Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/Vk3XJjpD-uxE-BvjbWpWm9I_Pf8.roa
File:                     Vk3XJjpD-uxE-BvjbWpWm9I_Pf8.roa (raw, json)
Hash identifier:          DPxf9v1qmqDryq5R6cYrdP0GsIPt4dSzgx6Jhue3Umo=
Subject key identifier:   56:4D:D7:26:3A:43:FA:EC:44:F8:1B:E3:6D:6A:56:9B:D2:3F:3D:FF
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       018CC94CEF8B3BC8F0E781ED3B9D813778F1
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/Vk3XJjpD-uxE-BvjbWpWm9I_Pf8.roa
Signing time:             Tue 02 Jan 2024 08:31:51 +0000
ROA not before:           Tue 02 Jan 2024 08:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201307
IP address blocks:        155.133.120.0/24 maxlen: 24
                          2a06:1e00:70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ef:8b:3b:c8:f0:e7:81:ed:3b:9d:81:37:78:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  2 08:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=564dd7263a43faec44f81be36d6a569bd23f3dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b1:7f:7b:16:04:b6:f5:cb:73:48:64:b6:db:
                    c2:c5:c5:1c:05:c7:ca:9e:f2:db:60:97:bd:ea:15:
                    86:0a:b6:e4:5d:77:32:5a:b7:50:63:40:d6:20:f7:
                    a4:6a:9b:e9:e8:13:c5:c1:7f:e5:80:8e:93:d1:90:
                    44:e6:35:90:7c:ac:7e:23:df:41:fc:db:70:a7:eb:
                    1e:e3:51:3d:a8:80:1d:71:ec:f1:61:47:a2:60:6a:
                    03:bd:f6:54:fc:93:c1:c4:d1:de:d4:d2:6d:0d:12:
                    f7:34:43:c7:52:ce:8f:24:d4:62:9b:aa:81:50:0f:
                    ca:50:3d:a9:64:ab:37:56:f0:3e:96:9b:60:54:e7:
                    0f:2a:71:1b:dd:3c:09:01:cd:5d:cb:09:f8:8e:7b:
                    54:b8:c0:a6:fe:26:e4:ba:43:5f:9c:5b:fc:b9:ca:
                    69:b8:09:6c:e2:3a:89:4c:a8:1f:01:26:0a:4c:73:
                    37:14:a7:cf:4d:0b:54:a3:a2:9a:31:23:c4:18:57:
                    af:38:d7:05:64:62:cf:5e:b2:8a:e8:70:94:ab:fd:
                    85:48:ab:f8:7e:c4:24:31:33:08:7a:56:59:21:62:
                    a6:ac:1b:a3:cf:f7:56:aa:af:3a:14:2f:e0:4a:da:
                    da:c1:ad:a1:48:63:6b:fb:52:cb:d4:e1:0f:04:60:
                    a7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:4D:D7:26:3A:43:FA:EC:44:F8:1B:E3:6D:6A:56:9B:D2:3F:3D:FF
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/Vk3XJjpD-uxE-BvjbWpWm9I_Pf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.120.0/24
                IPv6:
                  2a06:1e00:70::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:28:91:2a:5d:32:14:da:34:14:e8:c0:f8:a3:aa:08:87:99:
         3d:6f:e9:d0:3e:33:ae:b6:04:1a:c1:cf:5e:5a:62:40:cf:af:
         38:48:dc:de:8f:85:69:80:eb:54:66:af:b3:2e:5f:db:34:c1:
         92:4c:fe:f1:61:31:bb:3c:a4:d1:56:11:de:8f:40:93:08:9c:
         18:ff:7c:6e:50:2b:3e:b6:80:15:02:bb:2b:89:55:20:88:6b:
         17:45:1c:27:33:80:86:d5:62:eb:db:88:e9:cb:87:7f:a2:9d:
         7d:6b:16:ea:1f:8d:48:58:f5:05:72:82:db:1d:25:63:84:16:
         56:4a:33:3e:30:5a:c8:ed:58:ed:9c:39:9f:ba:c2:1d:e6:8a:
         3b:1a:7d:02:d3:5c:62:88:6d:11:e4:8f:94:69:54:49:57:28:
         70:d0:88:ad:df:38:73:f5:b3:14:58:61:22:e3:78:9e:97:b7:
         55:ca:67:85:4e:20:45:8d:b4:ce:6e:9b:a6:f6:c6:8b:d8:1e:
         c2:6d:ab:d4:fc:16:d4:41:7e:eb:6a:c5:c3:36:7d:f5:4a:68:
         a6:b7:e3:c1:38:28:97:ee:d4:6f:aa:a7:08:e2:1a:77:50:cc:
         ba:7f:a6:f6:12:e8:34:c1:b4:92:a0:d9:a3:05:36:e4:46:10:
         32:14:41:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTO+LO8jw54HtO52BN3jxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjQwMTAyMDgzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjRkZDcyNjNhNDNmYWVjNDRmODFiZTM2ZDZhNTY5YmQyM2YzZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLF/exYEtvXLc0hkttvCxcUcBcfK
nvLbYJe96hWGCrbkXXcyWrdQY0DWIPekapvp6BPFwX/lgI6T0ZBE5jWQfKx+I99B
/Ntwp+se41E9qIAdcezxYUeiYGoDvfZU/JPBxNHe1NJtDRL3NEPHUs6PJNRim6qB
UA/KUD2pZKs3VvA+lptgVOcPKnEb3TwJAc1dywn4jntUuMCm/ibkukNfnFv8ucpp
uAls4jqJTKgfASYKTHM3FKfPTQtUo6KaMSPEGFevONcFZGLPXrKK6HCUq/2FSKv4
fsQkMTMIelZZIWKmrBujz/dWqq86FC/gStrawa2hSGNr+1LL1OEPBGCnPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFZN1yY6Q/rsRPgb421qVpvSPz3/MB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvVmszWEpqcEQtdXhFLUJ2amJXcFdtOUlfUGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAm4V4MA8E
AgACMAkDBwAqBh4AAHAwDQYJKoZIhvcNAQELBQADggEBAHcokSpdMhTaNBTowPij
qgiHmT1v6dA+M662BBrBz15aYkDPrzhI3N6PhWmA61Rmr7MuX9s0wZJM/vFhMbs8
pNFWEd6PQJMInBj/fG5QKz62gBUCuyuJVSCIaxdFHCczgIbVYuvbiOnLh3+inX1r
FuofjUhY9QVygtsdJWOEFlZKMz4wWsjtWO2cOZ+6wh3mijsafQLTXGKIbRHkj5Rp
VElXKHDQiK3fOHP1sxRYYSLjeJ6Xt1XKZ4VOIEWNtM5um6b2xovYHsJtq9T8FtRB
futqxcM2ffVKaKa348E4KJfu1G+qpwjiGndQzLp/pvYS6DTBtJKg2aMFNuRGEDIU
QZc=
-----END CERTIFICATE-----