Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Vjoz8Y_07F6k6terS-guJnJVLJc.roa
File:                     Vjoz8Y_07F6k6terS-guJnJVLJc.roa (raw, json)
Hash identifier:          Kwv+u5asJRx7Ag2NQLXquEJ6WLiSVh8RXO1rZ9sjfcU=
Subject key identifier:   56:3A:33:F1:8F:F4:EC:5E:A4:EA:D7:AB:4B:E8:2E:26:72:55:2C:97
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80137C15260DACFF9C82F84283D8AA9
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Vjoz8Y_07F6k6terS-guJnJVLJc.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216464
IP address blocks:        159.148.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:c1:52:60:da:cf:f9:c8:2f:84:28:3d:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=563a33f18ff4ec5ea4ead7ab4be82e2672552c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b7:8c:80:63:47:65:e8:04:32:37:12:dd:28:
                    17:47:99:b0:ae:56:31:36:32:af:4a:22:ff:e8:11:
                    b8:f7:b7:a8:5a:ff:9e:47:81:6b:45:42:cc:25:1e:
                    55:b4:70:58:52:95:87:6c:db:a4:f4:bc:c9:b1:0c:
                    3d:e7:1d:e4:48:8b:7c:5d:8f:9e:58:cd:3c:83:e2:
                    04:4b:0a:ae:ea:2a:b9:59:97:22:b8:41:35:f0:2e:
                    f5:ee:fc:c3:05:31:43:a1:17:33:49:13:f2:ab:c3:
                    12:8a:95:69:e4:5c:81:ad:f9:e4:f6:78:2c:64:24:
                    ee:dd:b1:1a:5b:12:49:cf:04:3c:40:53:02:21:9c:
                    d9:11:cb:2b:a6:cc:64:7a:f0:bc:c2:2d:4a:21:a5:
                    58:25:e2:6a:8f:cd:47:76:c3:7f:7d:3e:30:75:0a:
                    86:03:ca:2a:b9:4e:a2:0a:3b:61:79:66:a0:16:6f:
                    d2:27:c7:70:bd:2d:68:6a:a0:c5:d3:46:14:7f:2a:
                    32:65:cc:34:2d:3c:27:51:ff:69:69:52:26:35:05:
                    b8:63:76:d0:65:32:70:8a:29:6f:2e:52:af:79:9e:
                    90:47:36:10:35:9b:d0:c8:a6:0d:99:0d:67:c4:25:
                    b8:d4:79:0b:9c:c7:52:67:c2:e5:81:a8:d9:70:30:
                    68:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3A:33:F1:8F:F4:EC:5E:A4:EA:D7:AB:4B:E8:2E:26:72:55:2C:97
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Vjoz8Y_07F6k6terS-guJnJVLJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:45:3b:64:3c:f9:16:c5:f1:f3:f6:1d:8c:fd:c2:ba:21:31:
         38:9d:e7:c5:71:2c:c1:cf:61:b1:f1:15:fa:8f:cb:49:a0:91:
         e2:e8:a4:8f:0b:a6:b9:b1:cf:59:10:68:cd:11:61:43:3f:9b:
         88:0a:40:4a:5e:65:76:c3:3b:75:24:c0:06:4b:20:70:3e:ae:
         97:8a:5b:e8:91:9b:56:62:83:a1:34:75:b7:0c:4f:5e:2b:92:
         fa:2e:cf:23:0c:6d:05:c0:79:4b:38:ef:39:f9:3b:8c:db:5f:
         ac:f0:31:59:b0:61:67:3f:22:75:56:43:a7:b3:4a:96:b7:e8:
         64:c5:cc:e1:0e:e8:a1:60:c3:6d:dd:22:91:b8:4a:de:02:c1:
         c2:96:b2:f1:fb:33:75:d8:d2:a8:7a:56:e0:c0:ee:ef:bb:c3:
         6d:8f:5c:26:e3:1b:2a:1a:80:27:39:05:c7:36:cf:0b:a6:22:
         71:2a:6e:37:47:65:c8:fb:51:ab:db:cb:76:da:77:f0:ea:18:
         37:be:de:69:d5:50:7f:dd:7a:9d:1a:15:60:12:e9:13:b1:25:
         c2:34:bb:e2:d3:82:8f:f1:09:37:d4:8c:e0:cb:e6:34:72:8b:
         80:e9:d2:df:73:2c:d4:2f:39:da:80:d1:65:16:c3:81:d9:d3:
         56:f0:e3:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATfBUmDaz/nIL4QoPYqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjNhMzNmMThmZjRlYzVlYTRlYWQ3YWI0YmU4MmUyNjcyNTUyYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LeMgGNHZegEMjcS3SgXR5mwrlYx
NjKvSiL/6BG497eoWv+eR4FrRULMJR5VtHBYUpWHbNuk9LzJsQw95x3kSIt8XY+e
WM08g+IESwqu6iq5WZciuEE18C717vzDBTFDoRczSRPyq8MSipVp5FyBrfnk9ngs
ZCTu3bEaWxJJzwQ8QFMCIZzZEcsrpsxkevC8wi1KIaVYJeJqj81HdsN/fT4wdQqG
A8oquU6iCjtheWagFm/SJ8dwvS1oaqDF00YUfyoyZcw0LTwnUf9paVImNQW4Y3bQ
ZTJwiilvLlKveZ6QRzYQNZvQyKYNmQ1nxCW41HkLnMdSZ8LlgajZcDBozwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFY6M/GP9OxepOrXq0voLiZyVSyXMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvVmpvejhZXzA3RjZrNnRlclMtZ3VKbkpWTEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn5S2MA0G
CSqGSIb3DQEBCwUAA4IBAQA9RTtkPPkWxfHz9h2M/cK6ITE4nefFcSzBz2Gx8RX6
j8tJoJHi6KSPC6a5sc9ZEGjNEWFDP5uICkBKXmV2wzt1JMAGSyBwPq6XilvokZtW
YoOhNHW3DE9eK5L6Ls8jDG0FwHlLOO85+TuM21+s8DFZsGFnPyJ1VkOns0qWt+hk
xczhDuihYMNt3SKRuEreAsHClrLx+zN12NKoelbgwO7vu8Ntj1wm4xsqGoAnOQXH
Ns8LpiJxKm43R2XI+1Gr28t22nfw6hg3vt5p1VB/3XqdGhVgEukTsSXCNLvi04KP
8Qk31Izgy+Y0couA6dLfcyzULznagNFlFsOB2dNW8OPM
-----END CERTIFICATE-----