Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VS-l_XfB7EQvo8I3V6K6fXm-eIU.roa
File:                     VS-l_XfB7EQvo8I3V6K6fXm-eIU.roa (raw, json)
Hash identifier:          kU2rVZ7mx12Ux/mRHTyd5gtKLL33qjysoKbAjkbVmT0=
Subject key identifier:   55:2F:A5:FD:77:C1:EC:44:2F:A3:C2:37:57:A2:BA:7D:79:BE:78:85
Certificate issuer:       /CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
Certificate serial:       018CCA2A75C8E88D798A8B5E46DAFADB6BF6
Authority key identifier: 38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VS-l_XfB7EQvo8I3V6K6fXm-eIU.roa
Signing time:             Tue 02 Jan 2024 12:33:49 +0000
ROA not before:           Tue 02 Jan 2024 12:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54574
IP address blocks:        45.88.192.0/22 maxlen: 24
                          2a07:aec0::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:75:c8:e8:8d:79:8a:8b:5e:46:da:fa:db:6b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
        Validity
            Not Before: Jan  2 12:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=552fa5fd77c1ec442fa3c23757a2ba7d79be7885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:34:1d:2a:d2:16:a3:e3:92:7c:c9:5d:37:e9:
                    64:d0:e4:02:2a:b0:2d:fc:70:07:3d:c3:a8:39:2d:
                    f5:87:8e:2a:62:ab:04:df:14:02:7a:4c:f6:e2:06:
                    59:cb:ed:85:7e:d4:48:17:13:ac:e3:c0:87:fa:b0:
                    d9:49:66:9b:60:3b:a0:24:52:d3:dd:a5:39:7f:41:
                    4a:bd:6c:2d:8f:3a:33:27:ab:78:9b:ef:94:1e:ec:
                    c0:98:ce:81:a2:98:ae:52:ec:6a:50:45:ce:c3:dc:
                    37:67:54:31:51:e2:7d:c6:b7:3b:9f:96:e1:25:60:
                    85:08:2e:87:7c:a4:47:6c:8f:39:24:a5:49:a6:ba:
                    52:1c:ea:d8:c9:79:a9:45:a0:f7:15:ef:fa:15:27:
                    5e:29:00:74:d6:b9:73:9f:c1:b7:f5:1b:81:2b:25:
                    51:90:2e:d8:d5:2c:e4:02:a6:72:f0:7e:6d:1d:1d:
                    97:00:85:06:4a:37:8a:4b:4e:e6:08:98:c7:97:bd:
                    33:9d:d1:5b:56:b6:31:5a:29:24:09:bb:89:ed:c5:
                    25:15:49:1e:e7:a5:0f:b9:85:5a:3a:1c:7a:c7:a9:
                    a9:79:6d:a4:8b:a6:eb:fe:a3:2c:5c:4d:09:a9:cd:
                    71:ae:b0:88:68:f7:cd:eb:56:e6:ea:cd:d4:78:38:
                    aa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2F:A5:FD:77:C1:EC:44:2F:A3:C2:37:57:A2:BA:7D:79:BE:78:85
            X509v3 Authority Key Identifier:
                keyid:38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/VS-l_XfB7EQvo8I3V6K6fXm-eIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.192.0/22
                IPv6:
                  2a07:aec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:9a:fa:87:0d:f1:19:1d:40:18:e2:8c:94:07:ca:4c:2d:51:
         62:18:65:bd:ff:db:71:c9:22:61:42:10:98:ff:d7:67:b7:f9:
         9b:4a:1b:c6:3d:71:6c:cd:eb:ac:97:5e:a2:87:1d:42:cd:e3:
         e0:34:bd:2e:a2:81:b3:43:0f:a2:c6:fd:f0:86:4b:6c:c8:91:
         fa:bc:a1:ce:2c:8b:66:fb:28:e2:ae:1c:00:b2:73:c6:b5:62:
         8a:be:7c:79:5e:c8:fb:52:cc:12:b3:51:f5:20:7a:49:28:8a:
         8a:4b:54:95:ec:42:6b:e3:ef:ab:fd:3a:ba:b4:76:67:78:f8:
         c6:bb:39:8b:50:a9:f8:a9:3b:71:6e:d5:67:bf:9c:41:46:82:
         f4:d7:0a:8d:22:36:23:a6:95:d9:8b:ef:e5:0e:06:c7:15:c6:
         f9:d7:92:ee:3a:1a:4b:3d:ea:73:ed:17:b4:64:48:2d:7a:09:
         ee:dd:30:ce:c0:fe:17:3b:55:c5:cc:cd:f1:19:5c:ed:dc:66:
         fb:ad:b7:d9:a7:a9:e2:96:4c:ce:fe:2e:c2:dd:69:01:94:ba:
         ef:14:38:2c:74:c4:68:31:46:b7:38:2e:e7:10:eb:75:00:fd:
         10:4a:02:db:7e:b7:59:7b:03:99:20:98:f7:3d:fa:e7:bb:51:
         ed:a1:df:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKnXI6I15ioteRtr622v2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmQ2ZDhlYmI4MjQwNGQ1NzA5MzUxYmMyMzI5YTBlZTQz
YTlhNDMwHhcNMjQwMTAyMTIzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJmYTVmZDc3YzFlYzQ0MmZhM2MyMzc1N2EyYmE3ZDc5YmU3ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjQdKtIWo+OSfMldN+lk0OQCKrAt
/HAHPcOoOS31h44qYqsE3xQCekz24gZZy+2FftRIFxOs48CH+rDZSWabYDugJFLT
3aU5f0FKvWwtjzozJ6t4m++UHuzAmM6BopiuUuxqUEXOw9w3Z1QxUeJ9xrc7n5bh
JWCFCC6HfKRHbI85JKVJprpSHOrYyXmpRaD3Fe/6FSdeKQB01rlzn8G39RuBKyVR
kC7Y1SzkAqZy8H5tHR2XAIUGSjeKS07mCJjHl70zndFbVrYxWikkCbuJ7cUlFUke
56UPuYVaOhx6x6mpeW2ki6br/qMsXE0Jqc1xrrCIaPfN61bm6s3UeDiqwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFUvpf13wexEL6PCN1eiun15vniFMB8GA1UdIwQY
MBaAFDi9bY67gkBNVwk1G8Iymg7kOppDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUt
OGM5NTM5ZjQ0NGM2LzEvVlMtbF9YZkI3RVF2bzhJM1Y2SzZmWG0tZUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUtOGM5NTM5ZjQ0NGM2
LzEvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVjAMA0E
AgACMAcDBQMqB67AMA0GCSqGSIb3DQEBCwUAA4IBAQAamvqHDfEZHUAY4oyUB8pM
LVFiGGW9/9txySJhQhCY/9dnt/mbShvGPXFszeusl16ihx1CzePgNL0uooGzQw+i
xv3whktsyJH6vKHOLItm+yjirhwAsnPGtWKKvnx5Xsj7UswSs1H1IHpJKIqKS1SV
7EJr4++r/Tq6tHZnePjGuzmLUKn4qTtxbtVnv5xBRoL01wqNIjYjppXZi+/lDgbH
Fcb515LuOhpLPepz7Re0ZEgtegnu3TDOwP4XO1XFzM3xGVzt3Gb7rbfZp6nilkzO
/i7C3WkBlLrvFDgsdMRoMUa3OC7nEOt1AP0QSgLbfrdZewOZIJj3Pfrnu1Htod8F
-----END CERTIFICATE-----