Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1-SVQ2nfCM_i056epVOViEMLnrko.roa
File:                     1-SVQ2nfCM_i056epVOViEMLnrko.roa (raw, json)
Hash identifier:          J3ms9zK3tuIqldbW/WWaKiviLCBHqzGZkGkh1SPVS08=
Subject key identifier:   F9:25:50:DA:77:C2:33:F8:B4:E7:A7:A9:54:E5:62:10:C2:E7:AE:4A
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       018CC6B79179EB1859F44C0550BA24D6588D
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1-SVQ2nfCM_i056epVOViEMLnrko.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201387
IP address blocks:        109.166.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:91:79:eb:18:59:f4:4c:05:50:ba:24:d6:58:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f92550da77c233f8b4e7a7a954e56210c2e7ae4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8e:ce:c9:ce:60:7e:1d:04:43:51:a2:ef:15:
                    81:41:56:a9:d9:12:d2:ca:dc:1b:9b:2e:b5:13:b6:
                    1b:83:23:59:30:41:06:a0:72:e2:93:62:56:e6:0f:
                    d3:6e:cc:4b:24:f3:bd:bd:b5:78:45:1d:88:89:90:
                    42:32:72:ad:58:6b:ce:61:e0:db:15:2a:a4:35:07:
                    6c:7a:ac:54:b9:88:b7:56:50:5d:b9:20:ad:4b:9c:
                    24:cf:52:ef:36:b6:a5:4c:49:5c:a7:50:07:35:9b:
                    24:c4:65:e7:84:dd:95:48:79:70:fc:c4:1c:54:2b:
                    16:02:ba:5c:09:42:66:5b:df:0b:ef:d5:70:f3:86:
                    fa:1e:94:3b:d1:d1:a2:6f:7d:b0:77:eb:8f:63:f9:
                    f0:da:f2:3e:69:06:34:8d:3a:1c:df:9e:26:b3:5e:
                    b1:b5:49:28:d1:cd:7a:32:df:e9:85:a8:bd:3e:7b:
                    fc:e1:49:cf:47:52:04:ff:bf:ac:3c:a8:c6:18:c7:
                    17:9f:85:60:c2:44:45:4b:16:cf:27:93:ee:d9:6a:
                    e9:40:35:30:b5:19:d5:93:38:5f:44:49:4c:bb:c4:
                    b0:ca:83:43:d8:8c:f4:8a:ce:5f:1d:84:32:90:ee:
                    e5:bb:b3:cd:52:19:68:ee:27:ba:f6:9a:33:24:ea:
                    69:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:25:50:DA:77:C2:33:F8:B4:E7:A7:A9:54:E5:62:10:C2:E7:AE:4A
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1-SVQ2nfCM_i056epVOViEMLnrko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.166.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:9a:51:89:40:5f:83:bb:54:d5:73:a2:23:5f:db:ba:4f:ff:
         2d:5c:e4:ad:44:fa:5e:57:0e:57:0a:b6:0d:e6:3d:50:dc:4f:
         78:3c:75:ab:20:9f:db:d4:10:5d:89:92:cf:49:76:92:12:96:
         d1:92:e7:4e:c3:19:f5:3b:ad:d0:ad:65:d9:4c:51:d7:3f:47:
         5a:f8:fc:e2:ed:08:20:b0:ef:93:62:14:0f:63:99:c2:ad:6a:
         ef:05:c9:e5:9b:fd:1b:fb:ea:02:d9:1f:f7:09:58:60:11:dc:
         a3:bf:44:34:c7:ae:4f:a5:5a:88:d8:e2:30:75:b1:9a:e1:b1:
         d8:49:8a:99:e8:4a:32:8a:13:51:ed:9b:93:aa:4e:37:b8:75:
         93:f4:70:39:9e:f2:96:d3:dd:bf:46:a6:63:35:ec:dc:45:a4:
         0e:20:04:78:b6:2e:b8:a1:3f:42:79:9d:64:c5:b3:03:be:b4:
         f1:64:40:bd:18:13:01:15:de:e2:e8:af:76:ee:14:d1:46:ee:
         84:92:60:10:da:21:8c:9e:a3:6d:b8:c8:81:1d:26:bf:ad:25:
         6c:4a:c1:1b:be:f7:24:01:aa:fe:5e:de:c1:07:a8:53:14:15:
         6d:76:a4:6d:fd:fa:13:28:bf:ce:51:5b:f5:5d:b4:55:4e:c2:
         dd:67:1a:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt5F56xhZ9EwFULok1liNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTI1NTBkYTc3YzIzM2Y4YjRlN2E3YTk1NGU1NjIxMGMyZTdhZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzY7Oyc5gfh0EQ1Gi7xWBQVap2RLS
ytwbmy61E7YbgyNZMEEGoHLik2JW5g/TbsxLJPO9vbV4RR2IiZBCMnKtWGvOYeDb
FSqkNQdseqxUuYi3VlBduSCtS5wkz1LvNralTElcp1AHNZskxGXnhN2VSHlw/MQc
VCsWArpcCUJmW98L79Vw84b6HpQ70dGib32wd+uPY/nw2vI+aQY0jToc354ms16x
tUko0c16Mt/phai9Pnv84UnPR1IE/7+sPKjGGMcXn4VgwkRFSxbPJ5Pu2WrpQDUw
tRnVkzhfRElMu8SwyoND2Iz0is5fHYQykO7lu7PNUhlo7ie69pozJOppZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPklUNp3wjP4tOenqVTlYhDC565KMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvMS1TVlEybmZDTV9pMDU2ZXBWT1ZpRU1MbnJrby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmMvNWNiNDU0LTdiZWUtNGU1ZC1iMjk1LTk0MjQ4MmY4ZDJl
YS8xL1ZDbHRJOTcweUZJY1pIM0dpc3M4RWo5aEhZay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG2m9DAN
BgkqhkiG9w0BAQsFAAOCAQEAjJpRiUBfg7tU1XOiI1/buk//LVzkrUT6XlcOVwq2
DeY9UNxPeDx1qyCf29QQXYmSz0l2khKW0ZLnTsMZ9Tut0K1l2UxR1z9HWvj84u0I
ILDvk2IUD2OZwq1q7wXJ5Zv9G/vqAtkf9wlYYBHco79ENMeuT6VaiNjiMHWxmuGx
2EmKmehKMooTUe2bk6pON7h1k/RwOZ7yltPdv0amYzXs3EWkDiAEeLYuuKE/Qnmd
ZMWzA7608WRAvRgTARXe4uivdu4U0UbuhJJgENohjJ6jbbjIgR0mv60lbErBG773
JAGq/l7ewQeoUxQVbXakbf36Eyi/zlFb9V20VU7C3Wca8g==
-----END CERTIFICATE-----