Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VcGRo3iRCO_m7mJieXKmN6-4DLk.roa
File:                     VcGRo3iRCO_m7mJieXKmN6-4DLk.roa (raw, json)
Hash identifier:          gYtwRxXDI5hE0nmV6exTPPOETnhFLE0RDVwuHGA03Tg=
Subject key identifier:   55:C1:91:A3:78:91:08:EF:E6:EE:62:62:79:72:A6:37:AF:B8:0C:B9
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0F4739CB96C234400B239B3D249F
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VcGRo3iRCO_m7mJieXKmN6-4DLk.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205454
IP address blocks:        37.139.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:47:39:cb:96:c2:34:40:0b:23:9b:3d:24:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55c191a3789108efe6ee62627972a637afb80cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a3:3d:c4:e5:8f:92:f0:e9:79:f9:5c:be:71:
                    f0:49:d4:bc:77:ef:ae:77:a1:03:6f:c0:63:41:06:
                    a0:02:d9:d6:02:db:08:0f:45:7f:77:62:ea:6b:60:
                    d6:67:3d:3b:f7:cf:9e:30:2c:33:7f:10:8e:87:39:
                    f3:01:6a:04:4a:3d:75:d8:de:ff:20:63:7e:68:20:
                    9d:e6:72:2a:e9:ee:fd:1b:b8:fe:25:65:48:16:4e:
                    32:8b:30:11:4c:70:e7:b1:fa:f3:97:f3:c4:d7:96:
                    8e:26:4c:42:96:8f:ec:6f:12:c8:8a:7d:c5:4d:9f:
                    05:03:1b:88:be:e8:d4:04:86:df:35:a9:fd:55:fb:
                    9e:85:7c:44:34:31:a1:50:5e:7b:69:36:1b:38:d6:
                    5f:f0:e4:c5:c0:65:d7:82:bf:f7:79:fd:07:3d:88:
                    bd:2d:98:41:37:4e:5a:0c:a4:ca:83:8f:3c:98:2c:
                    ae:1d:5e:d1:5d:03:63:b1:19:92:88:9c:06:a4:90:
                    48:36:67:20:13:27:13:8e:01:a8:b2:c3:ae:cb:0a:
                    82:93:a1:f2:93:bf:87:3b:85:b5:f6:a6:54:17:86:
                    7e:63:56:f2:88:19:51:59:0c:30:39:61:e4:ca:03:
                    ad:59:af:f4:d6:b5:a6:15:96:a1:f1:b8:ba:5b:95:
                    e8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C1:91:A3:78:91:08:EF:E6:EE:62:62:79:72:A6:37:AF:B8:0C:B9
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/VcGRo3iRCO_m7mJieXKmN6-4DLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:5a:c8:68:43:38:db:4c:f9:7b:a1:ad:bf:b0:57:b7:8b:7d:
         29:9e:87:ae:41:f9:eb:5d:58:1f:bc:1b:41:4a:47:18:f8:42:
         95:5a:80:a3:01:92:09:eb:46:37:88:40:ae:49:4f:fe:c1:f8:
         80:98:3c:b9:76:1c:bb:ad:37:38:c5:7f:d2:99:16:96:e1:e9:
         cd:79:49:c8:0f:31:3d:d4:96:17:e9:6c:fc:97:33:74:e8:21:
         53:da:93:d3:3c:36:cc:61:c1:00:7e:5e:52:7b:aa:24:bf:07:
         4a:6f:17:35:01:42:b2:58:8f:d3:ee:0e:cc:50:ff:14:51:f2:
         ef:0c:db:85:48:c2:c1:e0:f7:dc:ef:91:f9:fc:6c:23:ae:10:
         e6:e2:9d:e9:c0:7d:d9:69:d8:bd:af:46:e5:ba:f4:9b:43:d1:
         6f:e2:cd:73:3f:f1:6e:f5:7e:f0:e4:e5:23:c9:ae:99:5a:3d:
         20:02:52:5c:36:4b:fe:f6:fe:6d:7a:5c:e3:c3:6e:e7:bd:01:
         17:ff:0f:3a:a9:95:79:37:87:5d:5b:6b:e2:fd:ba:ec:e7:18:
         45:59:f1:9d:6b:a1:fc:35:e6:3d:ff:ab:54:23:1f:5e:62:90:
         7d:45:b5:41:29:fd:4d:47:d1:03:26:21:07:08:95:c9:36:5c:
         4f:ea:cb:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg9HOcuWwjRACyObPSSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWMxOTFhMzc4OTEwOGVmZTZlZTYyNjI3OTcyYTYzN2FmYjgwY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKM9xOWPkvDpeflcvnHwSdS8d++u
d6EDb8BjQQagAtnWAtsID0V/d2Lqa2DWZz0798+eMCwzfxCOhznzAWoESj112N7/
IGN+aCCd5nIq6e79G7j+JWVIFk4yizARTHDnsfrzl/PE15aOJkxClo/sbxLIin3F
TZ8FAxuIvujUBIbfNan9VfuehXxENDGhUF57aTYbONZf8OTFwGXXgr/3ef0HPYi9
LZhBN05aDKTKg488mCyuHV7RXQNjsRmSiJwGpJBINmcgEycTjgGossOuywqCk6Hy
k7+HO4W19qZUF4Z+Y1byiBlRWQwwOWHkygOtWa/01rWmFZah8bi6W5XopwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXBkaN4kQjv5u5iYnlypjevuAy5MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvVmNHUm8zaVJDT19tN21KaWVYS21ONi00RExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYsyMA0G
CSqGSIb3DQEBCwUAA4IBAQASWshoQzjbTPl7oa2/sFe3i30pnoeuQfnrXVgfvBtB
SkcY+EKVWoCjAZIJ60Y3iECuSU/+wfiAmDy5dhy7rTc4xX/SmRaW4enNeUnIDzE9
1JYX6Wz8lzN06CFT2pPTPDbMYcEAfl5Se6okvwdKbxc1AUKyWI/T7g7MUP8UUfLv
DNuFSMLB4Pfc75H5/GwjrhDm4p3pwH3Zadi9r0bluvSbQ9Fv4s1zP/Fu9X7w5OUj
ya6ZWj0gAlJcNkv+9v5telzjw27nvQEX/w86qZV5N4ddW2vi/brs5xhFWfGda6H8
NeY9/6tUIx9eYpB9RbVBKf1NR9EDJiEHCJXJNlxP6svb
-----END CERTIFICATE-----