Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/vJvR3ykXBsEjdEoH2lRr-DRPhcY.roa
File:                     vJvR3ykXBsEjdEoH2lRr-DRPhcY.roa (raw, json)
Hash identifier:          P6ufEsipT3QNPJEsGhVvE9/khyP2HJHfWJkPY7JjoD8=
Subject key identifier:   BC:9B:D1:DF:29:17:06:C1:23:74:4A:07:DA:54:6B:F8:34:4F:85:C6
Certificate issuer:       /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial:       018CC9BB2E788C95E5440EB5C04589EB0B7E
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/vJvR3ykXBsEjdEoH2lRr-DRPhcY.roa
Signing time:             Tue 02 Jan 2024 10:32:16 +0000
ROA not before:           Tue 02 Jan 2024 10:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200343
IP address blocks:        217.175.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:2e:78:8c:95:e5:44:0e:b5:c0:45:89:eb:0b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
        Validity
            Not Before: Jan  2 10:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc9bd1df291706c123744a07da546bf8344f85c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:70:07:0f:b1:51:42:3f:f9:f5:dd:c1:12:2f:
                    40:1c:15:0f:ab:81:22:e8:dc:5f:fe:81:e1:bc:6c:
                    f3:ad:39:9a:1f:1f:88:8e:cc:3d:e8:8b:89:4f:11:
                    a7:a9:a1:05:00:e9:72:22:c3:0b:79:22:be:26:5b:
                    33:44:57:f4:e6:a8:b6:5a:57:73:36:c9:f6:f7:ab:
                    32:5f:52:fb:4f:5a:61:64:a1:37:37:9e:55:f8:c7:
                    5c:39:cd:df:c8:f9:69:60:f0:ba:33:63:ab:20:24:
                    5e:a5:14:d0:ad:ae:d5:e0:62:ca:97:6f:5b:a9:ba:
                    29:e3:44:c8:95:ba:12:2c:8e:bf:cb:7b:c4:a3:9b:
                    1e:f3:67:22:51:81:f2:7e:e3:35:cd:65:3d:15:f3:
                    b2:f9:ca:ef:c6:b0:5e:f6:5d:8a:58:66:a2:c4:18:
                    0c:7a:d5:7c:25:47:af:3d:48:a1:c5:9b:ac:2c:e5:
                    bb:4d:0c:6a:d8:81:a3:ce:12:61:d6:8f:0d:0c:fb:
                    25:d4:a5:25:2a:40:28:cd:04:32:d6:93:6d:71:3f:
                    f7:25:9b:d0:1c:96:b5:c0:49:ff:ca:81:2f:be:67:
                    3c:e8:0d:7f:6a:2d:01:98:f3:e8:92:1d:bd:9d:61:
                    42:2b:7d:ba:43:53:67:da:fd:29:d6:b0:e4:d4:ae:
                    6c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9B:D1:DF:29:17:06:C1:23:74:4A:07:DA:54:6B:F8:34:4F:85:C6
            X509v3 Authority Key Identifier:
                keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/vJvR3ykXBsEjdEoH2lRr-DRPhcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.175.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:9e:ea:27:9e:0f:af:91:da:46:94:05:70:54:ac:3d:20:30:
         3e:ab:e5:ca:43:15:0b:56:57:c0:2e:37:fc:85:57:b1:ff:2b:
         35:c8:a3:70:76:21:de:df:6d:db:fe:57:a1:99:2d:09:e5:41:
         12:cd:36:33:3c:cf:f9:39:23:5d:97:7c:53:55:e5:91:41:82:
         ff:a7:13:cd:82:9d:e5:7b:df:8b:88:b1:56:14:b0:3b:46:31:
         d9:e2:7b:08:fe:f6:68:74:a9:6c:dc:23:d1:de:dc:2c:cd:27:
         76:b1:31:bd:c3:8e:95:44:49:1b:47:27:b3:6d:f7:25:8b:31:
         0a:fc:ea:9b:09:89:49:35:0a:c5:6a:59:94:3f:e7:4b:9f:de:
         c3:8d:34:ba:18:39:42:ad:5e:88:98:21:89:bf:26:e7:a4:4c:
         2d:0c:af:f0:59:c3:fe:27:9b:49:2c:22:da:17:e5:6e:a2:89:
         11:98:be:8a:24:3c:76:b9:39:9c:14:7a:62:a8:f4:87:43:66:
         86:b2:33:2b:5a:c9:a8:03:18:21:43:85:c8:55:ff:78:c9:38:
         61:18:73:67:9e:6d:37:ca:a9:7e:85:5f:83:cb:8a:b4:0e:12:
         04:8e:9a:a9:6f:97:31:08:1c:4d:c2:f7:f3:a1:1f:e5:76:f9:
         9d:b7:5f:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuy54jJXlRA61wEWJ6wt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjQwMTAyMTAzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzliZDFkZjI5MTcwNmMxMjM3NDRhMDdkYTU0NmJmODM0NGY4NWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3AHD7FRQj/59d3BEi9AHBUPq4Ei
6Nxf/oHhvGzzrTmaHx+Ijsw96IuJTxGnqaEFAOlyIsMLeSK+JlszRFf05qi2Wldz
Nsn296syX1L7T1phZKE3N55V+MdcOc3fyPlpYPC6M2OrICRepRTQra7V4GLKl29b
qbop40TIlboSLI6/y3vEo5se82ciUYHyfuM1zWU9FfOy+crvxrBe9l2KWGaixBgM
etV8JUevPUihxZusLOW7TQxq2IGjzhJh1o8NDPsl1KUlKkAozQQy1pNtcT/3JZvQ
HJa1wEn/yoEvvmc86A1/ai0BmPPokh29nWFCK326Q1Nn2v0p1rDk1K5sZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyb0d8pFwbBI3RKB9pUa/g0T4XGMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvdkp2UjN5a1hCc0VqZEVvSDJsUnItRFJQaGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2a9fMA0G
CSqGSIb3DQEBCwUAA4IBAQBQnuonng+vkdpGlAVwVKw9IDA+q+XKQxULVlfALjf8
hVex/ys1yKNwdiHe323b/lehmS0J5UESzTYzPM/5OSNdl3xTVeWRQYL/pxPNgp3l
e9+LiLFWFLA7RjHZ4nsI/vZodKls3CPR3twszSd2sTG9w46VREkbRyezbfclizEK
/OqbCYlJNQrFalmUP+dLn97DjTS6GDlCrV6ImCGJvybnpEwtDK/wWcP+J5tJLCLa
F+VuookRmL6KJDx2uTmcFHpiqPSHQ2aGsjMrWsmoAxghQ4XIVf94yThhGHNnnm03
yql+hV+Dy4q0DhIEjpqpb5cxCBxNwvfzoR/ldvmdt1/N
-----END CERTIFICATE-----