Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/VC3wAzYJCs1cTeHdECuPEOSx7-w.roa
File:                     VC3wAzYJCs1cTeHdECuPEOSx7-w.roa (raw, json)
Hash identifier:          g2bglxPJ8XxZJfLFcLtSyZSMbkbaUSjbklWt+GwTlug=
Subject key identifier:   54:2D:F0:03:36:09:0A:CD:5C:4D:E1:DD:10:2B:8F:10:E4:B1:EF:EC
Certificate issuer:       /CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
Certificate serial:       018FB91660606BB1B9885CC86D62007AD49A
Authority key identifier: 42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/VC3wAzYJCs1cTeHdECuPEOSx7-w.roa
Signing time:             Mon 27 May 2024 08:06:42 +0000
ROA not before:           Mon 27 May 2024 08:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        185.8.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b9:16:60:60:6b:b1:b9:88:5c:c8:6d:62:00:7a:d4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
        Validity
            Not Before: May 27 08:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=542df00336090acd5c4de1dd102b8f10e4b1efec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:93:07:ac:35:72:18:1c:2b:17:ad:3b:63:8e:
                    5f:b7:ed:91:41:95:63:b8:b4:fe:41:7e:f7:dc:d7:
                    7f:40:3d:1d:ee:9b:f8:44:22:2b:6f:e9:37:7e:c7:
                    52:bb:b8:38:1b:d8:eb:17:aa:5a:6b:c6:1e:66:7c:
                    37:95:a1:bd:95:5e:9a:0d:d3:bd:6a:d6:b0:17:37:
                    f1:27:61:c4:56:1b:d3:ff:9a:33:e9:1b:a3:70:9f:
                    1f:77:74:b0:a3:4f:18:d0:e6:b6:f7:cb:3b:ef:a4:
                    dc:77:5a:20:93:02:9c:56:f1:ea:0f:93:ab:83:da:
                    da:21:96:94:ff:29:5a:b1:a1:67:c5:c0:37:92:81:
                    8b:79:d9:2b:c5:c2:a1:65:de:a6:e7:0e:b7:75:51:
                    8d:ae:af:26:9b:21:e8:4f:3d:df:a3:f9:fc:1c:7c:
                    11:6f:19:4f:85:e4:ef:e3:a5:76:8a:46:74:a3:15:
                    e7:85:f8:7f:a1:32:82:f4:ca:57:9e:85:ba:dd:4d:
                    7a:bc:53:e8:ca:90:86:ec:2d:10:5c:2b:ef:b9:d5:
                    5b:0a:54:9f:fe:05:7a:6a:f4:b5:a2:29:a3:85:81:
                    c4:5f:c1:64:b2:a5:ba:f8:69:f9:b5:4f:5f:4e:9b:
                    a8:db:0f:a6:49:01:ec:41:ab:1f:a8:16:74:7e:73:
                    93:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2D:F0:03:36:09:0A:CD:5C:4D:E1:DD:10:2B:8F:10:E4:B1:EF:EC
            X509v3 Authority Key Identifier:
                keyid:42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/VC3wAzYJCs1cTeHdECuPEOSx7-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7e:cb:01:00:97:59:6a:41:41:f8:2b:36:3f:39:69:33:cb:
         5c:87:72:6a:47:c6:eb:09:ed:d1:29:2f:04:fd:07:d8:c9:6f:
         11:62:71:0d:df:9e:51:8d:77:de:72:0d:43:d3:56:f1:ba:78:
         18:46:1b:5d:a8:ef:e0:f6:3c:ce:56:13:f3:77:98:34:d8:48:
         9d:ed:b4:5b:84:ce:5b:70:87:c0:ce:1e:ef:76:ed:23:0c:4a:
         03:dd:67:d1:0b:7c:22:dc:a2:1a:26:94:95:48:1a:d0:9f:bd:
         82:eb:00:41:6e:77:e8:45:d9:ad:dc:12:90:ae:20:7e:d5:72:
         e8:cf:f8:a4:64:98:15:5a:af:d3:e6:4c:1c:1f:af:52:1d:e1:
         23:38:56:98:18:0d:62:5e:cc:cb:4f:13:cd:82:59:f4:40:41:
         c8:b5:55:dd:4c:56:7a:5d:9e:34:79:51:d6:db:54:b0:c8:8e:
         4a:33:7a:ff:25:4e:a7:3c:88:5d:f7:ee:49:36:e1:cd:b9:fc:
         b9:6f:3a:ce:6d:00:9e:81:f2:06:ec:b8:1c:e2:b3:0a:69:ed:
         52:8c:44:6d:41:10:96:25:d4:c5:bb:eb:97:48:9f:dd:ae:a0:
         69:23:ee:b6:6b:f2:a5:d8:be:0d:cd:db:d9:e6:be:2e:de:ae:
         03:64:bc:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+5FmBga7G5iFzIbWIAetSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOWIxY2YyMWQyMGY4YzZmOTQ2NDFlMzMyN2U0NTU1ZTJl
NDExMDIwHhcNMjQwNTI3MDgwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJkZjAwMzM2MDkwYWNkNWM0ZGUxZGQxMDJiOGYxMGU0YjFlZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZMHrDVyGBwrF607Y45ft+2RQZVj
uLT+QX733Nd/QD0d7pv4RCIrb+k3fsdSu7g4G9jrF6paa8YeZnw3laG9lV6aDdO9
atawFzfxJ2HEVhvT/5oz6RujcJ8fd3Swo08Y0Oa298s776Tcd1ogkwKcVvHqD5Or
g9raIZaU/ylasaFnxcA3koGLedkrxcKhZd6m5w63dVGNrq8mmyHoTz3fo/n8HHwR
bxlPheTv46V2ikZ0oxXnhfh/oTKC9MpXnoW63U16vFPoypCG7C0QXCvvudVbClSf
/gV6avS1oimjhYHEX8FksqW6+Gn5tU9fTpuo2w+mSQHsQasfqBZ0fnOTFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQt8AM2CQrNXE3h3RArjxDkse/sMB8GA1UdIwQY
MBaAFEKbHPIdIPjG+UZB4zJ+RVXi5BECMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3Yzgt
ZTU2ZTczODM4MGRlLzEvVkMzd0F6WUpDczFjVGVIZEVDdVBFT1N4Ny13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3YzgtZTU2ZTczODM4MGRl
LzEvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQiNMA0G
CSqGSIb3DQEBCwUAA4IBAQCcfssBAJdZakFB+Cs2PzlpM8tch3JqR8brCe3RKS8E
/QfYyW8RYnEN355RjXfecg1D01bxungYRhtdqO/g9jzOVhPzd5g02Eid7bRbhM5b
cIfAzh7vdu0jDEoD3WfRC3wi3KIaJpSVSBrQn72C6wBBbnfoRdmt3BKQriB+1XLo
z/ikZJgVWq/T5kwcH69SHeEjOFaYGA1iXszLTxPNgln0QEHItVXdTFZ6XZ40eVHW
21SwyI5KM3r/JU6nPIhd9+5JNuHNufy5bzrObQCegfIG7Lgc4rMKae1SjERtQRCW
JdTFu+uXSJ/drqBpI+62a/Kl2L4NzdvZ5r4u3q4DZLwd
-----END CERTIFICATE-----