Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/VQcpAYq4wHZeY1d5fXq7XPVfgxU.roa
File:                     VQcpAYq4wHZeY1d5fXq7XPVfgxU.roa (raw, json)
Hash identifier:          9H4f0QLfE/jBHg1p+c2oVhHoynYhC8pAh/O6Ujl5B2Q=
Subject key identifier:   55:07:29:01:8A:B8:C0:76:5E:63:57:79:7D:7A:BB:5C:F5:5F:83:15
Certificate issuer:       /CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
Certificate serial:       018CC2DAF6A6A442232B3AA6AED982CC757C
Authority key identifier: 43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/VQcpAYq4wHZeY1d5fXq7XPVfgxU.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        185.172.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f6:a6:a4:42:23:2b:3a:a6:ae:d9:82:cc:75:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550729018ab8c0765e6357797d7abb5cf55f8315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:df:93:23:0d:4b:ef:0f:7e:5b:1e:b6:01:5d:
                    07:c4:41:41:72:c2:d4:45:1c:84:96:42:d2:f8:3a:
                    65:5b:d2:6d:74:cb:64:3d:98:14:99:54:35:69:d8:
                    15:66:cd:59:ed:d7:89:21:2f:23:9b:b9:c8:b3:f4:
                    88:93:fc:52:a9:14:4e:67:0d:c6:f1:fd:51:fe:88:
                    f4:09:fc:79:b4:34:59:78:ba:e2:6d:14:ab:f8:fc:
                    d7:dd:44:40:0c:10:51:56:d0:fe:51:87:26:ec:37:
                    e0:f9:e8:98:f0:ea:e3:48:7c:9f:72:a8:b8:3c:88:
                    f4:09:42:60:18:f0:8b:35:8d:51:02:e5:91:42:51:
                    cc:68:af:85:ec:35:33:d8:4a:f0:0a:22:56:44:cc:
                    12:69:1e:5a:9a:14:ad:91:87:2c:3a:cb:52:03:18:
                    1f:66:46:5f:4f:19:ee:0c:9d:17:ed:27:a0:0e:77:
                    d4:f4:fd:24:b5:a3:c8:62:8c:98:5d:3c:24:45:59:
                    b4:0d:82:66:41:70:7f:db:c4:08:2b:34:c1:c6:5f:
                    b5:0b:c0:ec:01:ea:62:ac:81:8f:e8:ab:97:cc:6a:
                    c0:56:48:a7:a5:65:01:e4:9d:aa:72:24:37:a5:9a:
                    4a:f2:ef:99:6c:33:6e:e6:74:f4:a6:9b:38:04:52:
                    ad:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:07:29:01:8A:B8:C0:76:5E:63:57:79:7D:7A:BB:5C:F5:5F:83:15
            X509v3 Authority Key Identifier:
                keyid:43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/VQcpAYq4wHZeY1d5fXq7XPVfgxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:6f:95:b7:c9:9f:50:40:93:e7:67:08:1b:a8:cd:8a:eb:9c:
         b6:22:a8:eb:86:21:fc:9a:11:17:23:d1:7c:36:b5:0f:3a:74:
         5a:bb:8d:1a:5a:35:08:77:e8:a2:0f:4f:ee:43:53:ab:1f:ab:
         39:ca:b1:9c:57:7f:a4:5b:2b:4b:57:a5:db:fd:b8:2a:00:e9:
         74:fd:9b:a4:95:7f:2a:8d:09:fe:8e:f2:63:48:b1:2f:86:01:
         40:7e:6c:63:bf:88:77:d5:17:45:f8:96:2f:d4:7f:77:bd:cf:
         38:ec:81:72:85:d3:7c:03:af:d0:9d:0c:2f:4a:34:94:63:03:
         c3:8a:0a:b9:28:79:52:59:71:ea:3d:c3:55:84:42:45:15:9b:
         b1:d6:79:6e:22:10:a7:9d:d0:9b:16:d9:cf:41:85:b6:e0:2a:
         c2:d7:14:9e:f9:48:55:46:f5:2c:6d:a6:a2:93:01:4a:40:c1:
         80:5a:9f:f3:14:c9:29:d1:3f:a1:a2:42:a3:5c:29:96:90:87:
         15:f1:ea:7e:35:28:f1:e9:3b:4d:38:81:01:7e:99:12:b9:c4:
         7e:30:dd:e5:ee:dd:44:d5:ad:cd:a8:36:54:c7:06:30:0d:73:
         13:83:97:c4:d8:41:ba:52:16:3d:92:95:7a:41:d3:c6:14:a7:
         ee:50:49:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vampEIjKzqmrtmCzHV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjRmZTczNDE5YmM4NmQ1ZjJlNzJiNDE0YjZiNGQ0Mzc5
ZDViZjUwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTA3MjkwMThhYjhjMDc2NWU2MzU3Nzk3ZDdhYmI1Y2Y1NWY4MzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9+TIw1L7w9+Wx62AV0HxEFBcsLU
RRyElkLS+DplW9JtdMtkPZgUmVQ1adgVZs1Z7deJIS8jm7nIs/SIk/xSqRROZw3G
8f1R/oj0Cfx5tDRZeLribRSr+PzX3URADBBRVtD+UYcm7Dfg+eiY8OrjSHyfcqi4
PIj0CUJgGPCLNY1RAuWRQlHMaK+F7DUz2ErwCiJWRMwSaR5amhStkYcsOstSAxgf
ZkZfTxnuDJ0X7SegDnfU9P0ktaPIYoyYXTwkRVm0DYJmQXB/28QIKzTBxl+1C8Ds
AepirIGP6KuXzGrAVkinpWUB5J2qciQ3pZpK8u+ZbDNu5nT0pps4BFKtnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUHKQGKuMB2XmNXeX16u1z1X4MVMB8GA1UdIwQY
MBaAFENk/nNBm8htXy5ytBS2tNQ3nVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQt
NjcwMzA4ZDFlYzlkLzEvVlFjcEFZcTR3SFplWTFkNWZYcTdYUFZmZ3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQtNjcwMzA4ZDFlYzlk
LzEvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaxsMA0G
CSqGSIb3DQEBCwUAA4IBAQCrb5W3yZ9QQJPnZwgbqM2K65y2IqjrhiH8mhEXI9F8
NrUPOnRau40aWjUId+iiD0/uQ1OrH6s5yrGcV3+kWytLV6Xb/bgqAOl0/ZuklX8q
jQn+jvJjSLEvhgFAfmxjv4h31RdF+JYv1H93vc847IFyhdN8A6/QnQwvSjSUYwPD
igq5KHlSWXHqPcNVhEJFFZux1nluIhCnndCbFtnPQYW24CrC1xSe+UhVRvUsbaai
kwFKQMGAWp/zFMkp0T+hokKjXCmWkIcV8ep+NSjx6TtNOIEBfpkSucR+MN3l7t1E
1a3NqDZUxwYwDXMTg5fE2EG6UhY9kpV6QdPGFKfuUEmS
-----END CERTIFICATE-----