Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/VCrOu3qxJsvnrL9jI759XQGd49o.roa
File:                     VCrOu3qxJsvnrL9jI759XQGd49o.roa (raw, json)
Hash identifier:          h6gteG11f+LVWbk4jQI52xl6NGeU5G+Hj7IRZK1K1xw=
Subject key identifier:   54:2A:CE:BB:7A:B1:26:CB:E7:AC:BF:63:23:BE:7D:5D:01:9D:E3:DA
Certificate issuer:       /CN=3601c3cce6a71cab21a4bbadf0ab84dde3f2bab2
Certificate serial:       018CC8DF53A5FE28D03134BB5657596D3CD0
Authority key identifier: 36:01:C3:CC:E6:A7:1C:AB:21:A4:BB:AD:F0:AB:84:DD:E3:F2:BA:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgHDzOanHKshpLut8KuE3ePyurI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/VCrOu3qxJsvnrL9jI759XQGd49o.roa
Signing time:             Tue 02 Jan 2024 06:32:08 +0000
ROA not before:           Tue 02 Jan 2024 06:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52143
IP address blocks:        188.94.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/NgHDzOanHKshpLut8KuE3ePyurI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/NgHDzOanHKshpLut8KuE3ePyurI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NgHDzOanHKshpLut8KuE3ePyurI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:53:a5:fe:28:d0:31:34:bb:56:57:59:6d:3c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3601c3cce6a71cab21a4bbadf0ab84dde3f2bab2
        Validity
            Not Before: Jan  2 06:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=542acebb7ab126cbe7acbf6323be7d5d019de3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:79:aa:b4:1e:d5:8e:b6:0c:20:ef:9a:d8:63:
                    0d:0a:7c:5d:2a:0e:3c:2c:1c:7d:c6:43:be:cf:be:
                    26:a7:2b:31:74:dd:bf:61:be:ad:3c:13:28:73:22:
                    59:18:48:38:1b:7c:6b:c8:b2:fe:f6:83:36:c7:5e:
                    4e:9a:1b:97:19:78:bc:b5:af:a5:6b:95:07:61:d4:
                    de:c0:30:e9:21:d7:1d:ca:a1:44:e2:5d:0b:72:96:
                    6c:39:a4:f4:13:93:cf:62:ca:09:25:9f:35:67:f4:
                    29:a6:7f:f4:73:77:27:74:19:34:df:1c:a7:f0:df:
                    38:ef:af:52:6a:80:c4:90:f0:70:9a:63:bf:a2:3b:
                    46:7e:70:fc:35:0c:40:3c:74:b7:01:69:c7:97:ca:
                    2f:a1:c9:95:17:0a:4a:cc:80:ce:40:1f:c9:fb:c8:
                    2c:87:47:06:88:df:f5:49:6a:e8:ef:4e:d6:5b:21:
                    a0:80:d9:db:59:c0:2f:8e:90:13:6c:66:c8:90:1e:
                    16:9c:69:6c:1e:d1:3b:f8:1a:4a:e1:21:61:57:56:
                    56:fc:7c:6d:58:71:e8:43:45:f6:9c:97:ca:72:bb:
                    9f:fa:e6:b0:7a:d2:cc:4f:34:6c:89:db:5d:50:b4:
                    4c:9a:4e:7c:25:f9:12:c4:64:e7:af:0d:fe:d8:46:
                    5a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2A:CE:BB:7A:B1:26:CB:E7:AC:BF:63:23:BE:7D:5D:01:9D:E3:DA
            X509v3 Authority Key Identifier:
                keyid:36:01:C3:CC:E6:A7:1C:AB:21:A4:BB:AD:F0:AB:84:DD:E3:F2:BA:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgHDzOanHKshpLut8KuE3ePyurI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/VCrOu3qxJsvnrL9jI759XQGd49o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/NgHDzOanHKshpLut8KuE3ePyurI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:c8:ec:89:0d:87:f9:c1:6a:32:d4:ee:33:e9:cc:a6:d5:88:
         e9:bf:63:f2:03:e6:09:57:9a:f8:4e:08:bf:4d:f6:f4:d0:3b:
         25:33:83:1e:66:b2:a9:7a:9a:9d:e5:73:da:c2:55:3b:51:ec:
         f3:9d:cf:54:67:c2:da:7e:af:65:0b:60:72:28:af:3b:4e:aa:
         d7:69:50:9e:49:79:bd:0c:8b:8d:1d:f4:db:90:29:de:cd:93:
         a7:9e:0d:90:56:02:45:7f:10:ad:29:8e:62:dc:d2:1d:c1:16:
         83:82:8f:d2:c1:dc:7b:06:ba:14:f6:e2:fb:50:0e:a0:8d:05:
         9a:66:40:9a:21:3e:42:ff:e0:f4:0e:5a:cc:c6:56:f6:e4:74:
         75:0d:8b:95:1a:05:9a:4c:87:83:d9:cc:cc:4f:13:ae:71:10:
         9a:6b:bf:64:46:cf:85:43:12:8a:7e:e8:95:dc:b2:37:61:27:
         98:b8:8a:d4:c9:52:64:a8:e5:c7:3b:43:51:a4:a2:dc:2f:85:
         a2:4f:04:02:c4:74:55:96:ae:79:45:92:43:ec:65:e5:2e:68:
         98:88:67:b6:8f:5e:1b:b0:96:e4:36:5d:0d:ba:ff:65:a8:f4:
         74:e4:7d:80:ff:53:32:a9:cc:60:40:b8:5e:78:16:25:12:01:
         88:96:a3:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI31Ol/ijQMTS7VldZbTzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MDFjM2NjZTZhNzFjYWIyMWE0YmJhZGYwYWI4NGRkZTNm
MmJhYjIwHhcNMjQwMTAyMDYzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJhY2ViYjdhYjEyNmNiZTdhY2JmNjMyM2JlN2Q1ZDAxOWRlM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHmqtB7VjrYMIO+a2GMNCnxdKg48
LBx9xkO+z74mpysxdN2/Yb6tPBMocyJZGEg4G3xryLL+9oM2x15OmhuXGXi8ta+l
a5UHYdTewDDpIdcdyqFE4l0LcpZsOaT0E5PPYsoJJZ81Z/Qppn/0c3cndBk03xyn
8N84769SaoDEkPBwmmO/ojtGfnD8NQxAPHS3AWnHl8ovocmVFwpKzIDOQB/J+8gs
h0cGiN/1SWro707WWyGggNnbWcAvjpATbGbIkB4WnGlsHtE7+BpK4SFhV1ZW/Hxt
WHHoQ0X2nJfKcruf+uawetLMTzRsidtdULRMmk58JfkSxGTnrw3+2EZaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQqzrt6sSbL56y/YyO+fV0BnePaMB8GA1UdIwQY
MBaAFDYBw8zmpxyrIaS7rfCrhN3j8rqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdIRHpPYW5IS3NocEx1dDhLdUUzZVB5dXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wZjBhMDEtMGNjNC00ZWZjLTlkZDUt
ODAxZWYzOGRlYTljLzEvVkNyT3UzcXhKc3Zuckw5akk3NTlYUUdkNDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wZjBhMDEtMGNjNC00ZWZjLTlkZDUtODAxZWYzOGRlYTlj
LzEvTmdIRHpPYW5IS3NocEx1dDhLdUUzZVB5dXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvF4AMA0G
CSqGSIb3DQEBCwUAA4IBAQCVyOyJDYf5wWoy1O4z6cym1Yjpv2PyA+YJV5r4Tgi/
Tfb00DslM4MeZrKpepqd5XPawlU7Uezznc9UZ8Lafq9lC2ByKK87TqrXaVCeSXm9
DIuNHfTbkCnezZOnng2QVgJFfxCtKY5i3NIdwRaDgo/Swdx7BroU9uL7UA6gjQWa
ZkCaIT5C/+D0DlrMxlb25HR1DYuVGgWaTIeD2czMTxOucRCaa79kRs+FQxKKfuiV
3LI3YSeYuIrUyVJkqOXHO0NRpKLcL4WiTwQCxHRVlq55RZJD7GXlLmiYiGe2j14b
sJbkNl0Nuv9lqPR05H2A/1MyqcxgQLheeBYlEgGIlqPj
-----END CERTIFICATE-----