Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/vM1WUwzY3Cet4_TphiQa3tyVQvc.roa
File:                     vM1WUwzY3Cet4_TphiQa3tyVQvc.roa (raw, json)
Hash identifier:          6qjse0fx1YyHFms8jwQf08ctUZN7GNJGD35LTdYd03g=
Subject key identifier:   BC:CD:56:53:0C:D8:DC:27:AD:E3:F4:E9:86:24:1A:DE:DC:95:42:F7
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       018CC50123B93B575C056E01A7A803B6C9CE
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/vM1WUwzY3Cet4_TphiQa3tyVQvc.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49171
IP address blocks:        194.61.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:23:b9:3b:57:5c:05:6e:01:a7:a8:03:b6:c9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bccd56530cd8dc27ade3f4e986241adedc9542f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:07:88:27:cd:22:fd:b5:45:c2:0b:a8:de:a8:
                    88:78:93:b1:9c:8e:d1:63:df:93:94:19:da:b9:3d:
                    42:6b:9c:8d:16:c6:8e:48:8c:0a:66:29:86:50:c1:
                    17:1d:9c:a6:ae:57:b4:3b:97:53:80:c3:02:71:da:
                    f9:9e:29:42:e2:01:de:3c:16:ed:08:6f:f5:57:02:
                    48:03:a2:54:d7:2c:95:5f:24:de:31:73:49:e0:9f:
                    6c:28:16:4f:d5:84:0b:91:a0:9b:eb:fb:83:84:15:
                    15:d8:1c:84:ab:a8:69:79:8f:4b:40:07:3b:68:02:
                    5c:44:8b:aa:6d:38:f5:02:42:db:fb:5a:49:2f:79:
                    86:fb:1e:fb:88:ef:1f:50:d3:7d:c0:5a:d3:c5:1b:
                    92:c7:ac:04:24:2c:39:88:00:e2:63:c6:fb:58:5e:
                    79:e7:cd:88:15:76:d0:30:e1:33:df:eb:00:55:ef:
                    6a:13:c0:1e:f9:13:0e:c2:dc:f6:4d:32:99:2d:6f:
                    4b:54:5b:47:90:56:fd:ca:90:a7:f3:52:51:87:10:
                    73:31:91:f4:26:2d:7f:2c:1b:07:fb:6a:e0:97:77:
                    47:ec:fc:31:33:6a:4a:6c:3a:26:7b:b8:4b:e3:22:
                    8e:2e:72:49:cd:af:84:69:64:3a:02:f3:37:43:27:
                    b7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:CD:56:53:0C:D8:DC:27:AD:E3:F4:E9:86:24:1A:DE:DC:95:42:F7
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/vM1WUwzY3Cet4_TphiQa3tyVQvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:3e:3f:4b:4d:9d:b1:93:24:a5:eb:9a:b3:18:18:11:03:ea:
         d4:69:8c:50:90:b3:92:f4:97:b6:87:81:9e:12:8e:d7:5e:a9:
         f3:2b:e3:4c:d6:79:33:9c:f1:ca:8b:58:c0:fd:dd:59:e8:af:
         c4:68:ae:ca:61:b4:46:21:ca:52:e3:96:20:82:54:00:13:20:
         b2:f8:31:31:90:8b:b9:e3:87:eb:e9:d4:7a:08:f4:73:88:90:
         34:d4:c6:29:d7:98:a5:ce:cc:27:df:50:37:6d:b0:84:6f:98:
         63:be:ce:18:78:05:56:03:d8:cc:06:5c:f2:2e:54:ee:5f:86:
         43:15:db:ff:8b:6f:9a:78:88:35:23:dc:0a:df:d9:7a:f4:d4:
         fa:ca:51:c3:43:01:bd:f7:85:75:c8:8b:a4:b3:06:7d:2f:78:
         03:b0:0d:d9:10:c7:b7:35:4c:87:cd:d7:dd:e4:97:a5:eb:2d:
         ca:eb:3d:3a:6a:7d:e8:07:af:93:aa:29:61:82:12:34:f2:3e:
         ca:de:ea:e2:5d:9d:fd:92:ae:d9:0b:7e:c5:19:ce:09:c7:5a:
         43:aa:e0:fb:a9:9c:5c:47:6d:cd:93:38:e9:ce:fe:3f:9c:95:
         ca:5a:74:6d:54:32:45:f3:b5:8c:82:df:ca:c3:c2:6a:18:9d:
         52:4f:9d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASO5O1dcBW4Bp6gDtsnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2NkNTY1MzBjZDhkYzI3YWRlM2Y0ZTk4NjI0MWFkZWRjOTU0MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQeIJ80i/bVFwguo3qiIeJOxnI7R
Y9+TlBnauT1Ca5yNFsaOSIwKZimGUMEXHZymrle0O5dTgMMCcdr5nilC4gHePBbt
CG/1VwJIA6JU1yyVXyTeMXNJ4J9sKBZP1YQLkaCb6/uDhBUV2ByEq6hpeY9LQAc7
aAJcRIuqbTj1AkLb+1pJL3mG+x77iO8fUNN9wFrTxRuSx6wEJCw5iADiY8b7WF55
582IFXbQMOEz3+sAVe9qE8Ae+RMOwtz2TTKZLW9LVFtHkFb9ypCn81JRhxBzMZH0
Ji1/LBsH+2rgl3dH7PwxM2pKbDome7hL4yKOLnJJza+EaWQ6AvM3Qye37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzNVlMM2NwnreP06YYkGt7clUL3MB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvdk0xV1V3elkzQ2V0NF9UcGhpUWEzdHlWUXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1TMA0G
CSqGSIb3DQEBCwUAA4IBAQAQPj9LTZ2xkySl65qzGBgRA+rUaYxQkLOS9Je2h4Ge
Eo7XXqnzK+NM1nkznPHKi1jA/d1Z6K/EaK7KYbRGIcpS45YgglQAEyCy+DExkIu5
44fr6dR6CPRziJA01MYp15ilzswn31A3bbCEb5hjvs4YeAVWA9jMBlzyLlTuX4ZD
Fdv/i2+aeIg1I9wK39l69NT6ylHDQwG994V1yIukswZ9L3gDsA3ZEMe3NUyHzdfd
5Jel6y3K6z06an3oB6+TqilhghI08j7K3uriXZ39kq7ZC37FGc4Jx1pDquD7qZxc
R23Nkzjpzv4/nJXKWnRtVDJF87WMgt/Kw8JqGJ1ST519
-----END CERTIFICATE-----