Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/VbQQa9BmYmmc9tK1wIk1YkInDOo.roa
File:                     VbQQa9BmYmmc9tK1wIk1YkInDOo.roa (raw, json)
Hash identifier:          tcksiPhjGVBRVyB7AImsrurMvDO/h1dP7ACCchnHHOA=
Subject key identifier:   55:B4:10:6B:D0:66:62:69:9C:F6:D2:B5:C0:89:35:62:42:27:0C:EA
Certificate issuer:       /CN=94846741139263388d984db1e97e031669c6486e
Certificate serial:       018CE889C26ECF7BAB50062DC47A433A28DB
Authority key identifier: 94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/VbQQa9BmYmmc9tK1wIk1YkInDOo.roa
Signing time:             Mon 08 Jan 2024 10:06:31 +0000
ROA not before:           Mon 08 Jan 2024 10:06:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149457
IP address blocks:        195.190.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/lIRnQROSYziNmE2x6X4DFmnGSG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/lIRnQROSYziNmE2x6X4DFmnGSG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:89:c2:6e:cf:7b:ab:50:06:2d:c4:7a:43:3a:28:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94846741139263388d984db1e97e031669c6486e
        Validity
            Not Before: Jan  8 10:06:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55b4106bd06662699cf6d2b5c089356242270cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e9:63:d0:1a:43:72:c5:82:71:fa:c2:b5:3e:
                    8b:11:e5:b8:00:d6:13:36:cf:b2:ff:c5:73:36:31:
                    20:d5:c3:7e:03:c2:c4:01:08:d3:7d:c4:7d:bd:a7:
                    d4:dc:30:16:c0:2a:30:cf:b8:6a:ba:e0:e0:c8:d3:
                    2a:7f:fd:73:46:dd:ee:ee:e0:30:c2:df:d7:0e:1e:
                    18:f4:ab:e2:3d:53:c5:f8:f1:6f:90:b3:6a:b7:c5:
                    62:ab:08:1d:d3:1b:2b:74:a0:c3:ab:ab:37:e4:3f:
                    28:9f:ec:59:17:fb:e9:36:48:0c:c1:86:d7:db:99:
                    ce:c0:08:ed:8e:d3:8d:8e:62:22:3c:76:d5:d7:20:
                    00:5e:81:0a:5d:e5:56:79:28:57:1c:f3:78:99:ae:
                    5d:a8:71:46:9a:6b:cc:f7:a3:82:f2:49:e5:16:9e:
                    9f:0d:20:36:65:10:80:43:4a:05:48:7b:9a:75:f6:
                    b7:6b:9e:91:f0:71:1e:75:39:c6:6b:9a:d9:44:ca:
                    35:24:63:c9:75:41:39:aa:b0:ac:79:88:cc:82:ae:
                    12:17:d0:a8:26:ff:49:92:eb:ff:c9:36:70:27:9e:
                    46:4e:ea:68:2a:f5:f2:ac:af:2a:f3:82:67:a9:80:
                    c8:79:13:ef:9b:bc:c4:ee:e0:c5:94:eb:c4:10:62:
                    93:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B4:10:6B:D0:66:62:69:9C:F6:D2:B5:C0:89:35:62:42:27:0C:EA
            X509v3 Authority Key Identifier:
                keyid:94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/VbQQa9BmYmmc9tK1wIk1YkInDOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/lIRnQROSYziNmE2x6X4DFmnGSG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:7f:13:e1:86:d0:25:c5:f6:f7:8d:2d:dd:8e:88:fc:5d:55:
         5f:0d:6e:0b:8b:f7:21:79:8d:e7:56:a0:e9:7f:32:f3:c5:f4:
         9b:d9:28:07:eb:28:52:80:0f:04:af:12:45:a2:3c:69:5b:db:
         d3:8a:59:05:b2:a4:db:8d:4b:8d:c9:ac:93:6c:0b:3d:52:80:
         e1:16:ad:13:f4:9e:8d:ce:dd:29:98:0a:d3:8f:5e:05:79:f6:
         6e:b1:b0:9b:ad:70:8d:ee:e0:ef:36:41:9a:dd:01:34:f1:a2:
         49:a5:2f:18:ae:ad:b5:d5:17:4e:67:19:06:1f:c2:35:5b:ef:
         31:33:4b:61:78:2c:18:ce:7c:6b:9c:00:84:c3:54:d7:26:a5:
         cc:33:b6:76:84:65:77:3a:bc:06:11:39:db:69:ff:31:4b:c6:
         68:75:39:90:e7:b2:bb:72:71:85:7a:fa:ba:4b:69:8d:1d:c9:
         48:32:fd:49:f1:9e:9d:7a:1c:11:e3:0f:4d:08:e8:2d:94:06:
         62:78:79:35:56:04:a6:4b:d5:44:28:77:e6:ab:42:a4:dd:39:
         8b:7e:27:b8:7d:08:ba:4b:91:08:f4:54:6c:cd:ed:22:f5:fe:
         9d:e9:d8:a0:67:ed:5e:d7:0a:60:0c:bc:8f:61:b6:c9:11:7c:
         a9:8f:b3:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzoicJuz3urUAYtxHpDOijbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ODQ2NzQxMTM5MjYzMzg4ZDk4NGRiMWU5N2UwMzE2Njlj
NjQ4NmUwHhcNMjQwMTA4MTAwNjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI0MTA2YmQwNjY2MjY5OWNmNmQyYjVjMDg5MzU2MjQyMjcwY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjulj0BpDcsWCcfrCtT6LEeW4ANYT
Ns+y/8VzNjEg1cN+A8LEAQjTfcR9vafU3DAWwCowz7hquuDgyNMqf/1zRt3u7uAw
wt/XDh4Y9KviPVPF+PFvkLNqt8Viqwgd0xsrdKDDq6s35D8on+xZF/vpNkgMwYbX
25nOwAjtjtONjmIiPHbV1yAAXoEKXeVWeShXHPN4ma5dqHFGmmvM96OC8knlFp6f
DSA2ZRCAQ0oFSHuadfa3a56R8HEedTnGa5rZRMo1JGPJdUE5qrCseYjMgq4SF9Co
Jv9Jkuv/yTZwJ55GTupoKvXyrK8q84JnqYDIeRPvm7zE7uDFlOvEEGKT0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFW0EGvQZmJpnPbStcCJNWJCJwzqMB8GA1UdIwQY
MBaAFJSEZ0ETkmM4jZhNsel+AxZpxkhuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTct
Y2IxMTI1MDA3ZGZiLzEvVmJRUWE5Qm1ZbW1jOXRLMXdJazFZa0luRE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTctY2IxMTI1MDA3ZGZi
LzEvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76CMA0G
CSqGSIb3DQEBCwUAA4IBAQAOfxPhhtAlxfb3jS3djoj8XVVfDW4Li/cheY3nVqDp
fzLzxfSb2SgH6yhSgA8ErxJFojxpW9vTilkFsqTbjUuNyayTbAs9UoDhFq0T9J6N
zt0pmArTj14FefZusbCbrXCN7uDvNkGa3QE08aJJpS8Yrq211RdOZxkGH8I1W+8x
M0theCwYznxrnACEw1TXJqXMM7Z2hGV3OrwGETnbaf8xS8ZodTmQ57K7cnGFevq6
S2mNHclIMv1J8Z6dehwR4w9NCOgtlAZieHk1VgSmS9VEKHfmq0Kk3TmLfie4fQi6
S5EI9FRsze0i9f6d6digZ+1e1wpgDLyPYbbJEXypj7Nx
-----END CERTIFICATE-----