Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/VaqgJUCA9Pfra2E98-VuOgK5UYc.roa
File:                     VaqgJUCA9Pfra2E98-VuOgK5UYc.roa (raw, json)
Hash identifier:          aSd/qxbjMlHI+SlJTbSbgk6TaKrN7lXkcjwMNHg/TN4=
Subject key identifier:   55:AA:A0:25:40:80:F4:F7:EB:6B:61:3D:F3:E5:6E:3A:02:B9:51:87
Certificate issuer:       /CN=83608851202328dce5fc01bf9dd292520530d9fe
Certificate serial:       018D789438C7A34FA34718147ADA3348D74D
Authority key identifier: 83:60:88:51:20:23:28:DC:E5:FC:01:BF:9D:D2:92:52:05:30:D9:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2CIUSAjKNzl_AG_ndKSUgUw2f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/VaqgJUCA9Pfra2E98-VuOgK5UYc.roa
Signing time:             Mon 05 Feb 2024 09:23:16 +0000
ROA not before:           Mon 05 Feb 2024 09:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        194.113.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/g2CIUSAjKNzl_AG_ndKSUgUw2f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/g2CIUSAjKNzl_AG_ndKSUgUw2f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2CIUSAjKNzl_AG_ndKSUgUw2f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:94:38:c7:a3:4f:a3:47:18:14:7a:da:33:48:d7:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83608851202328dce5fc01bf9dd292520530d9fe
        Validity
            Not Before: Feb  5 09:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55aaa0254080f4f7eb6b613df3e56e3a02b95187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:21:e5:02:7a:d0:54:8c:6b:73:d7:6f:2c:c5:
                    15:86:e8:8a:79:37:60:77:a3:d9:5a:3a:9e:9e:85:
                    e0:ba:e1:63:b1:54:a6:30:ba:0b:66:4e:a7:19:e0:
                    a9:47:69:24:f9:f2:19:21:5d:7a:24:46:56:45:a8:
                    e9:74:e8:ef:af:45:e5:0f:48:0d:13:47:0b:95:97:
                    40:d9:eb:9f:1a:82:12:91:df:d4:53:7d:3f:f4:7a:
                    c6:46:4e:c0:36:e1:1c:db:da:ec:2b:fc:e3:2e:86:
                    71:00:6b:7f:8f:8d:f6:18:2b:f2:e4:41:82:19:39:
                    79:0b:80:93:5b:a9:d2:9c:9d:fc:3f:46:48:b6:48:
                    c6:3c:78:59:5a:26:32:61:53:4e:e5:8b:5d:48:25:
                    1f:bf:62:7a:6e:1a:38:df:25:08:bb:e6:08:4e:42:
                    c2:b2:3f:04:51:01:2c:15:88:0c:ad:8d:04:45:8e:
                    57:87:71:6e:4f:5a:0f:88:0e:b3:5e:3a:f8:39:40:
                    4f:9a:51:7f:8e:1a:74:e7:dc:e2:c9:77:df:c6:3e:
                    48:39:98:34:bb:da:ed:81:e1:fb:27:3e:93:99:9c:
                    16:49:df:f5:9a:b5:ad:92:90:fd:d9:5b:31:56:b0:
                    95:7d:81:f7:91:05:b9:67:fb:49:65:6c:01:e1:e9:
                    c0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:AA:A0:25:40:80:F4:F7:EB:6B:61:3D:F3:E5:6E:3A:02:B9:51:87
            X509v3 Authority Key Identifier:
                keyid:83:60:88:51:20:23:28:DC:E5:FC:01:BF:9D:D2:92:52:05:30:D9:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2CIUSAjKNzl_AG_ndKSUgUw2f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/VaqgJUCA9Pfra2E98-VuOgK5UYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/453542-08b2-4399-bc5c-c756ae01fa8a/1/g2CIUSAjKNzl_AG_ndKSUgUw2f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:4b:6f:9e:aa:82:3f:c4:f2:de:20:b2:c0:60:d7:e5:b9:d9:
         44:33:08:fe:27:2a:af:a4:8a:45:d1:4c:c7:e3:90:43:92:a3:
         18:c5:c3:b0:03:25:5b:26:5f:3b:b6:76:d4:cd:df:ed:ea:8c:
         29:06:19:91:cc:4e:34:1c:70:4e:01:40:fe:f7:2e:5c:ea:d7:
         86:75:29:86:2e:24:7d:42:7a:2e:1b:cd:24:87:9f:2b:c4:55:
         59:34:07:39:9c:a4:74:de:58:f6:a9:ec:36:6b:08:e4:67:6c:
         f2:c0:c4:f2:16:b6:34:8c:c1:9a:23:e8:6a:9a:ec:7b:04:22:
         c8:08:ff:07:70:3f:9e:c7:5e:a9:f5:3f:a1:d2:7a:94:00:6d:
         c1:24:51:b5:cb:45:16:e5:aa:0f:6a:e2:50:12:f5:70:e6:25:
         63:b4:81:16:36:9e:77:a1:de:3a:f8:8c:4c:26:c0:96:7a:b6:
         30:1c:42:11:8b:58:91:11:43:45:39:8b:6d:3c:09:34:a5:44:
         84:c8:af:82:ac:a3:a4:c4:4a:a0:dc:f7:56:31:76:45:27:3e:
         89:0a:85:14:6d:87:f7:a0:e0:e3:46:78:84:02:c7:8e:32:63:
         5f:62:16:7c:c7:b4:f7:ec:5b:ed:64:59:7e:0b:ca:ea:96:9f:
         04:d1:d8:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14lDjHo0+jRxgUetozSNdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjA4ODUxMjAyMzI4ZGNlNWZjMDFiZjlkZDI5MjUyMDUz
MGQ5ZmUwHhcNMjQwMjA1MDkyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWFhYTAyNTQwODBmNGY3ZWI2YjYxM2RmM2U1NmUzYTAyYjk1MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiHlAnrQVIxrc9dvLMUVhuiKeTdg
d6PZWjqenoXguuFjsVSmMLoLZk6nGeCpR2kk+fIZIV16JEZWRajpdOjvr0XlD0gN
E0cLlZdA2eufGoISkd/UU30/9HrGRk7ANuEc29rsK/zjLoZxAGt/j432GCvy5EGC
GTl5C4CTW6nSnJ38P0ZItkjGPHhZWiYyYVNO5YtdSCUfv2J6bho43yUIu+YITkLC
sj8EUQEsFYgMrY0ERY5Xh3FuT1oPiA6zXjr4OUBPmlF/jhp059ziyXffxj5IOZg0
u9rtgeH7Jz6TmZwWSd/1mrWtkpD92VsxVrCVfYH3kQW5Z/tJZWwB4enAaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWqoCVAgPT362thPfPlbjoCuVGHMB8GA1UdIwQY
MBaAFINgiFEgIyjc5fwBv53SklIFMNn+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJDSVVTQWpLTnpsX0FHX25kS1NVZ1V3MmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80NTM1NDItMDhiMi00Mzk5LWJjNWMt
Yzc1NmFlMDFmYThhLzEvVmFxZ0pVQ0E5UGZyYTJFOTgtVnVPZ0s1VVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80NTM1NDItMDhiMi00Mzk5LWJjNWMtYzc1NmFlMDFmYThh
LzEvZzJDSVVTQWpLTnpsX0FHX25kS1NVZ1V3MmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnH6MA0G
CSqGSIb3DQEBCwUAA4IBAQCTS2+eqoI/xPLeILLAYNfludlEMwj+JyqvpIpF0UzH
45BDkqMYxcOwAyVbJl87tnbUzd/t6owpBhmRzE40HHBOAUD+9y5c6teGdSmGLiR9
QnouG80kh58rxFVZNAc5nKR03lj2qew2awjkZ2zywMTyFrY0jMGaI+hqmux7BCLI
CP8HcD+ex16p9T+h0nqUAG3BJFG1y0UW5aoPauJQEvVw5iVjtIEWNp53od46+IxM
JsCWerYwHEIRi1iREUNFOYttPAk0pUSEyK+CrKOkxEqg3PdWMXZFJz6JCoUUbYf3
oODjRniEAseOMmNfYhZ8x7T37FvtZFl+C8rqlp8E0diH
-----END CERTIFICATE-----