Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/vcoMlqcrC1B6zFmITckl3MznyZ0.roa
File:                     vcoMlqcrC1B6zFmITckl3MznyZ0.roa (raw, json)
Hash identifier:          dC0I/7irx7DbzR1RxwjIteMddmtQXJwEeI+W5SYpEF0=
Subject key identifier:   BD:CA:0C:96:A7:2B:0B:50:7A:CC:59:88:4D:C9:25:DC:CC:E7:C9:9D
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       018CC8012243520537B0AAACB21AA5ED208B
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/vcoMlqcrC1B6zFmITckl3MznyZ0.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        85.11.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:22:43:52:05:37:b0:aa:ac:b2:1a:a5:ed:20:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdca0c96a72b0b507acc59884dc925dccce7c99d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fe:7a:bf:ee:e6:05:40:d4:34:e2:50:75:41:
                    ea:13:55:54:62:1b:04:19:ca:85:6f:bc:bf:6e:6e:
                    b5:04:b1:48:dd:4d:d7:d0:c7:57:b9:56:98:87:be:
                    4c:68:1b:f8:46:7d:9f:e3:a1:33:86:b8:06:b9:4f:
                    22:b8:96:53:8b:b0:cf:f4:6b:85:c9:ea:32:4c:ed:
                    33:ff:45:77:d9:ba:6b:b5:df:b8:82:7e:b9:83:4c:
                    68:de:5f:24:85:57:40:d5:71:13:6a:55:58:06:8c:
                    6c:0b:ec:19:28:f9:6a:8f:6e:1b:57:c3:6d:6c:1d:
                    1b:6a:c0:eb:d6:e4:af:34:70:c1:1b:53:bf:c8:09:
                    62:34:08:5d:2e:93:cc:d5:98:ef:65:be:a2:e8:2e:
                    32:22:1d:30:d5:48:f9:f1:e6:90:9c:a2:23:bb:82:
                    d3:6b:7c:1d:1f:65:61:b5:84:92:e9:1d:37:61:cd:
                    6a:c0:42:f6:ee:e6:76:6b:89:77:a6:c6:24:53:1e:
                    6c:37:ad:6a:6a:47:e0:10:7d:49:fc:65:aa:25:83:
                    c6:38:5c:20:07:12:6d:22:f5:e6:8c:9b:8b:09:51:
                    93:35:79:43:47:1c:8f:16:08:d1:38:97:e5:1b:8f:
                    12:43:81:d3:d7:fb:e2:f5:97:7b:35:3a:3d:10:fa:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:CA:0C:96:A7:2B:0B:50:7A:CC:59:88:4D:C9:25:DC:CC:E7:C9:9D
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/vcoMlqcrC1B6zFmITckl3MznyZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:41:0c:0d:eb:4c:0b:ad:ed:37:79:bf:b0:69:e4:64:6c:59:
         1b:2a:3a:4a:a4:b8:96:9a:ed:7a:d3:1a:94:2c:7e:26:60:eb:
         1f:8e:08:6a:da:9c:54:a2:aa:ac:31:07:14:74:61:39:57:2d:
         25:ec:fb:49:d1:4e:89:cc:e7:b3:37:35:b3:b6:1d:ba:ca:07:
         39:50:fd:0a:23:72:71:ee:4f:86:42:35:ba:b9:1e:27:2d:39:
         1d:eb:89:85:13:09:b6:4a:78:7e:74:d4:df:0b:95:50:8a:21:
         35:8f:44:5e:f5:5f:7b:95:38:16:2f:65:85:42:35:48:fc:2c:
         f3:02:34:1e:6d:03:37:1e:d5:12:dd:af:e0:c1:09:e1:83:35:
         26:1e:9d:59:dc:e9:5f:89:3e:70:d4:ca:ab:5d:f5:74:08:d0:
         bf:3f:db:52:ba:a3:b3:f4:58:3d:9a:ad:b7:d0:fd:41:ff:76:
         c8:7b:bb:0f:91:36:87:07:10:a9:75:47:99:3e:3a:96:a9:b7:
         da:f4:2f:1b:a1:ce:6f:bc:7c:90:9c:02:55:9f:59:f2:9d:33:
         e0:46:68:74:8b:08:f4:86:70:ea:4a:8d:20:a4:f6:35:78:aa:
         cd:51:2b:fc:df:87:47:d8:25:17:47:65:e5:1c:28:72:31:ce:
         a1:70:09:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASJDUgU3sKqsshql7SCLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGNhMGM5NmE3MmIwYjUwN2FjYzU5ODg0ZGM5MjVkY2NjZTdjOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif56v+7mBUDUNOJQdUHqE1VUYhsE
GcqFb7y/bm61BLFI3U3X0MdXuVaYh75MaBv4Rn2f46EzhrgGuU8iuJZTi7DP9GuF
yeoyTO0z/0V32bprtd+4gn65g0xo3l8khVdA1XETalVYBoxsC+wZKPlqj24bV8Nt
bB0basDr1uSvNHDBG1O/yAliNAhdLpPM1ZjvZb6i6C4yIh0w1Uj58eaQnKIju4LT
a3wdH2VhtYSS6R03Yc1qwEL27uZ2a4l3psYkUx5sN61qakfgEH1J/GWqJYPGOFwg
BxJtIvXmjJuLCVGTNXlDRxyPFgjROJflG48SQ4HT1/vi9Zd7NTo9EPpxlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3KDJanKwtQesxZiE3JJdzM58mdMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvdmNvTWxxY3JDMUI2ekZtSVRja2wzTXpueVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQunMA0G
CSqGSIb3DQEBCwUAA4IBAQAnQQwN60wLre03eb+waeRkbFkbKjpKpLiWmu160xqU
LH4mYOsfjghq2pxUoqqsMQcUdGE5Vy0l7PtJ0U6JzOezNzWzth26ygc5UP0KI3Jx
7k+GQjW6uR4nLTkd64mFEwm2Snh+dNTfC5VQiiE1j0Re9V97lTgWL2WFQjVI/Czz
AjQebQM3HtUS3a/gwQnhgzUmHp1Z3OlfiT5w1MqrXfV0CNC/P9tSuqOz9Fg9mq23
0P1B/3bIe7sPkTaHBxCpdUeZPjqWqbfa9C8boc5vvHyQnAJVn1nynTPgRmh0iwj0
hnDqSo0gpPY1eKrNUSv834dH2CUXR2XlHChyMc6hcAlj
-----END CERTIFICATE-----