Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/VpL2yzNlv8ii-Vlk0pKqw0TyW3o.roa
File:                     VpL2yzNlv8ii-Vlk0pKqw0TyW3o.roa (raw, json)
Hash identifier:          ZmfSXJDKoFiALOzACtnBP6ITKY+QtoujhCGAXZD083E=
Subject key identifier:   56:92:F6:CB:33:65:BF:C8:A2:F9:59:64:D2:92:AA:C3:44:F2:5B:7A
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79417A686B9DFC21A8969DE8ADAF6B4
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/VpL2yzNlv8ii-Vlk0pKqw0TyW3o.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44834
IP address blocks:        188.130.236.0/23 maxlen: 24
                          109.248.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:17:a6:86:b9:df:c2:1a:89:69:de:8a:da:f6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5692f6cb3365bfc8a2f95964d292aac344f25b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f4:65:a1:08:67:c5:31:27:df:7e:51:e3:c2:
                    8f:48:a4:91:df:04:1e:36:06:df:f8:3d:ed:54:c1:
                    69:08:4b:28:33:e8:55:5e:29:ae:92:c3:9c:63:23:
                    2a:bd:e6:58:29:97:4d:4c:1d:2c:36:3e:49:43:92:
                    cd:a4:d3:2e:04:c4:66:34:63:7e:94:66:48:d7:37:
                    b1:71:61:1b:2e:db:8e:19:ef:c0:8a:e2:e2:fb:83:
                    30:74:05:87:eb:36:0b:cb:4d:45:d6:4f:36:bf:49:
                    91:ec:4c:49:6e:42:7b:87:09:e1:79:08:7e:0f:80:
                    8f:5f:8c:7b:67:79:2d:c9:06:ac:f2:9a:78:0e:85:
                    0c:1b:a8:7e:40:cb:64:f0:9b:36:c6:15:b3:32:27:
                    f7:07:60:a0:43:6e:61:cc:40:31:38:a0:aa:77:67:
                    fe:0d:50:58:5f:20:01:0e:02:fa:57:21:f0:d0:3f:
                    52:07:a7:72:71:07:3f:a0:24:ff:65:c8:84:9c:93:
                    1a:f2:45:f5:ca:d2:ba:c1:0e:a3:0f:be:8f:64:ce:
                    20:b6:a5:d6:c0:53:59:63:a9:68:f7:2c:2f:69:e1:
                    ad:b1:1e:b2:12:d0:ee:f2:66:29:d2:e1:30:21:65:
                    7c:56:98:5f:27:0d:b4:df:9e:2b:fe:44:99:c8:10:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:92:F6:CB:33:65:BF:C8:A2:F9:59:64:D2:92:AA:C3:44:F2:5B:7A
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/VpL2yzNlv8ii-Vlk0pKqw0TyW3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.255.0/24
                  188.130.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:53:fb:01:dd:7b:2f:2c:46:a4:ff:43:4e:67:bc:95:a6:1d:
         3c:ce:28:46:1c:c9:94:0b:2a:f4:d5:7f:0c:64:34:53:98:d4:
         88:2f:e3:1e:79:f8:1f:82:d4:3b:c1:e5:d0:02:ee:f4:50:da:
         c6:de:05:b2:ea:ea:0a:09:f1:d1:0e:ea:73:e7:ab:00:06:77:
         42:9c:1f:b3:34:72:bb:8d:ab:1f:13:4d:2d:df:5d:d1:96:5c:
         c4:a2:f7:7c:5e:86:90:50:e9:b8:e5:a0:d9:8f:e8:80:74:c0:
         c6:f4:5e:c9:92:71:10:39:83:05:77:96:00:42:b5:ec:d1:6a:
         92:61:0e:f7:24:2e:e1:ce:77:14:16:4c:56:08:ba:75:f3:74:
         54:b2:2b:c1:06:c1:9d:93:bf:6c:2c:80:be:eb:53:6e:f7:bb:
         20:af:d5:67:e9:a7:f0:a4:77:76:49:07:97:29:ff:49:13:de:
         78:0c:aa:54:bc:b6:be:e9:72:ca:5c:2c:21:0b:13:98:e7:69:
         1a:c2:cb:94:f7:80:6c:2e:6c:95:11:07:39:1a:43:ba:b1:a1:
         fe:c2:09:c2:fc:73:c1:bd:ae:38:7c:6f:d9:f4:a9:e2:ff:dc:
         09:a9:90:a2:1e:94:ea:bd:d7:63:57:9a:41:0e:54:1b:51:11:
         35:c0:79:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlBemhrnfwhqJad6K2va0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjkyZjZjYjMzNjViZmM4YTJmOTU5NjRkMjkyYWFjMzQ0ZjI1YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPRloQhnxTEn335R48KPSKSR3wQe
Ngbf+D3tVMFpCEsoM+hVXimuksOcYyMqveZYKZdNTB0sNj5JQ5LNpNMuBMRmNGN+
lGZI1zexcWEbLtuOGe/AiuLi+4MwdAWH6zYLy01F1k82v0mR7ExJbkJ7hwnheQh+
D4CPX4x7Z3ktyQas8pp4DoUMG6h+QMtk8Js2xhWzMif3B2CgQ25hzEAxOKCqd2f+
DVBYXyABDgL6VyHw0D9SB6dycQc/oCT/ZciEnJMa8kX1ytK6wQ6jD76PZM4gtqXW
wFNZY6lo9ywvaeGtsR6yEtDu8mYp0uEwIWV8VphfJw20354r/kSZyBBM1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFaS9sszZb/IovlZZNKSqsNE8lt6MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvVnBMMnl6Tmx2OGlpLVZsazBwS3F3MFR5VzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbfj/AwQB
vILsMA0GCSqGSIb3DQEBCwUAA4IBAQBmU/sB3XsvLEak/0NOZ7yVph08zihGHMmU
Cyr01X8MZDRTmNSIL+MeefgfgtQ7weXQAu70UNrG3gWy6uoKCfHRDupz56sABndC
nB+zNHK7jasfE00t313RllzEovd8XoaQUOm45aDZj+iAdMDG9F7JknEQOYMFd5YA
QrXs0WqSYQ73JC7hzncUFkxWCLp183RUsivBBsGdk79sLIC+61Nu97sgr9Vn6afw
pHd2SQeXKf9JE954DKpUvLa+6XLKXCwhCxOY52kawsuU94BsLmyVEQc5GkO6saH+
wgnC/HPBva44fG/Z9Kni/9wJqZCiHpTqvddjV5pBDlQbURE1wHmS
-----END CERTIFICATE-----