Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/VST5BX37aro3h53PHm5nMVc0ze4.roa
File:                     VST5BX37aro3h53PHm5nMVc0ze4.roa (raw, json)
Hash identifier:          Nudzcdlbn76cyx5A66sZcNlvUl5YVpyg6od2F28OCJk=
Subject key identifier:   55:24:F9:05:7D:FB:6A:BA:37:87:9D:CF:1E:6E:67:31:57:34:CD:EE
Certificate issuer:       /CN=0690913dbbeedadde95dce4704526284e7ae7cca
Certificate serial:       018CC72689C0584D0C33CB85A645D237A330
Authority key identifier: 06:90:91:3D:BB:EE:DA:DD:E9:5D:CE:47:04:52:62:84:E7:AE:7C:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/VST5BX37aro3h53PHm5nMVc0ze4.roa
Signing time:             Mon 01 Jan 2024 22:30:40 +0000
ROA not before:           Mon 01 Jan 2024 22:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        195.182.210.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:89:c0:58:4d:0c:33:cb:85:a6:45:d2:37:a3:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0690913dbbeedadde95dce4704526284e7ae7cca
        Validity
            Not Before: Jan  1 22:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5524f9057dfb6aba37879dcf1e6e67315734cdee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:15:3b:56:41:40:28:8b:69:92:fe:b8:4f:76:
                    23:d0:2a:96:2c:a1:53:08:62:18:d6:46:81:92:7c:
                    8e:44:c1:df:c7:fc:fc:84:b3:1c:94:12:d4:48:cc:
                    a7:41:c7:8f:86:61:a4:43:7c:a7:8a:fe:62:2c:66:
                    19:92:59:f9:27:aa:7b:6d:36:07:92:74:10:eb:7b:
                    8f:d3:7b:a9:8f:90:ba:16:04:19:26:3d:65:94:64:
                    2a:c3:bb:86:ff:e5:40:b6:a3:08:10:d7:ad:d7:cf:
                    d1:19:a4:a1:a6:cc:05:0d:90:35:26:92:49:9c:13:
                    16:ac:8d:e3:a4:13:ed:de:23:5b:2d:90:9a:2b:d3:
                    b5:c7:70:d5:a6:28:67:7b:95:1a:8f:e2:fc:bb:e0:
                    a9:dd:c7:1a:b3:b0:fe:c4:69:c2:28:2f:15:e2:9b:
                    71:2b:26:7a:b9:f5:41:b2:0a:89:20:9d:28:0d:1c:
                    09:12:d7:ab:ae:99:3e:3f:21:08:4b:7b:27:84:7a:
                    7c:fb:70:d8:6a:87:1e:3b:56:e4:d5:34:d7:6a:98:
                    7b:8b:d6:40:75:b9:65:43:22:31:8e:89:bb:6d:7c:
                    95:3e:84:7d:f1:b1:67:c7:62:87:6f:4e:93:42:9a:
                    ac:a8:75:3e:89:62:a7:14:0f:09:b4:9a:3e:a2:e4:
                    10:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:24:F9:05:7D:FB:6A:BA:37:87:9D:CF:1E:6E:67:31:57:34:CD:EE
            X509v3 Authority Key Identifier:
                keyid:06:90:91:3D:BB:EE:DA:DD:E9:5D:CE:47:04:52:62:84:E7:AE:7C:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/VST5BX37aro3h53PHm5nMVc0ze4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:cb:d3:f0:dd:c0:74:86:20:75:ae:46:53:87:0f:69:a6:2b:
         04:36:82:37:41:ec:34:6b:a4:c9:ae:c5:8a:1f:88:a3:4d:21:
         0c:08:b6:bf:ef:41:7a:05:ff:f8:34:4f:1e:10:b2:60:9a:6f:
         54:4c:02:c6:05:2e:20:9d:94:21:ba:3e:15:50:2c:ca:82:eb:
         22:6d:59:97:56:c5:c9:1e:4c:7f:68:33:8d:bd:f9:2a:ce:36:
         fa:08:5d:a2:e8:cd:9c:aa:5f:02:50:1e:d5:57:32:96:58:49:
         4f:80:16:c8:26:a2:e8:46:63:85:da:69:2b:bf:9b:ba:94:0a:
         48:73:05:8b:a9:1c:85:7f:a4:30:71:1e:23:d2:14:5b:c0:db:
         bc:95:88:ab:34:a6:99:b3:f9:cc:23:85:f1:91:f9:a2:cb:c7:
         b8:e5:dd:fb:41:b3:1c:20:87:39:0d:a8:88:c8:ee:6f:a9:97:
         e5:45:1a:a9:c6:bc:da:ba:74:bf:d8:44:1c:e6:88:96:d5:b7:
         f3:f7:c8:e3:0a:70:c0:aa:e6:fb:91:60:8c:ed:8e:b8:aa:48:
         fb:04:5a:91:3e:64:1a:27:47:c7:cb:ae:fc:e1:2d:e4:3a:d3:
         46:1f:66:c2:7d:94:a8:fd:2b:8e:9f:66:54:5b:93:d3:5f:82:
         11:eb:da:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJonAWE0MM8uFpkXSN6MwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTA5MTNkYmJlZWRhZGRlOTVkY2U0NzA0NTI2Mjg0ZTdh
ZTdjY2EwHhcNMjQwMTAxMjIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTI0ZjkwNTdkZmI2YWJhMzc4NzlkY2YxZTZlNjczMTU3MzRjZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhU7VkFAKItpkv64T3Yj0CqWLKFT
CGIY1kaBknyORMHfx/z8hLMclBLUSMynQcePhmGkQ3yniv5iLGYZkln5J6p7bTYH
knQQ63uP03upj5C6FgQZJj1llGQqw7uG/+VAtqMIENet18/RGaShpswFDZA1JpJJ
nBMWrI3jpBPt3iNbLZCaK9O1x3DVpihne5Uaj+L8u+Cp3ccas7D+xGnCKC8V4ptx
KyZ6ufVBsgqJIJ0oDRwJEterrpk+PyEIS3snhHp8+3DYaoceO1bk1TTXaph7i9ZA
dbllQyIxjom7bXyVPoR98bFnx2KHb06TQpqsqHU+iWKnFA8JtJo+ouQQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUk+QV9+2q6N4edzx5uZzFXNM3uMB8GA1UdIwQY
MBaAFAaQkT277trd6V3ORwRSYoTnrnzKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBDUlBidnUydDNwWGM1SEJGSmloT2V1Zk1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mYWI5MTgtOGY0ZC00ZWRlLWJhZDEt
MzFiOTUwMjcwNTM2LzEvVlNUNUJYMzdhcm8zaDUzUEhtNW5NVmMwemU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mYWI5MTgtOGY0ZC00ZWRlLWJhZDEtMzFiOTUwMjcwNTM2
LzEvQnBDUlBidnUydDNwWGM1SEJGSmloT2V1Zk1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7bSMA0G
CSqGSIb3DQEBCwUAA4IBAQBEy9Pw3cB0hiB1rkZThw9ppisENoI3Qew0a6TJrsWK
H4ijTSEMCLa/70F6Bf/4NE8eELJgmm9UTALGBS4gnZQhuj4VUCzKgusibVmXVsXJ
Hkx/aDONvfkqzjb6CF2i6M2cql8CUB7VVzKWWElPgBbIJqLoRmOF2mkrv5u6lApI
cwWLqRyFf6QwcR4j0hRbwNu8lYirNKaZs/nMI4Xxkfmiy8e45d37QbMcIIc5DaiI
yO5vqZflRRqpxrzaunS/2EQc5oiW1bfz98jjCnDAqub7kWCM7Y64qkj7BFqRPmQa
J0fHy6784S3kOtNGH2bCfZSo/SuOn2ZUW5PTX4IR69qn
-----END CERTIFICATE-----