Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/vkCuASlPIQYhvvG-J4vmgBfe0L8.roa
File:                     vkCuASlPIQYhvvG-J4vmgBfe0L8.roa (raw, json)
Hash identifier:          W2iLF7ZYNIgPwTocWi9/YyA2QpCLfC5wq7OKWmjbYqY=
Subject key identifier:   BE:40:AE:01:29:4F:21:06:21:BE:F1:BE:27:8B:E6:80:17:DE:D0:BF
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADFEF9689B7F1481BC3B903CEAE19
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/vkCuASlPIQYhvvG-J4vmgBfe0L8.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58329
IP address blocks:        45.155.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:df:ef:96:89:b7:f1:48:1b:c3:b9:03:ce:ae:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be40ae01294f210621bef1be278be68017ded0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:eb:d2:01:fc:ec:12:2e:40:a4:a4:50:f7:2f:
                    da:16:59:50:c7:0b:84:30:51:e9:e6:9b:71:a7:34:
                    18:12:2c:40:38:af:ba:c4:a7:2f:f5:8b:7d:cb:d5:
                    5d:a5:3a:b4:fa:88:de:a6:ce:9f:e1:2a:a1:b1:60:
                    58:d4:c8:e7:02:4b:fc:ff:a9:41:07:7c:3c:24:e4:
                    b3:22:ed:40:ed:4d:ac:69:2d:50:e3:7e:13:a4:73:
                    96:84:ab:99:0c:85:a5:e4:2e:a9:97:b8:51:39:59:
                    5f:f6:a0:d5:88:7c:93:3d:08:2b:84:e1:dc:9e:a9:
                    9f:ee:96:a9:a6:f1:45:00:f2:32:a9:3f:9d:2a:84:
                    36:13:bd:2a:78:9e:5c:44:0d:0f:5c:c7:fb:a2:bf:
                    fb:7d:41:27:71:ac:7d:cb:5d:1a:1f:cb:20:f9:b2:
                    f3:a0:22:1c:87:dd:7c:c5:91:73:35:53:a5:be:46:
                    e1:78:7e:fb:3b:f1:a7:28:e5:7c:ce:34:dc:eb:52:
                    ef:b1:2e:99:0f:8e:fb:4f:60:b5:70:ef:c2:37:5a:
                    2e:98:e4:be:ed:c8:b8:87:32:43:12:ba:c1:5f:58:
                    29:b1:56:5d:e2:97:2b:fa:0b:a8:32:86:b9:1e:7c:
                    b1:a6:9d:a8:05:1b:4b:a7:f0:f7:dc:05:87:33:a4:
                    36:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:40:AE:01:29:4F:21:06:21:BE:F1:BE:27:8B:E6:80:17:DE:D0:BF
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/vkCuASlPIQYhvvG-J4vmgBfe0L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a4:54:c4:51:9e:84:f9:5d:97:12:f7:a1:09:39:53:3b:f4:
         e8:c9:c9:fa:d6:38:59:c8:36:84:cb:85:fa:20:8e:fe:a8:13:
         ae:90:e3:da:63:f7:ed:87:f6:1d:7b:7d:31:bf:73:f6:2b:53:
         2e:77:d3:24:ce:ad:c1:af:d5:77:a8:84:f9:1c:9b:31:b1:41:
         58:ce:27:22:b7:3a:ca:42:59:34:9b:cd:be:d9:30:f1:c8:96:
         12:9a:00:34:d9:bd:88:b3:b3:9b:39:a1:f2:58:fe:4d:f0:80:
         29:c2:17:37:2c:cd:45:3e:31:ad:e4:3c:7e:af:6e:4d:f5:eb:
         66:48:2b:48:c1:ae:6c:92:b6:09:ff:da:b9:00:61:d4:b4:ac:
         ca:e7:21:94:eb:ef:4a:cc:fb:d9:8d:86:ff:39:fb:3b:70:96:
         29:69:32:74:73:fc:5a:a4:83:09:19:ae:7f:54:f3:a8:33:3e:
         e4:a8:bc:4d:0e:10:76:81:97:c7:1b:8c:14:28:f4:6d:8d:f9:
         d5:82:87:35:ff:d3:04:38:4c:45:2a:ac:27:bc:3c:33:44:a7:
         88:30:74:86:61:76:32:ea:73:a1:58:2e:d3:c7:c8:8d:8d:6d:
         2a:00:cb:ff:92:94:d0:09:55:17:f1:4e:df:58:d4:ea:b0:9f:
         4f:7b:71:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt/vlom38Ugbw7kDzq4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQwYWUwMTI5NGYyMTA2MjFiZWYxYmUyNzhiZTY4MDE3ZGVkMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+vSAfzsEi5ApKRQ9y/aFllQxwuE
MFHp5ptxpzQYEixAOK+6xKcv9Yt9y9VdpTq0+ojeps6f4SqhsWBY1MjnAkv8/6lB
B3w8JOSzIu1A7U2saS1Q434TpHOWhKuZDIWl5C6pl7hROVlf9qDViHyTPQgrhOHc
nqmf7pappvFFAPIyqT+dKoQ2E70qeJ5cRA0PXMf7or/7fUEncax9y10aH8sg+bLz
oCIch918xZFzNVOlvkbheH77O/GnKOV8zjTc61LvsS6ZD477T2C1cO/CN1oumOS+
7ci4hzJDErrBX1gpsVZd4pcr+guoMoa5Hnyxpp2oBRtLp/D33AWHM6Q2VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5ArgEpTyEGIb7xvieL5oAX3tC/MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvdmtDdUFTbFBJUVlodnZHLUo0dm1nQmZlMEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv5MA0G
CSqGSIb3DQEBCwUAA4IBAQBYpFTEUZ6E+V2XEvehCTlTO/Toycn61jhZyDaEy4X6
II7+qBOukOPaY/fth/Yde30xv3P2K1Mud9Mkzq3Br9V3qIT5HJsxsUFYzicitzrK
Qlk0m82+2TDxyJYSmgA02b2Is7ObOaHyWP5N8IApwhc3LM1FPjGt5Dx+r25N9etm
SCtIwa5skrYJ/9q5AGHUtKzK5yGU6+9KzPvZjYb/Ofs7cJYpaTJ0c/xapIMJGa5/
VPOoMz7kqLxNDhB2gZfHG4wUKPRtjfnVgoc1/9MEOExFKqwnvDwzRKeIMHSGYXYy
6nOhWC7Tx8iNjW0qAMv/kpTQCVUX8U7fWNTqsJ9Pe3G7
-----END CERTIFICATE-----