Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/VP_7OyMfyoYw7zg71gutgn6A9Qc.roa
File:                     VP_7OyMfyoYw7zg71gutgn6A9Qc.roa (raw, json)
Hash identifier:          qMpGcPyvLOJDVPIYj5BJ3eyOlsXEqLrzWfIBDXuAJrU=
Subject key identifier:   54:FF:FB:3B:23:1F:CA:86:30:EF:38:3B:D6:0B:AD:82:7E:80:F5:07
Certificate issuer:       /CN=a0606b8aad553f0948c7a894d68671870eb82cb0
Certificate serial:       018CC2DB38CFDE902217D05E34CB7641C2C5
Authority key identifier: A0:60:6B:8A:AD:55:3F:09:48:C7:A8:94:D6:86:71:87:0E:B8:2C:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/VP_7OyMfyoYw7zg71gutgn6A9Qc.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2471
IP address blocks:        147.99.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 10:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:cf:de:90:22:17:d0:5e:34:cb:76:41:c2:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0606b8aad553f0948c7a894d68671870eb82cb0
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54fffb3b231fca8630ef383bd60bad827e80f507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c2:03:d0:2f:e9:f0:22:b9:19:22:5e:2c:37:
                    74:06:d6:4f:8d:e1:c0:49:49:f6:8d:b4:a1:90:fd:
                    19:64:0a:5f:6f:94:9a:a5:35:19:0e:0b:04:1b:f7:
                    73:d9:94:a3:19:f7:b8:18:72:23:10:28:5d:6d:e7:
                    7b:bf:2f:81:ae:63:d5:73:e4:bb:6a:6d:4b:90:7f:
                    65:df:da:93:5a:2a:7d:ef:0b:fc:24:db:04:f7:13:
                    f3:9e:14:3c:51:43:c6:cf:ff:98:7e:64:f0:ee:02:
                    da:9e:9e:e2:f8:c8:f4:27:1d:7c:75:bb:45:74:d5:
                    06:0f:8f:3b:71:42:7e:9a:2e:77:fb:7b:70:d6:f5:
                    62:31:93:25:f5:3d:39:8d:f5:60:fa:74:67:cd:a7:
                    b2:a6:7c:07:2e:ec:1b:1c:f3:be:4f:f9:14:31:7b:
                    8f:e4:04:ba:3e:2b:49:f3:ca:b3:9b:d9:80:79:8a:
                    f1:94:9c:c5:37:43:e1:b8:95:5d:b3:1f:a6:0d:7e:
                    7e:2b:39:c2:6c:0d:aa:a6:05:7b:0a:37:76:1f:e2:
                    9d:0b:fc:c8:28:06:92:33:85:29:cf:2b:68:de:63:
                    69:da:78:b1:ff:2b:d2:fc:d9:7c:bf:ba:d7:8a:2f:
                    99:cb:d6:45:52:45:83:ec:12:25:9e:8f:f2:04:f9:
                    96:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:FF:FB:3B:23:1F:CA:86:30:EF:38:3B:D6:0B:AD:82:7E:80:F5:07
            X509v3 Authority Key Identifier:
                keyid:A0:60:6B:8A:AD:55:3F:09:48:C7:A8:94:D6:86:71:87:0E:B8:2C:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/VP_7OyMfyoYw7zg71gutgn6A9Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.99.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         40:09:db:f4:09:9c:56:d0:a2:14:bd:fa:74:9a:c0:4f:a4:22:
         d2:b6:af:dc:18:f6:50:a4:61:ed:e3:5a:41:11:4b:f3:f8:03:
         ee:45:e3:04:ef:4e:f3:88:f8:37:84:f9:4f:11:a8:e0:55:d2:
         45:4b:5f:f0:ab:08:12:2e:7d:c1:93:e6:6b:56:0b:db:76:e5:
         f8:c9:d7:bc:0c:0f:4e:98:f3:82:da:19:e6:9a:d8:46:33:8f:
         c1:84:c5:45:03:ca:bd:56:12:5d:08:29:f9:51:18:73:c0:87:
         39:60:80:60:ed:16:a5:6b:12:23:f9:61:f5:38:d8:35:8e:f7:
         27:2f:57:d7:7c:e8:ae:9d:75:29:b9:73:72:cd:0e:c5:3c:41:
         1e:e1:b7:39:49:b4:62:d1:13:10:9a:ae:c9:72:62:fe:c2:11:
         b0:02:c5:7f:06:67:9d:08:fd:49:4c:90:31:70:37:21:33:99:
         fb:85:3c:2b:d6:5f:1b:03:ec:67:8c:fc:4c:30:aa:67:55:cf:
         69:9c:97:40:4d:ac:da:27:c0:fd:f2:06:af:18:8e:d9:7a:9e:
         73:f6:34:27:0e:96:3f:e0:14:ab:48:9a:28:c7:8f:a6:63:32:
         2d:3b:37:4c:44:69:e7:7f:f1:51:fe:f8:16:06:cc:84:0d:86:
         a3:1a:c7:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zjP3pAiF9BeNMt2QcLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNjA2YjhhYWQ1NTNmMDk0OGM3YTg5NGQ2ODY3MTg3MGVi
ODJjYjAwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGZmZmIzYjIzMWZjYTg2MzBlZjM4M2JkNjBiYWQ4MjdlODBmNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcID0C/p8CK5GSJeLDd0BtZPjeHA
SUn2jbShkP0ZZApfb5SapTUZDgsEG/dz2ZSjGfe4GHIjEChdbed7vy+BrmPVc+S7
am1LkH9l39qTWip97wv8JNsE9xPznhQ8UUPGz/+YfmTw7gLanp7i+Mj0Jx18dbtF
dNUGD487cUJ+mi53+3tw1vViMZMl9T05jfVg+nRnzaeypnwHLuwbHPO+T/kUMXuP
5AS6PitJ88qzm9mAeYrxlJzFN0PhuJVdsx+mDX5+KznCbA2qpgV7Cjd2H+KdC/zI
KAaSM4Upzyto3mNp2nix/yvS/Nl8v7rXii+Zy9ZFUkWD7BIlno/yBPmWcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFT/+zsjH8qGMO84O9YLrYJ+gPUHMB8GA1UdIwQY
MBaAFKBga4qtVT8JSMeolNaGcYcOuCywMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0dCcmlxMVZQd2xJeDZpVTFvWnhodzY0TExBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85ZTJkZmQtZjJlOS00MTZkLThmMWYt
YmIzNDMxZmUwMjg1LzEvVlBfN095TWZ5b1l3N3pnNzFndXRnbjZBOVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85ZTJkZmQtZjJlOS00MTZkLThmMWYtYmIzNDMxZmUwMjg1
LzEvb0dCcmlxMVZQd2xJeDZpVTFvWnhodzY0TExBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDk2NYMA0G
CSqGSIb3DQEBCwUAA4IBAQBACdv0CZxW0KIUvfp0msBPpCLStq/cGPZQpGHt41pB
EUvz+APuReME707ziPg3hPlPEajgVdJFS1/wqwgSLn3Bk+ZrVgvbduX4yde8DA9O
mPOC2hnmmthGM4/BhMVFA8q9VhJdCCn5URhzwIc5YIBg7RalaxIj+WH1ONg1jvcn
L1fXfOiunXUpuXNyzQ7FPEEe4bc5SbRi0RMQmq7JcmL+whGwAsV/BmedCP1JTJAx
cDchM5n7hTwr1l8bA+xnjPxMMKpnVc9pnJdATazaJ8D98gavGI7Zep5z9jQnDpY/
4BSrSJoox4+mYzItOzdMRGnnf/FR/vgWBsyEDYajGsc0
-----END CERTIFICATE-----