Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VmV4Pfcj3mL46sQ1P5pmpE4GE6k.roa
File:                     VmV4Pfcj3mL46sQ1P5pmpE4GE6k.roa (raw, json)
Hash identifier:          21MrKH3W9j7XjlD7kmMoOs+M3CMfBlXKGtenvKE+drU=
Subject key identifier:   56:65:78:3D:F7:23:DE:62:F8:EA:C4:35:3F:9A:66:A4:4E:06:13:A9
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC794581341CD58B62231267B7682E5F3
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VmV4Pfcj3mL46sQ1P5pmpE4GE6k.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204650
IP address blocks:        2.188.239.0/24 maxlen: 24
                          2.189.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:58:13:41:cd:58:b6:22:31:26:7b:76:82:e5:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5665783df723de62f8eac4353f9a66a44e0613a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c6:f4:9e:77:06:39:f5:22:03:f4:07:f3:71:
                    87:b7:54:31:39:08:f0:4a:46:5c:98:09:75:a9:74:
                    9a:eb:26:6c:a8:26:ab:aa:55:d1:85:6a:e5:9b:c5:
                    e2:28:19:48:0e:46:eb:0c:39:0f:c0:39:98:99:56:
                    00:0c:db:c5:4a:f0:06:84:93:dd:45:86:4a:ad:e9:
                    31:de:4a:f2:32:a7:80:0e:9f:66:d8:c3:31:5c:49:
                    ea:f7:c1:1f:2c:17:cc:91:cf:4c:f8:27:3b:a1:b4:
                    bc:58:1e:41:cb:da:20:93:35:83:7d:9d:3d:af:7b:
                    08:3e:dd:83:de:0e:02:76:3b:83:b5:80:b2:2f:7c:
                    aa:ed:9a:d7:ed:78:11:a6:b0:f7:7c:6b:fb:fa:a6:
                    ff:c9:93:a5:0e:ac:12:7a:c8:72:5c:c3:64:68:6f:
                    38:64:15:c8:cd:32:91:9a:08:49:6e:b5:9d:00:1e:
                    94:b6:28:d8:f4:c3:3e:85:b2:a4:02:a3:db:64:9f:
                    ff:cf:3f:08:29:79:58:42:f6:2e:5e:1c:23:40:37:
                    49:2e:d7:67:95:56:9f:cb:ec:4a:89:53:6b:54:61:
                    dd:c2:f0:7c:74:6a:6b:81:66:88:ed:b1:80:43:79:
                    de:80:b9:eb:ed:21:08:03:71:5f:c3:1b:e8:14:78:
                    d4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:65:78:3D:F7:23:DE:62:F8:EA:C4:35:3F:9A:66:A4:4E:06:13:A9
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VmV4Pfcj3mL46sQ1P5pmpE4GE6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.239.0/24
                  2.189.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         88:1f:57:cf:a3:0f:ae:1a:0e:90:0c:72:e6:c0:d6:71:de:e6:
         10:ee:ca:5c:34:9d:d5:b8:30:ed:ff:92:7d:81:48:e2:92:c8:
         d1:dd:8c:6a:41:0f:40:3c:ab:65:84:f8:3f:ec:f6:04:bf:7b:
         91:47:27:36:4a:ec:67:5a:32:7e:9c:4f:16:44:62:3d:27:50:
         76:45:1e:64:7d:73:02:2e:45:16:a1:c2:94:01:25:a8:0f:e9:
         47:ce:b8:b1:16:1d:c9:a0:b3:1a:e7:3a:e8:86:66:32:82:43:
         9d:a9:46:3f:4e:13:0f:6e:9a:14:f0:d0:b5:58:fc:50:49:c3:
         f1:85:bc:c5:ad:df:99:e1:85:b0:26:15:aa:91:49:de:9a:3c:
         3d:02:f9:a9:e1:f2:70:f6:32:f8:1e:75:27:37:8e:fa:e8:9e:
         d2:40:2d:21:41:98:ab:28:82:41:de:99:d6:00:3c:01:07:2e:
         27:be:4b:0e:5b:14:8e:49:12:ed:ff:21:89:6c:a9:df:fe:80:
         7b:07:1b:f9:56:0c:c8:92:ee:72:60:c2:66:e5:7d:28:ec:80:
         46:21:93:fe:48:96:0b:3b:c8:8b:c5:d7:2f:68:b8:93:df:b4:
         94:f0:b9:63:11:7a:30:6e:56:ac:72:f2:b2:02:23:ca:2f:82:
         63:27:5a:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlFgTQc1YtiIxJnt2guXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjY1NzgzZGY3MjNkZTYyZjhlYWM0MzUzZjlhNjZhNDRlMDYxM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsb0nncGOfUiA/QH83GHt1QxOQjw
SkZcmAl1qXSa6yZsqCarqlXRhWrlm8XiKBlIDkbrDDkPwDmYmVYADNvFSvAGhJPd
RYZKrekx3kryMqeADp9m2MMxXEnq98EfLBfMkc9M+Cc7obS8WB5By9ogkzWDfZ09
r3sIPt2D3g4CdjuDtYCyL3yq7ZrX7XgRprD3fGv7+qb/yZOlDqwSeshyXMNkaG84
ZBXIzTKRmghJbrWdAB6UtijY9MM+hbKkAqPbZJ//zz8IKXlYQvYuXhwjQDdJLtdn
lVafy+xKiVNrVGHdwvB8dGprgWaI7bGAQ3negLnr7SEIA3FfwxvoFHjUkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFZleD33I95i+OrENT+aZqROBhOpMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvVm1WNFBmY2ozbUw0NnNRMVA1cG1wRTRHRTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAArzvAwQF
Ar1gMA0GCSqGSIb3DQEBCwUAA4IBAQCIH1fPow+uGg6QDHLmwNZx3uYQ7spcNJ3V
uDDt/5J9gUjiksjR3YxqQQ9APKtlhPg/7PYEv3uRRyc2SuxnWjJ+nE8WRGI9J1B2
RR5kfXMCLkUWocKUASWoD+lHzrixFh3JoLMa5zrohmYygkOdqUY/ThMPbpoU8NC1
WPxQScPxhbzFrd+Z4YWwJhWqkUnemjw9Avmp4fJw9jL4HnUnN4766J7SQC0hQZir
KIJB3pnWADwBBy4nvksOWxSOSRLt/yGJbKnf/oB7Bxv5VgzIku5yYMJm5X0o7IBG
IZP+SJYLO8iLxdcvaLiT37SU8LljEXowblascvKyAiPKL4JjJ1r7
-----END CERTIFICATE-----