Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VO1t0c15xHNdkz0ifx2KdHjelKU.roa
File:                     VO1t0c15xHNdkz0ifx2KdHjelKU.roa (raw, json)
Hash identifier:          sN6yL9dqrp0BMUkHgtMWWf52fQ8OFPssYj62ofe16HQ=
Subject key identifier:   54:ED:6D:D1:CD:79:C4:73:5D:93:3D:22:7F:1D:8A:74:78:DE:94:A5
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0EBDD9E0300144D254580A295997
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VO1t0c15xHNdkz0ifx2KdHjelKU.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204272
IP address blocks:        5.188.220.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:bd:d9:e0:30:01:44:d2:54:58:0a:29:59:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54ed6dd1cd79c4735d933d227f1d8a7478de94a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:31:21:09:91:01:66:af:50:9b:b0:85:69:5b:
                    af:ef:01:bd:5a:ea:dd:5d:65:f5:7b:27:1f:3c:1e:
                    11:78:cd:b0:73:4b:e2:6f:26:9f:69:a7:32:7a:47:
                    68:be:90:72:cd:eb:64:5c:26:5f:c6:8c:e5:9f:f8:
                    f6:da:9f:22:32:41:b7:d8:a3:af:d2:6f:61:79:c7:
                    ef:1f:4f:e0:e8:e5:24:74:2e:74:43:33:d1:06:92:
                    9e:27:2c:6b:d9:7a:b8:9d:b1:f4:53:8d:39:d8:ea:
                    bd:a9:f3:5a:89:84:75:c8:22:5c:d0:05:33:ed:b2:
                    bd:25:fb:68:7e:94:77:eb:59:46:74:80:e6:ba:98:
                    dd:f4:c3:e0:e0:1f:8f:ac:23:a1:ee:d6:70:bf:69:
                    b7:0b:d7:cb:18:5f:9c:52:a9:58:ae:90:39:0c:3c:
                    a4:30:d0:01:17:20:cb:2e:33:2d:24:e7:2d:bd:c2:
                    2f:67:f8:68:33:c0:2d:c5:83:63:3c:61:b8:8b:af:
                    fb:5a:98:60:d0:ae:7d:c6:03:06:66:47:17:97:9e:
                    ad:01:20:e3:ab:e0:41:5a:fb:33:18:db:66:bc:bd:
                    ff:72:47:a2:85:c5:f5:45:c9:b6:ce:a0:bf:2c:49:
                    a2:52:1e:7a:74:75:bc:ff:26:19:18:0c:2b:81:86:
                    99:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:ED:6D:D1:CD:79:C4:73:5D:93:3D:22:7F:1D:8A:74:78:DE:94:A5
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VO1t0c15xHNdkz0ifx2KdHjelKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:4c:3f:ce:41:4a:b7:46:0a:5f:aa:0e:e1:64:21:bb:06:68:
         7a:85:f6:07:92:c9:1b:e7:ad:69:0f:14:96:50:ba:28:6c:b4:
         fd:49:30:c3:81:a4:96:e1:7b:10:73:d5:31:61:9b:18:56:7a:
         6d:51:41:67:5c:c4:08:8a:9a:b6:99:a1:16:e1:22:a3:2c:7d:
         62:a1:b5:76:04:b8:06:2e:a0:6e:7d:68:71:94:31:44:77:a1:
         83:08:d4:84:d2:cb:eb:ac:57:4d:3a:4f:61:42:63:57:89:da:
         3a:33:49:3e:71:38:d4:d8:a0:5f:27:d0:a0:ca:3d:2d:51:e9:
         bb:8e:83:77:1b:f9:39:ae:25:d8:51:c2:5f:ab:cb:bb:da:d8:
         bf:d8:06:ea:6a:31:ee:bb:eb:a9:e3:c8:13:ee:0b:cb:c5:4a:
         a4:e6:ac:e8:af:c4:88:82:35:f3:3c:5e:47:a0:5d:84:1b:45:
         56:10:18:e3:68:bd:f3:76:09:7f:02:2e:97:17:7e:c5:f3:ed:
         81:ae:9a:23:48:68:77:bf:83:29:03:58:3a:63:b1:1d:ec:3e:
         cb:1d:c5:c7:cb:45:42:09:db:96:4c:d8:5b:e2:7a:46:c7:75:
         1b:cb:90:64:33:b7:9b:86:aa:73:69:07:9e:d5:c5:0d:f3:fc:
         61:db:9a:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg692eAwAUTSVFgKKVmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVkNmRkMWNkNzljNDczNWQ5MzNkMjI3ZjFkOGE3NDc4ZGU5NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjEhCZEBZq9Qm7CFaVuv7wG9Wurd
XWX1eycfPB4ReM2wc0vibyafaacyekdovpByzetkXCZfxozln/j22p8iMkG32KOv
0m9hecfvH0/g6OUkdC50QzPRBpKeJyxr2Xq4nbH0U4052Oq9qfNaiYR1yCJc0AUz
7bK9JftofpR361lGdIDmupjd9MPg4B+PrCOh7tZwv2m3C9fLGF+cUqlYrpA5DDyk
MNABFyDLLjMtJOctvcIvZ/hoM8AtxYNjPGG4i6/7Wphg0K59xgMGZkcXl56tASDj
q+BBWvszGNtmvL3/ckeihcX1Rcm2zqC/LEmiUh56dHW8/yYZGAwrgYaZiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTtbdHNecRzXZM9In8dinR43pSlMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvVk8xdDBjMTV4SE5ka3owaWZ4MktkSGplbEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbzcMA0G
CSqGSIb3DQEBCwUAA4IBAQBSTD/OQUq3Rgpfqg7hZCG7Bmh6hfYHkskb561pDxSW
ULoobLT9STDDgaSW4XsQc9UxYZsYVnptUUFnXMQIipq2maEW4SKjLH1iobV2BLgG
LqBufWhxlDFEd6GDCNSE0svrrFdNOk9hQmNXido6M0k+cTjU2KBfJ9Cgyj0tUem7
joN3G/k5riXYUcJfq8u72ti/2AbqajHuu+up48gT7gvLxUqk5qzor8SIgjXzPF5H
oF2EG0VWEBjjaL3zdgl/Ai6XF37F8+2BrpojSGh3v4MpA1g6Y7Ed7D7LHcXHy0VC
CduWTNhb4npGx3Uby5BkM7ebhqpzaQee1cUN8/xh25o5
-----END CERTIFICATE-----