Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/Vf14MAvAMXxK7x8IiBZ_RdGWu1c.roa
File:                     Vf14MAvAMXxK7x8IiBZ_RdGWu1c.roa (raw, json)
Hash identifier:          WCIoZHKuOG5Z5VpBlRDrM962LR1pcGz1eETxqlMjmTw=
Subject key identifier:   55:FD:78:30:0B:C0:31:7C:4A:EF:1F:08:88:16:7F:45:D1:96:BB:57
Certificate issuer:       /CN=d0f4fa80758753b243a2165eddea75dbeee826c4
Certificate serial:       018CC3B6F12D1A300EC0F19359E095E789EA
Authority key identifier: D0:F4:FA:80:75:87:53:B2:43:A2:16:5E:DD:EA:75:DB:EE:E8:26:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PT6gHWHU7JDohZe3ep12-7oJsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/Vf14MAvAMXxK7x8IiBZ_RdGWu1c.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        185.255.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/0PT6gHWHU7JDohZe3ep12-7oJsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/0PT6gHWHU7JDohZe3ep12-7oJsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PT6gHWHU7JDohZe3ep12-7oJsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f1:2d:1a:30:0e:c0:f1:93:59:e0:95:e7:89:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f4fa80758753b243a2165eddea75dbeee826c4
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55fd78300bc0317c4aef1f0888167f45d196bb57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:63:c0:29:dc:d6:02:9d:5b:e5:58:ee:7b:7b:
                    a7:61:7b:ef:8e:0b:44:8c:d0:44:07:fd:12:17:13:
                    a5:cf:ac:d3:98:0b:fb:bc:d8:11:90:56:8e:d6:8a:
                    23:b9:00:c7:1a:2a:6f:65:a2:48:ca:6e:58:76:de:
                    83:de:e9:5b:d0:bc:42:1a:5c:10:50:a1:88:e3:35:
                    7e:b5:7d:8c:fa:36:30:a2:f7:ef:8c:46:72:d1:10:
                    52:93:a2:61:1a:1b:f9:98:92:a5:4e:20:0b:8f:68:
                    0f:c1:9e:a0:4d:d9:99:14:53:fd:b4:ca:d7:25:c9:
                    49:29:00:85:82:17:79:f1:de:89:99:82:a8:79:c0:
                    37:9e:fb:d4:d4:55:1d:47:d7:a6:21:aa:21:3d:2b:
                    89:4f:f5:40:e7:12:32:9a:14:d7:de:1f:8a:61:f2:
                    dd:ea:35:51:be:34:6d:4d:89:ee:15:07:3d:33:33:
                    a1:ab:19:ae:f9:cb:6a:c9:9f:31:80:50:74:1e:f1:
                    97:45:e3:1a:9c:5f:3b:85:59:e5:2e:22:fb:a4:cc:
                    55:2b:f6:4b:32:8b:07:b0:ed:20:ce:6c:d9:fe:e0:
                    9d:fd:2c:ab:05:e4:74:bf:11:f6:ee:6f:e0:f9:49:
                    58:3c:7c:9f:bf:c7:4a:e7:e0:db:14:e3:b4:bc:ef:
                    5d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FD:78:30:0B:C0:31:7C:4A:EF:1F:08:88:16:7F:45:D1:96:BB:57
            X509v3 Authority Key Identifier:
                keyid:D0:F4:FA:80:75:87:53:B2:43:A2:16:5E:DD:EA:75:DB:EE:E8:26:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PT6gHWHU7JDohZe3ep12-7oJsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/Vf14MAvAMXxK7x8IiBZ_RdGWu1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca5c19-e496-49e8-8b93-72a1f37719bb/1/0PT6gHWHU7JDohZe3ep12-7oJsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:fe:3b:16:ca:e8:e5:dd:6c:dd:96:f8:b3:4e:ea:8e:d1:71:
         cf:c2:a0:1e:65:75:26:ce:f1:52:eb:c4:ea:31:eb:d6:a9:3e:
         88:99:97:e6:b5:6a:6d:ad:8d:61:25:fb:b7:8a:d1:17:9a:ed:
         7e:1a:a8:bc:24:8b:61:f2:18:e9:10:1e:59:76:bb:a3:02:85:
         bb:64:a4:f5:6e:6c:c9:04:7f:fc:93:d0:28:20:2e:34:c5:48:
         ab:7c:3f:54:e7:69:0d:da:4b:eb:f9:87:e4:04:68:9d:46:b9:
         92:e3:5c:dd:39:89:19:a5:64:19:a4:55:91:2b:88:24:a3:e9:
         ba:36:3b:d6:ec:51:df:cb:0d:a1:49:b4:cc:6c:3c:37:4d:da:
         43:71:53:12:8c:36:55:bf:f9:a7:44:49:89:8a:33:9c:10:97:
         78:a3:23:32:84:43:14:42:f2:4a:52:f6:6c:0b:be:fc:51:5a:
         2f:9a:3f:c3:cf:d7:c4:16:97:cf:59:60:ab:63:ea:29:1e:78:
         07:2d:d7:9b:cc:6e:b9:ee:43:3d:97:01:75:91:a8:14:ce:05:
         f0:7c:97:91:84:24:15:74:d6:06:2d:89:a1:4d:e2:1f:0d:69:
         fd:67:1b:2e:7d:1a:98:d2:7f:0c:45:13:30:9e:a6:1d:1b:18:
         60:82:87:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvEtGjAOwPGTWeCV54nqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjRmYTgwNzU4NzUzYjI0M2EyMTY1ZWRkZWE3NWRiZWVl
ODI2YzQwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZkNzgzMDBiYzAzMTdjNGFlZjFmMDg4ODE2N2Y0NWQxOTZiYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GPAKdzWAp1b5Vjue3unYXvvjgtE
jNBEB/0SFxOlz6zTmAv7vNgRkFaO1oojuQDHGipvZaJIym5Ydt6D3ulb0LxCGlwQ
UKGI4zV+tX2M+jYwovfvjEZy0RBSk6JhGhv5mJKlTiALj2gPwZ6gTdmZFFP9tMrX
JclJKQCFghd58d6JmYKoecA3nvvU1FUdR9emIaohPSuJT/VA5xIymhTX3h+KYfLd
6jVRvjRtTYnuFQc9MzOhqxmu+ctqyZ8xgFB0HvGXReManF87hVnlLiL7pMxVK/ZL
MosHsO0gzmzZ/uCd/SyrBeR0vxH27m/g+UlYPHyfv8dK5+DbFOO0vO9dwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFX9eDALwDF8Su8fCIgWf0XRlrtXMB8GA1UdIwQY
MBaAFND0+oB1h1OyQ6IWXt3qddvu6CbEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBUNmdIV0hVN0pEb2haZTNlcDEyLTdvSnNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9jYTVjMTktZTQ5Ni00OWU4LThiOTMt
NzJhMWYzNzcxOWJiLzEvVmYxNE1BdkFNWHhLN3g4SWlCWl9SZEdXdTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9jYTVjMTktZTQ5Ni00OWU4LThiOTMtNzJhMWYzNzcxOWJi
LzEvMFBUNmdIV0hVN0pEb2haZTNlcDEyLTdvSnNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf+KMA0G
CSqGSIb3DQEBCwUAA4IBAQAL/jsWyujl3WzdlvizTuqO0XHPwqAeZXUmzvFS68Tq
MevWqT6ImZfmtWptrY1hJfu3itEXmu1+Gqi8JIth8hjpEB5ZdrujAoW7ZKT1bmzJ
BH/8k9AoIC40xUirfD9U52kN2kvr+YfkBGidRrmS41zdOYkZpWQZpFWRK4gko+m6
NjvW7FHfyw2hSbTMbDw3TdpDcVMSjDZVv/mnREmJijOcEJd4oyMyhEMUQvJKUvZs
C778UVovmj/Dz9fEFpfPWWCrY+opHngHLdebzG657kM9lwF1kagUzgXwfJeRhCQV
dNYGLYmhTeIfDWn9ZxsufRqY0n8MRRMwnqYdGxhggof4
-----END CERTIFICATE-----