Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/VoXpYQEnw3VxhbuJktT3f1LC-Ks.roa
File:                     VoXpYQEnw3VxhbuJktT3f1LC-Ks.roa (raw, json)
Hash identifier:          FV149GKOyJL7V0iUEk3BtJ7/zndkYMrimb/j+6qBolw=
Subject key identifier:   56:85:E9:61:01:27:C3:75:71:85:BB:89:92:D4:F7:7F:52:C2:F8:AB
Certificate issuer:       /CN=bc888f053099fac3a55986447cb3b1038495f332
Certificate serial:       018CC3B6F28B84DEF5199EA3A9F5D8153115
Authority key identifier: BC:88:8F:05:30:99:FA:C3:A5:59:86:44:7C:B3:B1:03:84:95:F3:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/VoXpYQEnw3VxhbuJktT3f1LC-Ks.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34645
IP address blocks:        194.143.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f2:8b:84:de:f5:19:9e:a3:a9:f5:d8:15:31:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc888f053099fac3a55986447cb3b1038495f332
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5685e9610127c3757185bb8992d4f77f52c2f8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5b:d4:ec:9a:35:77:65:3b:bc:2b:99:f4:3f:
                    36:56:9f:78:7f:ba:a3:39:20:1e:50:b7:99:d0:4b:
                    e4:20:83:fe:9f:73:72:5f:e9:2e:7b:77:c9:12:22:
                    00:59:99:49:53:2d:15:2d:43:86:e5:ca:4b:2a:ac:
                    30:f5:8b:1a:b9:cf:f8:59:1b:b0:47:aa:11:f6:e5:
                    15:9f:30:14:93:6c:90:24:23:ca:00:c3:1a:8b:10:
                    a8:11:5e:51:12:8e:0d:70:ee:ce:e1:f3:c3:23:46:
                    ff:d8:bb:d0:e4:42:3e:89:bc:93:84:93:52:5d:81:
                    22:ab:05:5e:f0:e5:f5:58:2e:b9:c6:77:ff:49:03:
                    36:c4:1e:d6:ac:eb:ff:9c:b4:4a:77:a4:9b:99:92:
                    a8:87:2d:f1:97:8e:17:af:99:6f:f1:30:c6:b0:bf:
                    b4:a2:d8:37:ae:60:6f:c6:20:cb:f5:da:a2:80:97:
                    a2:4f:4a:24:f2:75:bd:48:62:2a:27:26:01:cf:58:
                    6e:d7:a2:c9:cd:de:1f:2a:a6:98:2b:f9:33:72:06:
                    78:15:7f:d3:28:32:42:1b:02:db:02:68:cb:ba:ec:
                    7a:18:3b:49:ab:ab:4d:70:99:5c:c5:7a:cf:33:cc:
                    17:70:0d:68:81:8e:6d:6a:0c:13:e1:80:01:5a:36:
                    ce:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:85:E9:61:01:27:C3:75:71:85:BB:89:92:D4:F7:7F:52:C2:F8:AB
            X509v3 Authority Key Identifier:
                keyid:BC:88:8F:05:30:99:FA:C3:A5:59:86:44:7C:B3:B1:03:84:95:F3:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/VoXpYQEnw3VxhbuJktT3f1LC-Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3abb5f-3379-4ed6-94c1-c7e338ff3b59/1/vIiPBTCZ-sOlWYZEfLOxA4SV8zI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:35:44:b6:52:24:15:03:5e:67:f1:ac:fb:06:e8:af:9a:61:
         c5:c6:95:a2:f0:90:bc:d0:e6:28:96:b5:88:3a:b1:c4:35:1e:
         bc:3d:03:81:46:74:3f:5a:21:85:75:15:85:00:48:83:90:f9:
         3c:c3:66:60:10:52:25:03:03:3b:d9:fb:a7:b3:db:4c:af:6c:
         16:5c:bd:80:f2:26:4a:a9:0d:c1:9c:af:38:9d:bd:df:f3:5d:
         3d:57:6b:f1:2f:66:66:5a:cd:71:3a:37:48:18:5f:8c:02:01:
         49:ea:03:dc:32:c9:a3:a8:6e:2e:88:52:62:dd:ea:a1:cd:c0:
         96:f3:37:74:fe:fc:76:6e:ec:a6:2b:0b:ca:3a:13:86:9b:70:
         7e:10:e3:ef:8d:7d:da:24:48:26:1b:df:eb:67:a4:48:cd:ae:
         75:2b:ff:25:59:3c:05:9d:2a:e2:4d:48:b8:de:49:2c:c9:7a:
         26:7c:fd:0f:98:86:38:38:01:08:f6:b2:ba:ab:0a:c7:b2:3d:
         60:e1:70:3d:0b:cd:67:42:26:0b:ed:b9:49:f3:d6:ed:4d:95:
         cc:5b:ef:72:8d:f6:9f:8f:98:b9:50:7d:6e:10:08:2f:fb:88:
         11:fa:23:c6:69:35:ca:60:2a:5d:9b:0e:18:72:c8:a0:d7:da:
         82:a3:66:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvKLhN71GZ6jqfXYFTEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjODg4ZjA1MzA5OWZhYzNhNTU5ODY0NDdjYjNiMTAzODQ5
NWYzMzIwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njg1ZTk2MTAxMjdjMzc1NzE4NWJiODk5MmQ0Zjc3ZjUyYzJmOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1vU7Jo1d2U7vCuZ9D82Vp94f7qj
OSAeULeZ0EvkIIP+n3NyX+kue3fJEiIAWZlJUy0VLUOG5cpLKqww9Ysauc/4WRuw
R6oR9uUVnzAUk2yQJCPKAMMaixCoEV5REo4NcO7O4fPDI0b/2LvQ5EI+ibyThJNS
XYEiqwVe8OX1WC65xnf/SQM2xB7WrOv/nLRKd6SbmZKohy3xl44Xr5lv8TDGsL+0
otg3rmBvxiDL9dqigJeiT0ok8nW9SGIqJyYBz1hu16LJzd4fKqaYK/kzcgZ4FX/T
KDJCGwLbAmjLuux6GDtJq6tNcJlcxXrPM8wXcA1ogY5tagwT4YABWjbO6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaF6WEBJ8N1cYW7iZLU939SwvirMB8GA1UdIwQY
MBaAFLyIjwUwmfrDpVmGRHyzsQOElfMyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdklpUEJUQ1otc09sV1laRWZMT3hBNFNWOHpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zYWJiNWYtMzM3OS00ZWQ2LTk0YzEt
YzdlMzM4ZmYzYjU5LzEvVm9YcFlRRW53M1Z4aGJ1Smt0VDNmMUxDLUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zYWJiNWYtMzM3OS00ZWQ2LTk0YzEtYzdlMzM4ZmYzYjU5
LzEvdklpUEJUQ1otc09sV1laRWZMT3hBNFNWOHpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+AMA0G
CSqGSIb3DQEBCwUAA4IBAQATNUS2UiQVA15n8az7BuivmmHFxpWi8JC80OYolrWI
OrHENR68PQOBRnQ/WiGFdRWFAEiDkPk8w2ZgEFIlAwM72funs9tMr2wWXL2A8iZK
qQ3BnK84nb3f8109V2vxL2ZmWs1xOjdIGF+MAgFJ6gPcMsmjqG4uiFJi3eqhzcCW
8zd0/vx2buymKwvKOhOGm3B+EOPvjX3aJEgmG9/rZ6RIza51K/8lWTwFnSriTUi4
3kksyXomfP0PmIY4OAEI9rK6qwrHsj1g4XA9C81nQiYL7blJ89btTZXMW+9yjfaf
j5i5UH1uEAgv+4gR+iPGaTXKYCpdmw4Ycsig19qCo2a/
-----END CERTIFICATE-----