Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/VThTDqJYYxdT0E8hfcM5w70qLNw.roa
File:                     VThTDqJYYxdT0E8hfcM5w70qLNw.roa (raw, json)
Hash identifier:          CK+0e5VscvUZwDLTaFT4aYCJUPMcDb7mWF8NfzX1iZk=
Subject key identifier:   55:38:53:0E:A2:58:63:17:53:D0:4F:21:7D:C3:39:C3:BD:2A:2C:DC
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018F0A8C7797FAC4C3F12ADC2B083573647B
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/VThTDqJYYxdT0E8hfcM5w70qLNw.roa
Signing time:             Tue 23 Apr 2024 10:42:08 +0000
ROA not before:           Tue 23 Apr 2024 10:42:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28267
IP address blocks:        188.17.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:8c:77:97:fa:c4:c3:f1:2a:dc:2b:08:35:73:64:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 23 10:42:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5538530ea258631753d04f217dc339c3bd2a2cdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e5:ff:f5:5f:e0:b2:f3:7d:c8:fb:0c:94:94:
                    11:ca:97:15:79:76:81:91:55:4b:c7:15:58:df:a6:
                    e0:6b:a0:28:42:fe:60:b0:10:37:80:e2:76:8e:0c:
                    f3:cf:70:83:8a:0c:48:8d:7a:7e:4c:4c:8d:fa:79:
                    84:75:b4:55:1f:d7:0f:38:77:a8:a7:04:05:38:57:
                    32:d4:b7:08:96:95:4a:71:16:1f:ab:ed:d8:2b:5d:
                    39:ef:57:60:1c:de:d7:42:4f:3e:87:cc:f9:36:8b:
                    7e:b8:99:51:72:d2:6d:a4:8a:61:a8:55:d1:db:7c:
                    dc:ce:3c:a1:0f:0f:eb:a2:aa:30:4c:f6:3c:5c:d7:
                    30:34:e4:d1:f6:d2:7d:5e:2a:cf:b1:7b:d3:bf:92:
                    90:5f:8b:39:19:4d:cd:3d:4d:74:e7:2a:90:82:17:
                    02:be:a8:23:7c:78:8e:70:e6:1c:b1:18:d1:82:a0:
                    0f:9b:75:90:9b:07:0c:a9:fc:5f:44:99:55:ab:f6:
                    55:cd:e7:f8:06:d9:08:1a:18:4e:7f:de:b4:43:ab:
                    39:67:61:88:b3:de:a2:a6:e2:ed:68:64:d3:47:e2:
                    ce:0c:d0:07:a1:9a:7b:f1:66:49:7b:65:df:4e:43:
                    2b:62:af:6c:e2:a2:f3:31:9b:0a:9f:85:56:8e:f8:
                    12:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:38:53:0E:A2:58:63:17:53:D0:4F:21:7D:C3:39:C3:BD:2A:2C:DC
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/VThTDqJYYxdT0E8hfcM5w70qLNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.17.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:1b:a7:25:f4:cf:3b:9e:7f:54:55:e5:6c:3b:ca:d2:c9:1e:
         3f:12:20:80:16:16:1e:e4:e9:74:0d:ce:32:59:f3:aa:61:78:
         50:8a:d4:98:ac:1b:18:5d:0d:91:e8:be:1b:52:07:2c:d8:75:
         44:9f:74:11:66:a8:06:d8:99:ae:87:35:f4:16:23:20:7d:eb:
         1e:77:09:2a:55:c5:c0:49:25:0c:bd:fc:89:7a:b1:6a:9e:1b:
         64:61:d5:5d:78:ab:c1:83:6a:01:a3:c5:f9:f2:e9:18:b2:1f:
         e4:32:d8:f9:e5:0d:76:fa:44:00:22:3d:0e:36:d0:e7:31:06:
         e8:bf:a9:4d:c5:2f:b3:bc:a2:7b:8c:8b:69:51:ef:66:9b:a2:
         77:1f:2e:0d:fc:a8:4d:96:6c:a5:0d:ea:99:1f:11:f7:d6:e3:
         b9:8b:02:c0:d9:75:ed:c5:22:20:62:bf:30:a8:69:17:82:15:
         80:af:c7:36:68:76:55:39:91:6f:d0:3b:4e:ee:03:a4:77:69:
         06:ac:38:29:6d:b6:c2:f3:80:bb:07:78:ed:a4:f9:9b:43:87:
         e0:80:6f:fe:a4:42:45:43:98:fe:58:e7:03:14:26:a6:d0:cf:
         60:3b:74:81:41:be:21:50:83:26:25:28:f9:2a:00:16:85:c8:
         bb:47:6d:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8KjHeX+sTD8SrcKwg1c2R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDIzMTA0MjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTM4NTMwZWEyNTg2MzE3NTNkMDRmMjE3ZGMzMzljM2JkMmEyY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweX/9V/gsvN9yPsMlJQRypcVeXaB
kVVLxxVY36bga6AoQv5gsBA3gOJ2jgzzz3CDigxIjXp+TEyN+nmEdbRVH9cPOHeo
pwQFOFcy1LcIlpVKcRYfq+3YK10571dgHN7XQk8+h8z5Not+uJlRctJtpIphqFXR
23zczjyhDw/roqowTPY8XNcwNOTR9tJ9XirPsXvTv5KQX4s5GU3NPU105yqQghcC
vqgjfHiOcOYcsRjRgqAPm3WQmwcMqfxfRJlVq/ZVzef4BtkIGhhOf960Q6s5Z2GI
s96ipuLtaGTTR+LODNAHoZp78WZJe2XfTkMrYq9s4qLzMZsKn4VWjvgSawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFU4Uw6iWGMXU9BPIX3DOcO9KizcMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVlRoVERxSllZeGRUMEU4aGZjTTV3NzBxTE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvBHiMA0G
CSqGSIb3DQEBCwUAA4IBAQBYG6cl9M87nn9UVeVsO8rSyR4/EiCAFhYe5Ol0Dc4y
WfOqYXhQitSYrBsYXQ2R6L4bUgcs2HVEn3QRZqgG2JmuhzX0FiMgfesedwkqVcXA
SSUMvfyJerFqnhtkYdVdeKvBg2oBo8X58ukYsh/kMtj55Q12+kQAIj0ONtDnMQbo
v6lNxS+zvKJ7jItpUe9mm6J3Hy4N/KhNlmylDeqZHxH31uO5iwLA2XXtxSIgYr8w
qGkXghWAr8c2aHZVOZFv0DtO7gOkd2kGrDgpbbbC84C7B3jtpPmbQ4fggG/+pEJF
Q5j+WOcDFCam0M9gO3SBQb4hUIMmJSj5KgAWhci7R211
-----END CERTIFICATE-----