Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/VGMWV2nECypFMlpP4cKGFBwQCJY.roa
File:                     VGMWV2nECypFMlpP4cKGFBwQCJY.roa (raw, json)
Hash identifier:          xH/XLHNHUODsYFgRTWgQOS7/siMzY0o9iUDicjB0VVA=
Subject key identifier:   54:63:16:57:69:C4:0B:2A:45:32:5A:4F:E1:C2:86:14:1C:10:08:96
Certificate issuer:       /CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
Certificate serial:       018CC72707594A2955CDA3D2AC651A464735
Authority key identifier: 45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/VGMWV2nECypFMlpP4cKGFBwQCJY.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42698
IP address blocks:        195.248.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:07:59:4a:29:55:cd:a3:d2:ac:65:1a:46:47:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5463165769c40b2a45325a4fe1c286141c100896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:48:2a:c4:ca:3c:db:c4:6c:a3:7c:c8:2a:8d:
                    52:dc:7e:53:1a:e8:bd:5b:c0:42:72:0b:c9:f3:58:
                    51:fa:cd:50:bc:35:ad:a0:8f:67:32:d4:64:1f:54:
                    0f:f3:b0:4b:1c:7d:80:1f:8e:8d:95:b1:43:b2:0c:
                    81:97:94:b9:ea:97:ce:2f:3f:bb:36:33:f8:76:6d:
                    a7:a4:46:19:56:6c:ad:75:c5:71:f5:e5:78:1d:bb:
                    5c:47:e8:74:ca:cf:8b:9a:3c:b5:93:47:90:94:1f:
                    71:30:38:a3:3e:4c:70:88:ec:5b:d2:14:61:2f:59:
                    12:14:4a:e9:88:df:e8:5f:1a:1b:44:cc:6e:9f:6e:
                    ac:ee:38:ea:a4:1d:4c:79:26:92:68:87:ad:42:8e:
                    9c:c6:7b:50:e8:f2:b7:83:8b:02:e5:64:bd:60:f5:
                    df:07:70:59:1a:e6:15:0e:57:27:54:ab:ad:6b:11:
                    c3:26:be:da:8d:73:e6:85:06:9c:ad:45:f4:6d:6d:
                    36:d3:20:50:d5:31:d8:72:94:6f:6b:f8:56:2d:e1:
                    4f:d9:6f:9c:72:6a:1b:15:d4:bc:ab:33:df:31:dc:
                    58:71:dc:fa:b3:2f:93:f3:ab:ec:c0:d8:65:80:ea:
                    20:2b:37:23:84:06:33:56:cf:bc:96:42:a8:3b:dc:
                    5a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:63:16:57:69:C4:0B:2A:45:32:5A:4F:E1:C2:86:14:1C:10:08:96
            X509v3 Authority Key Identifier:
                keyid:45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/VGMWV2nECypFMlpP4cKGFBwQCJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:04:62:8d:08:93:ed:05:cc:0d:1a:77:c7:3b:eb:4f:55:cd:
         fe:19:a5:50:da:8f:f4:cb:b8:4a:af:3f:07:03:c9:85:6c:2c:
         51:f6:4e:b1:23:e2:e6:19:8c:ec:0e:8a:88:8d:06:b3:c8:ac:
         8e:57:2c:66:30:07:41:ee:9d:59:74:ee:8d:61:4f:58:92:c5:
         67:dc:97:81:04:5d:02:b0:be:b3:a6:1d:ea:07:b5:50:5b:ec:
         72:91:bf:15:0c:30:3a:d4:b4:74:f1:b4:51:15:03:ed:6a:87:
         36:2c:d8:dd:56:ff:86:17:aa:44:f4:e4:9b:37:47:6e:3d:d4:
         14:a2:63:a9:05:7f:45:7b:46:a5:8a:23:24:6e:db:ac:9d:e8:
         70:90:01:57:26:b6:c1:d1:6a:72:53:88:93:0f:f7:96:3a:fc:
         48:b5:6d:21:9c:02:46:7f:18:53:21:09:24:73:1b:95:dc:e7:
         ab:5c:3d:14:72:a9:04:ed:c1:20:13:4c:18:64:16:1e:a3:71:
         83:e9:14:ea:71:44:4e:fc:bf:05:e4:c2:76:14:d6:d1:c4:2d:
         ed:77:ae:65:ed:0c:d7:21:27:80:59:7c:a1:4f:a5:4b:3c:44:
         5e:d5:ca:05:f0:a7:ed:a0:ec:e9:0e:63:dd:cc:5a:4b:3f:58:
         13:e3:a0:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwdZSilVzaPSrGUaRkc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGI2NzU5YzFhMGNmNWFkODJkYTVjMzkzYmNkMGZmZjdj
N2UyZjAwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDYzMTY1NzY5YzQwYjJhNDUzMjVhNGZlMWMyODYxNDFjMTAwODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEgqxMo828Rso3zIKo1S3H5TGui9
W8BCcgvJ81hR+s1QvDWtoI9nMtRkH1QP87BLHH2AH46NlbFDsgyBl5S56pfOLz+7
NjP4dm2npEYZVmytdcVx9eV4HbtcR+h0ys+Lmjy1k0eQlB9xMDijPkxwiOxb0hRh
L1kSFErpiN/oXxobRMxun26s7jjqpB1MeSaSaIetQo6cxntQ6PK3g4sC5WS9YPXf
B3BZGuYVDlcnVKutaxHDJr7ajXPmhQacrUX0bW020yBQ1THYcpRva/hWLeFP2W+c
cmobFdS8qzPfMdxYcdz6sy+T86vswNhlgOogKzcjhAYzVs+8lkKoO9xaKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRjFldpxAsqRTJaT+HChhQcEAiWMB8GA1UdIwQY
MBaAFEWLZ1nBoM9a2C2lw5O80P/3x+LwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjIt
MDBjOTEzY2IwNTU3LzEvVkdNV1YybkVDeXBGTWxwUDRjS0dGQndRQ0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjItMDBjOTEzY2IwNTU3
LzEvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/j8MA0G
CSqGSIb3DQEBCwUAA4IBAQCIBGKNCJPtBcwNGnfHO+tPVc3+GaVQ2o/0y7hKrz8H
A8mFbCxR9k6xI+LmGYzsDoqIjQazyKyOVyxmMAdB7p1ZdO6NYU9YksVn3JeBBF0C
sL6zph3qB7VQW+xykb8VDDA61LR08bRRFQPtaoc2LNjdVv+GF6pE9OSbN0duPdQU
omOpBX9Fe0aliiMkbtusnehwkAFXJrbB0WpyU4iTD/eWOvxItW0hnAJGfxhTIQkk
cxuV3OerXD0UcqkE7cEgE0wYZBYeo3GD6RTqcURO/L8F5MJ2FNbRxC3td65l7QzX
ISeAWXyhT6VLPERe1coF8KftoOzpDmPdzFpLP1gT46AS
-----END CERTIFICATE-----