Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/i6B1OSdOF9_KJqcCOig-cOkap9A.roa
File:                     i6B1OSdOF9_KJqcCOig-cOkap9A.roa (raw, json)
Hash identifier:          mkgH8uTE1v3Ty4mzlxAOlasL65VMhxX8WcQq0F7W5Pk=
Subject key identifier:   8B:A0:75:39:27:4E:17:DF:CA:26:A7:02:3A:28:3E:70:E9:1A:A7:D0
Certificate issuer:       /CN=55a72cff41bdb7c7e01855d39076daf721742c70
Certificate serial:       018CF44C27C454E07030C7EB5F45D084C398
Authority key identifier: 55:A7:2C:FF:41:BD:B7:C7:E0:18:55:D3:90:76:DA:F7:21:74:2C:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/i6B1OSdOF9_KJqcCOig-cOkap9A.roa
Signing time:             Wed 10 Jan 2024 16:54:40 +0000
ROA not before:           Wed 10 Jan 2024 16:54:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.234.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f4:4c:27:c4:54:e0:70:30:c7:eb:5f:45:d0:84:c3:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55a72cff41bdb7c7e01855d39076daf721742c70
        Validity
            Not Before: Jan 10 16:54:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba07539274e17dfca26a7023a283e70e91aa7d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:58:e2:bb:d2:e4:32:68:6b:87:40:bc:84:e9:
                    40:cb:94:cb:8e:4a:ef:f1:0f:73:4e:87:08:22:88:
                    03:42:6a:a2:2b:c7:1e:bb:48:2f:03:58:77:d2:98:
                    6b:73:cc:a5:92:46:0d:16:0c:01:13:bb:62:6b:95:
                    04:89:55:e9:30:66:ee:bc:7c:dd:b3:2a:4e:55:85:
                    63:f6:50:65:c3:ee:07:de:d6:89:36:b0:3f:13:ea:
                    b5:44:eb:4d:48:cb:f8:ab:ed:bf:1b:aa:a9:02:87:
                    fd:3f:c6:cd:3d:55:cf:6d:ad:f9:68:9a:85:1b:8a:
                    e3:3d:7d:53:46:61:7a:93:21:36:20:25:60:68:1d:
                    89:bb:cd:85:69:2a:8a:45:66:53:01:a9:94:0d:d0:
                    92:00:20:86:19:92:57:e6:28:60:c2:45:e1:8f:36:
                    5c:c4:ea:25:49:67:b3:24:98:1b:0e:54:d3:88:0d:
                    1b:96:54:6e:fd:39:93:6b:d4:16:26:7e:a5:2f:45:
                    f5:8d:17:7e:63:5d:96:1f:ca:51:a7:bc:0a:e4:c9:
                    0e:0b:d4:a4:92:12:dd:f2:34:5e:11:58:08:0d:b6:
                    b9:f4:0e:8f:01:29:f7:81:84:52:81:a3:1b:d1:e0:
                    b6:c0:cf:0b:7c:bb:78:0e:6f:d3:5d:a2:82:6d:39:
                    d7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A0:75:39:27:4E:17:DF:CA:26:A7:02:3A:28:3E:70:E9:1A:A7:D0
            X509v3 Authority Key Identifier:
                keyid:55:A7:2C:FF:41:BD:B7:C7:E0:18:55:D3:90:76:DA:F7:21:74:2C:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vacs_0G9t8fgGFXTkHba9yF0LHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/i6B1OSdOF9_KJqcCOig-cOkap9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/4f918b-28d9-419b-8647-338986176b1f/1/Vacs_0G9t8fgGFXTkHba9yF0LHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:57:47:8b:45:0d:18:55:7a:82:2f:cc:75:bd:0d:16:2d:39:
         36:f6:2c:44:5a:3e:15:bf:1c:95:ba:34:ab:a8:7e:6e:12:cb:
         dd:36:d6:8c:a9:07:58:74:86:57:10:ed:72:f5:3d:bc:97:16:
         65:b1:23:17:df:3c:f2:e9:4c:dd:7e:42:58:b2:dc:4e:50:50:
         d1:ac:d4:80:fa:2f:d7:1c:f0:1b:29:b2:bb:af:f2:34:0e:20:
         c6:7c:12:f6:78:72:2f:fc:a3:28:14:29:30:f3:09:aa:ab:ed:
         fa:5f:04:20:84:b5:fb:60:64:0d:42:28:f0:96:1a:0b:4b:bc:
         22:2e:0e:14:37:0c:f9:dc:3e:1e:a8:c5:03:c2:80:d7:80:1f:
         74:32:ad:e1:a3:c8:01:5c:5c:4c:0f:28:d3:5c:35:e7:51:a1:
         27:d3:8a:ab:5c:53:e6:28:1c:7e:3c:05:d3:99:dc:ce:1b:c2:
         28:13:f9:fc:04:b4:21:c9:d6:9d:24:c5:7c:8d:3c:38:a4:c8:
         50:14:ff:12:9c:93:06:00:f0:98:cc:3f:06:9d:1e:8a:0f:1a:
         cb:65:d6:13:74:f1:b4:b2:02:18:32:9a:86:45:d7:55:13:53:
         ba:7d:46:3a:55:bd:00:1c:19:a9:d4:2f:b1:f1:55:8f:fd:ab:
         cc:aa:3f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz0TCfEVOBwMMfrX0XQhMOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YTcyY2ZmNDFiZGI3YzdlMDE4NTVkMzkwNzZkYWY3MjE3
NDJjNzAwHhcNMjQwMTEwMTY1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmEwNzUzOTI3NGUxN2RmY2EyNmE3MDIzYTI4M2U3MGU5MWFhN2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11jiu9LkMmhrh0C8hOlAy5TLjkrv
8Q9zTocIIogDQmqiK8ceu0gvA1h30phrc8ylkkYNFgwBE7tia5UEiVXpMGbuvHzd
sypOVYVj9lBlw+4H3taJNrA/E+q1ROtNSMv4q+2/G6qpAof9P8bNPVXPba35aJqF
G4rjPX1TRmF6kyE2ICVgaB2Ju82FaSqKRWZTAamUDdCSACCGGZJX5ihgwkXhjzZc
xOolSWezJJgbDlTTiA0bllRu/TmTa9QWJn6lL0X1jRd+Y12WH8pRp7wK5MkOC9Sk
khLd8jReEVgIDba59A6PASn3gYRSgaMb0eC2wM8LfLt4Dm/TXaKCbTnX5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIugdTknThffyianAjooPnDpGqfQMB8GA1UdIwQY
MBaAFFWnLP9BvbfH4BhV05B22vchdCxwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmFjc18wRzl0OGZnR0ZYVGtIYmE5eUYwTEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy80ZjkxOGItMjhkOS00MTliLTg2NDct
MzM4OTg2MTc2YjFmLzEvaTZCMU9TZE9GOV9LSnFjQ09pZy1jT2thcDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy80ZjkxOGItMjhkOS00MTliLTg2NDctMzM4OTg2MTc2YjFm
LzEvVmFjc18wRzl0OGZnR0ZYVGtIYmE5eUYwTEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuer0MA0G
CSqGSIb3DQEBCwUAA4IBAQAFV0eLRQ0YVXqCL8x1vQ0WLTk29ixEWj4VvxyVujSr
qH5uEsvdNtaMqQdYdIZXEO1y9T28lxZlsSMX3zzy6UzdfkJYstxOUFDRrNSA+i/X
HPAbKbK7r/I0DiDGfBL2eHIv/KMoFCkw8wmqq+36XwQghLX7YGQNQijwlhoLS7wi
Lg4UNwz53D4eqMUDwoDXgB90Mq3ho8gBXFxMDyjTXDXnUaEn04qrXFPmKBx+PAXT
mdzOG8IoE/n8BLQhydadJMV8jTw4pMhQFP8SnJMGAPCYzD8GnR6KDxrLZdYTdPG0
sgIYMpqGRddVE1O6fUY6Vb0AHBmp1C+x8VWP/avMqj/c
-----END CERTIFICATE-----