Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VRhQyw4_NMf2JAcWzFtTmijO9BE.roa
File:                     VRhQyw4_NMf2JAcWzFtTmijO9BE.roa (raw, json)
Hash identifier:          3/GUBvzMn1FJBG/G2UIdqJx4XWpGyAbRQmD7YQwFF3s=
Subject key identifier:   55:18:50:CB:0E:3F:34:C7:F6:24:07:16:CC:5B:53:9A:28:CE:F4:11
Certificate issuer:       /CN=552423ed905000f69ad93eefc666bb9b1addcb37
Certificate serial:       018E1EC59935311067498728C5E3FB2C3DE8
Authority key identifier: 55:24:23:ED:90:50:00:F6:9A:D9:3E:EF:C6:66:BB:9B:1A:DD:CB:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VRhQyw4_NMf2JAcWzFtTmijO9BE.roa
Signing time:             Fri 08 Mar 2024 15:54:10 +0000
ROA not before:           Fri 08 Mar 2024 15:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200517
IP address blocks:        51.18.0.0/16 maxlen: 16
                          2a01:4180::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:c5:99:35:31:10:67:49:87:28:c5:e3:fb:2c:3d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552423ed905000f69ad93eefc666bb9b1addcb37
        Validity
            Not Before: Mar  8 15:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=551850cb0e3f34c7f6240716cc5b539a28cef411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:67:e5:9e:54:17:56:d5:be:af:a1:d2:8f:1d:
                    b8:78:65:81:f2:1e:06:ff:14:e5:31:c2:54:19:98:
                    28:50:ec:69:20:0d:3b:63:39:ba:09:ca:78:c9:c7:
                    42:e5:e5:d2:be:99:c5:d2:62:71:8f:b3:86:6f:9d:
                    fb:61:2b:fe:ce:5f:5a:f1:03:5e:21:e3:04:ee:f1:
                    7d:bf:02:7a:96:ba:19:26:b4:9e:d0:f7:c7:35:2a:
                    49:e1:0a:8e:7c:15:8e:7c:7b:68:3e:1f:1e:06:f8:
                    fc:ae:91:de:66:d6:2f:ac:a7:2f:e9:c2:64:25:68:
                    ac:ae:72:90:ba:9d:ae:a0:1f:c7:fc:58:05:69:1b:
                    ce:e0:d8:96:7e:9c:a2:1d:0c:1f:5a:8f:bd:77:4b:
                    e0:9e:bd:0c:fe:84:6e:89:b1:cd:a4:93:21:c5:fd:
                    cc:58:32:3d:53:ca:33:64:80:da:43:7c:19:c6:3d:
                    0f:00:ca:85:2a:49:c9:2e:ce:2e:22:55:ff:9a:4b:
                    df:ff:75:d7:17:67:12:e5:b4:f5:ca:62:b4:2d:5c:
                    76:a8:7c:4f:67:15:1b:be:85:0a:e4:cd:27:1e:21:
                    45:75:e6:25:00:15:4d:74:9d:2f:21:f1:88:6e:67:
                    03:b2:46:2c:12:ef:b5:30:54:bc:cb:be:b9:63:ae:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:18:50:CB:0E:3F:34:C7:F6:24:07:16:CC:5B:53:9A:28:CE:F4:11
            X509v3 Authority Key Identifier:
                keyid:55:24:23:ED:90:50:00:F6:9A:D9:3E:EF:C6:66:BB:9B:1A:DD:CB:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VRhQyw4_NMf2JAcWzFtTmijO9BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.18.0.0/16
                IPv6:
                  2a01:4180::/33

    Signature Algorithm: sha256WithRSAEncryption
         03:4f:d1:cb:93:ef:77:23:84:18:eb:bf:fd:cb:b9:b0:15:ef:
         29:a4:55:37:38:b8:b7:98:fd:ef:60:67:b4:57:67:1b:e7:9e:
         e6:52:4b:b0:0f:c2:ff:a1:e8:f3:de:2d:f6:f0:f4:33:81:b8:
         c7:8c:d3:27:e9:02:62:af:a5:e8:1e:1a:0f:a1:cb:40:ed:0d:
         22:b8:ac:16:5c:bb:97:31:12:a7:14:1d:58:66:62:0c:a4:9b:
         71:ea:6b:c5:5a:38:9d:f1:98:61:1c:7a:e6:71:39:3c:71:b4:
         cb:eb:51:03:0b:1c:46:d5:c1:f3:a7:0b:01:d5:a7:71:f0:00:
         09:c9:ae:99:04:90:df:66:ab:85:1d:41:4a:b6:85:6f:95:d7:
         94:8c:2d:0f:15:85:9f:a7:b8:25:5d:2e:79:73:4d:30:b1:7c:
         9d:99:33:42:14:91:09:fa:13:75:94:c7:28:94:c8:d7:97:6e:
         69:0b:0b:dd:d1:4d:99:ef:78:dc:32:02:fd:bf:f1:f3:45:8a:
         5d:05:3d:28:8e:62:ed:1b:22:86:29:ff:5a:76:90:52:00:d3:
         50:74:03:4c:bd:29:b2:20:58:67:8f:fa:5d:e9:78:a9:7d:3c:
         6b:92:69:0e:21:14:d4:67:4a:94:fc:bf:a9:6a:a8:fc:d9:73:
         1e:4e:24:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4exZk1MRBnSYcoxeP7LD3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjQyM2VkOTA1MDAwZjY5YWQ5M2VlZmM2NjZiYjliMWFk
ZGNiMzcwHhcNMjQwMzA4MTU1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE4NTBjYjBlM2YzNGM3ZjYyNDA3MTZjYzViNTM5YTI4Y2VmNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2flnlQXVtW+r6HSjx24eGWB8h4G
/xTlMcJUGZgoUOxpIA07Yzm6Ccp4ycdC5eXSvpnF0mJxj7OGb537YSv+zl9a8QNe
IeME7vF9vwJ6lroZJrSe0PfHNSpJ4QqOfBWOfHtoPh8eBvj8rpHeZtYvrKcv6cJk
JWisrnKQup2uoB/H/FgFaRvO4NiWfpyiHQwfWo+9d0vgnr0M/oRuibHNpJMhxf3M
WDI9U8ozZIDaQ3wZxj0PAMqFKknJLs4uIlX/mkvf/3XXF2cS5bT1ymK0LVx2qHxP
ZxUbvoUK5M0nHiFFdeYlABVNdJ0vIfGIbmcDskYsEu+1MFS8y765Y65FZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFUYUMsOPzTH9iQHFsxbU5oozvQRMB8GA1UdIwQY
MBaAFFUkI+2QUAD2mtk+78Zmu5sa3cs3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNRajdaQlFBUGFhMlQ3dnhtYTdteHJkeXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83Y2FhZTUtMDNhZi00N2Y4LWIyOWUt
ZTk1MWE3NDM0NmY5LzEvVlJoUXl3NF9OTWYySkFjV3pGdFRtaWpPOUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83Y2FhZTUtMDNhZi00N2Y4LWIyOWUtZTk1MWE3NDM0NmY5
LzEvVlNRajdaQlFBUGFhMlQ3dnhtYTdteHJkeXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTALBAIAATAFAwMAMxIwDgQC
AAIwCAMGByoBQYAAMA0GCSqGSIb3DQEBCwUAA4IBAQADT9HLk+93I4QY67/9y7mw
Fe8ppFU3OLi3mP3vYGe0V2cb557mUkuwD8L/oejz3i328PQzgbjHjNMn6QJir6Xo
HhoPoctA7Q0iuKwWXLuXMRKnFB1YZmIMpJtx6mvFWjid8ZhhHHrmcTk8cbTL61ED
CxxG1cHzpwsB1adx8AAJya6ZBJDfZquFHUFKtoVvldeUjC0PFYWfp7glXS55c00w
sXydmTNCFJEJ+hN1lMcolMjXl25pCwvd0U2Z73jcMgL9v/HzRYpdBT0ojmLtGyKG
Kf9adpBSANNQdANMvSmyIFhnj/pd6XipfTxrkmkOIRTUZ0qU/L+paqj82XMeTiRN
-----END CERTIFICATE-----