Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/VxDdqyWmg8ZjyyfEooKtMokZvX0.roa
File:                     VxDdqyWmg8ZjyyfEooKtMokZvX0.roa (raw, json)
Hash identifier:          c03kVKUVmYBKT8meQv+B66pbQICh8a+8XMwtfIFbu+s=
Subject key identifier:   57:10:DD:AB:25:A6:83:C6:63:CB:27:C4:A2:82:AD:32:89:19:BD:7D
Certificate issuer:       /CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
Certificate serial:       018CC9BBCB718D69CF288C812793C114064B
Authority key identifier: 8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/VxDdqyWmg8ZjyyfEooKtMokZvX0.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35684
IP address blocks:        193.239.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cb:71:8d:69:cf:28:8c:81:27:93:c1:14:06:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5710ddab25a683c663cb27c4a282ad328919bd7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e8:99:b3:ee:11:24:35:12:b6:76:80:d0:c9:
                    63:0a:0f:fd:a9:ce:c3:dd:3a:f4:ac:ea:60:2b:4d:
                    e4:e0:c4:cb:f4:c1:80:7b:4b:9a:4f:89:03:7c:fd:
                    6c:23:d4:d1:2d:b3:81:93:b8:51:51:73:e2:0f:f0:
                    22:fa:f2:c5:40:35:a1:cf:43:45:66:b5:42:65:e9:
                    e0:19:57:bf:ad:e2:c3:c7:9f:76:b9:23:41:24:c3:
                    c9:38:7b:f1:f8:30:2d:45:b9:e0:18:af:ac:d1:dc:
                    2e:23:0d:f3:02:81:cd:f4:63:6f:b4:a8:d6:b6:a4:
                    e1:a2:00:43:54:d0:51:7f:d1:49:72:d2:4d:38:02:
                    0d:28:f9:4a:6d:1c:a1:b0:9e:05:a4:7a:6d:3a:34:
                    9a:8b:ef:5f:68:2e:bd:4a:78:c9:15:0f:6f:62:de:
                    f4:52:25:5b:a8:59:ef:56:83:eb:19:f1:53:98:fd:
                    b4:73:c6:9c:2b:63:57:21:f0:dd:75:fb:1a:ac:1b:
                    9e:ad:2e:13:50:9c:d2:0e:18:94:ab:0b:21:f0:c9:
                    74:78:19:5c:c0:b4:99:d5:fd:2f:2f:1d:ca:51:1b:
                    7a:8d:2f:48:78:b5:66:81:a4:f5:b4:f0:31:b3:4f:
                    42:19:d5:f3:01:df:fa:3d:fd:76:11:5d:cf:5f:82:
                    6b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:10:DD:AB:25:A6:83:C6:63:CB:27:C4:A2:82:AD:32:89:19:BD:7D
            X509v3 Authority Key Identifier:
                keyid:8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/VxDdqyWmg8ZjyyfEooKtMokZvX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:39:d0:42:7b:b8:85:f4:99:92:98:19:24:87:6c:7d:3e:94:
         0b:2b:10:85:32:48:6b:41:97:e1:1d:e4:b3:11:3d:52:86:0a:
         16:ec:81:d7:28:71:d2:50:d1:9a:1e:49:7a:ab:16:e2:d8:b8:
         89:32:b0:65:88:04:cf:bd:a0:c3:a6:f3:08:e0:d3:c0:cd:d2:
         05:be:71:97:ed:ac:8a:79:59:c6:16:ce:48:04:50:ba:f3:ee:
         40:70:f4:67:be:c0:e7:d2:ab:43:dd:b5:69:4d:60:15:bb:4a:
         b7:df:ff:19:51:a8:91:bc:cd:e0:04:4a:01:63:2d:4d:97:5c:
         dc:63:0b:e8:0f:13:4a:62:d7:75:50:de:8f:35:48:b6:46:c6:
         bc:d9:3b:16:ef:b6:1f:ba:3e:32:9f:22:bf:8b:77:5c:78:54:
         7c:61:10:4b:de:f4:fa:d2:e7:76:27:44:20:33:f9:4b:11:f3:
         a7:ee:31:7f:98:10:df:92:b5:ec:ff:ba:fc:5c:89:9c:1a:29:
         d9:c1:dc:2a:cf:c5:ad:d8:17:9f:af:d2:ee:c4:b7:c7:d8:5e:
         1c:49:46:b8:2c:f0:c0:6e:4e:c1:6f:60:4c:37:cd:5b:77:26:
         16:56:b9:7e:09:39:64:ef:19:e6:85:3d:b9:30:b7:43:75:46:
         b6:ba:a7:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8txjWnPKIyBJ5PBFAZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTFiNWI4MTMyZjllMzA3YjcxN2EzZTFlNTRkMWY3ZjQ1
YWU1MTcwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzEwZGRhYjI1YTY4M2M2NjNjYjI3YzRhMjgyYWQzMjg5MTliZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOiZs+4RJDUStnaA0MljCg/9qc7D
3Tr0rOpgK03k4MTL9MGAe0uaT4kDfP1sI9TRLbOBk7hRUXPiD/Ai+vLFQDWhz0NF
ZrVCZengGVe/reLDx592uSNBJMPJOHvx+DAtRbngGK+s0dwuIw3zAoHN9GNvtKjW
tqThogBDVNBRf9FJctJNOAINKPlKbRyhsJ4FpHptOjSai+9faC69SnjJFQ9vYt70
UiVbqFnvVoPrGfFTmP20c8acK2NXIfDddfsarBuerS4TUJzSDhiUqwsh8Ml0eBlc
wLSZ1f0vLx3KURt6jS9IeLVmgaT1tPAxs09CGdXzAd/6Pf12EV3PX4JrbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcQ3aslpoPGY8snxKKCrTKJGb19MB8GA1UdIwQY
MBaAFI9RtbgTL54we3F6Ph5U0ff0WuUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzct
ZTIyNTFlNDg5Y2JiLzEvVnhEZHF5V21nOFpqeXlmRW9vS3RNb2tadlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2Ji
LzEvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+iMA0G
CSqGSIb3DQEBCwUAA4IBAQBJOdBCe7iF9JmSmBkkh2x9PpQLKxCFMkhrQZfhHeSz
ET1ShgoW7IHXKHHSUNGaHkl6qxbi2LiJMrBliATPvaDDpvMI4NPAzdIFvnGX7ayK
eVnGFs5IBFC68+5AcPRnvsDn0qtD3bVpTWAVu0q33/8ZUaiRvM3gBEoBYy1Nl1zc
YwvoDxNKYtd1UN6PNUi2Rsa82TsW77Yfuj4ynyK/i3dceFR8YRBL3vT60ud2J0Qg
M/lLEfOn7jF/mBDfkrXs/7r8XImcGinZwdwqz8Wt2Befr9LuxLfH2F4cSUa4LPDA
bk7Bb2BMN81bdyYWVrl+CTlk7xnmhT25MLdDdUa2uqfP
-----END CERTIFICATE-----