Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/vic40VINYGwUaM5Z3gmvJVr6qks.roa
File:                     vic40VINYGwUaM5Z3gmvJVr6qks.roa (raw, json)
Hash identifier:          +CfEKdhcMo4NxcsgG5aNJzKUIUi/8QGxmeE2xLKzM9w=
Subject key identifier:   BE:27:38:D1:52:0D:60:6C:14:68:CE:59:DE:09:AF:25:5A:FA:AA:4B
Certificate issuer:       /CN=82cd5fd3cef3e1caa20bba61fa2d51b6b94eb54d
Certificate serial:       018CC4255A34E1D48FB1D491C670DC147CD3
Authority key identifier: 82:CD:5F:D3:CE:F3:E1:CA:A2:0B:BA:61:FA:2D:51:B6:B9:4E:B5:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/vic40VINYGwUaM5Z3gmvJVr6qks.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203495
IP address blocks:        185.133.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:34:e1:d4:8f:b1:d4:91:c6:70:dc:14:7c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82cd5fd3cef3e1caa20bba61fa2d51b6b94eb54d
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be2738d1520d606c1468ce59de09af255afaaa4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d5:02:2f:23:fc:fb:6c:16:91:83:69:c7:c6:
                    2d:4d:20:c6:fa:d7:64:e8:ab:c3:5a:2f:0a:4d:82:
                    e1:b4:fb:65:92:d6:de:09:dd:16:07:7b:bb:90:e5:
                    48:8d:53:df:e9:bc:cf:ac:5b:c0:46:41:c2:d5:4f:
                    eb:64:30:d5:a6:9e:fc:40:d1:d5:b0:09:c7:a4:1f:
                    33:b6:af:05:e1:0e:05:11:2e:9f:eb:4b:9c:34:11:
                    93:1f:96:c9:9b:a9:36:8a:22:28:95:25:04:5f:73:
                    99:73:b6:d9:ed:42:5b:13:a0:80:e7:65:09:60:44:
                    1c:22:eb:01:a6:67:2b:f3:3a:7b:20:1f:71:76:bd:
                    9f:9f:5e:4a:f9:02:60:73:cc:9b:6a:bb:8a:28:d3:
                    13:b1:12:78:07:76:ca:ee:19:2a:c5:6d:d8:17:de:
                    ea:8c:89:10:e2:d9:36:32:af:1a:d0:22:01:1e:fa:
                    36:ae:84:14:81:3f:87:07:46:4f:0c:e5:29:f0:08:
                    24:86:36:6f:d7:c9:25:c2:05:76:5f:87:79:02:0e:
                    79:4b:09:a5:bd:a4:09:9d:2d:d7:fe:e1:01:27:68:
                    01:f1:ff:6b:02:4a:18:90:32:98:28:ef:26:de:62:
                    9f:97:97:bd:99:60:8c:fe:6d:60:8a:da:43:11:16:
                    a9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:27:38:D1:52:0D:60:6C:14:68:CE:59:DE:09:AF:25:5A:FA:AA:4B
            X509v3 Authority Key Identifier:
                keyid:82:CD:5F:D3:CE:F3:E1:CA:A2:0B:BA:61:FA:2D:51:B6:B9:4E:B5:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/vic40VINYGwUaM5Z3gmvJVr6qks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:3d:91:e5:2d:5d:05:c2:9d:30:20:68:4c:d2:47:5a:73:be:
         a4:66:4c:48:e5:ed:38:33:0d:f2:3d:04:95:82:95:35:a5:76:
         86:c4:72:2b:c8:2d:75:32:58:cb:a0:25:a7:65:c3:f6:d1:f4:
         7a:77:05:f2:4b:c0:8d:5e:76:50:33:6d:33:96:6e:f3:5f:34:
         79:76:34:f1:99:24:d6:0a:79:e0:21:cd:6e:6d:78:c5:62:b7:
         8b:86:19:f2:da:2d:f0:8d:d4:7e:05:31:d8:16:8a:4b:bd:03:
         bf:2b:1c:42:f9:cb:6f:5b:1b:4b:0e:3c:42:26:de:ae:34:0f:
         76:b8:bd:94:33:dc:84:9c:5c:0f:43:a9:8b:af:f6:19:e9:ce:
         c7:78:fe:57:ea:c0:b5:51:14:3a:cf:2c:3c:02:32:b6:98:ea:
         96:ef:68:3d:48:be:01:34:86:af:22:1c:bd:66:0a:db:0f:d5:
         d7:5f:50:34:d4:92:2b:12:cc:65:7a:7d:29:31:3f:aa:3b:f8:
         68:81:3a:af:2e:f6:a5:8d:89:7f:9e:19:3f:eb:29:32:05:00:
         99:39:27:41:a4:59:8b:3b:63:b1:9f:07:e1:15:ac:05:0c:93:
         28:f1:3c:f9:47:7a:a0:53:e4:35:d5:4f:6d:45:cc:39:32:6c:
         22:ef:e5:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVo04dSPsdSRxnDcFHzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyY2Q1ZmQzY2VmM2UxY2FhMjBiYmE2MWZhMmQ1MWI2Yjk0
ZWI1NGQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTI3MzhkMTUyMGQ2MDZjMTQ2OGNlNTlkZTA5YWYyNTVhZmFhYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dUCLyP8+2wWkYNpx8YtTSDG+tdk
6KvDWi8KTYLhtPtlktbeCd0WB3u7kOVIjVPf6bzPrFvARkHC1U/rZDDVpp78QNHV
sAnHpB8ztq8F4Q4FES6f60ucNBGTH5bJm6k2iiIolSUEX3OZc7bZ7UJbE6CA52UJ
YEQcIusBpmcr8zp7IB9xdr2fn15K+QJgc8ybaruKKNMTsRJ4B3bK7hkqxW3YF97q
jIkQ4tk2Mq8a0CIBHvo2roQUgT+HB0ZPDOUp8AgkhjZv18klwgV2X4d5Ag55Swml
vaQJnS3X/uEBJ2gB8f9rAkoYkDKYKO8m3mKfl5e9mWCM/m1gitpDERap8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL4nONFSDWBsFGjOWd4JryVa+qpLMB8GA1UdIwQY
MBaAFILNX9PO8+HKogu6YfotUba5TrVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3MxZjA4N3o0Y3FpQzdwaC1pMVJ0cmxPdFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MzZlNTQtZDhmZC00NWVmLWJlNjAt
ZjUyMzA2ZWViNzIyLzEvdmljNDBWSU5ZR3dVYU01WjNnbXZKVnI2cWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MzZlNTQtZDhmZC00NWVmLWJlNjAtZjUyMzA2ZWViNzIy
LzEvZ3MxZjA4N3o0Y3FpQzdwaC1pMVJ0cmxPdFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYU0MA0G
CSqGSIb3DQEBCwUAA4IBAQAMPZHlLV0Fwp0wIGhM0kdac76kZkxI5e04Mw3yPQSV
gpU1pXaGxHIryC11MljLoCWnZcP20fR6dwXyS8CNXnZQM20zlm7zXzR5djTxmSTW
CnngIc1ubXjFYreLhhny2i3wjdR+BTHYFopLvQO/KxxC+ctvWxtLDjxCJt6uNA92
uL2UM9yEnFwPQ6mLr/YZ6c7HeP5X6sC1URQ6zyw8AjK2mOqW72g9SL4BNIavIhy9
ZgrbD9XXX1A01JIrEsxlen0pMT+qO/hogTqvLvaljYl/nhk/6ykyBQCZOSdBpFmL
O2OxnwfhFawFDJMo8Tz5R3qgU+Q11U9tRcw5Mmwi7+Vk
-----END CERTIFICATE-----