Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/1-VPey36dk5bTzhm16idcY1200jM.roa
File:                     1-VPey36dk5bTzhm16idcY1200jM.roa (raw, json)
Hash identifier:          SCtgt97EszqbSAKcSHk/1qzcuhMTxA8N74SUYEvTORE=
Subject key identifier:   F9:53:DE:CB:7E:9D:93:96:D3:CE:19:B5:EA:27:5C:63:5D:B4:D2:33
Certificate issuer:       /CN=c7f04b78b2eedf998edd5cc1e88671c8d10f1865
Certificate serial:       018CC56DEA937E9C8650518351C25780DE71
Authority key identifier: C7:F0:4B:78:B2:EE:DF:99:8E:DD:5C:C1:E8:86:71:C8:D1:0F:18:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/1-VPey36dk5bTzhm16idcY1200jM.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13130
IP address blocks:        194.114.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ea:93:7e:9c:86:50:51:83:51:c2:57:80:de:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7f04b78b2eedf998edd5cc1e88671c8d10f1865
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f953decb7e9d9396d3ce19b5ea275c635db4d233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:65:b4:ec:90:cf:21:eb:dd:84:32:3e:be:cf:
                    78:96:a7:fc:a3:04:07:d5:72:4b:a4:f7:20:f6:ca:
                    c8:ff:2c:1f:11:27:ec:c8:3d:a5:d4:9c:ff:5f:c6:
                    2b:7d:14:2e:47:9a:db:9e:35:1f:36:ea:b0:bb:e9:
                    b0:7d:58:c5:05:d0:a3:d6:7e:aa:a6:2c:1a:e2:77:
                    a1:eb:b7:32:8e:59:14:47:1b:65:7a:30:5f:61:06:
                    16:fe:be:0f:ff:54:55:dc:43:52:7e:36:86:c9:63:
                    5d:cc:b1:fc:d2:3e:fc:f0:c9:a8:45:40:2f:b2:79:
                    94:39:6a:41:da:91:a2:cb:05:a6:64:ea:47:9c:f1:
                    6e:f2:31:da:24:91:b6:0b:1b:26:32:5c:36:ca:6b:
                    ef:08:d9:9e:5a:b1:66:9d:38:ec:11:95:c6:dd:cb:
                    e4:b6:4b:6d:cc:c3:f3:f2:e0:54:c2:f8:fa:ec:7d:
                    29:a5:48:3f:07:ec:2f:a2:59:4c:d2:b2:53:bd:ab:
                    59:b4:c5:9b:ce:dd:52:6e:9c:59:a8:43:b2:55:b6:
                    d1:b7:12:79:15:1f:74:b1:76:98:2c:b8:1b:11:a2:
                    5b:a7:b7:82:bf:f4:94:40:3b:1d:09:ff:fb:0e:d0:
                    6e:fa:f1:9d:61:ce:c2:73:b2:12:30:58:c8:7b:0e:
                    bb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:53:DE:CB:7E:9D:93:96:D3:CE:19:B5:EA:27:5C:63:5D:B4:D2:33
            X509v3 Authority Key Identifier:
                keyid:C7:F0:4B:78:B2:EE:DF:99:8E:DD:5C:C1:E8:86:71:C8:D1:0F:18:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/1-VPey36dk5bTzhm16idcY1200jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.114.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:84:cc:40:20:1a:04:4f:bb:d5:9e:54:0e:0c:30:38:79:75:
         db:0f:8d:e6:62:56:f2:dc:5a:bd:47:59:e0:c7:ac:4b:20:71:
         4c:e6:91:b0:6c:01:39:8e:eb:ec:78:89:49:13:50:14:d5:24:
         3f:3b:7b:24:67:31:1d:0b:62:ca:13:ab:7a:7f:08:b7:ca:84:
         55:bd:11:31:52:8a:62:c8:97:85:6e:7c:83:6b:54:c2:ef:47:
         57:84:25:b8:e0:8f:9f:25:d3:5d:5b:25:4f:e0:08:cc:d1:e7:
         d9:f1:14:e4:97:66:d0:be:61:0a:63:77:87:23:83:8c:04:65:
         1f:ab:fd:58:f1:9c:c2:7a:d2:85:76:f2:e8:45:a2:73:b4:01:
         55:28:71:ae:7c:ec:37:f6:e2:0b:72:89:9c:a5:ff:de:d2:57:
         82:f0:4c:d9:be:6c:46:e9:01:a6:2f:51:5f:d9:91:a5:0b:7e:
         65:b8:b3:e3:1a:03:4a:b1:f2:bc:0a:97:5a:86:ef:af:ef:e3:
         fa:f7:0a:f8:7b:93:ca:fa:50:35:10:0e:44:6f:91:3c:f1:1c:
         a9:4b:37:f5:e0:0c:60:93:95:7f:91:11:27:69:b7:3a:ae:a4:
         5f:74:57:41:c9:4f:86:35:50:81:52:45:13:29:0d:43:70:b6:
         75:e0:bd:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbeqTfpyGUFGDUcJXgN5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZjA0Yjc4YjJlZWRmOTk4ZWRkNWNjMWU4ODY3MWM4ZDEw
ZjE4NjUwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTUzZGVjYjdlOWQ5Mzk2ZDNjZTE5YjVlYTI3NWM2MzVkYjRkMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmW07JDPIevdhDI+vs94lqf8owQH
1XJLpPcg9srI/ywfESfsyD2l1Jz/X8YrfRQuR5rbnjUfNuqwu+mwfVjFBdCj1n6q
piwa4neh67cyjlkURxtlejBfYQYW/r4P/1RV3ENSfjaGyWNdzLH80j788MmoRUAv
snmUOWpB2pGiywWmZOpHnPFu8jHaJJG2CxsmMlw2ymvvCNmeWrFmnTjsEZXG3cvk
tkttzMPz8uBUwvj67H0ppUg/B+wvollM0rJTvatZtMWbzt1SbpxZqEOyVbbRtxJ5
FR90sXaYLLgbEaJbp7eCv/SUQDsdCf/7DtBu+vGdYc7Cc7ISMFjIew67UwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlT3st+nZOW084ZteonXGNdtNIzMB8GA1UdIwQY
MBaAFMfwS3iy7t+Zjt1cweiGccjRDxhlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveF9CTGVMTHUzNW1PM1Z6QjZJWnh5TkVQR0dVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80NzM5MjQtNmY5OS00NzNkLWEwNzct
ZjQzNzgzOTA5NWQxLzEvMS1WUGV5MzZkazViVHpobTE2aWRjWTEyMDBqTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjcvNDczOTI0LTZmOTktNDczZC1hMDc3LWY0Mzc4MzkwOTVk
MS8xL3hfQkxlTEx1MzVtTzNWekI2SVp4eU5FUEdHVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJyTDAN
BgkqhkiG9w0BAQsFAAOCAQEAfYTMQCAaBE+71Z5UDgwwOHl12w+N5mJW8txavUdZ
4MesSyBxTOaRsGwBOY7r7HiJSRNQFNUkPzt7JGcxHQtiyhOren8It8qEVb0RMVKK
YsiXhW58g2tUwu9HV4QluOCPnyXTXVslT+AIzNHn2fEU5Jdm0L5hCmN3hyODjARl
H6v9WPGcwnrShXby6EWic7QBVShxrnzsN/biC3KJnKX/3tJXgvBM2b5sRukBpi9R
X9mRpQt+Zbiz4xoDSrHyvAqXWobvr+/j+vcK+HuTyvpQNRAORG+RPPEcqUs39eAM
YJOVf5ERJ2m3Oq6kX3RXQclPhjVQgVJFEykNQ3C2deC9SA==
-----END CERTIFICATE-----