Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/ve4gvlWv1kxLp8_eHVc0b_t6lcU.roa
File:                     ve4gvlWv1kxLp8_eHVc0b_t6lcU.roa (raw, json)
Hash identifier:          i56ZcIVbp9RWAsdcUuisi27BwNgXaqfQWo2OlKtVqiw=
Subject key identifier:   BD:EE:20:BE:55:AF:D6:4C:4B:A7:CF:DE:1D:57:34:6F:FB:7A:95:C5
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       018CC424ABDE9A0881352A39BABE6B4BECA7
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/ve4gvlWv1kxLp8_eHVc0b_t6lcU.roa
Signing time:             Mon 01 Jan 2024 08:29:46 +0000
ROA not before:           Mon 01 Jan 2024 08:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        194.242.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 10:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ab:de:9a:08:81:35:2a:39:ba:be:6b:4b:ec:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Jan  1 08:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdee20be55afd64c4ba7cfde1d57346ffb7a95c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d5:8d:cd:af:d3:11:0b:a7:03:ce:38:c7:63:
                    e3:16:f3:b9:a3:8b:f1:d7:2a:da:3a:e4:67:d6:6e:
                    30:76:77:4c:c5:50:5f:7d:cc:b0:7c:fa:f2:6a:3c:
                    5d:c4:76:99:6c:b2:97:7b:28:0c:51:0b:c5:10:f3:
                    55:50:59:f9:70:21:71:6f:41:05:e6:94:0f:13:42:
                    86:be:8f:e9:c9:dc:c2:20:07:24:9a:06:19:4f:52:
                    29:e5:ec:47:3a:b2:73:73:dc:23:26:70:d8:32:ed:
                    9b:a7:78:d9:69:95:f4:d9:11:95:68:63:13:5e:7f:
                    9c:54:31:52:b8:f2:65:dc:4f:fc:d3:2c:35:e1:7b:
                    e4:eb:8c:e1:af:26:be:91:88:e6:b0:ca:1d:ba:2c:
                    e8:f4:bd:fb:a4:68:3a:05:93:b7:f9:43:2a:c0:55:
                    43:2d:63:8b:75:b0:54:34:0c:fb:01:d1:47:8d:04:
                    68:dd:50:5e:a0:33:f4:31:7c:e7:b4:dc:55:49:5b:
                    8d:74:2c:14:a4:b0:b5:31:2c:42:68:2e:ba:8d:c1:
                    8e:75:0f:9d:93:60:23:9d:fb:b3:ff:2a:1d:d8:79:
                    89:62:36:4a:a9:b0:9d:db:db:ff:01:ee:12:78:21:
                    6a:b7:e8:c5:39:7f:e5:99:b9:98:bf:2b:fd:99:87:
                    7f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EE:20:BE:55:AF:D6:4C:4B:A7:CF:DE:1D:57:34:6F:FB:7A:95:C5
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/ve4gvlWv1kxLp8_eHVc0b_t6lcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:02:7a:7e:75:c7:cb:95:14:85:20:b6:a7:c1:21:4b:c6:2e:
         0b:12:52:52:8a:ef:14:4f:a1:0e:9a:95:86:46:7b:bc:08:2d:
         1c:ea:55:43:ee:46:a5:88:33:68:94:6f:08:75:59:dc:24:6f:
         7c:b5:73:60:35:cc:43:a2:7e:9a:fd:e9:bf:2d:2d:45:09:52:
         46:ec:13:b9:5a:09:87:af:cd:4d:90:4e:fe:c6:3d:69:30:f0:
         07:34:d2:3e:80:9f:62:5e:8e:d2:05:48:91:8b:18:45:29:00:
         0f:99:16:56:a6:d8:6f:b7:25:97:36:75:8d:3e:48:68:e9:98:
         fc:2b:28:2a:79:c7:3b:1b:8e:fa:76:ee:8b:2d:e9:26:13:b1:
         d3:0c:91:25:86:8a:27:c4:54:f2:00:3a:d3:34:f3:a0:8d:52:
         ad:32:d7:8a:ee:c0:5c:69:8d:82:33:a4:4f:e8:ee:ab:94:5c:
         22:2e:6d:b4:f5:0d:17:5f:6d:0c:bc:1d:8a:6f:42:f3:5b:3d:
         50:15:2f:7d:72:71:1d:ee:9b:5e:bb:e6:3b:6a:66:92:6e:0f:
         d4:9e:a5:b5:6d:f0:f1:4f:1c:7d:27:a7:da:a8:bd:67:61:c5:
         0b:13:a3:2f:f1:39:b1:5e:d7:c7:ed:81:63:1e:ec:3b:03:7c:
         22:36:26:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKvemgiBNSo5ur5rS+ynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjQwMTAxMDgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGVlMjBiZTU1YWZkNjRjNGJhN2NmZGUxZDU3MzQ2ZmZiN2E5NWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdWNza/TEQunA844x2PjFvO5o4vx
1yraOuRn1m4wdndMxVBffcywfPryajxdxHaZbLKXeygMUQvFEPNVUFn5cCFxb0EF
5pQPE0KGvo/pydzCIAckmgYZT1Ip5exHOrJzc9wjJnDYMu2bp3jZaZX02RGVaGMT
Xn+cVDFSuPJl3E/80yw14Xvk64zhrya+kYjmsModuizo9L37pGg6BZO3+UMqwFVD
LWOLdbBUNAz7AdFHjQRo3VBeoDP0MXzntNxVSVuNdCwUpLC1MSxCaC66jcGOdQ+d
k2Ajnfuz/yod2HmJYjZKqbCd29v/Ae4SeCFqt+jFOX/lmbmYvyv9mYd//QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3uIL5Vr9ZMS6fP3h1XNG/7epXFMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvdmU0Z3ZsV3Yxa3hMcDhfZUhWYzBiX3Q2bGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQAZAnp+dcfLlRSFILanwSFLxi4LElJSiu8UT6EOmpWG
Rnu8CC0c6lVD7kaliDNolG8IdVncJG98tXNgNcxDon6a/em/LS1FCVJG7BO5WgmH
r81NkE7+xj1pMPAHNNI+gJ9iXo7SBUiRixhFKQAPmRZWpthvtyWXNnWNPkho6Zj8
Kygqecc7G476du6LLekmE7HTDJElhoonxFTyADrTNPOgjVKtMteK7sBcaY2CM6RP
6O6rlFwiLm209Q0XX20MvB2Kb0LzWz1QFS99cnEd7pteu+Y7amaSbg/UnqW1bfDx
Txx9J6faqL1nYcULE6Mv8TmxXtfH7YFjHuw7A3wiNibK
-----END CERTIFICATE-----