Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/VAOIpv5Nv32mdaeIVIn6IMNtgug.roa
File:                     VAOIpv5Nv32mdaeIVIn6IMNtgug.roa (raw, json)
Hash identifier:          z24BEud5FIqnMf8dPgnmdsDE1YVWAEk2Zzli+16+tQQ=
Subject key identifier:   54:03:88:A6:FE:4D:BF:7D:A6:75:A7:88:54:89:FA:20:C3:6D:82:E8
Certificate issuer:       /CN=3fac69adaf000dd77a4b001877c258a21d1ff6a0
Certificate serial:       018CCA2A2FF82EF86F6D88E9A5A008B74D04
Authority key identifier: 3F:AC:69:AD:AF:00:0D:D7:7A:4B:00:18:77:C2:58:A2:1D:1F:F6:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6xpra8ADdd6SwAYd8JYoh0f9qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/VAOIpv5Nv32mdaeIVIn6IMNtgug.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205556
IP address blocks:        185.213.180.0/22 maxlen: 22
                          185.213.180.0/24 maxlen: 24
                          185.213.181.0/24 maxlen: 24
                          185.213.182.0/24 maxlen: 24
                          185.213.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/P6xpra8ADdd6SwAYd8JYoh0f9qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/P6xpra8ADdd6SwAYd8JYoh0f9qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6xpra8ADdd6SwAYd8JYoh0f9qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:f8:2e:f8:6f:6d:88:e9:a5:a0:08:b7:4d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fac69adaf000dd77a4b001877c258a21d1ff6a0
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=540388a6fe4dbf7da675a7885489fa20c36d82e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:f2:05:de:d6:71:ad:31:2b:e9:e2:f1:69:
                    7f:d1:25:22:8b:26:d2:ae:7d:86:3f:40:ba:a0:31:
                    a2:a9:ef:4c:a7:f2:79:cc:b2:8d:97:12:87:1e:33:
                    f4:8c:b2:f8:e8:3c:ee:90:bb:40:aa:c2:60:5c:b6:
                    35:54:d5:fe:e0:f2:18:90:eb:0a:ac:78:b5:f0:b0:
                    99:97:a5:0f:e8:3c:88:66:33:40:4e:16:eb:06:af:
                    2a:0e:80:be:f8:5c:19:56:ae:04:a2:64:a4:5b:10:
                    39:63:84:de:a0:48:7a:44:fd:a1:20:21:5f:4f:7c:
                    5e:3b:ef:23:6a:fc:95:b3:3e:9d:0b:48:1e:fe:27:
                    1b:fe:7d:ec:d8:4e:50:cb:89:1c:d5:20:c0:9a:ef:
                    7c:18:c5:19:b5:dc:61:93:88:23:80:b6:59:03:ff:
                    a4:87:f5:4d:ff:bd:20:e4:d4:88:89:97:e9:3f:f4:
                    ff:20:7c:b6:e6:59:87:5e:a7:d1:e0:4c:c9:11:d1:
                    8a:a8:d0:2c:91:9f:a1:05:17:68:d5:ac:11:f9:8f:
                    cd:fa:32:f2:93:d2:d2:6f:ee:06:e8:d9:4b:1e:43:
                    9e:bd:de:14:fd:c4:25:b1:21:bd:89:4d:ec:9f:ad:
                    74:7f:89:0a:1b:7e:ff:19:c7:b5:04:13:e1:b7:50:
                    83:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:03:88:A6:FE:4D:BF:7D:A6:75:A7:88:54:89:FA:20:C3:6D:82:E8
            X509v3 Authority Key Identifier:
                keyid:3F:AC:69:AD:AF:00:0D:D7:7A:4B:00:18:77:C2:58:A2:1D:1F:F6:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6xpra8ADdd6SwAYd8JYoh0f9qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/VAOIpv5Nv32mdaeIVIn6IMNtgug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d503fd-9d4b-4563-9cdf-b6e0f3e95cad/1/P6xpra8ADdd6SwAYd8JYoh0f9qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:1c:1f:b3:db:48:84:65:df:00:92:7a:f6:d2:ba:f9:67:5f:
         c5:29:63:01:38:7a:76:57:bf:16:86:eb:ca:6c:9d:85:7f:d4:
         47:e3:80:f2:4e:b6:e8:14:7d:d1:3f:50:84:4f:1b:f5:65:25:
         f8:1b:56:53:52:b4:b1:82:18:a8:04:99:93:1f:ce:27:42:ba:
         5c:90:98:ce:6e:37:cd:43:89:f1:85:2e:b2:fb:4e:40:fd:74:
         96:8b:ec:83:18:15:ab:e4:b3:69:5c:44:66:1a:8c:5f:70:ab:
         35:71:f8:c7:b0:43:c1:05:82:ac:af:92:73:1e:87:e9:62:de:
         78:6a:67:8c:37:92:9d:be:0e:e4:28:e1:a8:c9:78:5d:94:47:
         28:5a:bf:9f:88:4e:c4:6a:d8:a5:f5:aa:07:7c:d0:69:62:8e:
         c7:5b:22:21:ad:95:a9:38:4b:c1:55:7b:28:40:90:e3:ce:5f:
         26:6d:81:78:ea:db:e5:e6:c7:21:0c:9d:8f:e9:45:92:ca:36:
         f9:76:1f:8b:91:3a:80:9b:7f:58:ef:92:6d:29:f0:86:b9:be:
         6e:7b:3a:a9:41:ff:4d:76:d1:fd:10:7a:11:61:4b:77:3b:aa:
         e6:8c:bd:4e:63:5e:ab:a3:79:a6:e6:3b:4c:81:ec:26:23:02:
         ec:d4:11:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKi/4LvhvbYjppaAIt00EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYWM2OWFkYWYwMDBkZDc3YTRiMDAxODc3YzI1OGEyMWQx
ZmY2YTAwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDAzODhhNmZlNGRiZjdkYTY3NWE3ODg1NDg5ZmEyMGMzNmQ4MmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFnyBd7Wca0xK+ni8Wl/0SUiiybS
rn2GP0C6oDGiqe9Mp/J5zLKNlxKHHjP0jLL46DzukLtAqsJgXLY1VNX+4PIYkOsK
rHi18LCZl6UP6DyIZjNAThbrBq8qDoC++FwZVq4EomSkWxA5Y4TeoEh6RP2hICFf
T3xeO+8javyVsz6dC0ge/icb/n3s2E5Qy4kc1SDAmu98GMUZtdxhk4gjgLZZA/+k
h/VN/70g5NSIiZfpP/T/IHy25lmHXqfR4EzJEdGKqNAskZ+hBRdo1awR+Y/N+jLy
k9LSb+4G6NlLHkOevd4U/cQlsSG9iU3sn610f4kKG37/Gce1BBPht1CDLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQDiKb+Tb99pnWniFSJ+iDDbYLoMB8GA1UdIwQY
MBaAFD+saa2vAA3XeksAGHfCWKIdH/agMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZ4cHJhOEFEZGQ2U3dBWWQ4SllvaDBmOXFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kNTAzZmQtOWQ0Yi00NTYzLTljZGYt
YjZlMGYzZTk1Y2FkLzEvVkFPSXB2NU52MzJtZGFlSVZJbjZJTU50Z3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kNTAzZmQtOWQ0Yi00NTYzLTljZGYtYjZlMGYzZTk1Y2Fk
LzEvUDZ4cHJhOEFEZGQ2U3dBWWQ4SllvaDBmOXFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudW0MA0G
CSqGSIb3DQEBCwUAA4IBAQB5HB+z20iEZd8Aknr20rr5Z1/FKWMBOHp2V78WhuvK
bJ2Ff9RH44DyTrboFH3RP1CETxv1ZSX4G1ZTUrSxghioBJmTH84nQrpckJjObjfN
Q4nxhS6y+05A/XSWi+yDGBWr5LNpXERmGoxfcKs1cfjHsEPBBYKsr5JzHofpYt54
ameMN5Kdvg7kKOGoyXhdlEcoWr+fiE7Eatil9aoHfNBpYo7HWyIhrZWpOEvBVXso
QJDjzl8mbYF46tvl5schDJ2P6UWSyjb5dh+LkTqAm39Y75JtKfCGub5uezqpQf9N
dtH9EHoRYUt3O6rmjL1OY16ro3mm5jtMgewmIwLs1BH+
-----END CERTIFICATE-----