Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/vl370CS-wrRFGTHVbwq9j6PrN2c.roa
File:                     vl370CS-wrRFGTHVbwq9j6PrN2c.roa (raw, json)
Hash identifier:          jezWq2STZOxUdtKVcBSdQAWvU/he4GUB46a/GXSqd+A=
Subject key identifier:   BE:5D:FB:D0:24:BE:C2:B4:45:19:31:D5:6F:0A:BD:8F:A3:EB:37:67
Certificate issuer:       /CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Certificate serial:       018CC726D193B3D415B26DAD14DE6D934F04
Authority key identifier: CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/vl370CS-wrRFGTHVbwq9j6PrN2c.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        213.156.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 19:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d1:93:b3:d4:15:b2:6d:ad:14:de:6d:93:4f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be5dfbd024bec2b4451931d56f0abd8fa3eb3767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:23:b1:b9:3f:72:02:d2:4a:53:87:a2:16:1a:
                    af:9e:02:4d:fd:28:88:81:1a:80:74:a9:6d:45:7a:
                    ac:de:a8:da:85:28:45:28:e3:6a:f0:e1:53:03:7f:
                    4f:3c:cb:40:de:1f:ac:cc:02:99:3e:38:5b:8b:eb:
                    ac:9c:bb:28:ed:1b:3f:ed:68:d4:51:73:26:37:1b:
                    b2:62:8c:5f:8a:54:11:67:0b:db:1d:9d:d5:fb:46:
                    1f:e3:dd:2f:d7:7e:b0:96:cc:4e:cd:93:84:ea:b2:
                    21:71:d8:58:3e:99:44:3a:f5:22:74:34:5d:6b:8d:
                    98:8a:c0:77:b1:ae:11:15:44:44:34:d7:61:8e:a2:
                    03:ca:15:15:ed:bd:0f:0f:86:8c:ec:b2:42:dd:5d:
                    27:b4:0e:5c:a9:7c:9b:11:1b:25:74:f0:22:b7:17:
                    69:62:60:3f:15:ae:d7:2d:a6:25:40:5b:a2:4c:ff:
                    ff:34:c9:3d:c0:1c:5a:85:2f:6c:1a:bf:1d:1f:9c:
                    ea:c6:ce:0a:9a:aa:e0:56:3b:d7:5a:da:91:3d:f1:
                    53:ff:1a:d3:05:49:db:d8:6d:37:82:d1:f9:b8:4b:
                    b1:77:55:38:66:86:b5:e3:b1:8a:14:78:3a:2d:c1:
                    d6:1e:45:8e:4b:9e:8c:f9:7f:d2:75:ed:26:70:f6:
                    34:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:5D:FB:D0:24:BE:C2:B4:45:19:31:D5:6F:0A:BD:8F:A3:EB:37:67
            X509v3 Authority Key Identifier:
                keyid:CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/vl370CS-wrRFGTHVbwq9j6PrN2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b4:95:70:c8:87:b8:e2:07:c0:87:bc:7d:c0:21:b7:f1:ad:
         3e:12:e2:5a:42:f1:1c:ae:cf:f8:37:8e:60:f5:0a:a5:f8:bd:
         3c:ed:36:d6:79:04:c5:ee:c8:b9:9a:7b:ca:8f:11:1a:b8:99:
         30:2f:42:93:2a:f3:6c:2f:fe:a0:f4:6e:b3:48:f4:b1:7a:9d:
         6a:36:2a:c6:03:03:88:6f:35:b4:20:03:e5:97:82:1b:3a:4f:
         97:73:a9:ff:13:6f:db:5f:99:17:22:c2:f9:3e:07:44:aa:d5:
         38:bb:63:aa:c9:c6:71:79:16:9a:7b:e9:b3:5e:69:54:c4:b4:
         09:93:a0:10:0e:11:d7:e7:5e:81:44:c2:bd:62:d3:12:d4:20:
         e9:dd:c4:6a:2b:1f:ab:7c:fd:6a:75:29:18:1b:cd:11:40:31:
         7a:c1:18:2a:c2:16:99:8e:1a:9b:af:8d:c8:2c:46:51:74:1b:
         37:de:ee:70:4f:a8:b3:4f:f5:23:28:e7:57:a7:99:a4:c2:19:
         a0:f4:1c:79:12:d4:cc:ee:87:42:f5:e2:16:48:c3:13:29:32:
         4a:24:51:6f:93:b7:ed:48:20:1b:96:f9:89:4f:c3:26:d8:28:
         45:c7:95:7c:68:a8:c0:ee:a3:c7:2c:04:3c:9e:1b:6e:a9:39:
         1e:09:1b:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtGTs9QVsm2tFN5tk08EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzRiMTMzODdmYWIxZGNmOGI2N2YxNmEwYTQzNzYwODYw
MGM0YzIwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTVkZmJkMDI0YmVjMmI0NDUxOTMxZDU2ZjBhYmQ4ZmEzZWIzNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCOxuT9yAtJKU4eiFhqvngJN/SiI
gRqAdKltRXqs3qjahShFKONq8OFTA39PPMtA3h+szAKZPjhbi+usnLso7Rs/7WjU
UXMmNxuyYoxfilQRZwvbHZ3V+0Yf490v136wlsxOzZOE6rIhcdhYPplEOvUidDRd
a42YisB3sa4RFURENNdhjqIDyhUV7b0PD4aM7LJC3V0ntA5cqXybERsldPAitxdp
YmA/Fa7XLaYlQFuiTP//NMk9wBxahS9sGr8dH5zqxs4KmqrgVjvXWtqRPfFT/xrT
BUnb2G03gtH5uEuxd1U4Zoa147GKFHg6LcHWHkWOS56M+X/Sde0mcPY0dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5d+9AkvsK0RRkx1W8KvY+j6zdnMB8GA1UdIwQY
MBaAFMo0sTOH+rHc+LZ/FqCkN2CGAMTCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYt
MDQwNTIzNGFiM2YxLzEvdmwzNzBDUy13clJGR1RIVmJ3cTlqNlByTjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYtMDQwNTIzNGFiM2Yx
LzEveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Zz4MA0G
CSqGSIb3DQEBCwUAA4IBAQCttJVwyIe44gfAh7x9wCG38a0+EuJaQvEcrs/4N45g
9Qql+L087TbWeQTF7si5mnvKjxEauJkwL0KTKvNsL/6g9G6zSPSxep1qNirGAwOI
bzW0IAPll4IbOk+Xc6n/E2/bX5kXIsL5PgdEqtU4u2OqycZxeRaae+mzXmlUxLQJ
k6AQDhHX516BRMK9YtMS1CDp3cRqKx+rfP1qdSkYG80RQDF6wRgqwhaZjhqbr43I
LEZRdBs33u5wT6izT/UjKOdXp5mkwhmg9Bx5EtTM7odC9eIWSMMTKTJKJFFvk7ft
SCAblvmJT8Mm2ChFx5V8aKjA7qPHLAQ8nhtuqTkeCRtj
-----END CERTIFICATE-----