Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/VsqmM1Lwb8u9VCC-uw8yklWH_FM.roa
File:                     VsqmM1Lwb8u9VCC-uw8yklWH_FM.roa (raw, json)
Hash identifier:          U1fdxvj85OyelZmk4ZxuMnRtk3nZgtJb/V7y7mdLxKw=
Subject key identifier:   56:CA:A6:33:52:F0:6F:CB:BD:54:20:BE:BB:0F:32:92:55:87:FC:53
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D1E0C7A75E18F346C212F5F41226D
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/VsqmM1Lwb8u9VCC-uw8yklWH_FM.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.101.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1e:0c:7a:75:e1:8f:34:6c:21:2f:5f:41:22:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56caa63352f06fcbbd5420bebb0f32925587fc53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:00:5b:68:e0:d2:54:5c:fb:b3:69:10:8c:f7:
                    f2:b1:76:23:0c:73:78:56:fa:04:5a:86:05:7f:1b:
                    81:48:11:7d:1e:48:00:38:a6:c8:c3:e5:60:03:d8:
                    de:e1:fd:d5:52:64:da:8e:df:f4:5b:59:56:21:51:
                    c6:3d:a9:1d:c6:f8:04:1c:5d:65:14:8e:d4:e5:08:
                    6b:71:3b:53:a8:5c:fa:91:48:9e:23:83:0a:79:93:
                    c2:79:a6:49:51:22:3a:00:a2:a6:e3:b3:8b:bf:6e:
                    f2:1f:4d:2b:c8:00:ca:e9:1f:ba:c1:dc:10:5e:c1:
                    9b:20:77:d8:25:9e:09:86:ef:c7:df:dd:b8:49:4d:
                    b0:01:20:3c:d4:4e:cc:53:d1:a2:4b:b7:a1:4d:e5:
                    7e:c2:8b:19:ef:2c:d3:f3:2b:4d:fe:b6:64:d8:55:
                    a1:c5:a6:11:d7:d1:e4:9e:fe:92:57:72:d8:a7:da:
                    a9:8f:f5:c3:ba:b4:fe:15:b2:49:e9:df:3f:52:95:
                    b5:83:38:82:2b:ca:90:1b:ad:75:7b:b7:bb:8c:59:
                    d4:65:48:b0:06:87:0e:46:6e:5a:44:f6:94:ab:61:
                    12:cc:7e:8b:76:e8:3a:aa:cf:73:7b:2a:57:10:e8:
                    37:b1:f9:7f:82:15:75:ac:6f:7e:68:62:70:7e:05:
                    cb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:CA:A6:33:52:F0:6F:CB:BD:54:20:BE:BB:0F:32:92:55:87:FC:53
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/VsqmM1Lwb8u9VCC-uw8yklWH_FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:4a:3c:c9:ea:64:c8:61:30:f3:c0:61:04:ee:ed:50:70:b3:
         d5:fd:65:25:54:d7:52:b6:09:3b:6b:f3:30:c8:41:1b:5a:6e:
         bb:ef:b7:cf:97:90:e3:f5:0a:ac:ed:fd:fc:67:0f:93:06:15:
         86:f8:f0:ab:76:e1:d1:f3:77:63:56:6f:b2:63:02:d4:cb:02:
         42:f8:37:61:75:ea:40:0e:6c:2c:4f:01:80:6e:1c:eb:12:88:
         cf:f8:9b:5a:62:82:25:71:ed:af:61:4a:43:94:7c:ef:5f:fe:
         ff:71:06:8e:9f:7c:95:da:1d:84:83:b2:74:8d:49:e9:63:14:
         9a:59:04:71:f2:75:e1:58:d5:9c:46:fe:28:76:99:e0:17:33:
         40:b1:29:e5:c6:dd:9e:25:ed:13:8e:aa:ae:f3:8e:55:58:76:
         b2:41:8a:9c:44:66:78:3d:2a:d4:02:ab:51:8a:9f:b4:54:e6:
         35:78:7d:a6:76:ff:8a:ef:e9:1c:a8:8f:2e:60:7d:a1:96:36:
         9c:5a:98:75:46:8b:c0:f5:27:24:97:5d:81:94:f6:ed:ff:da:
         0d:b4:4f:a2:82:a0:ed:38:3f:0d:32:82:ec:75:29:7a:34:88:
         bb:c0:ae:3f:7b:fe:3d:7f:9d:e2:e2:0e:26:89:b7:98:29:65:
         38:2a:9a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR4MenXhjzRsIS9fQSJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmNhYTYzMzUyZjA2ZmNiYmQ1NDIwYmViYjBmMzI5MjU1ODdmYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wBbaODSVFz7s2kQjPfysXYjDHN4
VvoEWoYFfxuBSBF9HkgAOKbIw+VgA9je4f3VUmTajt/0W1lWIVHGPakdxvgEHF1l
FI7U5QhrcTtTqFz6kUieI4MKeZPCeaZJUSI6AKKm47OLv27yH00ryADK6R+6wdwQ
XsGbIHfYJZ4Jhu/H3924SU2wASA81E7MU9GiS7ehTeV+wosZ7yzT8ytN/rZk2FWh
xaYR19Hknv6SV3LYp9qpj/XDurT+FbJJ6d8/UpW1gziCK8qQG611e7e7jFnUZUiw
BocORm5aRPaUq2ESzH6Ldug6qs9zeypXEOg3sfl/ghV1rG9+aGJwfgXLeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbKpjNS8G/LvVQgvrsPMpJVh/xTMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVnNxbU0xTHdiOHU5VkNDLXV3OHlrbFdIX0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWVoMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSjzJ6mTIYTDzwGEE7u1QcLPV/WUlVNdStgk7a/Mw
yEEbWm6777fPl5Dj9Qqs7f38Zw+TBhWG+PCrduHR83djVm+yYwLUywJC+DdhdepA
DmwsTwGAbhzrEojP+JtaYoIlce2vYUpDlHzvX/7/cQaOn3yV2h2Eg7J0jUnpYxSa
WQRx8nXhWNWcRv4odpngFzNAsSnlxt2eJe0Tjqqu845VWHayQYqcRGZ4PSrUAqtR
ip+0VOY1eH2mdv+K7+kcqI8uYH2hljacWph1RovA9Sckl12BlPbt/9oNtE+igqDt
OD8NMoLsdSl6NIi7wK4/e/49f53i4g4mibeYKWU4Kpox
-----END CERTIFICATE-----