Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/VFT74Flot8-rSltpzAKgIpsTu9Y.roa
File:                     VFT74Flot8-rSltpzAKgIpsTu9Y.roa (raw, json)
Hash identifier:          gQFSSmtEsYEqshACi4jq82cgMJpIapg4JIN2HJCMqUs=
Subject key identifier:   54:54:FB:E0:59:68:B7:CF:AB:4A:5B:69:CC:02:A0:22:9B:13:BB:D6
Certificate issuer:       /CN=17a6fa80b2d1c43ec9ea824e7e8395f79294e38a
Certificate serial:       018CC56EE1E76CDB929787C68BE760EEF011
Authority key identifier: 17:A6:FA:80:B2:D1:C4:3E:C9:EA:82:4E:7E:83:95:F7:92:94:E3:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/VFT74Flot8-rSltpzAKgIpsTu9Y.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44336
IP address blocks:        195.93.204.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e1:e7:6c:db:92:97:87:c6:8b:e7:60:ee:f0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17a6fa80b2d1c43ec9ea824e7e8395f79294e38a
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5454fbe05968b7cfab4a5b69cc02a0229b13bbd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f8:aa:25:9b:6c:0a:e7:71:f7:b6:51:a1:d8:
                    52:c1:27:33:0f:51:5c:91:66:77:06:a0:75:a8:d4:
                    3b:a5:3c:cf:e7:91:86:0b:cd:f9:dc:db:e2:84:21:
                    5a:f6:cc:45:00:97:da:28:cb:15:12:53:81:aa:47:
                    76:b1:a8:77:20:de:fc:e0:68:c9:91:9a:f8:3c:6b:
                    0e:36:89:15:7f:c2:44:ca:63:9c:f4:72:4d:47:88:
                    52:9f:22:f1:9c:99:6d:1e:46:26:95:b3:57:41:60:
                    25:5c:cf:b1:65:9d:91:a3:75:40:29:19:e0:98:c0:
                    a0:ae:08:82:ad:c7:22:54:1b:a6:d0:37:ca:0c:10:
                    c4:cc:67:95:95:3e:ed:44:9e:95:5a:8a:2c:4f:95:
                    75:c7:1f:62:3a:dd:08:12:6a:db:27:12:a1:4d:62:
                    85:9e:9f:dd:ff:1f:dc:fd:49:25:eb:50:a2:9a:6c:
                    59:c2:95:71:26:5c:db:3e:f9:8f:e1:c7:d0:58:3e:
                    a8:d6:c6:9d:88:92:cc:51:f9:8e:de:db:4f:1f:05:
                    7f:f9:7c:39:47:40:fe:d2:2b:d6:5b:c9:27:b1:30:
                    ae:33:6f:09:2f:81:55:a9:1d:28:3f:2f:ee:33:45:
                    20:aa:28:ed:db:f7:ea:d2:f6:f2:12:40:34:dc:18:
                    ff:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:54:FB:E0:59:68:B7:CF:AB:4A:5B:69:CC:02:A0:22:9B:13:BB:D6
            X509v3 Authority Key Identifier:
                keyid:17:A6:FA:80:B2:D1:C4:3E:C9:EA:82:4E:7E:83:95:F7:92:94:E3:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F6b6gLLRxD7J6oJOfoOV95KU44o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/VFT74Flot8-rSltpzAKgIpsTu9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bbfe48-f14d-40d1-9f1a-cb9e45bb0c63/1/F6b6gLLRxD7J6oJOfoOV95KU44o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:7a:94:6d:31:05:81:1e:c3:96:e2:52:9f:81:9d:7b:2c:cc:
         64:78:da:48:7b:ef:f9:02:4d:bb:30:24:54:54:1c:a6:da:11:
         f4:fb:40:85:8b:fa:ca:0f:85:a4:a7:8f:0f:e4:bd:46:99:91:
         8b:08:b2:af:0f:de:cd:32:4d:c9:4a:77:1b:da:82:94:5d:66:
         9c:90:10:31:73:fb:8f:70:22:15:13:6f:2e:08:b2:5c:02:f4:
         01:42:38:2f:5a:02:7b:bb:72:cb:bc:d7:8f:e3:62:1b:30:23:
         c8:c1:fe:04:56:c1:9d:bc:62:20:51:70:79:64:6b:38:8a:2b:
         c8:6c:2d:e2:4f:c5:44:c5:9e:9e:bb:7d:1e:4b:ef:c9:bc:e8:
         c1:ef:67:0c:9c:f8:41:90:0b:a5:8c:88:10:22:f2:f9:47:bb:
         fc:1f:77:8d:b2:b7:54:5f:4f:8f:2f:c4:96:47:33:20:67:09:
         f2:3f:1b:cf:05:5e:c2:65:28:d9:58:69:55:23:5c:a1:0c:44:
         e7:73:94:d6:45:49:cc:89:e3:0c:47:c9:4b:8d:f8:41:6e:1a:
         9a:a5:1d:93:ea:e6:f9:29:76:82:fe:ed:f2:94:ed:e0:7f:5b:
         47:f2:15:d3:a5:32:54:89:9e:5a:95:a3:df:73:f2:8b:70:bf:
         a3:e3:6d:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuHnbNuSl4fGi+dg7vARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YTZmYTgwYjJkMWM0M2VjOWVhODI0ZTdlODM5NWY3OTI5
NGUzOGEwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU0ZmJlMDU5NjhiN2NmYWI0YTViNjljYzAyYTAyMjliMTNiYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfiqJZtsCudx97ZRodhSwSczD1Fc
kWZ3BqB1qNQ7pTzP55GGC8353NvihCFa9sxFAJfaKMsVElOBqkd2sah3IN784GjJ
kZr4PGsONokVf8JEymOc9HJNR4hSnyLxnJltHkYmlbNXQWAlXM+xZZ2Ro3VAKRng
mMCgrgiCrcciVBum0DfKDBDEzGeVlT7tRJ6VWoosT5V1xx9iOt0IEmrbJxKhTWKF
np/d/x/c/Ukl61CimmxZwpVxJlzbPvmP4cfQWD6o1sadiJLMUfmO3ttPHwV/+Xw5
R0D+0ivWW8knsTCuM28JL4FVqR0oPy/uM0Ugqijt2/fq0vbyEkA03Bj/RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRU++BZaLfPq0pbacwCoCKbE7vWMB8GA1UdIwQY
MBaAFBem+oCy0cQ+yeqCTn6DlfeSlOOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjZiNmdMTFJ4RDdKNm9KT2ZvT1Y5NUtVNDRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iYmZlNDgtZjE0ZC00MGQxLTlmMWEt
Y2I5ZTQ1YmIwYzYzLzEvVkZUNzRGbG90OC1yU2x0cHpBS2dJcHNUdTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iYmZlNDgtZjE0ZC00MGQxLTlmMWEtY2I5ZTQ1YmIwYzYz
LzEvRjZiNmdMTFJ4RDdKNm9KT2ZvT1Y5NUtVNDRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw13MMA0G
CSqGSIb3DQEBCwUAA4IBAQCPepRtMQWBHsOW4lKfgZ17LMxkeNpIe+/5Ak27MCRU
VBym2hH0+0CFi/rKD4Wkp48P5L1GmZGLCLKvD97NMk3JSncb2oKUXWackBAxc/uP
cCIVE28uCLJcAvQBQjgvWgJ7u3LLvNeP42IbMCPIwf4EVsGdvGIgUXB5ZGs4iivI
bC3iT8VExZ6eu30eS+/JvOjB72cMnPhBkAuljIgQIvL5R7v8H3eNsrdUX0+PL8SW
RzMgZwnyPxvPBV7CZSjZWGlVI1yhDETnc5TWRUnMieMMR8lLjfhBbhqapR2T6ub5
KXaC/u3ylO3gf1tH8hXTpTJUiZ5alaPfc/KLcL+j420q
-----END CERTIFICATE-----