Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/VbTT5KgG0WXOj8pBcAwZ-ueri94.roa
File:                     VbTT5KgG0WXOj8pBcAwZ-ueri94.roa (raw, json)
Hash identifier:          Zr+4MWG1jiJ0tfiDnsxm7NZ/VEkBwJXAl6KErYiAzuI=
Subject key identifier:   55:B4:D3:E4:A8:06:D1:65:CE:8F:CA:41:70:0C:19:FA:E7:AB:8B:DE
Certificate issuer:       /CN=e29f4964009c74bb81aed9c67078013dc868ef17
Certificate serial:       018CC64B025031377861108D65A49886C716
Authority key identifier: E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/VbTT5KgG0WXOj8pBcAwZ-ueri94.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34086
IP address blocks:        193.222.200.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:02:50:31:37:78:61:10:8d:65:a4:98:86:c7:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29f4964009c74bb81aed9c67078013dc868ef17
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55b4d3e4a806d165ce8fca41700c19fae7ab8bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5a:90:40:d8:ea:12:d0:2e:ce:9f:75:a8:ff:
                    93:f2:8d:ad:2a:ee:4a:4d:16:55:7b:ad:4c:05:2b:
                    c0:3c:5d:29:b9:6b:84:1a:10:e3:36:3a:c1:df:7c:
                    92:1d:96:a5:71:15:4c:70:dc:6a:ed:32:9e:2a:15:
                    e8:9b:42:ae:d7:4a:16:5f:59:30:1a:f7:90:08:64:
                    11:e2:65:88:19:4f:c4:18:4e:63:9c:06:ec:47:a6:
                    2e:28:a1:69:14:86:99:6d:78:71:15:d5:e8:8b:eb:
                    01:dd:5c:16:6b:cb:df:2d:8f:e0:29:c0:9e:62:f6:
                    b8:8e:aa:a2:6e:ad:8a:82:07:12:8f:79:18:e7:37:
                    7a:d0:0f:bd:93:7e:12:56:ff:6d:b2:f7:9f:a4:5a:
                    94:32:d7:2f:d8:78:82:a5:3b:2d:7b:82:60:bb:13:
                    6c:18:19:46:2e:12:db:7d:93:28:5f:6e:2a:ac:0a:
                    64:4a:9f:4c:bb:cf:86:58:67:3c:8f:16:fd:06:ec:
                    89:c8:65:cc:1f:c2:cb:62:20:7b:b8:a8:68:ef:36:
                    f1:68:6f:4a:ed:7f:d9:ac:e0:db:ea:06:44:49:1d:
                    26:d2:cd:6d:f2:34:4c:41:3a:9c:83:11:ad:b0:64:
                    fc:87:d8:66:83:ca:d4:12:4f:3f:c2:59:30:de:09:
                    ca:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B4:D3:E4:A8:06:D1:65:CE:8F:CA:41:70:0C:19:FA:E7:AB:8B:DE
            X509v3 Authority Key Identifier:
                keyid:E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/VbTT5KgG0WXOj8pBcAwZ-ueri94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:e6:43:6c:d2:08:e8:0d:20:74:1d:93:3c:f6:f1:fe:f5:8f:
         06:a9:8e:ff:00:85:05:69:3f:4c:e4:1f:f0:6a:dc:0a:21:f3:
         0d:8c:c7:68:9d:55:58:e6:3d:79:ab:fb:ab:a8:31:19:6b:d1:
         5c:f3:41:75:97:29:d8:51:6c:16:ea:27:97:12:80:71:07:f3:
         ab:3c:e7:96:b3:e5:20:d0:d9:f6:08:9b:4d:1d:d9:ae:ee:63:
         cc:3a:ea:a9:1f:13:45:91:5a:89:b9:9e:9e:ad:13:4f:c3:9f:
         f5:c8:60:8c:4e:c7:9d:70:9b:ce:0a:67:c1:e0:bc:05:ea:36:
         c6:9e:4c:8d:ac:ca:27:8d:57:ae:10:03:4c:4b:36:bd:49:3d:
         6f:b2:25:46:ca:17:1f:34:c3:e9:a7:cc:34:98:7e:97:9c:70:
         12:d6:86:50:13:a2:dc:2c:20:f4:e7:02:31:63:5f:f4:a7:47:
         2d:cd:66:0b:0e:6a:82:c7:d2:01:7a:3b:41:80:d3:32:d4:4a:
         a8:75:85:2f:79:43:15:40:e7:4c:27:74:2d:6b:67:72:b1:1c:
         73:53:f1:98:cc:eb:1f:89:87:c7:60:7b:cd:2d:60:34:6c:de:
         4c:ca:7f:87:2c:cf:88:a6:c0:97:51:ef:37:fa:df:2a:82:94:
         7d:57:60:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwJQMTd4YRCNZaSYhscWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWY0OTY0MDA5Yzc0YmI4MWFlZDljNjcwNzgwMTNkYzg2
OGVmMTcwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI0ZDNlNGE4MDZkMTY1Y2U4ZmNhNDE3MDBjMTlmYWU3YWI4YmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVqQQNjqEtAuzp91qP+T8o2tKu5K
TRZVe61MBSvAPF0puWuEGhDjNjrB33ySHZalcRVMcNxq7TKeKhXom0Ku10oWX1kw
GveQCGQR4mWIGU/EGE5jnAbsR6YuKKFpFIaZbXhxFdXoi+sB3VwWa8vfLY/gKcCe
Yva4jqqibq2KggcSj3kY5zd60A+9k34SVv9tsvefpFqUMtcv2HiCpTste4JguxNs
GBlGLhLbfZMoX24qrApkSp9Mu8+GWGc8jxb9BuyJyGXMH8LLYiB7uKho7zbxaG9K
7X/ZrODb6gZESR0m0s1t8jRMQTqcgxGtsGT8h9hmg8rUEk8/wlkw3gnKgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFW00+SoBtFlzo/KQXAMGfrnq4veMB8GA1UdIwQY
MBaAFOKfSWQAnHS7ga7ZxnB4AT3IaO8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgt
OTMyYWIzNDFhMzY3LzEvVmJUVDVLZ0cwV1hPajhwQmNBd1otdWVyaTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgtOTMyYWIzNDFhMzY3
LzEvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwd7IMA0G
CSqGSIb3DQEBCwUAA4IBAQBb5kNs0gjoDSB0HZM89vH+9Y8GqY7/AIUFaT9M5B/w
atwKIfMNjMdonVVY5j15q/urqDEZa9Fc80F1lynYUWwW6ieXEoBxB/OrPOeWs+Ug
0Nn2CJtNHdmu7mPMOuqpHxNFkVqJuZ6erRNPw5/1yGCMTsedcJvOCmfB4LwF6jbG
nkyNrMonjVeuEANMSza9ST1vsiVGyhcfNMPpp8w0mH6XnHAS1oZQE6LcLCD05wIx
Y1/0p0ctzWYLDmqCx9IBejtBgNMy1EqodYUveUMVQOdMJ3Qta2dysRxzU/GYzOsf
iYfHYHvNLWA0bN5Myn+HLM+IpsCXUe83+t8qgpR9V2Ak
-----END CERTIFICATE-----