Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/VqgMJd7Tn3SkIvnIbryzOAyps54.roa
File:                     VqgMJd7Tn3SkIvnIbryzOAyps54.roa (raw, json)
Hash identifier:          OFH+5GRrU0weYRgy/I9htpklIXgRIOd/5X43oHzUYyo=
Subject key identifier:   56:A8:0C:25:DE:D3:9F:74:A4:22:F9:C8:6E:BC:B3:38:0C:A9:B3:9E
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       018CC2DB13908692A022D7B967017D6E00E5
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/VqgMJd7Tn3SkIvnIbryzOAyps54.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.99.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:13:90:86:92:a0:22:d7:b9:67:01:7d:6e:00:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a80c25ded39f74a422f9c86ebcb3380ca9b39e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:be:ce:66:f4:0a:ea:b1:31:aa:50:7f:1d:2a:
                    2e:0e:9a:22:d6:49:8e:00:4f:28:43:60:82:da:a6:
                    df:5c:5c:6d:02:04:4b:bf:b2:53:d2:a7:3c:07:7c:
                    e2:5e:f6:72:10:f2:88:d2:40:82:2d:62:c2:49:04:
                    92:97:13:ec:e4:53:b1:1d:63:4d:32:a8:d9:11:e0:
                    ea:7a:dc:59:6a:b6:0f:a8:ec:c6:39:8e:17:32:e0:
                    f2:e9:7f:55:26:8e:7b:d8:0f:8f:2e:97:c4:d7:eb:
                    83:1c:67:b3:92:23:b3:be:37:94:90:90:9e:17:fb:
                    2c:ce:7f:f4:eb:d2:50:2e:54:13:0d:47:fe:5f:19:
                    ee:15:04:5c:78:97:8e:88:18:53:5b:93:ca:9c:68:
                    0e:1c:1f:a9:4e:ba:22:7a:cc:a6:12:7b:48:5d:5d:
                    4a:d4:08:67:bf:15:e7:f2:e5:7d:97:89:77:7d:c0:
                    da:fa:a4:69:81:b2:86:8b:b0:c1:0c:a1:cd:49:52:
                    36:4c:9b:7c:06:f3:22:37:75:e8:ac:ce:80:26:24:
                    c4:bd:ad:57:e1:82:86:1b:61:99:2d:62:5c:79:13:
                    8e:6e:92:cf:33:61:89:fe:c9:82:4d:95:54:02:ee:
                    08:e8:ba:ac:8d:66:48:d6:43:6a:14:6e:4c:fb:a1:
                    66:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A8:0C:25:DE:D3:9F:74:A4:22:F9:C8:6E:BC:B3:38:0C:A9:B3:9E
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/VqgMJd7Tn3SkIvnIbryzOAyps54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:a6:b5:42:10:53:e9:47:db:50:65:2e:61:47:16:58:74:e9:
         05:18:16:55:3e:9a:f1:d7:3b:65:cc:1b:90:8c:37:07:98:ff:
         de:c9:4e:df:ed:18:5e:f8:f7:37:ed:92:e6:b0:96:cd:f0:1c:
         0e:39:4b:2b:05:af:2c:65:7b:71:11:3a:3f:41:23:2c:25:bf:
         b9:a2:5a:21:ca:5c:1d:d6:83:f1:27:1e:01:46:e4:89:74:8b:
         82:15:1e:6c:f2:4f:dc:e2:9d:d4:f3:0e:8f:74:f1:e1:80:70:
         6d:8d:03:fc:37:07:da:06:ce:c1:72:96:89:f0:70:93:8d:d9:
         74:1b:f4:d1:89:6a:b5:c8:1a:8d:ba:8c:0f:42:f6:ea:8f:a3:
         c0:33:37:93:ca:a9:48:29:04:cd:46:02:c7:c1:bc:f3:02:b9:
         6f:b8:53:cc:b5:e2:95:f7:f5:24:6f:2d:45:66:1e:16:36:84:
         fb:33:89:2b:f8:3e:c4:95:72:0a:7b:1a:7e:1d:46:21:ad:87:
         e0:f0:93:4d:4a:39:c0:0a:8d:b7:e9:27:1d:bf:37:1f:9f:00:
         cb:06:43:67:af:29:c8:a3:f1:4a:f5:1e:59:42:e9:0b:85:85:
         13:d9:71:81:9e:b0:ae:f7:7f:01:f5:e6:e6:99:e0:bf:57:55:
         d7:86:e5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xOQhpKgIte5ZwF9bgDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGNlM2YzYzVlNWEyZjlkOGI4YTRjNzdhODM2MWY4YTIx
NmYzYWQwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmE4MGMyNWRlZDM5Zjc0YTQyMmY5Yzg2ZWJjYjMzODBjYTliMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL7OZvQK6rExqlB/HSouDpoi1kmO
AE8oQ2CC2qbfXFxtAgRLv7JT0qc8B3ziXvZyEPKI0kCCLWLCSQSSlxPs5FOxHWNN
MqjZEeDqetxZarYPqOzGOY4XMuDy6X9VJo572A+PLpfE1+uDHGezkiOzvjeUkJCe
F/sszn/069JQLlQTDUf+XxnuFQRceJeOiBhTW5PKnGgOHB+pTroiesymEntIXV1K
1AhnvxXn8uV9l4l3fcDa+qRpgbKGi7DBDKHNSVI2TJt8BvMiN3XorM6AJiTEva1X
4YKGG2GZLWJceROObpLPM2GJ/smCTZVUAu4I6LqsjWZI1kNqFG5M+6Fm0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaoDCXe0590pCL5yG68szgMqbOeMB8GA1UdIwQY
MBaAFLdM4/PF5aL52Likx3qDYfiiFvOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAt
NWViZGQ5ZTI4ODdjLzEvVnFnTUpkN1RuM1NrSXZuSWJyeXpPQXlwczU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAtNWViZGQ5ZTI4ODdj
LzEvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNgMA0G
CSqGSIb3DQEBCwUAA4IBAQABprVCEFPpR9tQZS5hRxZYdOkFGBZVPprx1ztlzBuQ
jDcHmP/eyU7f7Rhe+Pc37ZLmsJbN8BwOOUsrBa8sZXtxETo/QSMsJb+5olohylwd
1oPxJx4BRuSJdIuCFR5s8k/c4p3U8w6PdPHhgHBtjQP8NwfaBs7BcpaJ8HCTjdl0
G/TRiWq1yBqNuowPQvbqj6PAMzeTyqlIKQTNRgLHwbzzArlvuFPMteKV9/Ukby1F
Zh4WNoT7M4kr+D7ElXIKexp+HUYhrYfg8JNNSjnACo236ScdvzcfnwDLBkNnrynI
o/FK9R5ZQukLhYUT2XGBnrCu938B9ebmmeC/V1XXhuWY
-----END CERTIFICATE-----