Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/mVcc-QE-t0NmZvqCcst4dBBn8Bw.roa
File:                     mVcc-QE-t0NmZvqCcst4dBBn8Bw.roa (raw, json)
Hash identifier:          Vv3Mq7sh6ndsSCZX1OByr4X/f67UbZRwlbXE21YbUc0=
Subject key identifier:   99:57:1C:F9:01:3E:B7:43:66:66:FA:82:72:CB:78:74:10:67:F0:1C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951C87FA52101C44EBB98C9387E026
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/mVcc-QE-t0NmZvqCcst4dBBn8Bw.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47450
IP address blocks:        192.144.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1c:87:fa:52:10:1c:44:eb:b9:8c:93:87:e0:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99571cf9013eb7436666fa8272cb78741067f01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:32:24:e2:31:aa:e5:08:15:0b:be:20:ae:c0:
                    e7:f1:0d:75:3b:09:62:62:c4:cc:01:be:aa:85:f2:
                    94:06:d4:0a:3b:42:31:44:7b:b3:9e:c5:d2:a0:86:
                    55:52:c7:f5:6f:95:4e:63:6f:68:aa:eb:57:7c:0e:
                    cd:c4:e4:32:28:6a:f6:e1:be:0c:a1:8a:d2:7c:a7:
                    12:c4:c9:69:50:03:a8:02:32:31:56:ec:d9:72:c9:
                    2c:e2:7d:65:ca:4c:75:f2:22:e4:54:52:dc:3a:ec:
                    fd:5b:db:89:ce:ca:ef:84:e4:ac:f8:65:2c:e7:a1:
                    7d:46:f9:06:89:bc:85:d6:88:80:83:c7:ec:66:78:
                    72:11:f0:0a:01:9d:8f:c9:84:6f:a9:ae:88:c7:82:
                    3d:03:47:35:b1:0f:2a:c3:f4:7f:61:4b:f3:26:52:
                    c6:8a:a4:ba:4d:2a:a8:38:f4:76:12:57:a8:a5:67:
                    55:63:67:a2:3c:66:90:5d:5c:3a:de:35:f4:3e:05:
                    e8:e7:fd:51:a5:8e:e4:fa:1f:a4:20:b3:d9:49:c7:
                    e9:f8:b3:4c:56:96:2a:30:0c:7d:e0:ed:a0:a9:f0:
                    90:e9:e3:b3:b9:da:36:c7:3d:78:ea:e2:de:8e:b9:
                    d2:7e:4b:09:6b:94:71:06:9d:60:64:67:e1:8f:ea:
                    fd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:57:1C:F9:01:3E:B7:43:66:66:FA:82:72:CB:78:74:10:67:F0:1C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/mVcc-QE-t0NmZvqCcst4dBBn8Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:1d:e7:bf:ee:ef:46:6b:bf:5d:3e:a2:41:45:ec:d9:95:52:
         6b:8f:bb:a3:3a:39:cb:3c:b2:24:70:b6:fc:94:37:4d:08:6c:
         6f:9b:82:ed:20:6a:f5:09:8c:ca:e4:a7:62:88:99:5e:97:ee:
         38:1d:45:8e:f8:d3:30:e3:06:55:5e:5e:94:ea:72:8f:01:f9:
         ec:0d:05:ca:6e:a9:83:59:38:c3:d7:6c:44:c2:05:77:bf:6a:
         fb:e0:17:14:10:a6:3a:b7:f5:66:c7:b7:fb:27:f5:3b:dc:69:
         c4:d8:34:1f:07:66:82:42:3c:92:05:b1:54:bf:63:6c:fa:3b:
         71:57:4d:97:42:b3:c0:63:55:5e:8f:6b:fa:3d:0e:3c:de:61:
         ab:32:70:d8:73:78:65:ef:62:f8:68:ee:ac:b4:2c:ac:32:fa:
         e8:d2:3d:91:0b:2b:ea:ea:5a:51:8d:cf:cb:ff:cb:22:f2:31:
         b0:8f:cf:cb:c9:82:bc:fc:01:70:d8:0c:ff:c4:57:8f:60:4c:
         df:a9:9d:6c:82:b0:9a:8e:95:28:10:b6:07:8c:1f:58:fc:e1:
         07:cf:a1:50:3d:04:84:ef:e0:f7:9d:4a:46:1a:13:b4:db:48:
         19:aa:f5:ce:c2:21:45:8f:e6:9d:11:d3:6e:5e:9f:b2:79:1d:
         af:b1:72:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRyH+lIQHETruYyTh+AmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTU3MWNmOTAxM2ViNzQzNjY2NmZhODI3MmNiNzg3NDEwNjdmMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzIk4jGq5QgVC74grsDn8Q11Owli
YsTMAb6qhfKUBtQKO0IxRHuznsXSoIZVUsf1b5VOY29oqutXfA7NxOQyKGr24b4M
oYrSfKcSxMlpUAOoAjIxVuzZcsks4n1lykx18iLkVFLcOuz9W9uJzsrvhOSs+GUs
56F9RvkGibyF1oiAg8fsZnhyEfAKAZ2PyYRvqa6Ix4I9A0c1sQ8qw/R/YUvzJlLG
iqS6TSqoOPR2EleopWdVY2eiPGaQXVw63jX0PgXo5/1RpY7k+h+kILPZScfp+LNM
VpYqMAx94O2gqfCQ6eOzudo2xz146uLejrnSfksJa5RxBp1gZGfhj+r9YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlXHPkBPrdDZmb6gnLLeHQQZ/AcMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvbVZjYy1RRS10ME5tWnZxQ2NzdDRkQkJuOEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJATMA0G
CSqGSIb3DQEBCwUAA4IBAQAYHee/7u9Ga79dPqJBRezZlVJrj7ujOjnLPLIkcLb8
lDdNCGxvm4LtIGr1CYzK5KdiiJlel+44HUWO+NMw4wZVXl6U6nKPAfnsDQXKbqmD
WTjD12xEwgV3v2r74BcUEKY6t/Vmx7f7J/U73GnE2DQfB2aCQjySBbFUv2Ns+jtx
V02XQrPAY1Vej2v6PQ483mGrMnDYc3hl72L4aO6stCysMvro0j2RCyvq6lpRjc/L
/8si8jGwj8/LyYK8/AFw2Az/xFePYEzfqZ1sgrCajpUoELYHjB9Y/OEHz6FQPQSE
7+D3nUpGGhO020gZqvXOwiFFj+adEdNuXp+yeR2vsXIE
-----END CERTIFICATE-----