Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/vnVdiCcRcMIQ-NXc3r1GXYlwZQM.roa
File:                     vnVdiCcRcMIQ-NXc3r1GXYlwZQM.roa (raw, json)
Hash identifier:          ztPZuOrJ0r9BFJmdmqV/mTnHe/tDzwVYQWAL0k+hbu4=
Subject key identifier:   BE:75:5D:88:27:11:70:C2:10:F8:D5:DC:DE:BD:46:5D:89:70:65:03
Certificate issuer:       /CN=856caf1f2f0291401105ef68b25957dc555510d2
Certificate serial:       018CC501530E7D7822967A9CFFABEE3A5818
Authority key identifier: 85:6C:AF:1F:2F:02:91:40:11:05:EF:68:B2:59:57:DC:55:55:10:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hWyvHy8CkUARBe9osllX3FVVENI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/vnVdiCcRcMIQ-NXc3r1GXYlwZQM.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50074
IP address blocks:        195.211.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/hWyvHy8CkUARBe9osllX3FVVENI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/hWyvHy8CkUARBe9osllX3FVVENI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hWyvHy8CkUARBe9osllX3FVVENI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:0e:7d:78:22:96:7a:9c:ff:ab:ee:3a:58:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=856caf1f2f0291401105ef68b25957dc555510d2
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be755d88271170c210f8d5dcdebd465d89706503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a3:94:fa:58:d8:25:54:0f:f8:9b:9d:cd:58:
                    f3:71:d4:5d:e9:54:fb:37:e1:a1:03:d7:9e:89:c5:
                    9f:c7:4f:a3:39:38:38:17:e7:f1:80:db:e9:92:1b:
                    69:06:f7:f2:39:37:8f:00:33:32:3a:c8:b0:3d:88:
                    1f:6b:c4:17:28:32:ce:35:a8:e5:ef:53:75:c5:a4:
                    46:20:b7:6f:76:b1:78:3f:e4:e0:45:29:c6:03:9e:
                    e7:54:29:e3:7f:f0:83:f6:42:a2:b9:42:75:73:81:
                    3c:7b:44:19:0e:b2:71:32:85:a0:3b:42:79:7b:95:
                    e0:af:2b:b3:d1:d1:db:03:2b:a6:38:f5:09:9e:37:
                    2e:62:b2:c1:d1:2a:00:f1:81:78:06:cd:54:48:9d:
                    90:84:97:36:52:fa:f4:44:bf:1b:72:4c:2b:ee:13:
                    83:d8:73:a9:44:f5:da:dd:ad:c9:9d:a6:e3:1f:7d:
                    9a:8f:fb:7d:42:a1:bd:84:7c:78:3c:06:07:38:6c:
                    36:ae:71:62:26:b5:10:65:c3:c6:42:88:e4:69:f6:
                    fa:b2:1d:a5:8a:b4:a0:3a:bf:af:ae:1d:bc:e0:9f:
                    4c:46:84:b8:d8:f1:0b:78:ae:40:0a:3d:f1:75:4e:
                    f6:46:28:c2:08:04:2c:f3:9b:bd:82:05:ae:be:4a:
                    3b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:75:5D:88:27:11:70:C2:10:F8:D5:DC:DE:BD:46:5D:89:70:65:03
            X509v3 Authority Key Identifier:
                keyid:85:6C:AF:1F:2F:02:91:40:11:05:EF:68:B2:59:57:DC:55:55:10:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hWyvHy8CkUARBe9osllX3FVVENI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/vnVdiCcRcMIQ-NXc3r1GXYlwZQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d2c7c7-2bcc-491e-96a7-b0d0bcd90fae/1/hWyvHy8CkUARBe9osllX3FVVENI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:9d:47:37:20:a5:20:d0:38:b4:de:0b:fe:13:22:9c:a2:5e:
         5f:59:5f:59:88:68:f0:a2:e4:05:d0:33:3d:c8:39:a1:7e:c6:
         c3:84:04:c4:7a:f1:95:80:b1:05:4b:72:41:59:bb:7f:64:48:
         51:31:e1:4a:4f:77:ba:c8:2f:b7:1b:a6:b4:c8:7b:f9:01:0a:
         6a:ec:c6:f3:dc:69:41:8d:d1:86:39:8f:ca:00:30:e3:d0:2c:
         87:87:b1:fc:85:82:30:d3:2d:79:b0:39:c8:6f:2f:c2:c0:1c:
         78:8c:6a:12:88:d3:e9:8f:4f:6f:bd:ee:b8:4e:e8:29:8f:1a:
         65:a3:a9:74:bf:72:f0:39:ff:09:8d:cd:b1:93:cb:7a:06:e6:
         d1:b0:02:27:e8:bb:7f:32:c9:95:02:b7:42:d0:bd:6e:de:7c:
         9f:1c:08:e8:ff:d7:84:36:06:e8:a9:29:d6:01:8e:7c:b9:a5:
         f9:3a:e6:2d:f6:43:ec:be:1e:34:3c:de:0e:50:52:44:57:1b:
         91:4a:0e:e5:f0:b3:c0:82:f2:d2:94:15:a3:29:b8:b4:58:2d:
         13:e2:59:09:09:08:60:83:a1:1f:14:23:41:1e:4b:bf:be:d3:
         a2:36:b2:74:2c:82:72:6b:37:60:5c:b2:d0:57:8b:2f:93:38:
         16:48:4d:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVMOfXgilnqc/6vuOlgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NmNhZjFmMmYwMjkxNDAxMTA1ZWY2OGIyNTk1N2RjNTU1
NTEwZDIwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc1NWQ4ODI3MTE3MGMyMTBmOGQ1ZGNkZWJkNDY1ZDg5NzA2NTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqOU+ljYJVQP+JudzVjzcdRd6VT7
N+GhA9eeicWfx0+jOTg4F+fxgNvpkhtpBvfyOTePADMyOsiwPYgfa8QXKDLONajl
71N1xaRGILdvdrF4P+TgRSnGA57nVCnjf/CD9kKiuUJ1c4E8e0QZDrJxMoWgO0J5
e5Xgryuz0dHbAyumOPUJnjcuYrLB0SoA8YF4Bs1USJ2QhJc2Uvr0RL8bckwr7hOD
2HOpRPXa3a3JnabjH32aj/t9QqG9hHx4PAYHOGw2rnFiJrUQZcPGQojkafb6sh2l
irSgOr+vrh284J9MRoS42PELeK5ACj3xdU72RijCCAQs85u9ggWuvko70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL51XYgnEXDCEPjV3N69Rl2JcGUDMB8GA1UdIwQY
MBaAFIVsrx8vApFAEQXvaLJZV9xVVRDSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFd5dkh5OENrVUFSQmU5b3NsbFgzRlZWRU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9kMmM3YzctMmJjYy00OTFlLTk2YTct
YjBkMGJjZDkwZmFlLzEvdm5WZGlDY1JjTUlRLU5YYzNyMUdYWWx3WlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9kMmM3YzctMmJjYy00OTFlLTk2YTctYjBkMGJjZDkwZmFl
LzEvaFd5dkh5OENrVUFSQmU5b3NsbFgzRlZWRU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9PQMA0G
CSqGSIb3DQEBCwUAA4IBAQCvnUc3IKUg0Di03gv+EyKcol5fWV9ZiGjwouQF0DM9
yDmhfsbDhATEevGVgLEFS3JBWbt/ZEhRMeFKT3e6yC+3G6a0yHv5AQpq7Mbz3GlB
jdGGOY/KADDj0CyHh7H8hYIw0y15sDnIby/CwBx4jGoSiNPpj09vve64Tugpjxpl
o6l0v3LwOf8Jjc2xk8t6BubRsAIn6Lt/MsmVArdC0L1u3nyfHAjo/9eENgboqSnW
AY58uaX5OuYt9kPsvh40PN4OUFJEVxuRSg7l8LPAgvLSlBWjKbi0WC0T4lkJCQhg
g6EfFCNBHku/vtOiNrJ0LIJyazdgXLLQV4svkzgWSE1i
-----END CERTIFICATE-----