:3f:62:
         a8:74:a0:82:f1:70:f7:a5:9d:33:6a:18:97:5f:d0:98:02:59:
         49:58:2e:96:fb:47:88:a1:df:ea:da:a6:a7:80:32:65:10:02:
         d8:65:ff:a7:33:2f:b5:aa:78:66:14:46:24:56:6d:0d:bc:7a:
         8a:25:c1:a9:5b:2f:21:3d:58:b7:0d:a5:b3:50:8d:1a:83:e1:
         bf:fa:d4:62:f4:94:4d:b2:87:01:5d:fc:71:c0:a5:d7:9d:7c:
         71:94:63:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmvjgGM4Pg3t3zOnpjI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzMxOTg1OWU4ZGNhZWQwMDUwMjZmYjJjNjljZmIzOTViMWMxNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKzEcQb7+I8Zqc2lE7Q9zhXg7bD/
Yh6aIC/eZbrpLTgkkYNZnKu2pzsueQKILzRWlCDJTjCnDmry9uCxyWmXTtlcb8ar
JceJK7FmolJutvCd+RP6gojkODCqme6SPEb5yFF9IiLwgHm0uzD9K8nuet2OklH7
8K29yipjIVX46cy+XpzT8w4Qd7qOlllMau13xAJCMX/U2fis99SJMGD/9Zfj64wU
U3hFwj027r8NdtsPjl2jr7xbnvqB23/sbRzHcU1cUsNOaOmEUpPftQnze+lUpRLa
BRsF792qBxZV/MNIQGeyFPy/uqURNKnHf4jkIZkp/Ex0CDvWFczELsjg8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwxmFno3K7QBQJvssac+zlbHBZWMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdkRHWVdlamNydEFGQW0teXhwejdPVnNjRmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4VcMA0G
CSqGSIb3DQEBCwUAA4IBAQBNB4PmruNKZZF4EihT1Cbiy149mxkYwvsbNfQUfBnB
DLpyv/2B2zk3q6inQWDfaPIc6hoKNljIKrUgAsahqm4VJeQZ58kplAhYOa9uCLB1
VZSUi+nsUdqRnlOPLtTcUX+JRCnj3DYQA8+JMRXcrSh7u/+0Qf1azCX4H4U/dgNE
P1jW9tX8txElu+MVzYF+gOEzAsqOYuMLrgSOnAU9rkecP2KodKCC8XD3pZ0zahiX
X9CYAllJWC6W+0eIod/q2qangDJlEALYZf+nMy+1qnhmFEYkVm0NvHqKJcGpWy8h
PVi3DaWzUI0ag+G/+tRi9JRNsocBXfxxwKXXnXxxlGMP
-----END CERTIFICATE-----