Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/vxZdMh_acWYzyuG_JQGqiaAc2yo.roa
File:                     vxZdMh_acWYzyuG_JQGqiaAc2yo.roa (raw, json)
Hash identifier:          QKagHAap8zN0XwmBB+etwtiMCzqF3qNMJJcJ1uBNPSg=
Subject key identifier:   BF:16:5D:32:1F:DA:71:66:33:CA:E1:BF:25:01:AA:89:A0:1C:DB:2A
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018D363EF395D8DD657977A7E475438EF11A
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/vxZdMh_acWYzyuG_JQGqiaAc2yo.roa
Signing time:             Tue 23 Jan 2024 12:15:11 +0000
ROA not before:           Tue 23 Jan 2024 12:15:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215670
IP address blocks:        188.130.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:3e:f3:95:d8:dd:65:79:77:a7:e4:75:43:8e:f1:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan 23 12:15:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf165d321fda716633cae1bf2501aa89a01cdb2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:45:98:97:97:27:7a:b0:19:bb:16:ff:06:39:
                    c8:09:fd:f7:75:7c:d5:9f:ce:43:4b:d4:95:21:8d:
                    32:15:c1:bf:9b:b5:5f:5c:97:df:c5:51:ea:1f:8c:
                    ee:84:7b:c3:eb:b9:11:b6:8b:a6:85:b5:d7:d7:37:
                    66:b4:46:95:23:aa:c7:09:fb:e5:d3:32:1f:95:f6:
                    62:64:88:18:04:16:10:8e:50:c0:59:d1:ee:2e:7a:
                    1c:87:5d:19:10:5a:0a:01:b5:9a:71:9d:ca:53:b9:
                    ef:d2:ae:36:ed:7d:5b:80:1c:86:60:a4:31:68:cb:
                    6c:8c:4f:f1:e8:68:8f:d5:f9:d8:db:21:e2:c3:81:
                    ae:2c:f0:36:28:05:02:27:16:63:24:94:08:27:f5:
                    ba:60:0d:5b:5d:61:38:0d:1b:4e:83:72:4b:f9:92:
                    49:ad:d7:2f:18:b9:1d:58:ff:d6:bd:6d:2d:e4:c7:
                    c1:70:2b:38:75:42:c2:66:19:2f:ad:7d:1a:ce:a9:
                    5d:a6:01:4c:93:73:18:df:19:9b:2c:be:51:33:7d:
                    97:4b:a1:40:c1:cd:eb:1c:86:43:9a:79:b9:08:b8:
                    70:3c:46:59:fb:4e:b0:42:57:8f:7b:d1:2d:6e:b9:
                    aa:ba:05:4d:b7:66:3e:e1:0c:5d:dc:c9:b5:44:9b:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:16:5D:32:1F:DA:71:66:33:CA:E1:BF:25:01:AA:89:A0:1C:DB:2A
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/vxZdMh_acWYzyuG_JQGqiaAc2yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:33:87:f4:15:44:98:75:26:ad:76:83:d9:c8:fe:16:34:05:
         7f:4e:a5:e9:f2:15:4a:4f:a6:9a:ce:b8:84:05:d0:de:b9:4f:
         b0:01:9c:0e:b4:dc:75:0d:e4:39:7b:6d:cc:8f:68:33:29:ad:
         7f:b5:2e:dc:4c:83:74:a1:59:b8:ed:55:1e:f1:2a:ac:70:d0:
         5a:2d:a6:49:01:73:20:4e:0a:6a:60:f8:5f:c0:1f:f7:fc:20:
         0b:b1:ee:65:12:1a:1b:bb:30:e8:89:10:b5:bb:3c:71:c3:a8:
         41:3f:c0:df:b1:ef:e0:1d:d6:96:4b:6d:6d:27:77:d3:cf:89:
         f2:91:1f:5c:12:25:a6:9f:ae:15:78:f7:98:33:81:75:a1:bc:
         76:bb:40:51:eb:b9:9c:1e:e4:48:a3:6e:a2:3f:17:6a:3c:47:
         5b:44:5e:ce:c2:f7:9f:74:9b:b8:e8:74:ed:41:ac:34:4d:b4:
         29:95:b0:7c:08:65:1f:3f:6c:93:e7:ba:91:8d:17:b6:18:ef:
         dc:65:75:3a:42:fe:d8:d4:92:22:a7:ba:0d:c7:6b:60:1f:a3:
         d9:d3:da:b6:dd:37:10:d6:48:c7:e8:be:ee:19:5c:1b:6d:83:
         4f:9f:22:18:0a:ea:04:40:fb:c3:9f:78:f4:c7:9b:4d:f3:28:
         0b:e0:5d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY02PvOV2N1leXen5HVDjvEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTIzMTIxNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjE2NWQzMjFmZGE3MTY2MzNjYWUxYmYyNTAxYWE4OWEwMWNkYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEWYl5cnerAZuxb/BjnICf33dXzV
n85DS9SVIY0yFcG/m7VfXJffxVHqH4zuhHvD67kRtoumhbXX1zdmtEaVI6rHCfvl
0zIflfZiZIgYBBYQjlDAWdHuLnoch10ZEFoKAbWacZ3KU7nv0q427X1bgByGYKQx
aMtsjE/x6GiP1fnY2yHiw4GuLPA2KAUCJxZjJJQIJ/W6YA1bXWE4DRtOg3JL+ZJJ
rdcvGLkdWP/WvW0t5MfBcCs4dULCZhkvrX0azqldpgFMk3MY3xmbLL5RM32XS6FA
wc3rHIZDmnm5CLhwPEZZ+06wQlePe9EtbrmqugVNt2Y+4Qxd3Mm1RJu5CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8WXTIf2nFmM8rhvyUBqomgHNsqMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvdnhaZE1oX2FjV1l6eXVHX0pRR3FpYUFjMnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvILuMA0G
CSqGSIb3DQEBCwUAA4IBAQATM4f0FUSYdSatdoPZyP4WNAV/TqXp8hVKT6aazriE
BdDeuU+wAZwOtNx1DeQ5e23Mj2gzKa1/tS7cTIN0oVm47VUe8SqscNBaLaZJAXMg
TgpqYPhfwB/3/CALse5lEhobuzDoiRC1uzxxw6hBP8Dfse/gHdaWS21tJ3fTz4ny
kR9cEiWmn64VePeYM4F1obx2u0BR67mcHuRIo26iPxdqPEdbRF7OwvefdJu46HTt
Qaw0TbQplbB8CGUfP2yT57qRjRe2GO/cZXU6Qv7Y1JIip7oNx2tgH6PZ09q23TcQ
1kjH6L7uGVwbbYNPnyIYCuoEQPvDn3j0x5tN8ygL4F1M
-----END CERTIFICATE-----