Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/vce4Pv7LwyzcUvbBN_CuNcpJniM.roa
File:                     vce4Pv7LwyzcUvbBN_CuNcpJniM.roa (raw, json)
Hash identifier:          6PDBUg0bTgjRA+p5LcVEi5duXYN8HAPexhew7/AzV0E=
Subject key identifier:   BD:C7:B8:3E:FE:CB:C3:2C:DC:52:F6:C1:37:F0:AE:35:CA:49:9E:23
Certificate issuer:       /CN=659a6b975eafd2ce51468723814355f56c55bafb
Certificate serial:       018CC94CD5BCDB016087AA749177975E9725
Authority key identifier: 65:9A:6B:97:5E:AF:D2:CE:51:46:87:23:81:43:55:F5:6C:55:BA:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZprl16v0s5RRocjgUNV9WxVuvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/vce4Pv7LwyzcUvbBN_CuNcpJniM.roa
Signing time:             Tue 02 Jan 2024 08:31:45 +0000
ROA not before:           Tue 02 Jan 2024 08:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        194.125.232.0/22 maxlen: 24
                          194.242.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/ZZprl16v0s5RRocjgUNV9WxVuvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/ZZprl16v0s5RRocjgUNV9WxVuvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZprl16v0s5RRocjgUNV9WxVuvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d5:bc:db:01:60:87:aa:74:91:77:97:5e:97:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659a6b975eafd2ce51468723814355f56c55bafb
        Validity
            Not Before: Jan  2 08:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdc7b83efecbc32cdc52f6c137f0ae35ca499e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:da:54:ca:05:7d:fc:38:89:c9:f7:e6:d4:
                    03:f2:b3:48:2a:35:cb:80:94:0e:d2:87:d0:b6:c5:
                    11:86:82:df:94:c5:bd:df:6c:b5:5b:d4:94:32:b4:
                    20:d2:2d:d1:ab:01:75:6a:26:d1:5c:d6:96:0a:72:
                    83:80:9d:a4:1e:71:fd:6c:47:8c:e0:06:03:8a:7d:
                    7a:76:e0:26:93:1e:85:ce:91:61:ec:4c:3e:68:f4:
                    fa:ca:0e:77:b1:38:13:45:f1:1e:80:7e:70:85:e1:
                    71:b8:81:e6:44:f7:83:b7:ad:df:a2:18:13:b2:5c:
                    ee:0e:cf:a1:2a:d0:f5:5a:5b:aa:2d:76:15:62:f0:
                    25:19:2e:31:8d:3d:fe:bf:28:e5:68:01:da:29:e8:
                    27:9d:30:66:66:ea:89:ed:86:d4:cb:1c:af:e3:31:
                    dd:c9:12:66:d3:52:e9:76:d0:a0:45:78:fe:bf:39:
                    e9:85:db:5e:7a:a9:57:a3:ae:7a:20:10:96:57:66:
                    b8:6f:c7:3d:e7:de:46:b5:2c:c7:97:54:f6:79:2d:
                    ec:ba:d1:c8:58:89:6e:c1:89:d3:7b:1e:d3:bf:2b:
                    37:99:c4:2a:00:27:24:2b:60:7c:c2:20:e6:30:82:
                    1b:64:e5:38:96:4a:17:02:7e:1c:18:e9:2a:4e:60:
                    e7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C7:B8:3E:FE:CB:C3:2C:DC:52:F6:C1:37:F0:AE:35:CA:49:9E:23
            X509v3 Authority Key Identifier:
                keyid:65:9A:6B:97:5E:AF:D2:CE:51:46:87:23:81:43:55:F5:6C:55:BA:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZprl16v0s5RRocjgUNV9WxVuvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/vce4Pv7LwyzcUvbBN_CuNcpJniM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/170422-39ad-499c-bbfd-eff3cdcbd00a/1/ZZprl16v0s5RRocjgUNV9WxVuvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.125.232.0/22
                  194.242.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:32:d9:6a:ce:e6:f4:14:71:21:d9:f8:95:05:1a:25:6a:12:
         d9:e5:4e:ed:c6:a2:47:8c:82:1e:08:56:6b:8d:57:9c:83:6f:
         cb:64:00:e7:af:41:9a:04:d4:81:2b:a3:cb:d4:0f:2b:d5:e3:
         b6:2b:6a:a7:ff:60:e0:31:dc:8b:a8:19:9a:68:d4:2a:52:77:
         e9:38:9f:30:fa:b6:83:92:a8:7c:91:7b:32:f5:dc:4b:9c:5b:
         25:2b:08:4d:37:1b:60:b9:21:a3:28:cd:6e:04:01:51:43:ce:
         58:2f:44:08:dd:a6:40:af:dc:17:4e:01:bb:67:62:d9:43:f1:
         25:bc:81:eb:e2:dd:fb:67:87:29:31:99:12:45:57:04:29:ce:
         33:6c:dd:b4:fa:0d:6b:4f:02:1d:e2:22:f4:00:05:70:f1:cb:
         04:84:12:cd:af:f4:04:7e:34:96:58:a2:3b:ce:02:8e:c1:a0:
         b7:99:7c:28:56:76:e7:51:3d:47:88:a6:0a:aa:81:93:34:49:
         7d:44:c9:3b:cb:47:10:71:60:ee:77:10:6e:e0:b6:41:64:b3:
         b7:5f:52:a9:15:ec:bb:d3:29:e1:dd:e7:ae:6e:8c:c4:f8:72:
         ef:02:94:96:4f:04:aa:b7:44:63:c4:f0:37:82:72:b4:0e:d3:
         b9:3e:07:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTNW82wFgh6p0kXeXXpclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OWE2Yjk3NWVhZmQyY2U1MTQ2ODcyMzgxNDM1NWY1NmM1
NWJhZmIwHhcNMjQwMTAyMDgzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM3YjgzZWZlY2JjMzJjZGM1MmY2YzEzN2YwYWUzNWNhNDk5ZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0znaVMoFffw4icn35tQD8rNIKjXL
gJQO0ofQtsURhoLflMW932y1W9SUMrQg0i3RqwF1aibRXNaWCnKDgJ2kHnH9bEeM
4AYDin16duAmkx6FzpFh7Ew+aPT6yg53sTgTRfEegH5wheFxuIHmRPeDt63fohgT
slzuDs+hKtD1WluqLXYVYvAlGS4xjT3+vyjlaAHaKegnnTBmZuqJ7YbUyxyv4zHd
yRJm01LpdtCgRXj+vznphdteeqlXo656IBCWV2a4b8c9595GtSzHl1T2eS3sutHI
WIluwYnTex7Tvys3mcQqACckK2B8wiDmMIIbZOU4lkoXAn4cGOkqTmDnmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL3HuD7+y8Ms3FL2wTfwrjXKSZ4jMB8GA1UdIwQY
MBaAFGWaa5der9LOUUaHI4FDVfVsVbr7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlpwcmwxNnYwczVSUm9jamdVTlY5V3hWdXZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xNzA0MjItMzlhZC00OTljLWJiZmQt
ZWZmM2NkY2JkMDBhLzEvdmNlNFB2N0x3eXpjVXZiQk5fQ3VOY3BKbmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xNzA0MjItMzlhZC00OTljLWJiZmQtZWZmM2NkY2JkMDBh
LzEvWlpwcmwxNnYwczVSUm9jamdVTlY5V3hWdXZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwn3oAwQA
wvIgMA0GCSqGSIb3DQEBCwUAA4IBAQBbMtlqzub0FHEh2fiVBRolahLZ5U7txqJH
jIIeCFZrjVecg2/LZADnr0GaBNSBK6PL1A8r1eO2K2qn/2DgMdyLqBmaaNQqUnfp
OJ8w+raDkqh8kXsy9dxLnFslKwhNNxtguSGjKM1uBAFRQ85YL0QI3aZAr9wXTgG7
Z2LZQ/ElvIHr4t37Z4cpMZkSRVcEKc4zbN20+g1rTwId4iL0AAVw8csEhBLNr/QE
fjSWWKI7zgKOwaC3mXwoVnbnUT1HiKYKqoGTNEl9RMk7y0cQcWDudxBu4LZBZLO3
X1KpFey70ynh3eeubozE+HLvApSWTwSqt0RjxPA3gnK0DtO5Pgfh
-----END CERTIFICATE-----