Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/rAokHmXFgclUtvJfir_-ba5u3kk.roa
File:                     rAokHmXFgclUtvJfir_-ba5u3kk.roa (raw, json)
Hash identifier:          VNcKjyAGWj+mz8z0Sz294ABqk6eBL+4HYmlMq5jn/+s=
Subject key identifier:   AC:0A:24:1E:65:C5:81:C9:54:B6:F2:5F:8A:BF:FE:6D:AE:6E:DE:49
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72754320930D7CFFD5CEAFE5ADE8DCC
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/rAokHmXFgclUtvJfir_-ba5u3kk.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202505
IP address blocks:        213.238.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:54:32:09:30:d7:cf:fd:5c:ea:fe:5a:de:8d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac0a241e65c581c954b6f25f8abffe6dae6ede49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d3:b6:3d:ed:a9:d9:e6:29:50:ba:ab:67:e5:
                    31:39:25:da:80:ef:78:60:4f:5d:a3:37:88:ed:5d:
                    69:50:31:83:7b:19:74:8c:69:64:88:6f:d9:80:81:
                    5d:45:58:d1:96:67:96:56:17:01:fa:49:80:e8:b3:
                    15:80:3f:bc:54:51:41:7b:3f:50:68:29:13:58:8f:
                    55:69:57:18:d9:78:1d:d8:29:c0:77:fa:28:10:d6:
                    1c:95:ee:ea:84:04:4d:7f:d5:13:b5:88:d0:42:e1:
                    1f:98:ec:6e:d5:04:92:48:99:94:e6:45:ec:67:db:
                    03:96:9c:83:45:89:21:99:da:5c:3c:24:a0:28:9e:
                    1b:96:df:d7:07:fb:1c:10:8a:f7:d3:fe:e2:96:f8:
                    ce:71:89:9f:aa:87:c6:e0:92:ae:b3:e1:46:2f:0f:
                    ab:93:a0:96:b0:36:c8:92:8f:b4:15:ca:e5:a4:99:
                    d2:be:9a:73:8e:11:d7:c9:d9:06:f6:27:12:98:90:
                    6b:a8:de:2f:ad:03:d0:3e:04:33:07:ea:d2:8a:bc:
                    79:f0:cf:9f:23:8e:19:41:46:da:78:57:ed:54:3e:
                    01:a4:0f:45:1e:00:f4:b0:2f:bd:76:54:fa:f0:5a:
                    0b:7b:78:87:4d:ee:8b:91:db:9e:76:7a:82:2a:d4:
                    a3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:0A:24:1E:65:C5:81:C9:54:B6:F2:5F:8A:BF:FE:6D:AE:6E:DE:49
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/rAokHmXFgclUtvJfir_-ba5u3kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:22:12:ce:52:44:62:0a:be:c8:fd:1d:ea:1f:db:7e:e2:7e:
         8a:4c:1b:d2:1f:c6:76:0b:09:d4:fb:3c:1a:ba:a7:3c:71:64:
         6c:7c:a5:23:36:4d:95:3c:0a:47:6d:8f:be:60:39:32:32:af:
         6d:d3:15:d4:a6:57:71:cb:93:83:b7:91:fe:43:b0:16:d8:99:
         da:51:de:21:60:d4:fd:c7:bc:a2:a9:eb:98:38:f4:d7:21:d5:
         19:1b:1f:ab:c7:bb:c5:3c:2d:ec:72:f8:99:1b:9c:d9:f2:1e:
         82:4d:4c:30:03:cf:a9:b2:29:3d:05:5a:35:c3:26:26:80:62:
         0c:aa:2d:4a:c4:97:c1:79:5d:5c:2f:4e:30:44:f1:39:d1:d3:
         f9:0c:e6:67:3b:3f:26:b6:a2:3a:6f:7d:08:7d:a6:03:c4:68:
         84:51:2b:5d:97:17:c4:37:34:a9:75:3b:3b:1a:d0:0d:80:83:
         4c:1c:e3:79:ff:c4:b3:44:db:6b:20:f7:3b:80:fa:a9:b2:0d:
         1c:16:55:9c:fd:8a:d4:1d:c7:85:c0:76:25:dd:1c:56:9f:7f:
         92:c8:a0:be:ac:85:7e:1a:70:be:25:30:70:03:e1:a0:fc:59:
         55:08:e1:4e:3c:a1:11:da:64:fc:28:8b:60:d7:5f:f1:47:a4:
         0c:85:13:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1QyCTDXz/1c6v5a3o3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzBhMjQxZTY1YzU4MWM5NTRiNmYyNWY4YWJmZmU2ZGFlNmVkZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdO2Pe2p2eYpULqrZ+UxOSXagO94
YE9dozeI7V1pUDGDexl0jGlkiG/ZgIFdRVjRlmeWVhcB+kmA6LMVgD+8VFFBez9Q
aCkTWI9VaVcY2Xgd2CnAd/ooENYcle7qhARNf9UTtYjQQuEfmOxu1QSSSJmU5kXs
Z9sDlpyDRYkhmdpcPCSgKJ4blt/XB/scEIr30/7ilvjOcYmfqofG4JKus+FGLw+r
k6CWsDbIko+0FcrlpJnSvppzjhHXydkG9icSmJBrqN4vrQPQPgQzB+rSirx58M+f
I44ZQUbaeFftVD4BpA9FHgD0sC+9dlT68FoLe3iHTe6LkduednqCKtSj6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwKJB5lxYHJVLbyX4q//m2ubt5JMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvckFva0htWEZnY2xVdHZKZmlyXy1iYTV1M2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e60MA0G
CSqGSIb3DQEBCwUAA4IBAQBlIhLOUkRiCr7I/R3qH9t+4n6KTBvSH8Z2CwnU+zwa
uqc8cWRsfKUjNk2VPApHbY++YDkyMq9t0xXUpldxy5ODt5H+Q7AW2JnaUd4hYNT9
x7yiqeuYOPTXIdUZGx+rx7vFPC3scviZG5zZ8h6CTUwwA8+psik9BVo1wyYmgGIM
qi1KxJfBeV1cL04wRPE50dP5DOZnOz8mtqI6b30IfaYDxGiEUStdlxfENzSpdTs7
GtANgINMHON5/8SzRNtrIPc7gPqpsg0cFlWc/YrUHceFwHYl3RxWn3+SyKC+rIV+
GnC+JTBwA+Gg/FlVCOFOPKER2mT8KItg11/xR6QMhRPS
-----END CERTIFICATE-----