Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/VI-6N7ef_A9TxBMjiC9Q59YPrdY.roa
File:                     VI-6N7ef_A9TxBMjiC9Q59YPrdY.roa (raw, json)
Hash identifier:          tIt9aZOfggTCkyQfsKvAZNpO6MbdLz4NXm/i/DmVsm4=
Subject key identifier:   54:8F:BA:37:B7:9F:FC:0F:53:C4:13:23:88:2F:50:E7:D6:0F:AD:D6
Certificate issuer:       /CN=c38c3a1c05c899ebfe15d2361909a63597c68078
Certificate serial:       018CC5DC427E30BC2FEA84C32A7AC544821B
Authority key identifier: C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/VI-6N7ef_A9TxBMjiC9Q59YPrdY.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42871
IP address blocks:        185.202.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:42:7e:30:bc:2f:ea:84:c3:2a:7a:c5:44:82:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38c3a1c05c899ebfe15d2361909a63597c68078
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=548fba37b79ffc0f53c41323882f50e7d60fadd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:52:3a:ae:78:2b:0f:62:0e:81:78:2a:71:66:
                    4f:18:4d:3a:c4:aa:cc:45:81:09:a7:e3:01:7b:a1:
                    3d:2d:b8:60:8c:1b:51:bb:5a:36:b4:a5:de:17:2c:
                    c0:01:22:77:0f:b4:d8:12:a2:76:4e:52:e9:9b:10:
                    ab:99:c3:ca:4e:4f:2f:c3:fe:8a:63:77:1d:4b:00:
                    72:9e:8c:c9:d1:82:e7:2c:8e:81:e6:a7:8b:e5:0a:
                    ca:d9:04:a1:83:07:00:6e:5c:4f:ae:f7:72:d9:ac:
                    78:f8:36:23:e9:37:ea:5b:71:aa:1a:89:52:9a:80:
                    7c:53:c9:33:ac:07:e2:4f:22:c5:3c:b2:f4:62:0c:
                    6c:44:8d:38:c0:ca:14:08:19:43:c6:b5:97:e4:d0:
                    dc:76:8d:30:35:78:47:f9:bd:84:c7:07:63:a0:b0:
                    81:56:a5:51:55:2c:09:fc:20:71:e4:c5:69:9e:92:
                    e2:dc:f3:0b:08:22:7f:2c:8e:04:34:05:52:97:d2:
                    d9:3f:4c:73:fe:55:44:8d:a3:77:ac:9f:68:d0:08:
                    28:1b:ed:42:31:28:f6:6a:cc:46:b9:a2:06:50:ae:
                    01:47:3e:95:18:34:bb:d7:43:c1:95:22:12:72:ac:
                    78:79:2a:71:99:26:65:b6:a4:23:50:32:fa:75:b3:
                    e2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:8F:BA:37:B7:9F:FC:0F:53:C4:13:23:88:2F:50:E7:D6:0F:AD:D6
            X509v3 Authority Key Identifier:
                keyid:C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/VI-6N7ef_A9TxBMjiC9Q59YPrdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ea:4f:1c:96:30:65:21:44:d7:ec:73:c6:83:a1:aa:b2:d6:
         58:f8:da:70:e4:94:05:09:19:0a:9d:32:40:08:1c:58:ee:9c:
         84:b3:66:2a:df:dc:ee:71:bb:71:64:c9:47:63:fe:cc:8c:18:
         40:e9:c2:2a:cc:11:ce:48:b4:11:b3:a6:ab:96:2c:4d:1e:a4:
         7f:f6:25:5c:f5:39:f8:00:0b:5d:f5:75:d3:78:f6:f3:a0:71:
         83:31:db:f1:69:a2:18:cf:0a:41:1f:ff:3b:b0:9c:9f:61:7c:
         41:43:26:d1:58:25:f3:c8:67:70:82:ce:6b:f4:93:50:49:4c:
         0a:40:f7:85:b2:ce:b9:de:f6:a8:ec:c8:64:af:3f:50:1e:79:
         53:57:d6:22:32:04:f8:4c:75:78:87:62:a5:35:b9:4c:25:6c:
         b1:81:b0:50:88:78:8a:fe:ba:81:7f:7e:38:f8:a5:46:3c:d7:
         56:1b:71:6b:5c:8c:23:bb:28:f6:7d:48:42:69:bc:6b:75:c5:
         d4:12:27:91:94:5e:d6:e5:aa:49:e5:1f:fc:64:f2:c7:77:1a:
         a1:aa:20:55:95:16:7f:88:90:ab:7a:99:9e:ee:ad:b5:7f:48:
         ea:0f:22:bf:50:e5:ca:17:43:de:db:cf:cb:9a:e2:5b:fb:de:
         52:2c:f0:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EJ+MLwv6oTDKnrFRIIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOGMzYTFjMDVjODk5ZWJmZTE1ZDIzNjE5MDlhNjM1OTdj
NjgwNzgwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDhmYmEzN2I3OWZmYzBmNTNjNDEzMjM4ODJmNTBlN2Q2MGZhZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1I6rngrD2IOgXgqcWZPGE06xKrM
RYEJp+MBe6E9LbhgjBtRu1o2tKXeFyzAASJ3D7TYEqJ2TlLpmxCrmcPKTk8vw/6K
Y3cdSwBynozJ0YLnLI6B5qeL5QrK2QShgwcAblxPrvdy2ax4+DYj6TfqW3GqGolS
moB8U8kzrAfiTyLFPLL0YgxsRI04wMoUCBlDxrWX5NDcdo0wNXhH+b2ExwdjoLCB
VqVRVSwJ/CBx5MVpnpLi3PMLCCJ/LI4ENAVSl9LZP0xz/lVEjaN3rJ9o0AgoG+1C
MSj2asxGuaIGUK4BRz6VGDS710PBlSIScqx4eSpxmSZltqQjUDL6dbPigQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSPuje3n/wPU8QTI4gvUOfWD63WMB8GA1UdIwQY
MBaAFMOMOhwFyJnr/hXSNhkJpjWXxoB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzR3NkhBWEltZXYtRmRJMkdRbW1OWmZHZ0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85ZTg2YWItYmM3Zi00YmM0LWIxMjct
NDIyNjIxNjFlOTQwLzEvVkktNk43ZWZfQTlUeEJNamlDOVE1OVlQcmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85ZTg2YWItYmM3Zi00YmM0LWIxMjctNDIyNjIxNjFlOTQw
LzEvdzR3NkhBWEltZXYtRmRJMkdRbW1OWmZHZ0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucoHMA0G
CSqGSIb3DQEBCwUAA4IBAQB36k8cljBlIUTX7HPGg6GqstZY+Npw5JQFCRkKnTJA
CBxY7pyEs2Yq39zucbtxZMlHY/7MjBhA6cIqzBHOSLQRs6arlixNHqR/9iVc9Tn4
AAtd9XXTePbzoHGDMdvxaaIYzwpBH/87sJyfYXxBQybRWCXzyGdwgs5r9JNQSUwK
QPeFss653vao7Mhkrz9QHnlTV9YiMgT4THV4h2KlNblMJWyxgbBQiHiK/rqBf344
+KVGPNdWG3FrXIwjuyj2fUhCabxrdcXUEieRlF7W5apJ5R/8ZPLHdxqhqiBVlRZ/
iJCrepme7q21f0jqDyK/UOXKF0Pe28/LmuJb+95SLPBk
-----END CERTIFICATE-----