Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/V_XbDyZ2kI29FE5wWd9fx2maN0A.roa
File:                     V_XbDyZ2kI29FE5wWd9fx2maN0A.roa (raw, json)
Hash identifier:          nCTVeOQk12di92o7pPTDaGwmFdSzWV3kKJvLuvqduQw=
Subject key identifier:   57:F5:DB:0F:26:76:90:8D:BD:14:4E:70:59:DF:5F:C7:69:9A:37:40
Certificate issuer:       /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial:       018CC26D0A556502D2BFDE5DE38FE78B73F9
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/V_XbDyZ2kI29FE5wWd9fx2maN0A.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.54.240.0/22 maxlen: 22
                          2001:780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0a:55:65:02:d2:bf:de:5d:e3:8f:e7:8b:73:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57f5db0f2676908dbd144e7059df5fc7699a3740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:55:c1:66:d0:a7:86:b4:58:bc:3d:45:47:
                    92:71:5e:23:0a:ed:33:22:06:5b:07:64:d4:42:42:
                    15:4a:c6:a7:36:19:b6:4d:8f:fd:da:c6:ea:3a:fd:
                    58:a3:e0:4e:58:46:61:73:85:95:de:eb:2f:cf:d8:
                    83:65:a7:ef:0f:0a:ff:7a:01:ac:ed:5a:b1:57:a4:
                    ef:d7:ad:9a:7c:4f:cc:69:62:83:b9:1c:cf:05:4f:
                    4f:fc:93:b1:bc:6d:2d:a5:85:22:ec:c8:52:67:27:
                    93:f2:c9:46:e9:32:55:85:48:51:22:70:bd:e8:95:
                    a6:c4:87:32:d8:83:d3:08:d9:19:51:39:eb:4d:b8:
                    61:f0:6d:ea:89:5d:8e:45:07:4c:10:60:44:6b:75:
                    68:1f:eb:1a:3d:41:b2:d7:03:37:24:bd:d4:9f:e1:
                    c3:08:4d:a1:c1:f9:cf:06:13:c2:ce:af:29:79:18:
                    33:0b:70:02:ae:0a:e5:21:3d:25:ba:05:4f:b8:2b:
                    01:b8:71:67:7a:9b:fc:9c:62:70:86:9b:09:1c:94:
                    37:7a:4b:1a:b0:8e:7d:97:9b:0d:a6:6f:92:8a:8d:
                    bb:54:c8:e7:7c:00:90:8f:c5:88:5a:e3:c7:50:63:
                    31:a7:e8:5e:a5:c8:aa:be:0d:87:d4:21:b8:c7:18:
                    c9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F5:DB:0F:26:76:90:8D:BD:14:4E:70:59:DF:5F:C7:69:9A:37:40
            X509v3 Authority Key Identifier:
                keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/V_XbDyZ2kI29FE5wWd9fx2maN0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.240.0/22
                IPv6:
                  2001:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:a7:4a:ea:58:71:bf:71:d5:9f:a8:64:ab:fc:79:8a:b5:86:
         02:2f:65:09:4d:e6:f5:7c:d6:a3:dc:ef:3a:e2:26:a4:6b:4b:
         dd:a3:8c:d3:93:1e:93:96:f9:83:77:0b:41:6f:2f:f1:45:fb:
         12:a6:3c:ba:01:83:c0:bc:cf:33:f5:eb:56:f4:c7:00:85:d5:
         fd:90:a0:43:43:00:f3:ed:41:f2:24:71:25:6c:c3:4e:5d:db:
         a4:d3:e1:bc:bd:40:99:cf:fe:22:d6:9a:1f:f7:1b:cb:6d:40:
         1a:87:7c:77:f4:f9:5e:c6:05:f9:8b:5d:80:42:02:ba:1e:3e:
         11:46:ae:ef:2b:33:e9:04:ed:18:e9:22:37:45:c6:5b:45:0f:
         0f:4c:76:9f:9d:5f:f0:1c:2e:a9:65:4d:65:a6:f1:87:23:bc:
         7f:35:04:c2:4e:5a:75:a0:39:e9:85:86:27:ec:d1:fb:1a:5b:
         63:2d:03:b6:78:53:c1:73:24:a9:6f:3a:f2:55:f6:82:e3:0b:
         ce:02:41:9c:42:e0:08:4b:26:cb:d9:f4:80:f3:75:6c:54:f0:
         64:6f:b8:10:e8:27:b2:c0:47:64:05:39:86:78:f1:d9:d1:79:
         c3:37:86:97:d4:11:de:da:0a:16:c5:ab:51:f5:45:68:4c:ad:
         b7:20:b6:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbQpVZQLSv95d44/ni3P5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2Y1ZGIwZjI2NzY5MDhkYmQxNDRlNzA1OWRmNWZjNzY5OWEzNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLtVwWbQp4a0WLw9RUeScV4jCu0z
IgZbB2TUQkIVSsanNhm2TY/92sbqOv1Yo+BOWEZhc4WV3usvz9iDZafvDwr/egGs
7VqxV6Tv162afE/MaWKDuRzPBU9P/JOxvG0tpYUi7MhSZyeT8slG6TJVhUhRInC9
6JWmxIcy2IPTCNkZUTnrTbhh8G3qiV2ORQdMEGBEa3VoH+saPUGy1wM3JL3Un+HD
CE2hwfnPBhPCzq8peRgzC3ACrgrlIT0lugVPuCsBuHFnepv8nGJwhpsJHJQ3eksa
sI59l5sNpm+Sio27VMjnfACQj8WIWuPHUGMxp+hepciqvg2H1CG4xxjJzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFf12w8mdpCNvRROcFnfX8dpmjdAMB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvVl9YYkR5WjJrSTI5RkU1d1dkOWZ4Mm1hTjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTbwMA0E
AgACMAcDBQMgAQeAMA0GCSqGSIb3DQEBCwUAA4IBAQAFp0rqWHG/cdWfqGSr/HmK
tYYCL2UJTeb1fNaj3O864iaka0vdo4zTkx6TlvmDdwtBby/xRfsSpjy6AYPAvM8z
9etW9McAhdX9kKBDQwDz7UHyJHElbMNOXduk0+G8vUCZz/4i1pof9xvLbUAah3x3
9PlexgX5i12AQgK6Hj4RRq7vKzPpBO0Y6SI3RcZbRQ8PTHafnV/wHC6pZU1lpvGH
I7x/NQTCTlp1oDnphYYn7NH7GltjLQO2eFPBcySpbzryVfaC4wvOAkGcQuAISybL
2fSA83VsVPBkb7gQ6CeywEdkBTmGePHZ0XnDN4aX1BHe2goWxatR9UVoTK23ILa/
-----END CERTIFICATE-----