Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/VpGIHN5Zd7WTCMsaQXaXSDnyrw4.roa
File:                     VpGIHN5Zd7WTCMsaQXaXSDnyrw4.roa (raw, json)
Hash identifier:          GZESy1Rcl2FkAQN21mQMcdRCEy741FxWIJTHR/mVm5k=
Subject key identifier:   56:91:88:1C:DE:59:77:B5:93:08:CB:1A:41:76:97:48:39:F2:AF:0E
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018D80FAC9117CA526B74124503E05DC5065
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/VpGIHN5Zd7WTCMsaQXaXSDnyrw4.roa
Signing time:             Wed 07 Feb 2024 00:32:15 +0000
ROA not before:           Wed 07 Feb 2024 00:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51248
IP address blocks:        192.145.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:80:fa:c9:11:7c:a5:26:b7:41:24:50:3e:05:dc:50:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Feb  7 00:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5691881cde5977b59308cb1a4176974839f2af0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:63:2c:25:35:73:c5:25:11:31:21:10:72:65:
                    b6:a2:29:26:c0:80:e3:f5:96:d9:c0:fd:de:14:f9:
                    b5:50:9d:ff:e0:4b:6b:41:a8:9e:91:ba:63:aa:dd:
                    98:06:f4:5b:1d:b3:cf:6c:66:e6:5e:1d:4f:6c:25:
                    76:7f:be:33:85:3e:1c:a3:b7:f3:4d:c9:e4:fd:53:
                    f3:f6:58:00:94:85:11:64:d1:d3:9e:61:0e:93:5d:
                    72:9a:34:fa:75:f7:a0:76:42:4e:16:5f:9f:f9:33:
                    6e:dc:99:3b:4e:a0:73:8d:e4:e0:53:a6:a4:53:65:
                    9d:a2:c6:39:21:86:be:29:96:42:9e:03:63:0e:51:
                    f1:5c:40:82:ee:52:10:3b:b2:79:b4:7a:9d:97:ce:
                    d2:bf:d4:a8:e3:db:a5:6b:2f:3d:d0:2e:08:52:9d:
                    04:75:4d:15:48:ff:38:aa:5c:88:d0:e7:cd:07:99:
                    98:11:6d:8a:0f:d1:50:fa:03:37:d9:3e:01:fb:e6:
                    ce:fe:0b:9b:90:f8:8d:78:4c:7e:b5:71:cb:02:4d:
                    63:a6:66:87:2a:81:b5:ea:f0:fc:c1:0a:1b:d3:45:
                    76:a9:9b:34:0b:63:2b:3c:b0:2e:43:56:b8:7d:81:
                    88:a5:a7:79:10:53:d6:83:99:5f:aa:ad:dd:59:0a:
                    51:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:91:88:1C:DE:59:77:B5:93:08:CB:1A:41:76:97:48:39:F2:AF:0E
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/VpGIHN5Zd7WTCMsaQXaXSDnyrw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:63:94:b1:2b:ef:50:97:16:bf:9b:1a:b1:e4:ba:75:e4:99:
         97:a8:ed:4e:82:48:a3:d6:26:f2:48:ae:7c:17:19:09:df:d8:
         28:3d:f6:4d:4a:1b:3f:72:27:f5:a5:fa:c8:a2:22:42:7a:10:
         32:0d:0c:14:71:c4:40:31:31:cd:c2:90:9f:fc:c1:36:1f:48:
         7e:ba:1a:81:57:dc:97:f6:74:63:a4:ed:46:ba:08:c1:b6:80:
         4c:41:36:4c:58:60:b1:04:5c:36:a0:f4:a5:95:a2:96:90:09:
         77:e9:aa:b4:cd:29:fa:7a:98:82:cc:d1:5d:a8:dd:9e:52:c8:
         9f:85:45:01:02:ee:8d:f1:ca:9e:1f:fb:5f:c3:ea:ae:bb:ca:
         37:66:8b:58:06:b5:cb:9a:1b:bf:6b:aa:da:fd:85:23:b1:01:
         2f:7e:56:71:b1:b0:85:01:4c:a8:9c:97:c1:2d:7d:30:81:08:
         53:70:f2:59:0b:d1:ac:ae:8b:c0:15:fa:d2:8f:7c:5b:ff:41:
         e9:09:02:dc:9f:b5:10:1a:c2:a3:fb:bb:ba:de:c3:1f:99:ab:
         b8:73:6c:04:5f:c6:3f:94:ad:5f:e6:a1:f4:e6:52:28:98:6b:
         ba:3a:37:04:91:6e:dd:7f:4d:72:04:4b:62:1e:04:de:70:e3:
         10:27:0c:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2A+skRfKUmt0EkUD4F3FBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMjA3MDAzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjkxODgxY2RlNTk3N2I1OTMwOGNiMWE0MTc2OTc0ODM5ZjJhZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGMsJTVzxSURMSEQcmW2oikmwIDj
9ZbZwP3eFPm1UJ3/4EtrQaiekbpjqt2YBvRbHbPPbGbmXh1PbCV2f74zhT4co7fz
Tcnk/VPz9lgAlIURZNHTnmEOk11ymjT6dfegdkJOFl+f+TNu3Jk7TqBzjeTgU6ak
U2WdosY5IYa+KZZCngNjDlHxXECC7lIQO7J5tHqdl87Sv9So49ulay890C4IUp0E
dU0VSP84qlyI0OfNB5mYEW2KD9FQ+gM32T4B++bO/gubkPiNeEx+tXHLAk1jpmaH
KoG16vD8wQob00V2qZs0C2MrPLAuQ1a4fYGIpad5EFPWg5lfqq3dWQpR8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaRiBzeWXe1kwjLGkF2l0g58q8OMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvVnBHSUhONVpkN1dUQ01zYVFYYVhTRG55cnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJFiMA0G
CSqGSIb3DQEBCwUAA4IBAQBvY5SxK+9Qlxa/mxqx5Lp15JmXqO1Ogkij1ibySK58
FxkJ39goPfZNShs/cif1pfrIoiJCehAyDQwUccRAMTHNwpCf/ME2H0h+uhqBV9yX
9nRjpO1GugjBtoBMQTZMWGCxBFw2oPSllaKWkAl36aq0zSn6epiCzNFdqN2eUsif
hUUBAu6N8cqeH/tfw+quu8o3ZotYBrXLmhu/a6ra/YUjsQEvflZxsbCFAUyonJfB
LX0wgQhTcPJZC9GsrovAFfrSj3xb/0HpCQLcn7UQGsKj+7u63sMfmau4c2wEX8Y/
lK1f5qH05lIomGu6OjcEkW7df01yBEtiHgTecOMQJwzX
-----END CERTIFICATE-----