Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vTYhzm9QBHf0K7aEtWsExZUhcmE.roa
File:                     vTYhzm9QBHf0K7aEtWsExZUhcmE.roa (raw, json)
Hash identifier:          9sGrDQaxg80I52sSADmRZumsOEXVsOkJtUcFYVk8Ve8=
Subject key identifier:   BD:36:21:CE:6F:50:04:77:F4:2B:B6:84:B5:6B:04:C5:95:21:72:61
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EED240B07BA72B10EC317F0EC2E51
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vTYhzm9QBHf0K7aEtWsExZUhcmE.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        130.185.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ed:24:0b:07:ba:72:b1:0e:c3:17:f0:ec:2e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd3621ce6f500477f42bb684b56b04c595217261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:77:3b:ed:da:3f:84:07:9c:91:3e:df:dc:0b:
                    75:06:5f:f3:0b:18:64:4f:99:a6:08:6f:bb:81:0d:
                    ec:b1:a2:8a:29:fc:23:18:ef:35:4a:96:f2:cc:db:
                    30:a6:5d:ca:19:a2:c5:d4:22:81:c5:90:69:06:0f:
                    9e:5e:cf:11:4e:16:57:08:36:bd:d3:87:0f:9f:6a:
                    ee:0d:cc:1e:0b:75:06:e3:35:a8:3e:cb:e6:e5:77:
                    b2:5e:03:45:b9:ce:cf:ca:ef:3f:2a:09:1e:7b:33:
                    8a:6a:33:98:45:69:13:00:be:5a:cf:58:b7:e6:15:
                    3d:c9:89:24:f3:09:c5:54:9e:1e:c2:5e:92:00:c2:
                    1d:d7:bc:77:5a:cd:81:22:0d:e1:5f:61:41:ea:0d:
                    d7:c8:79:23:fe:59:c6:9d:bf:1d:12:42:2f:94:cf:
                    ea:1d:bf:f1:4f:ed:2c:d0:35:d6:e1:13:33:2b:62:
                    96:c8:62:77:5d:f0:2c:57:dd:bf:e2:4c:50:d7:02:
                    c1:65:8d:d7:55:f0:8d:28:8a:cc:88:d0:f4:0e:10:
                    70:c8:c8:ce:a0:6b:f3:01:21:19:96:5b:f4:78:5a:
                    bb:6f:a3:ca:7f:51:16:9b:d1:4a:68:d9:90:e1:9a:
                    d3:bb:af:c9:3e:48:fd:7e:67:f0:70:b8:43:e1:f5:
                    db:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:36:21:CE:6F:50:04:77:F4:2B:B6:84:B5:6B:04:C5:95:21:72:61
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vTYhzm9QBHf0K7aEtWsExZUhcmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:9d:a8:b7:14:cf:08:99:a9:43:ce:88:90:08:0d:a8:b9:ea:
         c0:5e:67:84:f8:e3:cd:c1:1e:1b:9f:5a:e5:3b:fc:86:a0:c9:
         e7:b1:41:3f:47:4f:98:2d:79:a1:e6:4d:f3:c3:62:fc:66:4b:
         d6:f9:be:6e:ab:84:be:9a:6e:c8:6c:c0:9e:e4:42:ec:2d:0a:
         d3:9b:e6:9b:bb:b9:6f:d8:95:89:c6:f8:a8:6d:80:b0:1a:83:
         ba:8d:62:8b:a7:fb:b8:35:84:ff:5c:2e:b3:e5:3d:e4:05:76:
         d0:a6:87:e3:83:be:18:84:31:c5:59:ce:a0:93:3c:e8:82:96:
         a9:82:49:50:a7:46:71:b6:0f:ce:a4:7a:3a:0c:f1:3a:27:0e:
         d0:ef:14:00:88:aa:1e:82:46:b1:bb:06:f2:cc:25:9b:0c:73:
         06:ba:18:14:9b:32:75:da:a7:49:ea:55:bf:c4:82:3a:62:4b:
         5d:90:e7:df:26:4e:25:39:ca:78:17:fb:88:e2:2b:35:2e:cf:
         c3:d8:5b:ce:c0:85:47:ff:61:e3:39:70:72:a2:6d:7f:3a:e2:
         92:b1:d2:9c:56:81:70:93:f6:c8:9d:05:e3:26:5e:09:23:fd:
         59:ef:76:bc:c8:51:9d:61:46:f3:8a:1f:48:45:fc:fa:cc:6b:
         a7:a5:1f:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbu0kCwe6crEOwxfw7C5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM2MjFjZTZmNTAwNDc3ZjQyYmI2ODRiNTZiMDRjNTk1MjE3MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHc77do/hAeckT7f3At1Bl/zCxhk
T5mmCG+7gQ3ssaKKKfwjGO81SpbyzNswpl3KGaLF1CKBxZBpBg+eXs8RThZXCDa9
04cPn2ruDcweC3UG4zWoPsvm5XeyXgNFuc7Pyu8/KgkeezOKajOYRWkTAL5az1i3
5hU9yYkk8wnFVJ4ewl6SAMId17x3Ws2BIg3hX2FB6g3XyHkj/lnGnb8dEkIvlM/q
Hb/xT+0s0DXW4RMzK2KWyGJ3XfAsV92/4kxQ1wLBZY3XVfCNKIrMiND0DhBwyMjO
oGvzASEZllv0eFq7b6PKf1EWm9FKaNmQ4ZrTu6/JPkj9fmfwcLhD4fXbswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL02Ic5vUAR39Cu2hLVrBMWVIXJhMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdlRZaHptOVFCSGYwSzdhRXRXc0V4WlVoY21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrn7MA0G
CSqGSIb3DQEBCwUAA4IBAQCInai3FM8ImalDzoiQCA2ouerAXmeE+OPNwR4bn1rl
O/yGoMnnsUE/R0+YLXmh5k3zw2L8ZkvW+b5uq4S+mm7IbMCe5ELsLQrTm+abu7lv
2JWJxviobYCwGoO6jWKLp/u4NYT/XC6z5T3kBXbQpofjg74YhDHFWc6gkzzogpap
gklQp0Zxtg/OpHo6DPE6Jw7Q7xQAiKoegkaxuwbyzCWbDHMGuhgUmzJ12qdJ6lW/
xII6YktdkOffJk4lOcp4F/uI4is1Ls/D2FvOwIVH/2HjOXByom1/OuKSsdKcVoFw
k/bInQXjJl4JI/1Z73a8yFGdYUbzih9IRfz6zGunpR/f
-----END CERTIFICATE-----