Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VdTQMCqW5FbFug7e3Yt50r62USY.roa
File:                     VdTQMCqW5FbFug7e3Yt50r62USY.roa (raw, json)
Hash identifier:          OgnOXSJE2fBHalHdL32L1kVdLVLTdZ7PHRLNFz0AGGA=
Subject key identifier:   55:D4:D0:30:2A:96:E4:56:C5:BA:0E:DE:DD:8B:79:D2:BE:B6:51:26
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349516D2622DF425960D59D512F5098
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VdTQMCqW5FbFug7e3Yt50r62USY.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        82.153.66.0/24 maxlen: 24
                          82.152.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:51:6d:26:22:df:42:59:60:d5:9d:51:2f:50:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55d4d0302a96e456c5ba0ededd8b79d2beb65126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:61:1c:c7:b4:56:36:97:55:a4:f6:20:16:fb:
                    a5:65:c8:79:22:83:4f:04:e3:c0:fe:be:c3:c2:29:
                    f3:c5:3b:4a:49:ad:a0:aa:a0:ec:43:23:4b:96:fb:
                    4c:1e:e1:f9:af:3e:44:5d:cc:4a:20:2d:88:b4:2e:
                    c6:a0:da:82:14:93:f4:87:61:7d:65:5f:00:8b:ec:
                    ba:22:01:44:ec:75:38:ae:47:17:0b:de:cb:13:f6:
                    64:b4:10:df:72:d1:d6:e5:34:c1:3e:46:ed:cc:99:
                    ff:85:1c:f7:38:1b:4f:7b:95:78:41:62:21:29:4b:
                    3c:a4:d2:b6:e9:03:c5:c0:33:83:00:a4:95:b4:19:
                    12:4e:18:4a:07:12:12:ab:ab:96:60:bc:d9:7e:0c:
                    d5:fc:47:51:a4:c0:0d:55:ca:72:ea:5f:d0:cc:b7:
                    85:d4:7e:15:69:95:94:ae:37:ba:7c:a0:40:ed:3a:
                    71:4d:83:24:f8:73:96:d5:ce:cc:c0:2f:96:4d:6b:
                    c3:00:e6:ee:a0:17:0a:9b:c6:70:28:a9:62:9f:e5:
                    37:ab:d2:0e:b4:5d:46:bf:38:a7:5b:ba:4f:88:d9:
                    6c:ad:77:35:f8:9c:c0:84:82:38:a6:0e:0b:2f:46:
                    2c:ca:18:5c:0f:9f:e2:e9:ca:e5:da:e6:96:53:2c:
                    88:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D4:D0:30:2A:96:E4:56:C5:BA:0E:DE:DD:8B:79:D2:BE:B6:51:26
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VdTQMCqW5FbFug7e3Yt50r62USY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.110.0/24
                  82.153.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b7:db:eb:fe:b8:a0:c7:7e:79:41:75:e7:9e:86:bc:ec:58:
         02:3f:c3:1c:e4:3e:f8:37:49:40:78:65:54:5b:d8:bf:32:1c:
         38:13:42:4a:05:a1:ed:15:bb:aa:a0:d0:0d:80:1b:3f:0a:1c:
         d8:c9:5f:91:71:74:3b:c4:70:03:06:59:b3:21:9b:44:0c:cc:
         e5:72:56:e1:9d:22:47:22:66:9e:89:e2:6e:28:ed:a7:27:a7:
         79:b4:ad:8d:47:3b:44:76:fa:19:3d:d2:33:b1:46:67:a0:cc:
         a9:d4:29:5e:b7:34:23:5c:cc:ea:c0:f1:97:05:a6:4a:f7:56:
         bd:9f:d0:12:8b:5d:3b:1d:61:d5:84:cf:69:93:0c:eb:eb:56:
         0d:b1:51:9c:48:b1:be:16:b8:11:43:83:c0:ff:10:32:41:55:
         c0:56:8f:6a:7b:35:d2:3c:81:7c:6c:c6:cb:6a:58:ff:0c:bb:
         dc:8a:ec:42:a3:36:45:53:b8:d3:c1:74:20:60:4a:f7:82:4f:
         16:55:3a:49:38:1a:c7:54:a1:29:9b:7e:bf:22:e0:34:b5:ed:
         5b:4a:75:1c:ea:95:34:37:4b:fe:cf:5f:02:2a:68:e7:15:2d:
         7a:63:f2:96:1f:bc:63:da:78:3a:07:bd:1b:4b:30:5e:18:e5:
         86:c2:91:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSVFtJiLfQllg1Z1RL1CYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWQ0ZDAzMDJhOTZlNDU2YzViYTBlZGVkZDhiNzlkMmJlYjY1MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GEcx7RWNpdVpPYgFvulZch5IoNP
BOPA/r7DwinzxTtKSa2gqqDsQyNLlvtMHuH5rz5EXcxKIC2ItC7GoNqCFJP0h2F9
ZV8Ai+y6IgFE7HU4rkcXC97LE/ZktBDfctHW5TTBPkbtzJn/hRz3OBtPe5V4QWIh
KUs8pNK26QPFwDODAKSVtBkSThhKBxISq6uWYLzZfgzV/EdRpMANVcpy6l/QzLeF
1H4VaZWUrje6fKBA7TpxTYMk+HOW1c7MwC+WTWvDAObuoBcKm8ZwKKlin+U3q9IO
tF1GvzinW7pPiNlsrXc1+JzAhII4pg4LL0YsyhhcD5/i6crl2uaWUyyINwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXU0DAqluRWxboO3t2LedK+tlEmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVmRUUU1DcVc1RmJGdWc3ZTNZdDUwcjYyVVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUphuAwQA
UplCMA0GCSqGSIb3DQEBCwUAA4IBAQAat9vr/rigx355QXXnnoa87FgCP8Mc5D74
N0lAeGVUW9i/Mhw4E0JKBaHtFbuqoNANgBs/ChzYyV+RcXQ7xHADBlmzIZtEDMzl
clbhnSJHImaeieJuKO2nJ6d5tK2NRztEdvoZPdIzsUZnoMyp1CletzQjXMzqwPGX
BaZK91a9n9ASi107HWHVhM9pkwzr61YNsVGcSLG+FrgRQ4PA/xAyQVXAVo9qezXS
PIF8bMbLalj/DLvciuxCozZFU7jTwXQgYEr3gk8WVTpJOBrHVKEpm36/IuA0te1b
SnUc6pU0N0v+z18CKmjnFS16Y/KWH7xj2ng6B70bSzBeGOWGwpGS
-----END CERTIFICATE-----