Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/pVhP0MclzlnYaAC9OtnmRMdyRLc.roa
File:                     pVhP0MclzlnYaAC9OtnmRMdyRLc.roa (raw, json)
Hash identifier:          1waea8fTab33HJugIA/FwqQKXTCBfBcExJgS4zIX1yg=
Subject key identifier:   A5:58:4F:D0:C7:25:CE:59:D8:68:00:BD:3A:D9:E6:44:C7:72:44:B7
Certificate issuer:       /CN=cb425fde747aa7fea8e7b335b46c88d238850abe
Certificate serial:       018CC795686522C14D87D5A2E8D8886BFF29
Authority key identifier: CB:42:5F:DE:74:7A:A7:FE:A8:E7:B3:35:B4:6C:88:D2:38:85:0A:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y0Jf3nR6p_6o57M1tGyI0jiFCr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/pVhP0MclzlnYaAC9OtnmRMdyRLc.roa
Signing time:             Tue 02 Jan 2024 00:31:46 +0000
ROA not before:           Tue 02 Jan 2024 00:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.200.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/y0Jf3nR6p_6o57M1tGyI0jiFCr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/y0Jf3nR6p_6o57M1tGyI0jiFCr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y0Jf3nR6p_6o57M1tGyI0jiFCr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:68:65:22:c1:4d:87:d5:a2:e8:d8:88:6b:ff:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb425fde747aa7fea8e7b335b46c88d238850abe
        Validity
            Not Before: Jan  2 00:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5584fd0c725ce59d86800bd3ad9e644c77244b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:22:13:44:e8:fe:22:45:30:62:d2:1a:cc:d0:
                    89:e8:c0:99:f0:4a:1f:c9:31:fc:2d:86:3e:99:11:
                    24:49:45:32:6a:31:10:5a:37:0f:19:2e:18:47:f6:
                    c2:4e:f5:e5:11:3e:4c:60:d6:6b:81:43:7b:d0:bf:
                    cd:d5:d0:51:46:83:aa:a5:85:51:56:f2:dc:80:b7:
                    09:d9:64:fe:f7:96:ed:46:be:c4:1e:9d:e1:14:fd:
                    97:20:56:58:34:cb:eb:5e:ad:eb:a8:45:ec:85:84:
                    27:43:ef:f3:d2:de:a6:09:e6:22:9b:fb:ac:38:96:
                    87:46:e9:72:07:6e:60:4a:e6:04:02:31:43:25:ff:
                    54:02:54:65:8b:5b:5a:4e:b7:66:e1:f3:2d:7a:78:
                    ae:de:ff:6c:03:19:0d:a0:98:c1:e5:ab:61:18:c7:
                    3a:15:95:c6:27:33:86:1a:83:fe:f6:ac:c6:9c:2e:
                    0a:2a:13:26:09:a8:41:7f:af:c3:5d:5e:ab:8c:46:
                    7d:63:d7:77:5a:8d:61:0d:63:88:87:71:cb:b3:52:
                    88:07:16:0f:8c:b0:f6:df:95:11:f7:55:a1:de:38:
                    3a:2d:d6:55:e6:1d:8b:14:70:9c:7a:07:ef:7f:2d:
                    16:a6:ff:9c:64:1a:50:a1:1f:b1:27:9f:08:f1:08:
                    7b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:58:4F:D0:C7:25:CE:59:D8:68:00:BD:3A:D9:E6:44:C7:72:44:B7
            X509v3 Authority Key Identifier:
                keyid:CB:42:5F:DE:74:7A:A7:FE:A8:E7:B3:35:B4:6C:88:D2:38:85:0A:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y0Jf3nR6p_6o57M1tGyI0jiFCr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/pVhP0MclzlnYaAC9OtnmRMdyRLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/9e39da-1925-4464-9576-bbf719c3ca74/1/y0Jf3nR6p_6o57M1tGyI0jiFCr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:00:50:e1:35:1c:81:82:5f:c8:54:c8:22:97:8c:82:4a:b1:
         c5:89:a3:46:48:ed:b5:d8:ca:5b:4d:97:7d:16:8f:23:88:3e:
         1d:bf:43:dd:68:a1:71:3a:7e:f8:13:cd:ef:cf:97:ce:91:4f:
         c8:3e:4a:8d:6a:c7:ef:45:9a:4c:2f:56:3c:ed:34:f7:d7:e9:
         ee:a8:b6:3c:35:df:d2:db:5b:79:ca:5f:9e:1e:db:8b:e4:3b:
         e1:a2:ed:e5:67:4c:2e:1b:de:b0:22:56:ab:07:d7:f4:64:0b:
         0e:62:6f:b1:37:b6:b5:88:32:6d:7a:fa:fe:26:0d:e2:36:f0:
         4d:5f:76:70:e2:90:f2:19:d3:d9:b3:ad:bf:69:0e:d0:44:f9:
         6c:58:18:b6:4f:2d:37:3f:ff:58:eb:14:25:93:7f:56:3b:95:
         a6:85:c1:28:7d:bd:f6:bf:2a:19:f5:8d:a9:ad:f9:63:2e:0f:
         7b:4c:e0:e6:bc:d2:31:d8:40:7a:65:7b:ff:ea:1e:7f:49:8c:
         d8:85:6c:fc:da:bc:f8:49:dc:5c:3a:f2:09:00:c1:60:41:dd:
         6b:57:7a:22:3a:95:1a:f7:18:72:11:45:59:54:dc:07:de:f3:
         a6:dc:3e:e4:69:0e:6e:ad:3a:27:7c:b9:fb:35:39:8d:03:12:
         70:dd:36:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWhlIsFNh9Wi6NiIa/8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNDI1ZmRlNzQ3YWE3ZmVhOGU3YjMzNWI0NmM4OGQyMzg4
NTBhYmUwHhcNMjQwMTAyMDAzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTU4NGZkMGM3MjVjZTU5ZDg2ODAwYmQzYWQ5ZTY0NGM3NzI0NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iITROj+IkUwYtIazNCJ6MCZ8Eof
yTH8LYY+mREkSUUyajEQWjcPGS4YR/bCTvXlET5MYNZrgUN70L/N1dBRRoOqpYVR
VvLcgLcJ2WT+95btRr7EHp3hFP2XIFZYNMvrXq3rqEXshYQnQ+/z0t6mCeYim/us
OJaHRulyB25gSuYEAjFDJf9UAlRli1taTrdm4fMteniu3v9sAxkNoJjB5athGMc6
FZXGJzOGGoP+9qzGnC4KKhMmCahBf6/DXV6rjEZ9Y9d3Wo1hDWOIh3HLs1KIBxYP
jLD235UR91Wh3jg6LdZV5h2LFHCcegfvfy0Wpv+cZBpQoR+xJ58I8Qh7LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVYT9DHJc5Z2GgAvTrZ5kTHckS3MB8GA1UdIwQY
MBaAFMtCX950eqf+qOezNbRsiNI4hQq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTBKZjNuUjZwXzZvNTdNMXRHeUkwamlGQ3I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS85ZTM5ZGEtMTkyNS00NDY0LTk1NzYt
YmJmNzE5YzNjYTc0LzEvcFZoUDBNY2x6bG5ZYUFDOU90bm1STWR5UkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS85ZTM5ZGEtMTkyNS00NDY0LTk1NzYtYmJmNzE5YzNjYTc0
LzEveTBKZjNuUjZwXzZvNTdNMXRHeUkwamlGQ3I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwci/MA0G
CSqGSIb3DQEBCwUAA4IBAQCMAFDhNRyBgl/IVMgil4yCSrHFiaNGSO212MpbTZd9
Fo8jiD4dv0PdaKFxOn74E83vz5fOkU/IPkqNasfvRZpML1Y87TT31+nuqLY8Nd/S
21t5yl+eHtuL5Dvhou3lZ0wuG96wIlarB9f0ZAsOYm+xN7a1iDJtevr+Jg3iNvBN
X3Zw4pDyGdPZs62/aQ7QRPlsWBi2Ty03P/9Y6xQlk39WO5WmhcEofb32vyoZ9Y2p
rfljLg97TODmvNIx2EB6ZXv/6h5/SYzYhWz82rz4SdxcOvIJAMFgQd1rV3oiOpUa
9xhyEUVZVNwH3vOm3D7kaQ5urTonfLn7NTmNAxJw3TZi
-----END CERTIFICATE-----