Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/1VtpqP9soivL-tvzGvgUeNrNHjY.roa
File:                     1VtpqP9soivL-tvzGvgUeNrNHjY.roa (raw, json)
Hash identifier:          jrapzckYhH548jxoHg+36uKJkPFNdojMQ6Yk/S7cSlE=
Subject key identifier:   D5:5B:69:A8:FF:6C:A2:2B:CB:FA:DB:F3:1A:F8:14:78:DA:CD:1E:36
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       018CC6B8FA6168E5CBFAA7B42546776E58A2
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/1VtpqP9soivL-tvzGvgUeNrNHjY.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16086
IP address blocks:        192.102.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fa:61:68:e5:cb:fa:a7:b4:25:46:77:6e:58:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d55b69a8ff6ca22bcbfadbf31af81478dacd1e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:ab:d5:4b:e5:47:8f:a2:40:05:d1:2f:08:
                    c9:0a:cb:dd:1e:d1:99:3f:81:43:7f:d2:26:9e:2d:
                    c3:b7:bf:94:4e:02:64:38:82:30:ff:b6:9e:91:e0:
                    c9:94:1f:4f:83:1f:f6:ee:fc:be:30:7f:32:e6:7d:
                    9e:9d:fa:1b:44:2f:45:d8:e6:8e:49:8f:a1:c6:78:
                    ad:fb:31:22:ba:90:7e:72:d1:d9:30:66:ad:84:26:
                    dd:d3:e5:3c:ce:48:00:61:73:dc:42:9c:1a:c4:3a:
                    2a:80:80:be:20:e0:cd:da:55:67:97:a6:7f:d9:0b:
                    3d:18:76:1e:e4:73:f1:ad:38:2a:7d:58:23:91:b2:
                    17:6f:0e:11:0e:6d:5a:8c:a0:12:bd:20:71:14:13:
                    bd:54:fb:99:d6:31:dc:70:9a:0d:21:63:12:2d:02:
                    43:38:2a:9d:cf:30:25:5a:b7:96:d5:bd:90:31:09:
                    55:c4:45:0a:11:59:e6:4c:25:f1:57:05:4b:12:67:
                    cd:99:38:85:08:1d:26:d0:34:43:91:e8:4b:54:4e:
                    ff:0a:27:47:1c:f8:ee:3e:5a:20:77:ce:99:96:e3:
                    00:74:82:cb:10:2a:dd:74:14:1a:47:09:1f:46:1b:
                    f2:52:90:4a:57:1b:01:85:cd:d5:e6:18:3c:e1:bd:
                    0c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:5B:69:A8:FF:6C:A2:2B:CB:FA:DB:F3:1A:F8:14:78:DA:CD:1E:36
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/1VtpqP9soivL-tvzGvgUeNrNHjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.102.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:7c:3d:03:eb:5c:79:70:66:9c:25:d8:87:a0:9a:c5:1c:27:
         57:80:43:17:82:78:fa:8f:77:73:54:7e:d9:32:c5:b1:84:4a:
         9a:00:1c:02:27:d7:69:74:c5:9c:53:76:48:7b:84:a4:84:70:
         99:fc:41:5a:8e:57:d9:e2:8a:e0:cb:77:16:45:5f:7d:26:a6:
         00:09:6c:8a:b3:be:e6:93:2e:80:32:eb:29:71:60:b8:d1:18:
         5e:37:4c:0f:fc:b2:72:ce:b7:18:34:82:25:7e:84:20:1f:47:
         35:27:a7:a9:fa:b2:aa:b2:a0:67:85:a7:90:b7:8c:aa:05:f6:
         ba:97:e3:5b:20:a4:8d:4e:ff:be:37:a2:ec:20:8a:d7:14:f1:
         32:ca:37:cb:3f:80:8b:d2:27:06:93:65:8a:fa:96:b4:6a:fd:
         9a:67:e2:a5:26:ca:59:b5:6d:a5:45:b4:ad:4e:1c:b3:34:fc:
         f0:ee:1a:bd:b8:2a:ed:d5:bb:85:6f:c0:c3:04:74:22:17:2d:
         0d:19:c6:53:50:21:ea:8e:8c:e5:1a:95:2f:e9:8c:51:ee:60:
         7f:6d:ac:ec:38:55:b2:aa:e2:9a:8f:a7:64:a2:8c:f7:b2:63:
         ed:10:66:5b:8a:1d:29:80:af:88:c5:75:8f:e8:4c:1a:f5:24:
         fd:72:8b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPphaOXL+qe0JUZ3bliiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTViNjlhOGZmNmNhMjJiY2JmYWRiZjMxYWY4MTQ3OGRhY2QxZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw6r1UvlR4+iQAXRLwjJCsvdHtGZ
P4FDf9Imni3Dt7+UTgJkOIIw/7aekeDJlB9Pgx/27vy+MH8y5n2enfobRC9F2OaO
SY+hxnit+zEiupB+ctHZMGathCbd0+U8zkgAYXPcQpwaxDoqgIC+IODN2lVnl6Z/
2Qs9GHYe5HPxrTgqfVgjkbIXbw4RDm1ajKASvSBxFBO9VPuZ1jHccJoNIWMSLQJD
OCqdzzAlWreW1b2QMQlVxEUKEVnmTCXxVwVLEmfNmTiFCB0m0DRDkehLVE7/CidH
HPjuPlogd86ZluMAdILLECrddBQaRwkfRhvyUpBKVxsBhc3V5hg84b0MBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVbaaj/bKIry/rb8xr4FHjazR42MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvMVZ0cHFQOXNvaXZMLXR2ekd2Z1VlTnJOSGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGY0MA0G
CSqGSIb3DQEBCwUAA4IBAQA3fD0D61x5cGacJdiHoJrFHCdXgEMXgnj6j3dzVH7Z
MsWxhEqaABwCJ9dpdMWcU3ZIe4SkhHCZ/EFajlfZ4orgy3cWRV99JqYACWyKs77m
ky6AMuspcWC40RheN0wP/LJyzrcYNIIlfoQgH0c1J6ep+rKqsqBnhaeQt4yqBfa6
l+NbIKSNTv++N6LsIIrXFPEyyjfLP4CL0icGk2WK+pa0av2aZ+KlJspZtW2lRbSt
ThyzNPzw7hq9uCrt1buFb8DDBHQiFy0NGcZTUCHqjozlGpUv6YxR7mB/bazsOFWy
quKaj6dkooz3smPtEGZbih0pgK+IxXWP6Ewa9ST9cosh
-----END CERTIFICATE-----