Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/VhPSTSBOgtIHUZf9s-YyFv4T6_w.roa
File:                     VhPSTSBOgtIHUZf9s-YyFv4T6_w.roa (raw, json)
Hash identifier:          TG2G8OFQRXRVHv6FrThOeEO4+fMK3bSevDqVIvvp4CQ=
Subject key identifier:   56:13:D2:4D:20:4E:82:D2:07:51:97:FD:B3:E6:32:16:FE:13:EB:FC
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFE9CFEC871E8C7C6ECF3BB2348BC
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/VhPSTSBOgtIHUZf9s-YyFv4T6_w.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46562
IP address blocks:        193.37.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:9c:fe:c8:71:e8:c7:c6:ec:f3:bb:23:48:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5613d24d204e82d2075197fdb3e63216fe13ebfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:85:34:d9:ab:c6:68:a4:ff:91:ce:d9:cd:bc:
                    6e:c1:bf:25:5f:ce:97:36:15:6b:f6:07:74:ab:df:
                    07:f1:27:16:c2:6e:91:31:df:91:c9:a9:aa:26:71:
                    62:12:20:5c:35:9a:15:24:ee:95:ab:a2:c8:95:a4:
                    0f:df:d6:f2:38:df:9b:09:c2:89:55:dc:44:96:ba:
                    6f:05:8e:6a:88:a2:06:71:42:a1:79:f6:a6:9e:4f:
                    39:b1:42:8c:b4:a6:eb:84:d8:2e:9d:3c:2c:39:3a:
                    b1:75:e6:8a:00:3c:d1:91:bc:ec:56:28:23:ca:7a:
                    be:b7:71:82:98:5e:22:f3:4f:77:8c:da:62:6b:b6:
                    4c:50:30:7d:43:05:65:0c:06:d0:3e:8b:be:b6:63:
                    c4:e1:7f:55:03:96:d0:e6:98:2d:be:3e:78:41:04:
                    52:1f:17:c0:88:d9:bc:63:c9:90:bd:2c:71:2c:4f:
                    a4:32:71:16:b3:cb:cb:53:0b:99:d7:b0:88:34:74:
                    6b:c2:91:4f:96:89:bc:5b:70:d5:38:02:66:da:cc:
                    7d:f4:20:52:79:f4:e1:9e:f1:d2:3f:41:81:80:7e:
                    1f:bf:26:b1:1d:55:2a:df:60:fa:2b:53:60:da:5b:
                    df:45:ce:aa:90:cb:a6:d9:13:b2:da:fb:37:5f:72:
                    23:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:13:D2:4D:20:4E:82:D2:07:51:97:FD:B3:E6:32:16:FE:13:EB:FC
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/VhPSTSBOgtIHUZf9s-YyFv4T6_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:57:b1:8b:3a:a6:92:d5:e3:7c:c4:b6:f6:4b:7f:2c:9d:dc:
         b6:53:40:93:ee:6f:63:2e:ff:fb:e5:17:a8:33:b0:23:05:40:
         6f:1b:92:b2:34:99:e6:7a:48:65:e0:36:0d:84:e9:e6:fa:9c:
         3d:33:2b:09:ef:8f:cf:13:b8:46:8f:cc:bb:9a:49:e3:d7:8f:
         3f:32:19:85:1b:bd:1d:dd:2d:52:d6:1d:a3:23:77:88:bf:ce:
         5d:b1:90:bd:c2:44:9c:39:05:b7:a8:a7:3f:11:27:6b:cd:92:
         f7:ec:04:7e:2c:a3:6c:e7:d7:54:31:24:00:ba:44:11:74:af:
         3b:54:0b:86:55:80:bc:06:b3:47:9e:f7:b7:14:af:71:de:cd:
         5a:9a:0a:e9:75:93:91:a4:d3:74:c9:2e:23:5e:60:53:a3:8f:
         a6:8b:ea:c4:4a:ee:ff:5b:ec:dd:a5:54:d3:69:88:83:6c:63:
         56:31:e0:b7:05:b1:a8:f4:ee:e7:d2:a4:dd:2e:e2:a8:a3:01:
         6b:0c:e3:47:c5:82:24:77:2f:90:33:fa:f1:83:2d:ec:19:57:
         5a:ec:cd:b5:b0:44:43:a4:ef:b9:9e:3d:c8:b0:b3:20:f6:54:
         8d:99:a7:fe:5b:6d:b9:5c:29:1b:08:41:42:f2:6d:a4:13:90:
         f3:da:a3:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf6c/shx6MfG7PO7I0i8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjEzZDI0ZDIwNGU4MmQyMDc1MTk3ZmRiM2U2MzIxNmZlMTNlYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIU02avGaKT/kc7Zzbxuwb8lX86X
NhVr9gd0q98H8ScWwm6RMd+RyamqJnFiEiBcNZoVJO6Vq6LIlaQP39byON+bCcKJ
VdxElrpvBY5qiKIGcUKhefamnk85sUKMtKbrhNgunTwsOTqxdeaKADzRkbzsVigj
ynq+t3GCmF4i8093jNpia7ZMUDB9QwVlDAbQPou+tmPE4X9VA5bQ5pgtvj54QQRS
HxfAiNm8Y8mQvSxxLE+kMnEWs8vLUwuZ17CINHRrwpFPlom8W3DVOAJm2sx99CBS
efThnvHSP0GBgH4fvyaxHVUq32D6K1Ng2lvfRc6qkMum2ROy2vs3X3IjoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYT0k0gToLSB1GX/bPmMhb+E+v8MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvVmhQU1RTQk9ndElIVVpmOXMtWXlGdjRUNl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXHMA0G
CSqGSIb3DQEBCwUAA4IBAQAjV7GLOqaS1eN8xLb2S38sndy2U0CT7m9jLv/75Reo
M7AjBUBvG5KyNJnmekhl4DYNhOnm+pw9MysJ74/PE7hGj8y7mknj148/MhmFG70d
3S1S1h2jI3eIv85dsZC9wkScOQW3qKc/ESdrzZL37AR+LKNs59dUMSQAukQRdK87
VAuGVYC8BrNHnve3FK9x3s1amgrpdZORpNN0yS4jXmBTo4+mi+rESu7/W+zdpVTT
aYiDbGNWMeC3BbGo9O7n0qTdLuKoowFrDONHxYIkdy+QM/rxgy3sGVda7M21sERD
pO+5nj3IsLMg9lSNmaf+W225XCkbCEFC8m2kE5Dz2qMz
-----END CERTIFICATE-----