Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/VBKCc0mhGw2A_QLMAIBhQBkYGZU.roa
File:                     VBKCc0mhGw2A_QLMAIBhQBkYGZU.roa (raw, json)
Hash identifier:          9lsVtYPDXCpuwtdksZShqLYP1ucjP6Sw01xlXSA+u4g=
Subject key identifier:   54:12:82:73:49:A1:1B:0D:80:FD:02:CC:00:80:61:40:19:18:19:95
Certificate issuer:       /CN=bda96d02a822f46253c2aee680441d5ac27c3df5
Certificate serial:       018CC79586B8A375EA21DF73A2220783C770
Authority key identifier: BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/VBKCc0mhGw2A_QLMAIBhQBkYGZU.roa
Signing time:             Tue 02 Jan 2024 00:31:54 +0000
ROA not before:           Tue 02 Jan 2024 00:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13037
IP address blocks:        37.252.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:86:b8:a3:75:ea:21:df:73:a2:22:07:83:c7:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda96d02a822f46253c2aee680441d5ac27c3df5
        Validity
            Not Before: Jan  2 00:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5412827349a11b0d80fd02cc0080614019181995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8c:25:b2:1f:2f:4b:9e:0b:0c:04:6d:ca:f4:
                    f2:49:97:60:31:71:4d:86:39:f1:f7:14:09:c9:8f:
                    12:71:67:42:09:fb:6b:0c:f1:de:66:21:3f:f0:63:
                    1c:43:80:40:25:fc:84:39:50:07:90:76:66:fb:f9:
                    78:5c:b0:33:dd:79:63:ef:bc:cd:c7:67:ad:ab:11:
                    86:ab:e0:a1:b0:b9:e8:00:07:4a:51:96:b1:d2:2d:
                    67:22:36:bf:49:2a:88:b5:c3:0a:3d:80:32:00:d9:
                    25:fb:91:24:ed:b8:09:f8:8a:f9:b0:cb:35:a5:c1:
                    fb:ae:a5:28:7d:c6:da:41:be:b8:ee:d1:de:7e:d6:
                    94:c8:07:d0:15:02:8f:10:58:84:99:4d:c1:70:a4:
                    53:e1:50:0f:c3:45:00:64:00:4e:4d:db:a7:06:d3:
                    56:27:78:57:0f:a6:50:cf:ed:17:ab:00:75:2d:6b:
                    27:b6:00:2c:73:a0:f7:34:0d:67:9f:a9:d0:42:b2:
                    f5:69:12:50:8e:ce:64:70:ea:6f:4e:5c:78:e3:b9:
                    ef:7c:6d:62:f9:a7:9a:b5:17:d7:25:8f:bf:0a:98:
                    68:35:e3:cb:2a:65:1d:c4:d0:f0:14:f5:49:71:f2:
                    eb:2f:7b:c2:de:0b:5c:d6:c4:c9:88:09:7a:a3:a0:
                    1f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:12:82:73:49:A1:1B:0D:80:FD:02:CC:00:80:61:40:19:18:19:95
            X509v3 Authority Key Identifier:
                keyid:BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/VBKCc0mhGw2A_QLMAIBhQBkYGZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:4f:85:63:db:53:08:b2:58:01:2d:e5:7a:ac:31:7d:3a:f8:
         68:82:20:ec:61:8f:73:23:30:fc:d8:83:c5:72:e4:b4:86:1b:
         2d:aa:40:ec:85:9a:f6:93:49:39:a6:ad:66:04:85:60:61:94:
         b2:e8:d0:51:73:f7:75:3e:80:2f:9a:0b:73:8f:d9:a2:dc:ea:
         d3:1a:5e:ec:70:84:1e:bb:fc:a4:d6:86:5f:db:7b:f3:36:e4:
         11:50:14:60:e2:2a:c9:f7:35:c3:09:c9:23:74:bd:3a:5f:54:
         ff:6a:57:b1:ca:5b:92:5b:e0:67:29:d5:cc:4b:f9:bf:2f:0a:
         c6:ff:8a:de:ed:90:9c:13:85:c1:e8:56:6f:4e:29:63:f7:00:
         8c:d5:48:52:d4:5e:50:53:a2:ff:77:0a:f8:8a:61:42:4f:fe:
         69:c1:35:25:e6:43:34:48:c4:0f:20:3d:e2:8e:9c:df:49:b4:
         2e:3d:30:ca:1b:3b:77:9c:76:5b:13:ae:50:27:b4:03:9b:46:
         3f:e1:4d:26:7c:b9:65:0a:50:b8:0a:f3:1f:75:3d:d2:7f:35:
         b3:de:0f:fd:a6:69:ee:3d:77:fe:42:ed:2d:bf:e8:d8:36:a5:
         ee:00:6a:ce:b1:7e:52:87:cf:14:55:90:09:1b:05:89:b2:26:
         33:73:0d:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYa4o3XqId9zoiIHg8dwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTk2ZDAyYTgyMmY0NjI1M2MyYWVlNjgwNDQxZDVhYzI3
YzNkZjUwHhcNMjQwMTAyMDAzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDEyODI3MzQ5YTExYjBkODBmZDAyY2MwMDgwNjE0MDE5MTgxOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlowlsh8vS54LDARtyvTySZdgMXFN
hjnx9xQJyY8ScWdCCftrDPHeZiE/8GMcQ4BAJfyEOVAHkHZm+/l4XLAz3Xlj77zN
x2etqxGGq+ChsLnoAAdKUZax0i1nIja/SSqItcMKPYAyANkl+5Ek7bgJ+Ir5sMs1
pcH7rqUofcbaQb647tHeftaUyAfQFQKPEFiEmU3BcKRT4VAPw0UAZABOTdunBtNW
J3hXD6ZQz+0XqwB1LWsntgAsc6D3NA1nn6nQQrL1aRJQjs5kcOpvTlx447nvfG1i
+aeatRfXJY+/CphoNePLKmUdxNDwFPVJcfLrL3vC3gtc1sTJiAl6o6AfhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQSgnNJoRsNgP0CzACAYUAZGBmVMB8GA1UdIwQY
MBaAFL2pbQKoIvRiU8Ku5oBEHVrCfD31MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzIt
Y2Y4M2Q2ZTQwNTU4LzEvVkJLQ2MwbWhHdzJBX1FMTUFJQmhRQmtZR1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzItY2Y4M2Q2ZTQwNTU4
LzEvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEJfwwMA0G
CSqGSIb3DQEBCwUAA4IBAQBeT4Vj21MIslgBLeV6rDF9OvhogiDsYY9zIzD82IPF
cuS0hhstqkDshZr2k0k5pq1mBIVgYZSy6NBRc/d1PoAvmgtzj9mi3OrTGl7scIQe
u/yk1oZf23vzNuQRUBRg4irJ9zXDCckjdL06X1T/alexyluSW+BnKdXMS/m/LwrG
/4re7ZCcE4XB6FZvTilj9wCM1UhS1F5QU6L/dwr4imFCT/5pwTUl5kM0SMQPID3i
jpzfSbQuPTDKGzt3nHZbE65QJ7QDm0Y/4U0mfLllClC4CvMfdT3SfzWz3g/9pmnu
PXf+Qu0tv+jYNqXuAGrOsX5Sh88UVZAJGwWJsiYzcw2G
-----END CERTIFICATE-----