Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/VKLjzO3aH5mjNG2UKpPXnPz3FJc.roa
File:                     VKLjzO3aH5mjNG2UKpPXnPz3FJc.roa (raw, json)
Hash identifier:          akQnzzj/v3vYjsYWYqM0qFLuO/WbAY+DK4YCFf9B+vw=
Subject key identifier:   54:A2:E3:CC:ED:DA:1F:99:A3:34:6D:94:2A:93:D7:9C:FC:F7:14:97
Certificate issuer:       /CN=3e67ba8207b81c1b47263b1fde8f79b99597037d
Certificate serial:       018CC802E1FBFE0B6AA6FF465FFFA0462ACF
Authority key identifier: 3E:67:BA:82:07:B8:1C:1B:47:26:3B:1F:DE:8F:79:B9:95:97:03:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pme6gge4HBtHJjsf3o95uZWXA30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/VKLjzO3aH5mjNG2UKpPXnPz3FJc.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        193.160.2.0/23 maxlen: 23
                          193.160.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/Pme6gge4HBtHJjsf3o95uZWXA30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/Pme6gge4HBtHJjsf3o95uZWXA30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pme6gge4HBtHJjsf3o95uZWXA30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e1:fb:fe:0b:6a:a6:ff:46:5f:ff:a0:46:2a:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e67ba8207b81c1b47263b1fde8f79b99597037d
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54a2e3ccedda1f99a3346d942a93d79cfcf71497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ab:96:ff:f2:e7:e1:67:fd:d4:82:f8:8f:6e:
                    ea:bd:a3:6d:98:d4:34:14:68:41:dc:b3:59:b0:4f:
                    ea:67:ad:f4:87:f5:25:3e:7c:58:2d:64:b9:03:00:
                    37:c1:52:66:8f:92:c8:6f:ab:ac:e5:b3:a0:12:c1:
                    02:05:49:3c:09:db:88:d9:08:33:f8:4a:cb:77:7b:
                    c9:85:61:06:ac:a6:45:9a:a9:e9:9c:81:bd:6d:99:
                    a3:56:f8:45:ad:cd:c1:ae:a5:0d:32:8c:66:e1:70:
                    6b:55:7e:d4:83:1c:8c:32:a6:32:af:6b:a0:38:c1:
                    0e:7c:d7:73:23:3c:b6:b4:e5:38:c4:6b:d2:6a:e8:
                    42:fd:8f:7a:9a:ae:e3:46:e3:b9:24:2c:e7:bb:b2:
                    63:56:45:e8:03:1b:d3:1b:7a:6c:45:6f:97:cf:7a:
                    15:27:5d:cc:19:64:9e:e2:27:a5:90:9e:54:57:9a:
                    8d:2e:ab:16:b0:63:7c:bf:fb:75:77:d8:16:d0:82:
                    0d:86:e4:e1:ab:2c:54:a3:04:f2:13:60:d0:d7:e2:
                    34:e3:50:05:a2:3a:ef:d9:c8:f0:14:a6:25:b9:16:
                    40:ec:73:10:c3:64:b8:a2:28:b3:02:d2:65:1f:59:
                    51:8b:c7:47:4c:4b:e9:be:d1:96:f0:6d:2a:cc:27:
                    2b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A2:E3:CC:ED:DA:1F:99:A3:34:6D:94:2A:93:D7:9C:FC:F7:14:97
            X509v3 Authority Key Identifier:
                keyid:3E:67:BA:82:07:B8:1C:1B:47:26:3B:1F:DE:8F:79:B9:95:97:03:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pme6gge4HBtHJjsf3o95uZWXA30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/VKLjzO3aH5mjNG2UKpPXnPz3FJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a02136-db9b-4bef-ae12-4c25fcbdedd1/1/Pme6gge4HBtHJjsf3o95uZWXA30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.1.0-193.160.3.255

    Signature Algorithm: sha256WithRSAEncryption
         39:06:07:1c:73:f2:5f:9f:68:c8:ff:b4:79:cc:25:a1:9d:0d:
         06:fb:f2:08:40:e4:56:bd:66:18:f2:ab:f9:fe:fd:37:5c:de:
         0b:b1:59:bd:83:8d:34:d5:fc:45:dd:02:29:1f:2b:60:4d:3b:
         fe:b0:8d:22:67:01:56:23:29:bd:c5:dd:a5:d4:1f:cd:ba:42:
         2d:94:3d:ca:b2:45:4d:eb:52:26:d2:ad:c5:1a:38:71:0c:52:
         89:0f:e7:8a:ad:0a:f9:69:4e:ce:1c:d2:71:0b:f5:78:e3:c6:
         6d:39:8c:e7:19:fc:ef:b9:39:6e:a7:fc:b3:9e:fc:35:4b:e6:
         e2:e3:c7:56:a2:a6:e7:eb:66:9a:97:8a:36:50:67:42:18:e0:
         33:94:5b:36:22:e8:7d:93:f9:25:98:9c:b4:0f:ea:4d:2a:af:
         70:f7:37:59:79:62:38:55:52:77:3a:96:ba:4d:58:4b:ae:1d:
         bb:64:0d:4c:f0:ab:2b:83:1b:3a:b0:87:08:e3:01:f0:21:2b:
         a6:bd:8b:a1:7b:63:ff:f4:75:4f:ef:99:11:20:fe:96:ae:6a:
         57:6c:05:f3:90:8a:19:fe:26:41:09:83:b3:b3:43:5c:b2:29:
         99:22:89:e5:88:63:a4:1e:0e:aa:51:2a:1f:9b:b7:9c:f1:9b:
         18:c9:4d:d7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAuH7/gtqpv9GX/+gRirPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjdiYTgyMDdiODFjMWI0NzI2M2IxZmRlOGY3OWI5OTU5
NzAzN2QwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGEyZTNjY2VkZGExZjk5YTMzNDZkOTQyYTkzZDc5Y2ZjZjcxNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiquW//Ln4Wf91IL4j27qvaNtmNQ0
FGhB3LNZsE/qZ630h/UlPnxYLWS5AwA3wVJmj5LIb6us5bOgEsECBUk8CduI2Qgz
+ErLd3vJhWEGrKZFmqnpnIG9bZmjVvhFrc3BrqUNMoxm4XBrVX7UgxyMMqYyr2ug
OMEOfNdzIzy2tOU4xGvSauhC/Y96mq7jRuO5JCznu7JjVkXoAxvTG3psRW+Xz3oV
J13MGWSe4ielkJ5UV5qNLqsWsGN8v/t1d9gW0IINhuThqyxUowTyE2DQ1+I041AF
ojrv2cjwFKYluRZA7HMQw2S4oiizAtJlH1lRi8dHTEvpvtGW8G0qzCcrhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFSi48zt2h+ZozRtlCqT15z89xSXMB8GA1UdIwQY
MBaAFD5nuoIHuBwbRyY7H96PebmVlwN9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1lNmdnZTRIQnRISmpzZjNvOTV1WldYQTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hMDIxMzYtZGI5Yi00YmVmLWFlMTIt
NGMyNWZjYmRlZGQxLzEvVktManpPM2FINW1qTkcyVUtwUFhuUHozRkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hMDIxMzYtZGI5Yi00YmVmLWFlMTItNGMyNWZjYmRlZGQx
LzEvUG1lNmdnZTRIQnRISmpzZjNvOTV1WldYQTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBoAED
BALBoAAwDQYJKoZIhvcNAQELBQADggEBADkGBxxz8l+faMj/tHnMJaGdDQb78ghA
5Fa9Zhjyq/n+/Tdc3guxWb2DjTTV/EXdAikfK2BNO/6wjSJnAVYjKb3F3aXUH826
Qi2UPcqyRU3rUibSrcUaOHEMUokP54qtCvlpTs4c0nEL9Xjjxm05jOcZ/O+5OW6n
/LOe/DVL5uLjx1aipufrZpqXijZQZ0IY4DOUWzYi6H2T+SWYnLQP6k0qr3D3N1l5
YjhVUnc6lrpNWEuuHbtkDUzwqyuDGzqwhwjjAfAhK6a9i6F7Y//0dU/vmREg/pau
aldsBfOQihn+JkEJg7OzQ1yyKZkiieWIY6QeDqpRKh+bt5zxmxjJTdc=
-----END CERTIFICATE-----