Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/vQgCYsX7BZ2W4MZYv4mNqCN_rQU.roa
File:                     vQgCYsX7BZ2W4MZYv4mNqCN_rQU.roa (raw, json)
Hash identifier:          unLfYIE14mXXe4UQc88R+PujitaXMQtp06mQgFcc03I=
Subject key identifier:   BD:08:02:62:C5:FB:05:9D:96:E0:C6:58:BF:89:8D:A8:23:7F:AD:05
Certificate issuer:       /CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
Certificate serial:       018CC7270774C65163546733A5CC1A51AC43
Authority key identifier: E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/vQgCYsX7BZ2W4MZYv4mNqCN_rQU.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21232
IP address blocks:        194.147.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:07:74:c6:51:63:54:67:33:a5:cc:1a:51:ac:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd080262c5fb059d96e0c658bf898da8237fad05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5c:49:9f:30:4c:1a:61:0d:36:89:db:9b:be:
                    0c:2c:0a:74:d0:40:b4:9c:35:fe:1e:4c:a1:15:40:
                    2d:4c:0e:ab:5f:40:79:3a:18:e4:ff:17:74:81:30:
                    3f:3d:0a:fe:fa:a1:1b:8c:a2:a8:6d:46:60:ec:f2:
                    30:4f:92:02:4a:e8:d5:2f:6b:b3:24:2f:c1:87:c0:
                    e9:66:1d:4a:ce:a9:a2:4c:6f:d9:ca:0a:b9:a1:db:
                    e9:68:a7:c3:cc:ad:91:23:e2:7e:39:f6:13:a3:cb:
                    c7:77:8c:7a:2d:04:0c:72:4e:06:59:bd:78:4f:41:
                    c8:6d:ec:05:0e:44:c4:a9:a4:37:09:52:3f:ff:c8:
                    e4:45:ec:c1:eb:c1:da:25:d7:0f:f8:30:d1:fc:fe:
                    49:13:34:6a:24:72:c1:ff:97:fd:95:40:f4:7f:3e:
                    8e:a8:51:e3:f7:be:93:51:1a:61:03:87:84:7c:d5:
                    90:c1:a8:f2:9e:ab:2b:db:77:46:5c:52:c8:e9:4a:
                    f2:9f:a9:54:cc:60:e7:d9:b0:a9:43:7a:a8:35:dc:
                    a3:1f:9f:c6:89:91:af:65:a4:d9:c3:6c:e4:e5:a7:
                    88:47:24:d0:bc:e3:98:b2:5a:9f:da:70:8b:d6:8e:
                    b8:3c:f4:db:57:1f:8c:80:55:06:d7:53:15:a9:c9:
                    94:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:08:02:62:C5:FB:05:9D:96:E0:C6:58:BF:89:8D:A8:23:7F:AD:05
            X509v3 Authority Key Identifier:
                keyid:E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/vQgCYsX7BZ2W4MZYv4mNqCN_rQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:0f:a2:ed:2e:43:5b:07:01:68:26:84:32:89:42:95:f4:bc:
         13:73:4b:f4:36:85:aa:57:1e:38:8e:f8:c4:7b:20:31:27:2b:
         11:62:6a:60:7f:c3:69:9d:b1:63:e5:bb:ee:b2:c8:c2:ba:35:
         01:2b:85:3a:c8:50:20:e5:07:da:f2:5d:de:9d:62:1c:67:53:
         c5:c7:6f:5a:e5:3b:f8:31:22:67:f2:e4:c4:f8:e8:be:23:08:
         f3:d3:10:24:69:c0:d7:4d:b3:85:9f:b8:19:21:83:a8:21:41:
         75:26:44:af:97:53:12:2f:85:20:1c:81:d0:67:de:52:ad:99:
         f4:92:5f:ce:81:49:eb:2b:1e:92:f6:b1:9b:c8:9d:13:72:98:
         68:5e:d7:c3:2f:40:7a:ad:49:5b:62:ee:3f:cc:cd:61:db:43:
         6e:76:06:2a:73:d4:1a:c9:ab:fc:3b:81:bd:e9:7d:9e:d6:65:
         2c:bf:e7:c0:9c:1f:e8:88:20:5c:04:ec:16:73:26:56:b4:14:
         ed:21:0e:36:db:23:51:f1:1e:bd:dc:b7:fb:3e:c6:f0:c7:2c:
         6c:76:2a:2f:82:de:25:96:68:2d:3a:23:64:6a:6b:cc:46:e9:
         34:d6:6c:10:b1:02:55:e0:b1:21:47:50:78:91:2a:aa:d5:7e:
         db:bf:dd:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwd0xlFjVGczpcwaUaxDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWNjZmQyMWFiZDdmZTNmYTBkNmJiMzFkZjQ4MjBiZmI1
YTQxODgwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDA4MDI2MmM1ZmIwNTlkOTZlMGM2NThiZjg5OGRhODIzN2ZhZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVxJnzBMGmENNonbm74MLAp00EC0
nDX+HkyhFUAtTA6rX0B5Ohjk/xd0gTA/PQr++qEbjKKobUZg7PIwT5ICSujVL2uz
JC/Bh8DpZh1KzqmiTG/Zygq5odvpaKfDzK2RI+J+OfYTo8vHd4x6LQQMck4GWb14
T0HIbewFDkTEqaQ3CVI//8jkRezB68HaJdcP+DDR/P5JEzRqJHLB/5f9lUD0fz6O
qFHj976TURphA4eEfNWQwajynqsr23dGXFLI6Uryn6lUzGDn2bCpQ3qoNdyjH5/G
iZGvZaTZw2zk5aeIRyTQvOOYslqf2nCL1o64PPTbVx+MgFUG11MVqcmUVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0IAmLF+wWdluDGWL+Jjagjf60FMB8GA1UdIwQY
MBaAFOmsz9IavX/j+g1rsx30ggv7WkGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMt
NzViNjg0Zjg5MGI0LzEvdlFnQ1lzWDdCWjJXNE1aWXY0bU5xQ05fclFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMtNzViNjg0Zjg5MGI0
LzEvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNxMA0G
CSqGSIb3DQEBCwUAA4IBAQCpD6LtLkNbBwFoJoQyiUKV9LwTc0v0NoWqVx44jvjE
eyAxJysRYmpgf8NpnbFj5bvussjCujUBK4U6yFAg5Qfa8l3enWIcZ1PFx29a5Tv4
MSJn8uTE+Oi+Iwjz0xAkacDXTbOFn7gZIYOoIUF1JkSvl1MSL4UgHIHQZ95SrZn0
kl/OgUnrKx6S9rGbyJ0TcphoXtfDL0B6rUlbYu4/zM1h20NudgYqc9Qayav8O4G9
6X2e1mUsv+fAnB/oiCBcBOwWcyZWtBTtIQ422yNR8R693Lf7Psbwxyxsdiovgt4l
lmgtOiNkamvMRuk01mwQsQJV4LEhR1B4kSqq1X7bv90b
-----END CERTIFICATE-----