Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/VQwQnzTcZjgkoS0w19J2Jqm9MDM.roa
File:                     VQwQnzTcZjgkoS0w19J2Jqm9MDM.roa (raw, json)
Hash identifier:          q+voG1cUOOlqGhaakrTYMtkYkXexTa5Cw8wwd3zfeFM=
Subject key identifier:   55:0C:10:9F:34:DC:66:38:24:A1:2D:30:D7:D2:76:26:A9:BD:30:33
Certificate issuer:       /CN=881af85f81dd3f3b24ab14ed1f42c7cc466502f0
Certificate serial:       018CC2DB0A9F964F28ACD4AE970F15949BBB
Authority key identifier: 88:1A:F8:5F:81:DD:3F:3B:24:AB:14:ED:1F:42:C7:CC:46:65:02:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBr4X4HdPzskqxTtH0LHzEZlAvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/VQwQnzTcZjgkoS0w19J2Jqm9MDM.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12808
IP address blocks:        212.125.32.0/19 maxlen: 24
                          212.125.56.0/22 maxlen: 24
                          212.125.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/iBr4X4HdPzskqxTtH0LHzEZlAvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/iBr4X4HdPzskqxTtH0LHzEZlAvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBr4X4HdPzskqxTtH0LHzEZlAvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0a:9f:96:4f:28:ac:d4:ae:97:0f:15:94:9b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=881af85f81dd3f3b24ab14ed1f42c7cc466502f0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550c109f34dc663824a12d30d7d27626a9bd3033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:aa:b1:75:a8:90:d8:89:94:c1:1c:c6:ee:39:
                    06:dc:fd:cd:4b:a7:64:c3:fc:d9:1e:1a:8c:6e:07:
                    78:43:f2:d1:a5:51:ce:be:c1:a2:3d:5a:18:3c:a5:
                    c8:05:9f:d9:87:ba:ab:f5:d7:01:dc:39:b3:47:67:
                    a9:ab:8b:c2:ec:23:a0:e2:a0:11:4f:66:25:b3:b2:
                    26:d9:64:8a:a8:ba:3d:01:c1:a6:1e:7a:76:e2:7e:
                    5e:34:6f:50:24:57:9d:3d:b4:88:04:3e:d0:b1:fe:
                    1d:3c:d8:e4:68:ef:0d:5e:28:84:a6:a4:5c:d9:43:
                    95:b9:7b:c2:5b:13:18:86:7f:02:6d:80:88:ab:71:
                    ca:c4:b3:03:2c:35:a6:0c:fe:94:18:d4:e6:a5:93:
                    bf:9e:2e:d8:50:cb:8e:7a:5c:5c:28:c0:cf:16:09:
                    0b:04:62:91:6b:fa:2f:dc:78:20:33:11:c4:af:5e:
                    c0:dc:62:74:f7:7b:36:4a:e9:b6:c2:15:79:02:75:
                    25:55:54:5d:5e:bd:c9:10:09:d8:4a:16:65:71:be:
                    5c:12:3b:b3:0e:68:b7:81:60:0b:eb:6a:45:b9:3a:
                    f8:56:96:22:07:bd:53:49:22:79:56:f5:bf:89:3f:
                    bf:d4:16:8e:63:0a:1d:1f:9e:4e:11:4e:a5:fb:91:
                    82:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0C:10:9F:34:DC:66:38:24:A1:2D:30:D7:D2:76:26:A9:BD:30:33
            X509v3 Authority Key Identifier:
                keyid:88:1A:F8:5F:81:DD:3F:3B:24:AB:14:ED:1F:42:C7:CC:46:65:02:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBr4X4HdPzskqxTtH0LHzEZlAvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/VQwQnzTcZjgkoS0w19J2Jqm9MDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d442a7-74e6-476a-8755-f255658bb881/1/iBr4X4HdPzskqxTtH0LHzEZlAvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.125.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         34:c4:e6:cc:41:b3:78:44:f7:a4:12:23:30:d5:ed:c5:f0:61:
         38:44:b0:e7:28:89:64:0c:2a:b4:59:13:c9:5c:99:d2:ff:f8:
         d4:38:de:9b:e9:db:7e:e0:1d:18:17:9c:16:8a:0f:89:74:3a:
         e5:a0:6a:ff:e5:26:f3:12:4c:19:6b:aa:67:94:e1:49:01:fd:
         c8:e6:8d:a8:5e:a8:9a:58:12:16:54:ba:82:34:e8:57:b5:af:
         fa:67:db:c4:78:b2:9a:50:c4:da:70:34:95:71:79:6b:f9:8c:
         ed:d6:20:c0:50:b7:fc:e4:d4:d2:df:17:ce:a5:0b:78:ea:ee:
         25:58:d6:3d:d1:06:52:7c:70:76:29:a7:cc:1f:7c:08:f0:2a:
         c2:eb:f2:af:1f:72:16:25:0f:36:0a:76:b2:ec:42:13:85:39:
         cb:55:cb:af:63:8f:23:41:bb:61:57:db:c2:4c:bd:65:27:1a:
         c6:64:00:9f:d6:3b:63:fe:cb:b0:1d:79:b8:00:62:e2:3b:99:
         d0:b3:be:33:e4:da:45:59:94:fb:ad:80:03:9d:e2:a7:1c:ce:
         a5:86:32:d9:8c:87:e0:2b:b0:8a:9d:7d:06:04:30:30:a1:a2:
         14:76:b4:8f:c4:72:7c:5d:9a:af:25:d4:f3:f7:d3:d3:c1:3e:
         fc:cc:db:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wqflk8orNSulw8VlJu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MWFmODVmODFkZDNmM2IyNGFiMTRlZDFmNDJjN2NjNDY2
NTAyZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBjMTA5ZjM0ZGM2NjM4MjRhMTJkMzBkN2QyNzYyNmE5YmQzMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6qxdaiQ2ImUwRzG7jkG3P3NS6dk
w/zZHhqMbgd4Q/LRpVHOvsGiPVoYPKXIBZ/Zh7qr9dcB3DmzR2epq4vC7COg4qAR
T2Yls7Im2WSKqLo9AcGmHnp24n5eNG9QJFedPbSIBD7Qsf4dPNjkaO8NXiiEpqRc
2UOVuXvCWxMYhn8CbYCIq3HKxLMDLDWmDP6UGNTmpZO/ni7YUMuOelxcKMDPFgkL
BGKRa/ov3HggMxHEr17A3GJ093s2Sum2whV5AnUlVVRdXr3JEAnYShZlcb5cEjuz
Dmi3gWAL62pFuTr4VpYiB71TSSJ5VvW/iT+/1BaOYwodH55OEU6l+5GCmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUMEJ803GY4JKEtMNfSdiapvTAzMB8GA1UdIwQY
MBaAFIga+F+B3T87JKsU7R9Cx8xGZQLwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJyNFg0SGRQenNrcXhUdEgwTEh6RVpsQXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kNDQyYTctNzRlNi00NzZhLTg3NTUt
ZjI1NTY1OGJiODgxLzEvVlF3UW56VGNaamdrb1MwdzE5SjJKcW05TURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kNDQyYTctNzRlNi00NzZhLTg3NTUtZjI1NTY1OGJiODgx
LzEvaUJyNFg0SGRQenNrcXhUdEgwTEh6RVpsQXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1H0gMA0G
CSqGSIb3DQEBCwUAA4IBAQA0xObMQbN4RPekEiMw1e3F8GE4RLDnKIlkDCq0WRPJ
XJnS//jUON6b6dt+4B0YF5wWig+JdDrloGr/5SbzEkwZa6pnlOFJAf3I5o2oXqia
WBIWVLqCNOhXta/6Z9vEeLKaUMTacDSVcXlr+Yzt1iDAULf85NTS3xfOpQt46u4l
WNY90QZSfHB2KafMH3wI8CrC6/KvH3IWJQ82Cnay7EIThTnLVcuvY48jQbthV9vC
TL1lJxrGZACf1jtj/suwHXm4AGLiO5nQs74z5NpFWZT7rYADneKnHM6lhjLZjIfg
K7CKnX0GBDAwoaIUdrSPxHJ8XZqvJdTz99PTwT78zNtv
-----END CERTIFICATE-----