Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/VSH0MxUB9hpd5jTleyQgB7gasp4.roa
File:                     VSH0MxUB9hpd5jTleyQgB7gasp4.roa (raw, json)
Hash identifier:          NuwcJtOhFquv8DMV/LKpniRYEy0vWEv8hIuQPYXkMY4=
Subject key identifier:   55:21:F4:33:15:01:F6:1A:5D:E6:34:E5:7B:24:20:07:B8:1A:B2:9E
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC8324BECADF18C2FDF0D1FD42B1D0
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/VSH0MxUB9hpd5jTleyQgB7gasp4.roa
Signing time:             Mon 01 Jan 2024 16:30:12 +0000
ROA not before:           Mon 01 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1100
IP address blocks:        147.189.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:83:24:be:ca:df:18:c2:fd:f0:d1:fd:42:b1:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5521f4331501f61a5de634e57b242007b81ab29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6b:e7:7a:ce:62:d8:3b:a5:e3:7b:fe:02:85:
                    f7:07:7c:12:4b:38:2b:f9:20:ef:87:72:50:f4:26:
                    50:cb:5e:38:11:9a:61:08:28:4a:51:f9:9a:7a:80:
                    5c:ee:e6:41:11:af:e4:bb:82:8f:6c:98:32:65:aa:
                    44:c0:08:3f:7d:99:d6:88:a0:02:d4:c7:e5:a6:c0:
                    ad:b2:2e:d5:00:83:bb:08:fd:6b:ea:9b:f6:81:5a:
                    db:57:ee:7e:bf:0e:c1:10:72:6d:41:03:9a:80:71:
                    c4:6e:12:c7:19:47:d1:17:39:90:69:a9:c0:32:9e:
                    d2:2e:78:31:27:6a:55:d2:d4:4d:e0:f2:d7:9a:18:
                    27:5a:4f:16:b5:c7:c7:36:48:35:26:28:69:71:3b:
                    3f:02:74:e6:a2:99:e2:a6:b5:08:8f:37:e4:f9:49:
                    77:85:7c:67:66:e9:d3:bf:ab:83:27:f0:da:f3:25:
                    f8:82:60:81:44:fc:91:87:e6:ec:14:05:8d:25:6e:
                    ff:ae:3f:8f:dd:90:ec:ba:55:0c:6f:b5:45:5e:5e:
                    d1:36:b2:9e:f1:50:5d:2e:cc:f3:e0:f2:39:94:55:
                    8b:e3:24:71:04:ab:3a:e9:e9:41:0a:bc:36:90:50:
                    9a:27:e9:01:27:a2:8c:09:81:36:25:d5:89:2c:ac:
                    8e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:21:F4:33:15:01:F6:1A:5D:E6:34:E5:7B:24:20:07:B8:1A:B2:9E
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/VSH0MxUB9hpd5jTleyQgB7gasp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:e4:92:6b:47:72:70:7c:f2:df:ec:17:61:77:fe:db:2d:b1:
         95:0c:94:01:76:d4:2b:f2:10:b4:4c:b6:4b:da:e6:eb:bd:16:
         be:75:7f:de:20:cc:8e:02:35:7f:66:01:bb:82:ab:4a:f4:c7:
         b9:d5:1d:34:3c:48:4e:42:b8:85:44:e7:98:e1:fa:15:6b:24:
         68:ec:8b:c5:7f:ea:85:fc:75:2d:32:48:b2:3c:3b:db:8e:36:
         e5:9b:fd:75:14:80:b0:15:ce:d9:dc:28:4e:ef:a8:ca:8b:88:
         01:28:ac:f6:12:93:83:74:4d:43:d6:a8:02:d8:1a:b6:0b:6e:
         b9:02:9a:8d:e8:84:df:af:d8:3b:96:e3:d8:19:6f:88:29:8a:
         af:92:93:c9:6b:8a:a5:b1:92:32:21:26:12:eb:16:34:4e:5e:
         e4:a4:ec:06:63:e3:6a:64:81:9d:26:7b:4f:27:e2:5c:0e:30:
         0d:05:b8:06:7b:9c:a3:74:f5:6a:de:be:24:40:f5:42:07:1d:
         e3:77:28:a4:8d:04:9a:4c:98:f2:52:a7:db:19:30:02:b3:04:
         b9:63:81:32:f8:1e:ec:a7:1f:5b:ff:47:61:1c:82:31:76:d6:
         8d:97:16:25:82:58:6e:21:43:8e:b8:d7:16:96:be:44:36:e4:
         00:1d:b0:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3IMkvsrfGML98NH9QrHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTIxZjQzMzE1MDFmNjFhNWRlNjM0ZTU3YjI0MjAwN2I4MWFiMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmvnes5i2Dul43v+AoX3B3wSSzgr
+SDvh3JQ9CZQy144EZphCChKUfmaeoBc7uZBEa/ku4KPbJgyZapEwAg/fZnWiKAC
1MflpsCtsi7VAIO7CP1r6pv2gVrbV+5+vw7BEHJtQQOagHHEbhLHGUfRFzmQaanA
Mp7SLngxJ2pV0tRN4PLXmhgnWk8WtcfHNkg1JihpcTs/AnTmopniprUIjzfk+Ul3
hXxnZunTv6uDJ/Da8yX4gmCBRPyRh+bsFAWNJW7/rj+P3ZDsulUMb7VFXl7RNrKe
8VBdLszz4PI5lFWL4yRxBKs66elBCrw2kFCaJ+kBJ6KMCYE2JdWJLKyOxQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFUh9DMVAfYaXeY05XskIAe4GrKeMB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL1ZTSDBNeFVCOWhwZDVqVGxleVFnQjdnYXNwNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTvYow
DQYJKoZIhvcNAQELBQADggEBAEnkkmtHcnB88t/sF2F3/tstsZUMlAF21CvyELRM
tkva5uu9Fr51f94gzI4CNX9mAbuCq0r0x7nVHTQ8SE5CuIVE55jh+hVrJGjsi8V/
6oX8dS0ySLI8O9uONuWb/XUUgLAVztncKE7vqMqLiAEorPYSk4N0TUPWqALYGrYL
brkCmo3ohN+v2DuW49gZb4gpiq+Sk8lriqWxkjIhJhLrFjROXuSk7AZj42pkgZ0m
e08n4lwOMA0FuAZ7nKN09WreviRA9UIHHeN3KKSNBJpMmPJSp9sZMAKzBLljgTL4
HuynH1v/R2EcgjF21o2XFiWCWG4hQ4641xaWvkQ25AAdsMY=
-----END CERTIFICATE-----