Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vje22ntFVHKDZyJTE2lUeYhR7_I.roa
File:                     vje22ntFVHKDZyJTE2lUeYhR7_I.roa (raw, json)
Hash identifier:          gU/Fj8ZC/xfx3F9tvJEeknAJ9ZRfiGkqRMhQjBgzUeo=
Subject key identifier:   BE:37:B6:DA:7B:45:54:72:83:67:22:53:13:69:54:79:88:51:EF:F2
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E13E4D667FBB54FEDF8ECFE9D516
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vje22ntFVHKDZyJTE2lUeYhR7_I.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203104
IP address blocks:        194.209.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e1:3e:4d:66:7f:bb:54:fe:df:8e:cf:e9:d5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be37b6da7b45547283672253136954798851eff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2b:8d:1e:ed:89:87:09:91:62:33:f2:98:bc:
                    05:72:98:55:ea:9b:1c:75:34:82:34:04:91:7a:f7:
                    6f:43:6b:cc:12:8f:58:75:c6:98:41:7f:06:16:c3:
                    88:0d:ab:e0:c5:3e:d0:3d:5e:57:52:c7:e9:88:a8:
                    60:c9:77:87:c1:de:65:ee:3a:4c:e8:b9:e8:01:f3:
                    75:e5:38:23:39:3c:ae:a2:6b:c4:c0:46:9c:ef:43:
                    fb:0f:80:7b:70:8c:15:8c:4e:8c:5d:35:33:f8:c6:
                    b4:07:70:5d:44:24:58:b4:8c:cc:b3:d4:db:7b:c0:
                    ad:63:09:b1:e6:93:b9:f7:0d:4f:09:26:82:b7:df:
                    37:72:c8:95:d0:cc:29:dc:a1:26:04:9c:15:fb:9c:
                    f4:b1:7c:86:c7:bb:d0:13:24:ba:a7:57:1b:cd:44:
                    70:e4:8b:cc:27:37:23:38:0e:1d:2c:cb:98:1d:17:
                    e7:8e:cb:05:0c:e2:d6:b0:f6:5b:1d:43:e4:77:eb:
                    b4:a7:eb:75:05:5a:ec:34:df:ff:61:44:a8:5a:55:
                    e1:40:b2:70:bc:8f:5a:01:4e:2a:47:60:33:d9:38:
                    29:59:69:4a:b7:7e:47:72:48:d5:ff:1f:e8:0b:23:
                    ce:c8:06:11:5a:8b:99:1a:ac:f2:a6:4b:61:38:ef:
                    6d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:37:B6:DA:7B:45:54:72:83:67:22:53:13:69:54:79:88:51:EF:F2
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/vje22ntFVHKDZyJTE2lUeYhR7_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:af:c7:fd:b0:0f:84:92:56:fd:f6:f1:89:07:3c:1c:b5:45:
         ec:76:00:9b:fb:4c:94:c3:4d:af:d0:06:44:dc:b0:ca:f8:32:
         88:e0:10:c7:e1:2a:bc:f9:61:28:c5:4e:80:34:e7:37:54:e9:
         4c:33:ff:d4:d0:9f:d2:23:2c:38:e4:6c:4f:b1:2d:11:4d:89:
         88:d0:a7:89:c7:01:8a:4a:63:d6:bc:bf:ad:62:d7:8d:c3:31:
         99:4b:de:08:7a:67:7e:f1:ea:a2:43:e5:74:79:8d:a6:0e:64:
         35:2e:43:aa:fc:b2:32:56:ea:d4:22:55:e2:37:5b:a8:62:6b:
         7b:c4:eb:74:fc:78:04:b2:8d:32:c9:62:c6:8a:b9:ba:36:5d:
         3d:f3:39:b1:ed:94:6e:72:84:98:71:9e:e9:54:59:eb:62:37:
         f3:f6:8a:d3:27:99:a8:42:1b:84:87:23:40:68:2e:51:27:47:
         d0:17:02:40:c1:42:b0:7c:aa:09:c4:4e:ae:eb:ef:4c:45:99:
         93:5f:4b:44:a9:6a:eb:7e:90:6c:16:c8:81:16:58:19:82:76:
         23:d5:d2:a3:d5:3f:ee:f2:0f:94:91:d4:65:b6:59:b4:6d:d8:
         c6:7c:d8:80:05:e7:16:49:8e:4f:e1:9b:d0:d6:e1:3c:e5:85:
         2b:28:74:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOE+TWZ/u1T+347P6dUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTM3YjZkYTdiNDU1NDcyODM2NzIyNTMxMzY5NTQ3OTg4NTFlZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyuNHu2JhwmRYjPymLwFcphV6psc
dTSCNASRevdvQ2vMEo9YdcaYQX8GFsOIDavgxT7QPV5XUsfpiKhgyXeHwd5l7jpM
6LnoAfN15TgjOTyuomvEwEac70P7D4B7cIwVjE6MXTUz+Ma0B3BdRCRYtIzMs9Tb
e8CtYwmx5pO59w1PCSaCt983csiV0Mwp3KEmBJwV+5z0sXyGx7vQEyS6p1cbzURw
5IvMJzcjOA4dLMuYHRfnjssFDOLWsPZbHUPkd+u0p+t1BVrsNN//YUSoWlXhQLJw
vI9aAU4qR2Az2TgpWWlKt35HckjV/x/oCyPOyAYRWouZGqzypkthOO9taQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL43ttp7RVRyg2ciUxNpVHmIUe/yMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvdmplMjJudEZWSEtEWnlKVEUybFVlWWhSN19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtGRMA0G
CSqGSIb3DQEBCwUAA4IBAQBJr8f9sA+Eklb99vGJBzwctUXsdgCb+0yUw02v0AZE
3LDK+DKI4BDH4Sq8+WEoxU6ANOc3VOlMM//U0J/SIyw45GxPsS0RTYmI0KeJxwGK
SmPWvL+tYteNwzGZS94Iemd+8eqiQ+V0eY2mDmQ1LkOq/LIyVurUIlXiN1uoYmt7
xOt0/HgEso0yyWLGirm6Nl098zmx7ZRucoSYcZ7pVFnrYjfz9orTJ5moQhuEhyNA
aC5RJ0fQFwJAwUKwfKoJxE6u6+9MRZmTX0tEqWrrfpBsFsiBFlgZgnYj1dKj1T/u
8g+UkdRltlm0bdjGfNiABecWSY5P4ZvQ1uE85YUrKHQi
-----END CERTIFICATE-----