Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/Vg47HGVAQaG_pzp1k8GsTIRvca8.roa
File:                     Vg47HGVAQaG_pzp1k8GsTIRvca8.roa (raw, json)
Hash identifier:          TyJXjwGEWsc4N4WHcBbe8uHI3Xg2j7SThfup5+reRRc=
Subject key identifier:   56:0E:3B:1C:65:40:41:A1:BF:A7:3A:75:93:C1:AC:4C:84:6F:71:AF
Certificate issuer:       /CN=113d5e831c330d3cb51d476e0c163540f25e0372
Certificate serial:       018CC4252219ECC6D277D4D6B6BF8F522A8B
Authority key identifier: 11:3D:5E:83:1C:33:0D:3C:B5:1D:47:6E:0C:16:35:40:F2:5E:03:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/Vg47HGVAQaG_pzp1k8GsTIRvca8.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        155.192.55.0/24 maxlen: 24
                          155.131.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:22:19:ec:c6:d2:77:d4:d6:b6:bf:8f:52:2a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=113d5e831c330d3cb51d476e0c163540f25e0372
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=560e3b1c654041a1bfa73a7593c1ac4c846f71af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:13:cc:84:9e:4b:f5:19:65:a0:59:e7:c7:92:
                    5d:0b:9e:89:ac:a7:94:3f:5f:8b:17:01:fd:76:d0:
                    23:32:97:77:fe:7c:fc:e7:46:9e:70:26:e4:ec:98:
                    19:fc:86:5f:f7:82:75:48:57:cd:3a:5f:88:41:71:
                    1f:b4:96:58:6d:9d:a9:1b:b2:d4:0e:2d:b4:7e:11:
                    f0:f3:99:4e:85:ae:71:03:e5:0e:ba:a1:99:92:ae:
                    17:e2:ab:85:55:da:0f:5b:24:78:82:46:92:cd:51:
                    2a:b7:a0:97:a8:b9:23:63:ff:7b:1f:8b:a6:5b:c5:
                    ea:a3:e7:de:9d:52:da:35:68:52:5f:20:97:86:48:
                    8b:40:fd:6f:ea:73:6f:e7:1f:ab:42:d8:77:e5:88:
                    c2:08:df:ff:7f:4a:8c:d5:a6:54:19:f7:07:35:17:
                    dc:a8:11:06:a3:4a:6a:36:66:f8:be:27:b4:97:27:
                    51:04:4e:98:b9:86:ba:be:82:dd:51:ee:5b:45:92:
                    f1:6f:8c:25:e1:a3:f6:8c:2d:9a:2d:40:6d:5b:a8:
                    01:02:64:9f:52:39:90:7f:80:8e:d1:3d:be:76:93:
                    c2:e7:29:6d:57:4a:98:39:0b:ac:c2:4c:58:05:7f:
                    18:13:70:50:76:bc:ff:15:7b:55:27:73:6a:39:e4:
                    1c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:0E:3B:1C:65:40:41:A1:BF:A7:3A:75:93:C1:AC:4C:84:6F:71:AF
            X509v3 Authority Key Identifier:
                keyid:11:3D:5E:83:1C:33:0D:3C:B5:1D:47:6E:0C:16:35:40:F2:5E:03:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/Vg47HGVAQaG_pzp1k8GsTIRvca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.131.55.0/24
                  155.192.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:02:be:ae:94:14:cc:24:65:d4:1e:a8:94:14:72:64:0a:8d:
         34:8e:79:20:61:87:79:fb:7f:bf:fd:66:28:6b:92:0f:ac:92:
         3f:c5:87:a8:11:85:93:e5:4e:f9:25:4e:bc:02:c7:3b:8e:d8:
         b2:89:55:fb:a1:2a:41:00:82:5d:07:07:bf:50:80:ff:0a:a3:
         44:95:c1:89:6c:d2:15:3c:e0:3c:1e:b2:ed:45:61:6e:7c:27:
         89:36:1d:65:63:b0:bf:79:59:e3:16:51:d1:8a:20:a4:19:19:
         ce:0e:1c:61:7c:d2:8e:d6:00:6a:84:5b:c4:63:e7:b3:8e:f0:
         ef:fe:b3:c4:32:ac:b0:9b:09:00:39:9a:f3:6e:b7:de:c5:be:
         b9:b8:56:ed:86:f2:0f:8a:11:28:b5:4d:e1:1d:1c:a6:4e:0a:
         e0:5f:73:82:d1:0a:ce:29:89:0f:12:c3:9d:01:45:93:30:25:
         2b:0f:f5:77:a6:d8:57:5a:e2:b7:4f:4b:ef:85:0f:f6:ce:77:
         fd:29:db:00:a8:90:c8:c0:fc:41:35:bd:41:db:a2:90:3c:e4:
         5f:74:01:5f:8d:be:f5:a5:95:ef:61:0a:fe:68:44:8a:81:ab:
         91:25:e1:00:ea:50:34:18:c2:d8:69:4c:53:4c:5a:48:a4:b4:
         c6:d7:a7:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJSIZ7MbSd9TWtr+PUiqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExM2Q1ZTgzMWMzMzBkM2NiNTFkNDc2ZTBjMTYzNTQwZjI1
ZTAzNzIwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjBlM2IxYzY1NDA0MWExYmZhNzNhNzU5M2MxYWM0Yzg0NmY3MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBPMhJ5L9RlloFnnx5JdC56JrKeU
P1+LFwH9dtAjMpd3/nz850aecCbk7JgZ/IZf94J1SFfNOl+IQXEftJZYbZ2pG7LU
Di20fhHw85lOha5xA+UOuqGZkq4X4quFVdoPWyR4gkaSzVEqt6CXqLkjY/97H4um
W8Xqo+fenVLaNWhSXyCXhkiLQP1v6nNv5x+rQth35YjCCN//f0qM1aZUGfcHNRfc
qBEGo0pqNmb4vie0lydRBE6YuYa6voLdUe5bRZLxb4wl4aP2jC2aLUBtW6gBAmSf
UjmQf4CO0T2+dpPC5yltV0qYOQuswkxYBX8YE3BQdrz/FXtVJ3NqOeQcEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFYOOxxlQEGhv6c6dZPBrEyEb3GvMB8GA1UdIwQY
MBaAFBE9XoMcMw08tR1HbgwWNUDyXgNyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVQxZWd4d3pEVHkxSFVkdURCWTFRUEplQTNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTg5OTMtOTE3OC00NDI0LWExMDgt
MzNmMzk2YWI1NmYyLzEvVmc0N0hHVkFRYUdfcHpwMWs4R3NUSVJ2Y2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTg5OTMtOTE3OC00NDI0LWExMDgtMzNmMzk2YWI1NmYy
LzEvRVQxZWd4d3pEVHkxSFVkdURCWTFRUEplQTNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm4M3AwQA
m8A3MA0GCSqGSIb3DQEBCwUAA4IBAQAGAr6ulBTMJGXUHqiUFHJkCo00jnkgYYd5
+3+//WYoa5IPrJI/xYeoEYWT5U75JU68Asc7jtiyiVX7oSpBAIJdBwe/UID/CqNE
lcGJbNIVPOA8HrLtRWFufCeJNh1lY7C/eVnjFlHRiiCkGRnODhxhfNKO1gBqhFvE
Y+ezjvDv/rPEMqywmwkAOZrzbrfexb65uFbthvIPihEotU3hHRymTgrgX3OC0QrO
KYkPEsOdAUWTMCUrD/V3pthXWuK3T0vvhQ/2znf9KdsAqJDIwPxBNb1B26KQPORf
dAFfjb71pZXvYQr+aESKgauRJeEA6lA0GMLYaUxTTFpIpLTG16dR
-----END CERTIFICATE-----