Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/vJNbCXUpj5SCJuTJ-zCPyYMClHw.roa
File:                     vJNbCXUpj5SCJuTJ-zCPyYMClHw.roa (raw, json)
Hash identifier:          ApUqpPAQMxhh04vyyjK6QO8vPBIO/R3iSkjGSXrzzCo=
Subject key identifier:   BC:93:5B:09:75:29:8F:94:82:26:E4:C9:FB:30:8F:C9:83:02:94:7C
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018CC7956B7EF4CAB9F56191494236336ED1
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/vJNbCXUpj5SCJuTJ-zCPyYMClHw.roa
Signing time:             Tue 02 Jan 2024 00:31:47 +0000
ROA not before:           Tue 02 Jan 2024 00:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205715
IP address blocks:        188.95.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6b:7e:f4:ca:b9:f5:61:91:49:42:36:33:6e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 00:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc935b0975298f948226e4c9fb308fc98302947c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ba:3e:6d:76:e4:93:23:e8:73:57:5c:20:65:
                    c0:60:07:9a:95:01:de:54:26:14:9d:b4:3c:31:54:
                    00:f3:5a:e0:63:2c:56:c7:4c:93:e3:1c:b7:d4:5d:
                    4d:7a:38:c2:01:23:ad:7e:94:52:3d:21:5d:bc:04:
                    00:60:8a:85:7f:bc:42:2c:31:6b:dd:ed:bc:8b:65:
                    c0:a5:72:ec:4d:0d:40:1b:7d:6d:df:29:73:22:66:
                    49:8d:0e:d9:77:38:42:7d:3b:8d:a7:70:8a:74:1b:
                    c5:9c:58:78:f7:94:02:36:0e:f1:f4:aa:88:47:bd:
                    9d:e4:85:7f:09:ef:de:65:54:32:4c:c5:58:e1:64:
                    fa:41:d0:c1:8c:7b:2b:09:53:6b:a7:a0:bf:49:23:
                    86:e9:92:c5:e3:3a:54:3e:70:74:20:9e:2c:f0:39:
                    3e:26:87:09:88:42:9b:bd:e7:01:ce:7a:21:0a:b6:
                    b6:ef:78:1e:c4:7b:d5:86:b8:98:0f:a7:15:32:4a:
                    de:9f:b5:e6:a0:59:b8:5e:e7:55:b3:bc:90:fd:cf:
                    08:4d:c0:cf:1c:66:3b:73:e7:ad:a1:f6:d5:0e:7c:
                    ac:46:d6:c6:e6:6f:ac:6d:d7:c7:e9:b4:ab:3e:74:
                    19:52:4f:4a:46:84:a0:57:fa:04:5b:92:f7:67:af:
                    a3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:93:5B:09:75:29:8F:94:82:26:E4:C9:FB:30:8F:C9:83:02:94:7C
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/vJNbCXUpj5SCJuTJ-zCPyYMClHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:15:25:4c:31:95:74:45:b9:46:12:03:07:54:2f:d8:57:4c:
         63:dd:b4:49:92:77:38:b7:05:ed:3f:75:f5:f6:36:fd:f4:74:
         b9:a3:72:15:59:6e:9a:5c:1d:4e:9d:f6:57:f6:80:1b:ba:d0:
         70:90:b4:16:eb:dc:fa:85:74:52:bc:4e:fd:6d:58:ed:97:5c:
         1f:ab:81:f5:62:43:1a:ad:e7:40:93:82:e6:45:25:83:3b:0e:
         a3:4d:7d:e5:30:8f:ea:8d:3c:f4:57:3d:3b:e2:df:f5:42:b2:
         63:a9:0d:99:00:e2:8e:0e:2e:c2:48:75:f4:22:ac:47:8a:31:
         4b:93:40:a5:23:79:6a:2f:e0:b0:58:58:06:b4:73:78:06:6f:
         59:c9:4b:1d:d6:59:0b:e5:b9:ce:53:ea:e2:88:7b:14:bf:bc:
         5b:d7:9c:98:d2:e3:28:05:89:b9:30:14:db:6d:ce:0b:85:40:
         2f:71:a7:a1:fc:85:df:c2:87:fd:ec:f0:32:64:8c:f9:f4:f5:
         e3:0a:16:2e:d4:96:27:f5:3b:2e:b7:3f:6b:98:97:9d:26:79:
         74:e2:48:44:34:5b:e8:7f:a3:bc:57:4e:2a:c9:61:6e:31:44:
         f4:18:ad:7d:e2:a7:89:04:e9:cd:14:eb:df:9d:50:13:78:51:
         b3:42:cb:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWt+9Mq59WGRSUI2M27RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwMTAyMDAzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzkzNWIwOTc1Mjk4Zjk0ODIyNmU0YzlmYjMwOGZjOTgzMDI5NDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7o+bXbkkyPoc1dcIGXAYAealQHe
VCYUnbQ8MVQA81rgYyxWx0yT4xy31F1NejjCASOtfpRSPSFdvAQAYIqFf7xCLDFr
3e28i2XApXLsTQ1AG31t3ylzImZJjQ7ZdzhCfTuNp3CKdBvFnFh495QCNg7x9KqI
R72d5IV/Ce/eZVQyTMVY4WT6QdDBjHsrCVNrp6C/SSOG6ZLF4zpUPnB0IJ4s8Dk+
JocJiEKbvecBznohCra273gexHvVhriYD6cVMkren7XmoFm4XudVs7yQ/c8ITcDP
HGY7c+etofbVDnysRtbG5m+sbdfH6bSrPnQZUk9KRoSgV/oEW5L3Z6+jxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyTWwl1KY+Ugibkyfswj8mDApR8MB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvdkpOYkNYVXBqNVNDSnVUSi16Q1B5WU1DbEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvF+UMA0G
CSqGSIb3DQEBCwUAA4IBAQCRFSVMMZV0RblGEgMHVC/YV0xj3bRJknc4twXtP3X1
9jb99HS5o3IVWW6aXB1OnfZX9oAbutBwkLQW69z6hXRSvE79bVjtl1wfq4H1YkMa
redAk4LmRSWDOw6jTX3lMI/qjTz0Vz074t/1QrJjqQ2ZAOKODi7CSHX0IqxHijFL
k0ClI3lqL+CwWFgGtHN4Bm9ZyUsd1lkL5bnOU+riiHsUv7xb15yY0uMoBYm5MBTb
bc4LhUAvcaeh/IXfwof97PAyZIz59PXjChYu1JYn9Tsutz9rmJedJnl04khENFvo
f6O8V04qyWFuMUT0GK194qeJBOnNFOvfnVATeFGzQsvi
-----END CERTIFICATE-----