Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/VjmuLWzBz7YQVwCEDi84TVQnjK4.roa
File:                     VjmuLWzBz7YQVwCEDi84TVQnjK4.roa (raw, json)
Hash identifier:          z9/LnUO+4K/nbPijynTJA28FMpthXMmfWwHCUNiVlsQ=
Subject key identifier:   56:39:AE:2D:6C:C1:CF:B6:10:57:00:84:0E:2F:38:4D:54:27:8C:AE
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       018CC9BCA49440795041CC457FDC2689BC05
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/VjmuLWzBz7YQVwCEDi84TVQnjK4.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209269
IP address blocks:        188.125.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a4:94:40:79:50:41:cc:45:7f:dc:26:89:bc:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5639ae2d6cc1cfb6105700840e2f384d54278cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1e:b1:a0:15:f2:a4:b3:db:06:c4:63:fa:51:
                    12:ea:77:4a:ee:57:df:59:04:75:44:67:2f:a9:c7:
                    5a:92:a8:01:55:e2:77:46:01:f7:29:81:57:2d:3b:
                    04:75:d5:c0:51:2e:55:95:ed:c7:76:78:11:c3:72:
                    a3:dc:0c:aa:10:4b:37:fe:9e:36:52:b2:b9:21:50:
                    55:1a:03:25:87:a3:15:24:66:0c:47:d9:de:71:47:
                    79:4a:69:b7:6c:78:9f:aa:e2:29:1b:39:53:5f:fb:
                    f3:c3:18:0d:fc:da:5b:13:cf:52:36:69:a1:21:0b:
                    4f:87:65:8f:6f:d0:2d:fe:2b:f4:fa:f5:ed:0a:8e:
                    6c:d4:3b:90:92:c5:cd:95:11:6f:67:2c:e1:3c:31:
                    fd:13:04:59:a9:87:39:9e:77:86:07:fc:dc:a2:30:
                    f2:0e:77:59:ed:66:77:1b:73:6a:5d:59:dd:6b:fe:
                    4d:2a:40:c1:58:88:35:14:04:4d:dd:0b:05:18:8f:
                    14:1d:40:3b:06:9f:aa:76:c5:fd:1a:08:09:b6:94:
                    6e:d3:ef:96:29:28:60:be:89:3f:99:18:21:1a:6e:
                    71:af:81:f1:e3:7b:94:d4:53:3b:b3:89:25:a1:e0:
                    88:03:bc:a8:3d:4a:04:78:a9:33:2d:ef:ff:1b:36:
                    15:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:39:AE:2D:6C:C1:CF:B6:10:57:00:84:0E:2F:38:4D:54:27:8C:AE
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/VjmuLWzBz7YQVwCEDi84TVQnjK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:03:50:97:7d:ff:26:ae:49:52:41:d9:bf:f0:f4:e4:f5:
         70:aa:1e:71:3a:3d:b2:a6:2b:1a:70:67:a3:a9:9d:cd:88:84:
         fa:fb:ee:85:93:1a:be:35:0e:6a:bb:43:b6:0d:9d:3e:38:a9:
         2f:a3:f1:7b:0f:02:8a:a9:56:62:a1:9d:b8:09:4d:b8:fb:9b:
         2b:c0:15:8e:f4:3d:6c:e5:63:62:47:cd:7e:b4:cf:a2:97:39:
         12:cf:6f:70:cc:cc:7d:8b:01:39:ab:88:95:d8:9e:a0:07:e4:
         99:bd:8a:8f:76:b1:e2:c9:fb:80:1a:d6:25:99:40:8a:a7:7e:
         b9:b6:46:13:6f:6a:e9:c8:60:b8:07:32:5b:fb:0d:36:e3:8d:
         56:a9:1d:86:18:b2:46:73:c7:43:f8:80:12:54:ad:36:69:1c:
         34:82:cb:dc:b1:3c:3b:33:21:31:07:e1:5d:e6:e2:73:f6:fd:
         dd:19:cd:3a:bc:5c:8a:5b:31:63:4b:c3:e6:c3:cd:ba:a0:48:
         1c:f7:14:3d:4d:f0:c3:b2:1b:a0:2f:03:74:e2:c2:f4:b6:1c:
         f2:7e:76:e3:4a:2a:1d:a0:a6:b5:80:2b:dd:7e:df:ce:ed:75:
         5a:00:c0:3b:e6:ba:7f:e0:b9:14:54:60:83:af:64:e8:fa:3a:
         79:18:74:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKSUQHlQQcxFf9wmibwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjM5YWUyZDZjYzFjZmI2MTA1NzAwODQwZTJmMzg0ZDU0Mjc4Y2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjB6xoBXypLPbBsRj+lES6ndK7lff
WQR1RGcvqcdakqgBVeJ3RgH3KYFXLTsEddXAUS5Vle3HdngRw3Kj3AyqEEs3/p42
UrK5IVBVGgMlh6MVJGYMR9necUd5Smm3bHifquIpGzlTX/vzwxgN/NpbE89SNmmh
IQtPh2WPb9At/iv0+vXtCo5s1DuQksXNlRFvZyzhPDH9EwRZqYc5nneGB/zcojDy
DndZ7WZ3G3NqXVnda/5NKkDBWIg1FARN3QsFGI8UHUA7Bp+qdsX9GggJtpRu0++W
KShgvok/mRghGm5xr4Hx43uU1FM7s4kloeCIA7yoPUoEeKkzLe//GzYVdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFY5ri1swc+2EFcAhA4vOE1UJ4yuMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvVmptdUxXekJ6N1lRVndDRURpODRUVlFuaks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2eMA0G
CSqGSIb3DQEBCwUAA4IBAQBcrgNQl33/Jq5JUkHZv/D05PVwqh5xOj2ypisacGej
qZ3NiIT6++6Fkxq+NQ5qu0O2DZ0+OKkvo/F7DwKKqVZioZ24CU24+5srwBWO9D1s
5WNiR81+tM+ilzkSz29wzMx9iwE5q4iV2J6gB+SZvYqPdrHiyfuAGtYlmUCKp365
tkYTb2rpyGC4BzJb+w02441WqR2GGLJGc8dD+IASVK02aRw0gsvcsTw7MyExB+Fd
5uJz9v3dGc06vFyKWzFjS8Pmw826oEgc9xQ9TfDDshugLwN04sL0thzyfnbjSiod
oKa1gCvdft/O7XVaAMA75rp/4LkUVGCDr2To+jp5GHTw
-----END CERTIFICATE-----