Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/VS8FwNlMkuFGyMg5BXbxczjl27Y.roa
File:                     VS8FwNlMkuFGyMg5BXbxczjl27Y.roa (raw, json)
Hash identifier:          UcE5UYwIWmYhcm4TYcooWIH8aSpJHNpDVg6vQOgqBUM=
Subject key identifier:   55:2F:05:C0:D9:4C:92:E1:46:C8:C8:39:05:76:F1:73:38:E5:DB:B6
Certificate issuer:       /CN=15a7af707b5848b3539636a7431779d7014cda61
Certificate serial:       018E9E0CD666B80F94D8CE3F8E66558F7914
Authority key identifier: 15:A7:AF:70:7B:58:48:B3:53:96:36:A7:43:17:79:D7:01:4C:DA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/VS8FwNlMkuFGyMg5BXbxczjl27Y.roa
Signing time:             Tue 02 Apr 2024 09:03:45 +0000
ROA not before:           Tue 02 Apr 2024 09:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197133
IP address blocks:        5.183.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:0c:d6:66:b8:0f:94:d8:ce:3f:8e:66:55:8f:79:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15a7af707b5848b3539636a7431779d7014cda61
        Validity
            Not Before: Apr  2 09:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=552f05c0d94c92e146c8c8390576f17338e5dbb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:90:c6:0a:35:68:1e:26:65:26:d8:57:b3:
                    b0:06:92:48:69:2a:0b:9e:eb:26:bb:2e:c4:cc:a3:
                    02:44:a7:f1:79:b4:ce:89:c4:05:22:c2:52:e4:62:
                    41:3d:f7:17:75:5a:03:ae:44:18:fc:5f:f0:80:0c:
                    55:1f:88:93:e7:ff:10:18:9f:56:fb:84:92:03:3a:
                    df:0f:e7:fe:ae:a6:d6:84:c1:27:31:d7:7f:3d:57:
                    cf:6d:6f:0b:e2:8d:0f:fd:f0:81:de:17:4f:6e:60:
                    5c:c7:f2:69:ac:b3:6e:8c:19:25:8b:57:68:2a:a0:
                    ad:35:21:57:89:87:33:67:40:71:bf:d9:10:59:81:
                    44:b3:a4:3f:2f:ab:a6:69:49:d0:d2:c1:b2:71:71:
                    8d:2e:c7:e6:75:12:52:6e:a9:d6:11:e0:47:81:4f:
                    d0:3f:56:7e:c3:9b:c5:0a:71:4e:c1:71:22:bd:b6:
                    a4:26:be:20:f0:ef:c5:0a:70:9f:33:5f:6f:f9:83:
                    1b:ba:b1:6a:9a:ff:4a:86:87:f0:a3:58:04:bd:cf:
                    95:d4:1c:8b:5f:b0:10:75:ed:7d:eb:48:e8:74:78:
                    6e:5e:ef:04:25:de:ab:57:fa:24:03:c8:f4:91:06:
                    e7:95:ba:63:43:f0:94:19:42:7b:91:3f:9a:b0:47:
                    86:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2F:05:C0:D9:4C:92:E1:46:C8:C8:39:05:76:F1:73:38:E5:DB:B6
            X509v3 Authority Key Identifier:
                keyid:15:A7:AF:70:7B:58:48:B3:53:96:36:A7:43:17:79:D7:01:4C:DA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/VS8FwNlMkuFGyMg5BXbxczjl27Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:5b:83:60:40:51:9c:56:46:fd:17:f7:55:d3:e1:da:c8:25:
         a2:73:e0:b6:2c:96:04:5d:ea:8e:fe:cc:5f:de:d5:8a:96:27:
         c4:73:af:3a:2e:80:53:a4:aa:cc:32:0e:f8:b8:3c:25:3d:5e:
         99:bb:8d:6c:5f:60:a2:15:59:e1:e6:d2:b6:20:84:bb:3d:79:
         38:89:5d:9f:08:b6:da:a6:55:1a:04:c4:9c:16:4f:85:ea:11:
         fb:d1:b7:8a:67:24:7e:c0:a6:df:2a:69:82:8f:6a:3f:72:df:
         fb:bd:fa:7a:51:e2:9b:3f:25:5a:6f:fb:f6:8f:e8:72:b7:80:
         a0:8d:e3:0a:21:81:87:2b:fc:56:88:6b:ee:4c:33:ac:01:ed:
         d5:9c:06:fc:90:6f:29:43:38:8d:74:00:82:86:26:af:d2:a0:
         95:1f:71:41:33:c5:4f:78:b8:69:65:02:ab:f5:40:fe:cb:d7:
         63:6d:6b:2f:f4:f6:49:48:f1:1c:59:76:1e:ee:08:a9:4e:34:
         ad:de:a2:b2:9e:e0:68:de:69:f6:f6:49:46:b8:74:cf:b4:8d:
         f6:e3:d9:4c:22:33:6c:a1:cc:78:0b:4f:4f:2b:1f:52:fd:ce:
         e4:86:64:c4:2d:96:08:dd:df:02:39:e4:28:13:0f:d8:7b:ff:
         df:a4:da:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6eDNZmuA+U2M4/jmZVj3kUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YTdhZjcwN2I1ODQ4YjM1Mzk2MzZhNzQzMTc3OWQ3MDE0
Y2RhNjEwHhcNMjQwNDAyMDkwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJmMDVjMGQ5NGM5MmUxNDZjOGM4MzkwNTc2ZjE3MzM4ZTVkYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjyQxgo1aB4mZSbYV7OwBpJIaSoL
nusmuy7EzKMCRKfxebTOicQFIsJS5GJBPfcXdVoDrkQY/F/wgAxVH4iT5/8QGJ9W
+4SSAzrfD+f+rqbWhMEnMdd/PVfPbW8L4o0P/fCB3hdPbmBcx/JprLNujBkli1do
KqCtNSFXiYczZ0Bxv9kQWYFEs6Q/L6umaUnQ0sGycXGNLsfmdRJSbqnWEeBHgU/Q
P1Z+w5vFCnFOwXEivbakJr4g8O/FCnCfM19v+YMburFqmv9Khofwo1gEvc+V1ByL
X7AQde1960jodHhuXu8EJd6rV/okA8j0kQbnlbpjQ/CUGUJ7kT+asEeG3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUvBcDZTJLhRsjIOQV28XM45du2MB8GA1UdIwQY
MBaAFBWnr3B7WEizU5Y2p0MXedcBTNphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmFldmNIdFlTTE5UbGphblF4ZDUxd0ZNMm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kZDUwZGUtOGUyYS00OTBjLWE0MTgt
NjAxMTY4NjI2MTZhLzEvVlM4RndObE1rdUZHeU1nNUJYYnhjempsMjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kZDUwZGUtOGUyYS00OTBjLWE0MTgtNjAxMTY4NjI2MTZh
LzEvRmFldmNIdFlTTE5UbGphblF4ZDUxd0ZNMm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbd8MA0G
CSqGSIb3DQEBCwUAA4IBAQCHW4NgQFGcVkb9F/dV0+HayCWic+C2LJYEXeqO/sxf
3tWKlifEc686LoBTpKrMMg74uDwlPV6Zu41sX2CiFVnh5tK2IIS7PXk4iV2fCLba
plUaBMScFk+F6hH70beKZyR+wKbfKmmCj2o/ct/7vfp6UeKbPyVab/v2j+hyt4Cg
jeMKIYGHK/xWiGvuTDOsAe3VnAb8kG8pQziNdACChiav0qCVH3FBM8VPeLhpZQKr
9UD+y9djbWsv9PZJSPEcWXYe7gipTjSt3qKynuBo3mn29klGuHTPtI3249lMIjNs
ocx4C09PKx9S/c7khmTELZYI3d8COeQoEw/Ye//fpNqV
-----END CERTIFICATE-----