Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/VLFQ0p78z6yvLoNi8qi0SzcRt4A.roa
File:                     VLFQ0p78z6yvLoNi8qi0SzcRt4A.roa (raw, json)
Hash identifier:          ncmbENbsQ00Ayp8Z1sZFNlyLjNORQXJ4UryZR1ZBcPs=
Subject key identifier:   54:B1:50:D2:9E:FC:CF:AC:AF:2E:83:62:F2:A8:B4:4B:37:11:B7:80
Certificate issuer:       /CN=112d65abbc7ef005127288444792ab86fb15c2ee
Certificate serial:       018CC9BC29F1325B0DF4F7E9BAE4EC39E300
Authority key identifier: 11:2D:65:AB:BC:7E:F0:05:12:72:88:44:47:92:AB:86:FB:15:C2:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ES1lq7x-8AUScohER5KrhvsVwu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/VLFQ0p78z6yvLoNi8qi0SzcRt4A.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.116.168.0/24 maxlen: 24
                          185.116.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/ES1lq7x-8AUScohER5KrhvsVwu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/ES1lq7x-8AUScohER5KrhvsVwu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ES1lq7x-8AUScohER5KrhvsVwu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:29:f1:32:5b:0d:f4:f7:e9:ba:e4:ec:39:e3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=112d65abbc7ef005127288444792ab86fb15c2ee
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54b150d29efccfacaf2e8362f2a8b44b3711b780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:96:df:8e:19:77:c7:d6:69:70:ed:7e:40:ba:
                    37:49:a8:bf:15:9b:7c:ca:83:15:c1:c8:04:a6:32:
                    a5:f1:7f:6e:e7:52:c0:6b:1f:46:ca:6e:28:db:d9:
                    27:7b:b8:34:86:57:10:63:1f:0b:c2:c9:04:eb:38:
                    d5:84:48:48:ac:79:7a:93:09:97:6a:be:cb:13:b3:
                    ad:f2:2f:7d:29:af:d9:e5:b6:37:03:f9:fc:95:52:
                    09:00:5e:4a:b1:42:a5:a7:9d:86:bc:03:62:c7:2a:
                    ac:82:8a:d9:05:4c:11:be:35:21:5f:6e:df:17:40:
                    b8:3b:6a:55:fd:8e:5d:7c:d7:58:33:2f:d9:99:89:
                    65:24:b4:8d:89:e3:09:90:57:1e:a8:38:55:ce:67:
                    54:4e:42:cf:eb:64:95:04:ca:bf:7f:f1:ee:4b:b3:
                    5d:91:32:de:76:d2:b1:db:aa:b3:89:aa:ac:ad:dc:
                    b7:01:bd:5d:82:22:9a:ed:5a:7d:7d:09:b9:f7:00:
                    52:b9:ee:b9:f2:90:25:01:6e:73:9b:ca:e2:b6:ba:
                    3b:93:93:9a:e6:49:eb:71:ee:4f:97:e0:12:dd:0a:
                    d9:c5:16:fd:bf:15:74:4f:f5:d1:b0:85:5e:0d:77:
                    df:2e:37:f6:2d:9d:06:5c:5b:fd:3c:64:13:4c:75:
                    f3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:B1:50:D2:9E:FC:CF:AC:AF:2E:83:62:F2:A8:B4:4B:37:11:B7:80
            X509v3 Authority Key Identifier:
                keyid:11:2D:65:AB:BC:7E:F0:05:12:72:88:44:47:92:AB:86:FB:15:C2:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ES1lq7x-8AUScohER5KrhvsVwu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/VLFQ0p78z6yvLoNi8qi0SzcRt4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a037b1-133a-4639-8c7f-636857ee1792/1/ES1lq7x-8AUScohER5KrhvsVwu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d1:51:75:42:9e:25:86:42:de:47:1f:ff:3f:49:d6:96:01:6f:
         f6:29:35:97:90:8b:c8:32:36:38:3f:21:3a:36:52:31:5f:26:
         5f:53:d2:b5:11:b6:f3:6f:05:91:f9:69:c3:70:f8:02:24:75:
         27:39:c5:fb:3a:48:56:4f:55:3f:72:af:6d:30:23:63:38:d4:
         c9:ac:4f:25:bf:34:a5:21:15:3d:3b:48:05:89:02:8d:e7:2a:
         da:e7:64:a0:5e:4e:36:15:7a:62:ce:ea:5c:d5:2f:c0:9c:e0:
         11:ac:c6:68:a0:89:d1:fe:bc:20:7b:5f:d2:1f:d9:10:26:71:
         ef:d2:f2:af:f1:9f:df:74:dd:58:a3:c3:2e:78:3d:84:73:66:
         b6:ac:84:4b:eb:99:e0:50:c3:c3:34:5a:0c:8e:63:cb:eb:67:
         9b:b7:f3:8c:0a:f2:4b:c7:b8:4e:59:ca:a1:6d:e1:37:2e:f3:
         d3:19:1b:fc:2c:82:18:3a:f4:a5:72:f6:fe:f4:00:49:20:02:
         3a:ec:65:e8:a1:a8:9b:e2:e2:af:92:66:0e:0e:b7:49:32:cb:
         5c:84:17:f1:98:d3:66:a6:d1:92:5f:b6:66:cf:a9:f0:fe:0a:
         62:a1:94:d3:d5:68:c8:5c:4a:9b:65:02:6a:0d:e3:92:7b:b0:
         e2:6b:b0:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCnxMlsN9PfpuuTsOeMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMmQ2NWFiYmM3ZWYwMDUxMjcyODg0NDQ3OTJhYjg2ZmIx
NWMyZWUwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGIxNTBkMjllZmNjZmFjYWYyZTgzNjJmMmE4YjQ0YjM3MTFiNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZbfjhl3x9ZpcO1+QLo3Sai/FZt8
yoMVwcgEpjKl8X9u51LAax9Gym4o29kne7g0hlcQYx8LwskE6zjVhEhIrHl6kwmX
ar7LE7Ot8i99Ka/Z5bY3A/n8lVIJAF5KsUKlp52GvANixyqsgorZBUwRvjUhX27f
F0C4O2pV/Y5dfNdYMy/ZmYllJLSNieMJkFceqDhVzmdUTkLP62SVBMq/f/HuS7Nd
kTLedtKx26qziaqsrdy3Ab1dgiKa7Vp9fQm59wBSue658pAlAW5zm8ritro7k5Oa
5knrce5Pl+AS3QrZxRb9vxV0T/XRsIVeDXffLjf2LZ0GXFv9PGQTTHXzhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSxUNKe/M+sry6DYvKotEs3EbeAMB8GA1UdIwQY
MBaAFBEtZau8fvAFEnKIREeSq4b7FcLuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVMxbHE3eC04QVVTY29oRVI1S3JodnNWd3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9hMDM3YjEtMTMzYS00NjM5LThjN2Yt
NjM2ODU3ZWUxNzkyLzEvVkxGUTBwNzh6Nnl2TG9OaThxaTBTemNSdDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9hMDM3YjEtMTMzYS00NjM5LThjN2YtNjM2ODU3ZWUxNzky
LzEvRVMxbHE3eC04QVVTY29oRVI1S3JodnNWd3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXSoMA0G
CSqGSIb3DQEBCwUAA4IBAQDRUXVCniWGQt5HH/8/SdaWAW/2KTWXkIvIMjY4PyE6
NlIxXyZfU9K1EbbzbwWR+WnDcPgCJHUnOcX7OkhWT1U/cq9tMCNjONTJrE8lvzSl
IRU9O0gFiQKN5yra52SgXk42FXpizupc1S/AnOARrMZooInR/rwge1/SH9kQJnHv
0vKv8Z/fdN1Yo8MueD2Ec2a2rIRL65ngUMPDNFoMjmPL62ebt/OMCvJLx7hOWcqh
beE3LvPTGRv8LIIYOvSlcvb+9ABJIAI67GXooaib4uKvkmYODrdJMstchBfxmNNm
ptGSX7Zmz6nw/gpioZTT1WjIXEqbZQJqDeOSe7Dia7D1
-----END CERTIFICATE-----