Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/VPRCw9qbHDjYK7HUQODKzTL5tHM.roa
File:                     VPRCw9qbHDjYK7HUQODKzTL5tHM.roa (raw, json)
Hash identifier:          fQuFF3uSznRVnFmVddxMumjnQSsZeA+THJJXWVo8G/M=
Subject key identifier:   54:F4:42:C3:DA:9B:1C:38:D8:2B:B1:D4:40:E0:CA:CD:32:F9:B4:73
Certificate issuer:       /CN=597a01de87e011803f890ae17749020f995f140c
Certificate serial:       018CC6B933D76E490F83920422D26A7FD0B1
Authority key identifier: 59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/VPRCw9qbHDjYK7HUQODKzTL5tHM.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1271
IP address blocks:        2a07:b980:480f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:33:d7:6e:49:0f:83:92:04:22:d2:6a:7f:d0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597a01de87e011803f890ae17749020f995f140c
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54f442c3da9b1c38d82bb1d440e0cacd32f9b473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:51:50:6a:ce:16:0e:95:09:f8:d2:69:18:
                    15:72:5c:90:ca:3a:a6:dd:48:52:ec:8f:58:c0:67:
                    ad:0b:d7:e1:6c:a1:8d:31:75:60:35:ee:d7:bd:9e:
                    74:cd:d1:ba:33:57:5a:75:c5:ef:9b:a0:d2:c1:02:
                    a9:f4:24:aa:70:4a:70:14:c2:3a:58:62:dd:84:86:
                    11:ba:7b:7e:92:91:43:25:80:55:92:9b:71:f3:da:
                    24:67:ce:f9:97:6f:fd:6d:70:1b:76:61:f6:bf:6f:
                    bb:3d:a7:8c:07:4b:12:26:25:39:a9:9d:cb:53:ad:
                    2b:42:a3:90:d3:27:ba:79:23:e9:0c:f7:81:52:2c:
                    23:bb:4e:81:f0:44:57:9e:61:ba:49:50:6b:b7:2a:
                    b7:78:dd:db:da:f0:c5:c3:db:41:e6:f8:41:07:90:
                    82:7c:4a:d3:a7:c2:27:a3:4e:ee:83:5d:86:f6:ad:
                    ab:27:96:c2:dc:97:58:ee:b2:10:0c:59:1c:c2:68:
                    06:bb:c5:62:fa:85:c7:a6:4c:42:e5:5b:6f:9c:c0:
                    33:3c:d7:7c:b1:4f:58:58:45:47:11:06:6f:10:d4:
                    c0:bb:7e:13:46:f3:86:53:66:b8:cf:77:f4:48:11:
                    b0:ad:e3:d2:c6:a2:36:e7:ad:80:9b:83:9b:ae:c5:
                    b9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F4:42:C3:DA:9B:1C:38:D8:2B:B1:D4:40:E0:CA:CD:32:F9:B4:73
            X509v3 Authority Key Identifier:
                keyid:59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/VPRCw9qbHDjYK7HUQODKzTL5tHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:b980:480f::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:72:29:ea:59:e9:16:6d:16:f1:31:60:d1:b2:f4:2a:84:7e:
         89:c6:d3:87:00:a3:a3:3e:f6:64:c1:49:5b:8a:43:ce:d7:64:
         f6:9c:d4:20:92:c0:7a:91:14:f3:7a:07:2c:9c:b5:1b:a2:9d:
         58:ea:8e:c2:2b:fd:86:9e:92:90:47:ba:9c:3b:70:03:30:2c:
         c9:60:23:20:63:a8:be:e6:ec:69:ab:e5:64:3a:61:ca:37:a2:
         53:4e:c2:34:1b:ad:f9:60:44:61:40:bd:69:dc:10:12:91:9a:
         aa:8b:d0:bf:f3:0d:bc:94:39:e7:ab:dd:d8:0d:48:c5:06:5e:
         85:b2:cf:06:6b:6f:b9:c6:0f:cf:58:13:40:b8:31:ab:69:ad:
         9b:7b:3a:11:c7:4d:52:6a:59:4a:88:d8:17:ae:a3:b4:c4:30:
         29:d7:24:24:c2:88:92:48:c2:5c:52:e3:af:a2:96:cf:f9:11:
         97:76:aa:65:52:87:3d:84:7e:3f:0d:32:ad:73:6f:d5:2e:38:
         16:b7:17:f0:f5:81:d0:e2:b0:fa:30:26:97:03:a6:8a:6b:e2:
         f7:38:66:63:69:05:7b:51:cf:84:81:1a:7a:f0:7c:9f:05:f1:
         e0:15:31:4c:8e:fc:e5:29:80:91:65:41:0b:52:b8:fa:78:ad:
         b0:c7:d8:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuTPXbkkPg5IEItJqf9CxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2EwMWRlODdlMDExODAzZjg5MGFlMTc3NDkwMjBmOTk1
ZjE0MGMwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGY0NDJjM2RhOWIxYzM4ZDgyYmIxZDQ0MGUwY2FjZDMyZjliNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUlRUGrOFg6VCfjSaRgVclyQyjqm
3UhS7I9YwGetC9fhbKGNMXVgNe7XvZ50zdG6M1dadcXvm6DSwQKp9CSqcEpwFMI6
WGLdhIYRunt+kpFDJYBVkptx89okZ875l2/9bXAbdmH2v2+7PaeMB0sSJiU5qZ3L
U60rQqOQ0ye6eSPpDPeBUiwju06B8ERXnmG6SVBrtyq3eN3b2vDFw9tB5vhBB5CC
fErTp8Ino07ug12G9q2rJ5bC3JdY7rIQDFkcwmgGu8Vi+oXHpkxC5VtvnMAzPNd8
sU9YWEVHEQZvENTAu34TRvOGU2a4z3f0SBGwrePSxqI2562Am4ObrsW5gQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFT0QsPamxw42Cux1EDgys0y+bRzMB8GA1UdIwQY
MBaAFFl6Ad6H4BGAP4kK4XdJAg+ZXxQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMt
NzM1MzNkZTA5OWMzLzEvVlBSQ3c5cWJIRGpZSzdIVVFPREt6VEw1dEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMtNzM1MzNkZTA5OWMz
LzEvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKge5gEgP
MA0GCSqGSIb3DQEBCwUAA4IBAQAscinqWekWbRbxMWDRsvQqhH6JxtOHAKOjPvZk
wUlbikPO12T2nNQgksB6kRTzegcsnLUbop1Y6o7CK/2GnpKQR7qcO3ADMCzJYCMg
Y6i+5uxpq+VkOmHKN6JTTsI0G635YERhQL1p3BASkZqqi9C/8w28lDnnq93YDUjF
Bl6Fss8Ga2+5xg/PWBNAuDGraa2bezoRx01SallKiNgXrqO0xDAp1yQkwoiSSMJc
UuOvopbP+RGXdqplUoc9hH4/DTKtc2/VLjgWtxfw9YHQ4rD6MCaXA6aKa+L3OGZj
aQV7Uc+EgRp68HyfBfHgFTFMjvzlKYCRZUELUrj6eK2wx9j2
-----END CERTIFICATE-----